package io.transwarp.jdbc;

import io.transwarp.hadoop.hive.common.StatsSetupConst;
import io.transwarp.hive.service.auth.OAuth2SaslHelper;
import io.transwarp.hive.service.auth.PlainSaslServer;
import io.transwarp.thirdparty.org.apache.commons.lang.StringUtils;
import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.util.ArrayList;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation.class */
public class UserGroupInformation {
    private static AuthenticationMethod authenticationMethod;
    private static final boolean windows = System.getProperty("os.name").startsWith("Windows");
    private static final boolean is64Bit = System.getProperty("os.arch").contains("64");
    private static final boolean aix = System.getProperty("os.name").equals("AIX");
    private static String OS_LOGIN_MODULE_NAME = getOSLoginModuleName();
    private static UserGroupInformation loginUser = null;
    private static HashMap<String, String> conf;
    private Subject subject;
    private User user;
    private boolean isKeytab;
    private boolean isKrbTkt;
    private boolean isPassword;

    /* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation$AuthMethod.class */
    public enum AuthMethod {
        SIMPLE((byte) 80, StringUtils.EMPTY),
        KERBEROS((byte) 81, "GSSAPI"),
        DIGEST((byte) 82, "DIGEST-MD5"),
        TOKEN((byte) 82, "DIGEST-MD5"),
        PLAIN((byte) 83, PlainSaslServer.PLAIN_METHOD),
        OAUTHBEARER((byte) 84, OAuth2SaslHelper.OAUTH_METHOD);

        public final byte code;
        public final String mechanismName;
        private static final int FIRST_CODE = values()[0].code;

        AuthMethod(byte b, String str) {
            this.code = b;
            this.mechanismName = str;
        }

        private static AuthMethod valueOf(byte b) {
            int i = (b & 255) - FIRST_CODE;
            if (i < 0 || i >= values().length) {
                return null;
            }
            return values()[i];
        }
    }

    /* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation$AuthenticationMethod.class */
    public enum AuthenticationMethod {
        SIMPLE(AuthMethod.SIMPLE, "hadoop-simple"),
        KERBEROS(AuthMethod.KERBEROS, "kerberos"),
        TOKEN(AuthMethod.TOKEN),
        OAUTHBEARER(AuthMethod.OAUTHBEARER),
        CERTIFICATE(null),
        KERBEROS_SSL(null),
        PROXY(null);

        private final AuthMethod authMethod;
        private final String loginAppName;

        AuthenticationMethod(AuthMethod authMethod) {
            this(authMethod, (String) null);
        }

        AuthenticationMethod(AuthMethod authMethod, String str) {
            this.authMethod = authMethod;
            this.loginAppName = str;
        }

        String getLoginAppName() {
            if (this.loginAppName == null) {
                throw new UnsupportedOperationException(this + " login authentication is not supported");
            }
            return this.loginAppName;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation$JdbcConfiguration.class */
    public static class JdbcConfiguration extends Configuration {
        static final String KRB5_LOGIN_MODULE = "com.sun.security.auth.module.Krb5LoginModule";
        private static final Map<String, String> BASIC_JAAS_OPTIONS = new HashMap();
        private static final Map<String, String> PASSWORD_KERBEROS_OPTIONS = new HashMap();
        static final AppConfigurationEntry OS_SPECIFIC_LOGIN;
        static final AppConfigurationEntry JDBC_LOGIN;
        private final LoginParams params;

        JdbcConfiguration(LoginParams loginParams) {
            this.params = loginParams;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            ArrayList arrayList = new ArrayList();
            if (this.params == null || str.equals("hadoop-simple")) {
                arrayList.add(OS_SPECIFIC_LOGIN);
            } else if (str.equals("kerberos")) {
                if (!this.params.containsKey(LoginParam.PRINCIPAL)) {
                    arrayList.add(OS_SPECIFIC_LOGIN);
                    arrayList.add(getkerberosEntry());
                    return new AppConfigurationEntry[]{(AppConfigurationEntry) arrayList.get(0), (AppConfigurationEntry) arrayList.get(1), JDBC_LOGIN};
                }
                if (this.params.containsKey(LoginParam.KEYTAB)) {
                    arrayList.add(getkerberosEntry());
                    return new AppConfigurationEntry[]{(AppConfigurationEntry) arrayList.get(0), JDBC_LOGIN};
                }
            }
            return new AppConfigurationEntry[]{(AppConfigurationEntry) arrayList.get(0), JDBC_LOGIN};
        }

        private AppConfigurationEntry getkerberosEntry() {
            HashMap hashMap = new HashMap(BASIC_JAAS_OPTIONS);
            AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
            String str = this.params.get(LoginParam.PRINCIPAL);
            if (str != null) {
                hashMap.put("principal", str);
                loginModuleControlFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
            }
            if (this.params.containsKey(LoginParam.KEYTAB)) {
                hashMap.put("useKeyTab", StatsSetupConst.TRUE);
                String str2 = this.params.get(LoginParam.KEYTAB);
                if (str2 != null) {
                    hashMap.put("keyTab", str2);
                }
                hashMap.put("storeKey", StatsSetupConst.TRUE);
            } else {
                hashMap.put("useTicketCache", StatsSetupConst.TRUE);
                String str3 = this.params.get(LoginParam.CCACHE);
                if (str3 != null) {
                    hashMap.put("ticketCache", str3);
                }
                hashMap.put("renewTGT", StatsSetupConst.TRUE);
            }
            hashMap.put("doNotPrompt", StatsSetupConst.TRUE);
            hashMap.put("refreshKrb5Config", StatsSetupConst.TRUE);
            return new AppConfigurationEntry(KRB5_LOGIN_MODULE, loginModuleControlFlag, hashMap);
        }

        static {
            PASSWORD_KERBEROS_OPTIONS.put("doNotPrompt", StatsSetupConst.FALSE);
            PASSWORD_KERBEROS_OPTIONS.put("useTicketCache", StatsSetupConst.FALSE);
            PASSWORD_KERBEROS_OPTIONS.put("storeKey", StatsSetupConst.TRUE);
            PASSWORD_KERBEROS_OPTIONS.put("refreshKrb5Config", StatsSetupConst.TRUE);
            PASSWORD_KERBEROS_OPTIONS.putAll(BASIC_JAAS_OPTIONS);
            OS_SPECIFIC_LOGIN = new AppConfigurationEntry(UserGroupInformation.OS_LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, BASIC_JAAS_OPTIONS);
            JDBC_LOGIN = new AppConfigurationEntry(JdbcLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, BASIC_JAAS_OPTIONS);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation$JdbcLoginContext.class */
    public static class JdbcLoginContext extends LoginContext {
        public JdbcLoginContext(String str, Subject subject, JdbcConfiguration jdbcConfiguration) throws LoginException {
            super(str, subject, (CallbackHandler) null, jdbcConfiguration);
        }
    }

    /* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation$JdbcLoginModule.class */
    public static class JdbcLoginModule implements LoginModule {
        private Subject subject;

        public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
            this.subject = subject;
        }

        private <T extends Principal> T getCanonicalUser(Class<T> cls) {
            Iterator<T> it = this.subject.getPrincipals(cls).iterator();
            if (it.hasNext()) {
                return it.next();
            }
            return null;
        }

        public boolean login() throws LoginException {
            return true;
        }

        public boolean commit() throws LoginException {
            if (!this.subject.getPrincipals(User.class).isEmpty()) {
                return true;
            }
            Principal canonicalUser = getCanonicalUser(KerberosPrincipal.class);
            if (canonicalUser == null) {
                throw new LoginException("Can't find user name");
            }
            try {
                this.subject.getPrincipals().add(new User(canonicalUser.getName(), canonicalUser instanceof KerberosPrincipal ? AuthenticationMethod.KERBEROS : AuthenticationMethod.SIMPLE, null));
                return true;
            } catch (Exception e) {
                throw ((LoginException) new LoginException(e.toString()).initCause(e));
            }
        }

        public boolean abort() throws LoginException {
            return true;
        }

        public boolean logout() throws LoginException {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation$LoginParam.class */
    public enum LoginParam {
        PRINCIPAL,
        KEYTAB,
        CCACHE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/transwarp/jdbc/UserGroupInformation$LoginParams.class */
    public static class LoginParams extends EnumMap<LoginParam, String> implements Configuration.Parameters {
        public LoginParams() {
            super(LoginParam.class);
        }

        @Override // java.util.AbstractMap, java.util.Map
        public String put(LoginParam loginParam, String str) {
            if ((str == null || containsKey(loginParam)) ? false : true) {
                return (String) super.put((LoginParams) loginParam, (LoginParam) str);
            }
            return null;
        }

        static LoginParams getDefaults() {
            LoginParams loginParams = new LoginParams();
            loginParams.put(LoginParam.PRINCIPAL, System.getenv("KRB5PRINCIPAL"));
            loginParams.put(LoginParam.KEYTAB, System.getenv("KRB5KEYTAB"));
            loginParams.put(LoginParam.CCACHE, System.getenv("KRB5CCNAME"));
            return loginParams;
        }
    }

    public UserGroupInformation(Subject subject) {
        this(subject, false);
    }

    private UserGroupInformation(Subject subject, boolean z) {
        this.subject = subject;
        this.user = (User) subject.getPrincipals(User.class).iterator().next();
        if (z) {
            this.isKeytab = false;
        } else {
            this.isKeytab = !subject.getPrivateCredentials(KeyTab.class).isEmpty();
        }
        this.isPassword = !subject.getPrivateCredentials(KerberosKey.class).isEmpty();
        this.isKrbTkt = !subject.getPrivateCredentials(KerberosTicket.class).isEmpty();
    }

    public String getUserName() {
        return this.user.getName();
    }

    public static synchronized UserGroupInformation getCurrentUser() throws IOException {
        Subject subject = Subject.getSubject(AccessController.getContext());
        return (subject == null || subject.getPrincipals(User.class).isEmpty()) ? getLoginUser() : new UserGroupInformation(subject);
    }

    private void setLogin(LoginContext loginContext) {
        this.user.setLogin(loginContext);
    }

    public static UserGroupInformation loginUserFromKeytabAndReturnUGI(String str, String str2) throws IOException {
        LoginParams loginParams = new LoginParams();
        loginParams.put(LoginParam.PRINCIPAL, str);
        loginParams.put(LoginParam.KEYTAB, str2);
        return doSubjectLogin(null, loginParams);
    }

    public static void setConfiguration(HashMap<String, String> hashMap) {
        initialize(hashMap);
    }

    private static synchronized void initialize(HashMap<String, String> hashMap) {
        try {
            authenticationMethod = (AuthenticationMethod) AuthenticationMethod.valueOf(AuthenticationMethod.class, hashMap.getOrDefault("hadoop.security.authentication", "simple").toUpperCase());
            conf = hashMap;
        } catch (IllegalArgumentException e) {
            throw new IllegalArgumentException("Invalid attribute value for hadoop.security.authentication of " + e);
        }
    }

    private static UserGroupInformation doSubjectLogin(Subject subject, LoginParams loginParams) throws IOException {
        if (subject == null && loginParams == null) {
            loginParams = LoginParams.getDefaults();
        }
        try {
            JdbcLoginContext newLoginContext = newLoginContext(authenticationMethod.getLoginAppName(), subject, new JdbcConfiguration(loginParams));
            newLoginContext.login();
            UserGroupInformation userGroupInformation = new UserGroupInformation(newLoginContext.getSubject());
            if (subject == null) {
                loginParams.put(LoginParam.PRINCIPAL, userGroupInformation.getUserName());
                userGroupInformation.setLogin(newLoginContext);
            }
            return userGroupInformation;
        } catch (LoginException e) {
            throw new RuntimeException(e);
        }
    }

    private static String getOSLoginModuleName() {
        return System.getProperty("java.vendor").contains("IBM") ? windows ? is64Bit ? "com.ibm.security.auth.module.Win64LoginModule" : "com.ibm.security.auth.module.NTLoginModule" : aix ? is64Bit ? "com.ibm.security.auth.module.AIX64LoginModule" : "com.ibm.security.auth.module.AIXLoginModule" : "com.ibm.security.auth.module.LinuxLoginModule" : windows ? "com.sun.security.auth.module.NTLoginModule" : "com.sun.security.auth.module.UnixLoginModule";
    }

    private static JdbcLoginContext newLoginContext(String str, Subject subject, JdbcConfiguration jdbcConfiguration) throws LoginException {
        Thread currentThread = Thread.currentThread();
        currentThread.getContextClassLoader();
        currentThread.setContextClassLoader(JdbcLoginModule.class.getClassLoader());
        return new JdbcLoginContext(str, subject, jdbcConfiguration);
    }

    private static void ensureInitialized() {
        if (conf == null) {
            synchronized (UserGroupInformation.class) {
                if (conf == null) {
                    initialize(new HashMap());
                }
            }
        }
    }

    public static UserGroupInformation getLoginUser() throws IOException {
        if (loginUser == null) {
            loginUserFromSubject((Subject) null);
        }
        return loginUser;
    }

    public static synchronized void loginUserFromSubject(Subject subject) throws IOException {
        ensureInitialized();
        if (subject == null) {
            try {
                subject = new Subject();
            } catch (LoginException e) {
                throw new IOException("failure to login", e);
            }
        }
        JdbcLoginContext newLoginContext = newLoginContext(authenticationMethod.getLoginAppName(), subject, new JdbcConfiguration(LoginParams.getDefaults()));
        newLoginContext.login();
        UserGroupInformation userGroupInformation = new UserGroupInformation(subject, true);
        userGroupInformation.setLogin(newLoginContext);
        userGroupInformation.user.setAuthenticationMethod(authenticationMethod);
        loginUser = userGroupInformation;
        loginUser.spawnAutoRenewalThreadForUserCreds();
    }

    public Subject getSubject() {
        return this.subject;
    }

    public static boolean isSecurityEnabled() {
        return !isAuthenticationMethodEnabled(AuthenticationMethod.SIMPLE);
    }

    private static boolean isAuthenticationMethodEnabled(AuthenticationMethod authenticationMethod2) {
        ensureInitialized();
        return authenticationMethod == authenticationMethod2;
    }

    private void spawnAutoRenewalThreadForUserCreds() {
        if (isSecurityEnabled() && this.user.getAuthenticationMethod() == AuthenticationMethod.KERBEROS && !this.isKeytab) {
            Thread thread = new Thread(new Runnable() { // from class: io.transwarp.jdbc.UserGroupInformation.1
                @Override // java.lang.Runnable
                public void run() {
                    UserGroupInformation.conf.getOrDefault("hadoop.kerberos.kinit.command", "kinit");
                }
            });
            thread.setDaemon(true);
            thread.setName("TGT Renewer for " + getUserName());
            thread.start();
        }
    }
}
