package io.trino.jdbc.$internal.client.auth.kerberos;

import io.trino.jdbc.$internal.com.huawei.hetu.highavailability.zookeeper.AuthConstant;
import io.trino.jdbc.$internal.guava.collect.ImmutableMap;
import io.trino.jdbc.$internal.javax.annotation.concurrent.GuardedBy;
import java.io.File;
import java.io.IOException;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:io/trino/jdbc/$internal/client/auth/kerberos/LoginBasedSubjectProvider.class */
public class LoginBasedSubjectProvider implements SubjectProvider {
    private final Optional<String> principal;
    private final Optional<File> keytab;
    private final Optional<File> credentialCache;
    private final Optional<String> user;
    private final Optional<String> password;
    private static final boolean IS_IBM_JDK = System.getProperty("java.vendor").contains("IBM");
    private static final String IBM_JDK_MODULE = "com.ibm.security.auth.module.Krb5LoginModule";
    private static final String SUN_JDK_MODULE = "com.sun.security.auth.module.Krb5LoginModule";

    @GuardedBy("this")
    private LoginContext loginContext;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/trino/jdbc/$internal/client/auth/kerberos/LoginBasedSubjectProvider$NameAndPasswordCallBackHandler.class */
    public static class NameAndPasswordCallBackHandler implements CallbackHandler {
        private final String user;
        private final String password;

        public NameAndPasswordCallBackHandler(String str, String str2) {
            this.user = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            if (callbackArr == null || callbackArr.length == 0) {
                return;
            }
            Callback callback = callbackArr[0];
            if (callback instanceof PasswordCallback) {
                ((PasswordCallback) callback).setPassword(this.password.toCharArray());
            } else if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(this.user);
            }
        }
    }

    public LoginBasedSubjectProvider(Optional<String> optional, Optional<File> optional2, Optional<File> optional3, Optional<File> optional4, Optional<String> optional5, Optional<String> optional6) {
        this.principal = (Optional) Objects.requireNonNull(optional, "principal is null");
        this.keytab = (Optional) Objects.requireNonNull(optional3, "keytab is null");
        this.credentialCache = (Optional) Objects.requireNonNull(optional4, "credentialCache is null");
        this.user = (Optional) Objects.requireNonNull(optional5, "username is null");
        this.password = (Optional) Objects.requireNonNull(optional6, "password is null");
        optional2.ifPresent(file -> {
            System.setProperty("java.security.krb5.conf", file.getAbsolutePath());
        });
    }

    @Override // io.trino.jdbc.$internal.client.auth.kerberos.SubjectProvider
    public Subject getSubject() {
        return this.loginContext.getSubject();
    }

    @Override // io.trino.jdbc.$internal.client.auth.kerberos.SubjectProvider
    public void refresh() throws LoginException, GSSException {
        final AppConfigurationEntry appConfigurationEntry = IS_IBM_JDK ? new AppConfigurationEntry(IBM_JDK_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, buildIBMOptions()) : new AppConfigurationEntry(SUN_JDK_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, buildOptions());
        this.loginContext = new LoginContext("", (Subject) null, createCallbackHandler(), new Configuration() { // from class: io.trino.jdbc.$internal.client.auth.kerberos.LoginBasedSubjectProvider.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return new AppConfigurationEntry[]{appConfigurationEntry};
            }
        });
        this.loginContext.login();
    }

    private Map<String, String> buildOptions() {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("refreshKrb5Config", "true");
        if (Boolean.getBoolean("trino.client.debugKerberos")) {
            builder.put("debug", "true");
        }
        this.credentialCache.ifPresent(file -> {
            builder.put("ticketCache", file.getAbsolutePath());
            builder.put("useTicketCache", "true");
            builder.put("renewTGT", "true");
        });
        if (isPasswordAvailable()) {
            builder.put(AuthConstant.USE_KEYTAB_KEY, "false");
            builder.put("doNotPrompt", "false");
        } else {
            builder.put("doNotPrompt", "true");
            builder.put(AuthConstant.USE_KEYTAB_KEY, "true");
            this.keytab.ifPresent(file2 -> {
                builder.put("keyTab", file2.getAbsolutePath());
            });
            this.principal.ifPresent(str -> {
                builder.put("principal", str);
            });
        }
        return builder.build();
    }

    private Map<String, String> buildIBMOptions() {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("refreshKrb5Config", "true");
        builder.put("renewable", "true");
        builder.put("credsType", "both");
        this.keytab.ifPresent(file -> {
            builder.put("useKeytab", file.getAbsolutePath());
        });
        this.principal.ifPresent(str -> {
            builder.put("principal", str);
        });
        if (Boolean.getBoolean("trino.client.debugKerberos")) {
            builder.put("debug", "true");
        }
        return builder.build();
    }

    private boolean isPasswordAvailable() {
        return this.user.isPresent() && !this.user.get().isEmpty() && this.password.isPresent() && !this.password.get().isEmpty();
    }

    private CallbackHandler createCallbackHandler() {
        if (isPasswordAvailable()) {
            return new NameAndPasswordCallBackHandler(this.user.get(), this.password.get());
        }
        return null;
    }
}
