package org.apache.iotdb.db.security;

import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.iotdb.db.qp.constant.SQLConstant;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/security/PassWordKerberosLoginUtil.class */
public class PassWordKerberosLoginUtil {
    private static final Logger LOG = LoggerFactory.getLogger(PassWordKerberosLoginUtil.class);
    private static final String KERBEROS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String PWD_CONFIG_NAME = "user_password";

    /* loaded from: input_file:org/apache/iotdb/db/security/PassWordKerberosLoginUtil$LoginConfigurationPwd.class */
    private static class LoginConfigurationPwd extends Configuration {
        private static final Map<String, String> PWD_KERBEROS_OPTIONS = new HashMap();
        private static final AppConfigurationEntry PWD_KERBEROS_LOGIN;
        private static final AppConfigurationEntry[] SIMPLE_CONF;

        private LoginConfigurationPwd() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return PassWordKerberosLoginUtil.PWD_CONFIG_NAME.equals(str) ? SIMPLE_CONF : new AppConfigurationEntry[0];
        }

        static {
            PWD_KERBEROS_OPTIONS.put("useKeyTab", SQLConstant.BOOLEAN_TRUE);
            PWD_KERBEROS_OPTIONS.put("storeKey", SQLConstant.BOOLEAN_TRUE);
            PWD_KERBEROS_OPTIONS.put("refreshKrb5Config", SQLConstant.BOOLEAN_TRUE);
            PWD_KERBEROS_OPTIONS.put("useTicketCache", SQLConstant.BOOLEAN_FALSE);
            if (PassWordKerberosLoginUtil.LOG.isDebugEnabled()) {
                PWD_KERBEROS_OPTIONS.put("debug", SQLConstant.BOOLEAN_TRUE);
            }
            PWD_KERBEROS_LOGIN = new AppConfigurationEntry(PassWordKerberosLoginUtil.KERBEROS_LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, PWD_KERBEROS_OPTIONS);
            SIMPLE_CONF = new AppConfigurationEntry[]{PWD_KERBEROS_LOGIN};
        }
    }

    private PassWordKerberosLoginUtil() {
    }

    public static LoginContext loginFromPwd(String str, String str2) {
        if (null == str || null == str2) {
            return null;
        }
        LoginConfigurationPwd loginConfigurationPwd = new LoginConfigurationPwd();
        try {
            LOG.debug("User account login with password. User is " + str);
            return doLogin(PWD_CONFIG_NAME, getUsernamePasswordHandler(str, str2), loginConfigurationPwd);
        } catch (LoginException e) {
            LOG.error("Login failed." + e.getMessage());
            return null;
        }
    }

    private static LoginContext doLogin(String str, CallbackHandler callbackHandler, Configuration configuration) throws LoginException {
        LoginContext loginContext = new LoginContext(str, new Subject(), callbackHandler, configuration);
        loginContext.login();
        return loginContext;
    }

    private static CallbackHandler getUsernamePasswordHandler(final String str, final String str2) {
        return new CallbackHandler() { // from class: org.apache.iotdb.db.security.PassWordKerberosLoginUtil.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                for (int i = 0; i < callbackArr.length; i++) {
                    if (callbackArr[i] instanceof NameCallback) {
                        ((NameCallback) callbackArr[i]).setName(str);
                    } else if (callbackArr[i] instanceof PasswordCallback) {
                        ((PasswordCallback) callbackArr[i]).setPassword(str2.toCharArray());
                    } else {
                        PassWordKerberosLoginUtil.LOG.error("Unsupported Callback: " + callbackArr[i].getClass().getName());
                    }
                }
            }
        };
    }
}
