package com.huawei.jredis.client.auth;

import com.huawei.jredis.client.KerberosUtil;
import com.huawei.security.auth.login.ExLoginContext;
import com.huawei.security.jgss.krb5.ExKrb5Util;
import com.huawei.security.sasl.gsskerb.ExGssKrb5Client;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.commons.io.FilenameUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import redis.clients.jedis.exceptions.JedisConnectionException;
import redis.clients.jedis.exceptions.JedisException;

/* loaded from: input_file:com/huawei/jredis/client/auth/JedisAuth.class */
public class JedisAuth {
    private static final String AUTH_SERVICE_NAME = "redis";
    private static final long updateLoginCacheTime = 36000000;
    private static String auth_host_name;
    private SaslClient saslClient;
    private ExLoginContext login;
    private String krb5Conf;
    private String clientPrincipalName;
    private String serviceName;
    private String serviceHostname;
    private boolean cacheLogin;
    private CallbackHandler saslClientCallbackHandler;
    private FileConfiguration fileConfiguration;
    private AuthConfiguration authConfig;
    private Configuration configuration;
    private final String serverRealm;
    private final String localRealm;
    protected static final Logger LOGGER = LoggerFactory.getLogger(JedisAuth.class.getName());
    private static final String HOST_PREFIX = "hadoop.";
    private static final int HOST_PREFIX_LEN = HOST_PREFIX.length();
    private static Map<String, ExLoginContext> loginContextMap = new ConcurrentHashMap();
    private static Map<String, Long> loginTimeMap = new ConcurrentHashMap();

    public JedisAuth() {
        this.saslClient = null;
        this.cacheLogin = false;
        this.saslClientCallbackHandler = null;
        this.authConfig = null;
        this.configuration = null;
        this.fileConfiguration = new FileConfiguration("");
        setUserRealm(this.fileConfiguration.getServerRealm());
        this.serverRealm = this.fileConfiguration.getServerRealm();
        this.localRealm = this.fileConfiguration.getLocalRealm();
        this.krb5Conf = this.fileConfiguration.getKrbFilePath();
        this.cacheLogin = Boolean.parseBoolean(this.fileConfiguration.getCacheLogin());
    }

    public JedisAuth(String str) {
        this.saslClient = null;
        this.cacheLogin = false;
        this.saslClientCallbackHandler = null;
        this.authConfig = null;
        this.configuration = null;
        this.fileConfiguration = new FileConfiguration(str);
        setUserRealm(this.fileConfiguration.getServerRealm());
        this.serverRealm = this.fileConfiguration.getServerRealm();
        this.localRealm = this.fileConfiguration.getLocalRealm();
        this.krb5Conf = this.fileConfiguration.getKrbFilePath();
        this.cacheLogin = Boolean.parseBoolean(this.fileConfiguration.getCacheLogin());
    }

    public JedisAuth(AuthConfiguration authConfiguration) {
        this.saslClient = null;
        this.cacheLogin = false;
        this.saslClientCallbackHandler = null;
        this.authConfig = null;
        this.configuration = null;
        this.authConfig = authConfiguration;
        setUserRealm(authConfiguration.getServerRealm());
        this.serverRealm = authConfiguration.getServerRealm();
        this.localRealm = authConfiguration.getLocalRealm();
        this.krb5Conf = authConfiguration.getKrb5Conf();
        this.cacheLogin = authConfiguration.getCacheLogin();
    }

    public static void setUserRealm() {
        setUserRealm(null);
    }

    public static void setUserRealm(String str) {
        if (str != null && !"".equals(str)) {
            auth_host_name = HOST_PREFIX + str.toLowerCase();
            return;
        }
        String property = System.getProperty("SERVER_REALM");
        if (property != null && !"".equals(property)) {
            auth_host_name = HOST_PREFIX + property.toLowerCase();
            return;
        }
        String krb5DomainRealm = KerberosUtil.getKrb5DomainRealm();
        if (krb5DomainRealm == null || "".equals(krb5DomainRealm)) {
            auth_host_name = "hadoop";
        } else {
            auth_host_name = HOST_PREFIX + krb5DomainRealm.toLowerCase();
        }
    }

    public String getServerRealm() {
        return this.serverRealm;
    }

    public String getLocalRealm() {
        return this.localRealm;
    }

    public boolean getCacheLogin() {
        return this.cacheLogin;
    }

    private void initJedisAuth() throws Exception {
        if (this.authConfig != null) {
            this.configuration = this.authConfig;
            this.clientPrincipalName = this.authConfig.getUserName();
        } else {
            this.configuration = this.fileConfiguration.genConfiguration();
            this.clientPrincipalName = this.fileConfiguration.getUserName();
        }
        this.serviceName = AUTH_SERVICE_NAME;
        this.serviceHostname = auth_host_name;
        this.saslClientCallbackHandler = new SaslClientCallbackHandler("");
        CallbackHandler usernamePasswordHandler = getUsernamePasswordHandler(this.clientPrincipalName, "");
        if (this.cacheLogin) {
            String str = this.clientPrincipalName + "@" + FilenameUtils.getFullPath(this.krb5Conf);
            loginCache(str, usernamePasswordHandler, this.configuration);
            this.login = loginContextMap.get(str);
        } else {
            this.login = new ExLoginContext(usernamePasswordHandler, this.configuration);
            this.login.login();
        }
        Subject subject = this.login.getSubject();
        if (subject == null) {
            throw new JedisConnectionException("login error : subject is null.");
        }
        this.saslClient = (SaslClient) Subject.doAs(subject, new PrivilegedExceptionAction<SaslClient>() { // from class: com.huawei.jredis.client.auth.JedisAuth.1
            private String getConfKey(Configuration configuration) {
                if (null == configuration) {
                    return null;
                }
                AppConfigurationEntry[] appConfigurationEntry = configuration.getAppConfigurationEntry((String) null);
                String str2 = null;
                String str3 = null;
                String str4 = null;
                if (0 < appConfigurationEntry.length) {
                    AppConfigurationEntry appConfigurationEntry2 = appConfigurationEntry[0];
                    if (appConfigurationEntry2.getOptions().get("defaultKDC") != null) {
                        str2 = (String) appConfigurationEntry2.getOptions().get("defaultKDC");
                    }
                    if (appConfigurationEntry2.getOptions().get("defaultRealm") != null) {
                        str3 = (String) appConfigurationEntry2.getOptions().get("defaultRealm");
                    }
                    if (appConfigurationEntry2.getOptions().get("krb5ConfFileName") != null) {
                        str4 = (String) appConfigurationEntry2.getOptions().get("krb5ConfFileName");
                    }
                }
                return ExKrb5Util.generateConfKey(str2, str3, str4);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public SaslClient run() throws SaslException {
                HashMap hashMap = new HashMap();
                hashMap.put("confKey", getConfKey(JedisAuth.this.configuration));
                return new ExGssKrb5Client(JedisAuth.this.clientPrincipalName, JedisAuth.this.serviceName, JedisAuth.this.serviceHostname, hashMap, JedisAuth.this.saslClientCallbackHandler);
            }
        });
    }

    private static synchronized void loginCache(String str, CallbackHandler callbackHandler, Configuration configuration) throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        if (!loginTimeMap.containsKey(str)) {
            ExLoginContext exLoginContext = new ExLoginContext(callbackHandler, configuration);
            exLoginContext.login();
            loginTimeMap.put(str, Long.valueOf(currentTimeMillis));
            loginContextMap.put(str, exLoginContext);
            return;
        }
        if (currentTimeMillis - loginTimeMap.get(str).longValue() >= updateLoginCacheTime) {
            try {
                loginContextMap.get(str).logout();
            } catch (Exception e) {
                LOGGER.warn("login logout failed");
            }
            loginTimeMap.remove(str);
            loginContextMap.remove(str);
            ExLoginContext exLoginContext2 = new ExLoginContext(callbackHandler, configuration);
            exLoginContext2.login();
            loginTimeMap.put(str, Long.valueOf(currentTimeMillis));
            loginContextMap.put(str, exLoginContext2);
            LOGGER.info("update Login Cache");
        }
    }

    public byte[] calculateResponse(byte[] bArr) throws PrivilegedActionException {
        byte[] bArr2;
        if (bArr == null || bArr.length <= 4) {
            bArr2 = new byte[0];
        } else {
            bArr2 = new byte[bArr.length - 4];
            System.arraycopy(bArr, 4, bArr2, 0, bArr.length - 4);
        }
        final byte[] bArr3 = bArr2;
        return (byte[]) Subject.doAs(this.login.getSubject(), new PrivilegedExceptionAction<byte[]>() { // from class: com.huawei.jredis.client.auth.JedisAuth.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public byte[] run() throws SaslException {
                return JedisAuth.this.saslClient.evaluateChallenge(bArr3);
            }
        });
    }

    public byte[] initAuth() throws Exception {
        initJedisAuth();
        Subject subject = this.login.getSubject();
        if (subject == null || this.saslClient == null) {
            throw new JedisConnectionException("login error, cannot get subject.");
        }
        try {
            return (byte[]) Subject.doAs(subject, new PrivilegedExceptionAction<byte[]>() { // from class: com.huawei.jredis.client.auth.JedisAuth.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public byte[] run() throws SaslException {
                    return JedisAuth.this.saslClient.evaluateChallenge(new byte[0]);
                }
            });
        } catch (Exception e) {
            if (this.cacheLogin) {
                removeLoginCache(this.clientPrincipalName + "@" + FilenameUtils.getFullPath(this.krb5Conf), this.login);
            }
            throw new JedisException(e);
        }
    }

    private static synchronized void removeLoginCache(String str, ExLoginContext exLoginContext) {
        loginTimeMap.remove(str);
        loginContextMap.remove(str);
        try {
            exLoginContext.logout();
        } catch (Exception e) {
            LOGGER.error("logout Exception:", e);
        }
    }

    private CallbackHandler getUsernamePasswordHandler(final String str, String str2) {
        return new CallbackHandler() { // from class: com.huawei.jredis.client.auth.JedisAuth.4
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                for (int i = 0; i < callbackArr.length; i++) {
                    if (callbackArr[i] instanceof NameCallback) {
                        ((NameCallback) callbackArr[i]).setName(str);
                    }
                }
            }
        };
    }

    public void clearLogin() {
        removeLoginCache(this.clientPrincipalName + "@" + FilenameUtils.getFullPath(this.krb5Conf), this.login);
    }

    public void close() {
        try {
            if (this.login != null) {
                this.login.logout();
            }
        } catch (Exception e) {
        }
    }
}
