package org.apache.iotdb.db.security;

import java.security.Principal;
import java.util.Optional;
import javax.security.auth.login.LoginContext;
import javax.security.sasl.AuthenticationException;
import org.apache.iotdb.db.auth.AuthException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/iotdb/db/security/PassWordKDCAuthenticator.class */
public class PassWordKDCAuthenticator implements Authenticator {
    private static final Logger LOG = LoggerFactory.getLogger(PassWordKDCAuthenticator.class);
    private LoginCacheManager loginCacheManager;

    public PassWordKDCAuthenticator(LoginCacheManager loginCacheManager) {
        this.loginCacheManager = loginCacheManager;
    }

    @Override // org.apache.iotdb.db.security.Authenticator
    public boolean authenticate(String str, String str2) throws AuthException {
        if (this.loginCacheManager.isUserLockUp(str)) {
            throw new AuthException("user has been lockup due to too many failed");
        }
        try {
            Optional<Principal> principalIfPresent = this.loginCacheManager.getPrincipalIfPresent(str, str2);
            Principal kdcLogin = principalIfPresent.isPresent() ? principalIfPresent.get() : toKdcLogin(str, str2);
            LOG.debug("principal " + kdcLogin.toString() + " login successfully.");
            this.loginCacheManager.addUserToCacheQuietly(str, str2, kdcLogin);
            return true;
        } catch (AuthenticationException e) {
            this.loginCacheManager.recordFailQuietly(str);
            throw new AuthException(e.getMessage());
        }
    }

    private Principal toKdcLogin(String str, String str2) throws AuthenticationException {
        LoginContext loginFromPwd = PassWordKerberosLoginUtil.loginFromPwd(str, str2);
        if (loginFromPwd == null) {
            throw new AuthenticationException("login Failed, user or password incorrect.");
        }
        return loginFromPwd.getSubject().getPrincipals().iterator().next();
    }
}
