package org.apache.solr.common.cloud;

import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.solr.common.params.FacetParams;
import org.apache.solr.common.util.SolrZkConstants;
import org.apache.solr.common.util.ZkAclUtil;
import org.apache.zookeeper.ZooDefs;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/common/cloud/CustomSaslZkACLProvider.class */
public class CustomSaslZkACLProvider implements ZkACLProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(CustomSaslZkACLProvider.class);
    private boolean login;
    private String loginUser;

    @Override // org.apache.solr.common.cloud.ZkACLProvider
    public List<ACL> getACLsToAdd(String str) {
        ArrayList arrayList = new ArrayList();
        if (str == null) {
            LOGGER.warn("znode path is null");
            return arrayList;
        }
        if (str.equals("/configs")) {
            arrayList.add(new ACL(13, ZooDefs.Ids.ANYONE_ID_UNSAFE));
        } else if (str.startsWith("/configs")) {
            String loginUser = getLoginUser();
            if (loginUser != null) {
                arrayList.add(new ACL(31, new Id(ZkAclUtil.ACL_SCHEMA_SASL, loginUser)));
            }
            arrayList.add(new ACL(1, ZooDefs.Ids.ANYONE_ID_UNSAFE));
        } else if (!str.equals(SolrZkConstants.ZK_PATH_SECRETS)) {
            arrayList.add(new ACL(1, ZooDefs.Ids.ANYONE_ID_UNSAFE));
        }
        ZkAclUtil.addSuperUserACLs(arrayList, getRealm());
        return arrayList;
    }

    private String getLoginUser() {
        if (!this.login) {
            synchronized (this) {
                if (!this.login) {
                    HashMap hashMap = new HashMap();
                    hashMap.put("doNotPrompt", FacetParams.FACET_SORT_COUNT_LEGACY);
                    hashMap.put("useTicketCache", FacetParams.FACET_SORT_COUNT_LEGACY);
                    hashMap.put("useKeyTab", FacetParams.FACET_SORT_INDEX_LEGACY);
                    hashMap.put("renewTGT", FacetParams.FACET_SORT_INDEX_LEGACY);
                    final AppConfigurationEntry appConfigurationEntry = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
                    try {
                        LoginContext loginContext = new LoginContext("solr-login-client", (Subject) null, (CallbackHandler) null, new Configuration() { // from class: org.apache.solr.common.cloud.CustomSaslZkACLProvider.1
                            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                                return new AppConfigurationEntry[]{appConfigurationEntry};
                            }
                        });
                        loginContext.login();
                        Set<Principal> principals = loginContext.getSubject().getPrincipals();
                        if (principals.isEmpty()) {
                            throw new LoginException("No login principals found!");
                        }
                        if (principals.size() != 1) {
                            throw new LoginException("Found more than one principal!");
                        }
                        Iterator<Principal> it = principals.iterator();
                        if (it.hasNext()) {
                            Principal next = it.next();
                            this.login = true;
                            this.loginUser = next.getName();
                        }
                    } catch (LoginException e) {
                        LOGGER.info("Login failed.");
                    }
                }
            }
        }
        return this.loginUser;
    }

    private String getRealm() {
        String str = ZkAclUtil.DEFAULT_REALM;
        if (ZkAclUtil.SYSTEM_REALM != null) {
            str = ZkAclUtil.SYSTEM_REALM;
        } else if (this.loginUser != null) {
            String[] split = this.loginUser.split(ZkAclUtil.REALM_SEP);
            if (split.length > 1) {
                str = split[1];
            }
        }
        return str;
    }
}
