package com.huawei.ranger.security;

import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.ranger.common.RESTErrorUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/ranger/security/KerberosLoginUtil.class */
public class KerberosLoginUtil {
    private static final String KERBEROS_LOGIN_MODULE_NAME = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String PWD_CONFIG_NAME = "use_passwd";
    private static final String KEYTAB_KERBEROS_CONFIG_NAME = "use_kerberos_keytab";
    private static final Logger LOG = LoggerFactory.getLogger(KerberosLoginUtil.class);
    private static final Map<String, String> BASIC_JAAS_OPTIONS = new HashMap();

    /* loaded from: input_file:com/huawei/ranger/security/KerberosLoginUtil$LoginConfigurationKeytab.class */
    private static class LoginConfigurationKeytab extends Configuration {
        private String user;
        private String keytab;
        private static final Map<String, String> KEYTAB_KERBEROS_OPTIONS = new HashMap();
        private static final AppConfigurationEntry KEYTAB_KERBEROS_LOGIN;
        private static final AppConfigurationEntry[] KEYTAB_KERBEROS_CONF;

        LoginConfigurationKeytab(String str, String str2) {
            this.user = null;
            this.keytab = null;
            this.user = str;
            this.keytab = str2;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (!KerberosLoginUtil.KEYTAB_KERBEROS_CONFIG_NAME.equals(str)) {
                return new AppConfigurationEntry[0];
            }
            KEYTAB_KERBEROS_OPTIONS.put("keyTab", this.keytab);
            KEYTAB_KERBEROS_OPTIONS.put("principal", this.user);
            return KEYTAB_KERBEROS_CONF;
        }

        static {
            KEYTAB_KERBEROS_OPTIONS.put("doNotPrompt", RESTErrorUtil.TRUE);
            KEYTAB_KERBEROS_OPTIONS.put("useKeyTab", RESTErrorUtil.TRUE);
            KEYTAB_KERBEROS_OPTIONS.put("storeKey", RESTErrorUtil.TRUE);
            KEYTAB_KERBEROS_OPTIONS.put("refreshKrb5Config", RESTErrorUtil.TRUE);
            KEYTAB_KERBEROS_OPTIONS.putAll(KerberosLoginUtil.BASIC_JAAS_OPTIONS);
            KEYTAB_KERBEROS_LOGIN = new AppConfigurationEntry(KerberosLoginUtil.KERBEROS_LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, KEYTAB_KERBEROS_OPTIONS);
            KEYTAB_KERBEROS_CONF = new AppConfigurationEntry[]{KEYTAB_KERBEROS_LOGIN};
        }
    }

    /* loaded from: input_file:com/huawei/ranger/security/KerberosLoginUtil$LoginConfigurationPwd.class */
    private static class LoginConfigurationPwd extends Configuration {
        private static final Map<String, String> PWD_KERBEROS_OPTIONS = new HashMap();
        private static final AppConfigurationEntry PWD_KERBEROS_LOGIN;
        private static final AppConfigurationEntry[] SIMPLE_CONF;

        private LoginConfigurationPwd() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return KerberosLoginUtil.PWD_CONFIG_NAME.equals(str) ? SIMPLE_CONF : new AppConfigurationEntry[0];
        }

        static {
            PWD_KERBEROS_OPTIONS.put("useKeyTab", RESTErrorUtil.TRUE);
            PWD_KERBEROS_OPTIONS.put("storeKey", RESTErrorUtil.TRUE);
            PWD_KERBEROS_OPTIONS.put("refreshKrb5Config", RESTErrorUtil.TRUE);
            PWD_KERBEROS_OPTIONS.putAll(KerberosLoginUtil.BASIC_JAAS_OPTIONS);
            PWD_KERBEROS_OPTIONS.put("useTicketCache", "false");
            PWD_KERBEROS_LOGIN = new AppConfigurationEntry(KerberosLoginUtil.KERBEROS_LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, PWD_KERBEROS_OPTIONS);
            SIMPLE_CONF = new AppConfigurationEntry[]{PWD_KERBEROS_LOGIN};
        }
    }

    public static boolean loginFromKeytab(String str, String str2) {
        if (null == str || null == str2) {
            return false;
        }
        LoginConfigurationKeytab loginConfigurationKeytab = new LoginConfigurationKeytab(str, str2);
        try {
            LOG.info("User account login with keytab. User : {}", str);
            doLogin(KEYTAB_KERBEROS_CONFIG_NAME, null, loginConfigurationKeytab);
            LOG.info("Login successfully.");
            return true;
        } catch (LoginException e) {
            LOG.info("Login failed.");
            return false;
        }
    }

    public static boolean loginFromPwd(String str, String str2) {
        if (null == str || null == str2) {
            return false;
        }
        LoginConfigurationPwd loginConfigurationPwd = new LoginConfigurationPwd();
        try {
            LOG.info("User account login with password. User : {}", str);
            doLogin(PWD_CONFIG_NAME, getUsernamePasswordHandler(str, str2), loginConfigurationPwd);
            LOG.info("Login successfully.");
            return true;
        } catch (LoginException e) {
            LOG.info("Login failed.");
            return false;
        }
    }

    private static void doLogin(String str, CallbackHandler callbackHandler, Configuration configuration) throws LoginException {
        LoginContext loginContext = null;
        try {
            loginContext = new LoginContext(str, new Subject(), callbackHandler, configuration);
            loginContext.login();
            if (null != loginContext) {
                try {
                    loginContext.logout();
                } catch (LoginException e) {
                }
            }
        } catch (Throwable th) {
            if (null != loginContext) {
                try {
                    loginContext.logout();
                } catch (LoginException e2) {
                }
            }
            throw th;
        }
    }

    private static CallbackHandler getUsernamePasswordHandler(final String str, final String str2) {
        return new CallbackHandler() { // from class: com.huawei.ranger.security.KerberosLoginUtil.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                for (int i = 0; i < callbackArr.length; i++) {
                    if (callbackArr[i] instanceof NameCallback) {
                        ((NameCallback) callbackArr[i]).setName(str);
                    } else if (callbackArr[i] instanceof PasswordCallback) {
                        ((PasswordCallback) callbackArr[i]).setPassword(str2.toCharArray());
                    } else {
                        KerberosLoginUtil.LOG.error("Unsupported Callback: " + callbackArr[i].getClass().getName());
                    }
                }
            }
        };
    }

    static {
        String str = System.getenv("HADOOP_JAAS_DEBUG");
        if (str == null || !RESTErrorUtil.TRUE.equalsIgnoreCase(str)) {
            return;
        }
        BASIC_JAAS_OPTIONS.put("debug", RESTErrorUtil.TRUE);
    }
}
