package me.prettyprint.cassandra.connection.factory;

import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import me.prettyprint.cassandra.connection.client.HClient;
import me.prettyprint.cassandra.connection.client.HKerberosThriftClient;
import me.prettyprint.cassandra.connection.security.KerberosHelper;
import me.prettyprint.cassandra.connection.security.SSLHelper;
import me.prettyprint.cassandra.service.CassandraHost;
import org.apache.thrift.transport.TSSLTransportFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hector-core-1.1-4.jar:me/prettyprint/cassandra/connection/factory/HKerberosSecuredThriftClientFactoryImpl.class */
public class HKerberosSecuredThriftClientFactoryImpl implements HClientFactory {
    private static final Logger log = LoggerFactory.getLogger(HKerberosSecuredThriftClientFactoryImpl.class);
    public static final String JAAS_CONFIG = "jaas.conf";
    public static final String KRB5_CONFIG = "krb5.conf";
    private final Subject kerberosTicket;
    private String krbServicePrincipalName;
    private TSSLTransportFactory.TSSLTransportParameters params = SSLHelper.getTSSLTransportParameters();

    public HKerberosSecuredThriftClientFactoryImpl() {
        log.info("SSL enabled for client<->server communications.");
        log.info("Properties:");
        log.info("  ssl.truststore = {}", System.getProperty("ssl.truststore"));
        log.info("  ssl.protocol = {}", System.getProperty("ssl.protocol"));
        log.info("  ssl.store.type = {}", System.getProperty("ssl.store.type"));
        log.info("  ssl.cipher.suites = {}", System.getProperty("ssl.cipher.suites"));
        String property = System.getProperty("java.security.auth.login.config");
        String property2 = System.getProperty("java.security.krb5.conf");
        String property3 = System.getProperty("sun.security.krb5.debug");
        String property4 = System.getProperty("kerberos.client.reference.name");
        String property5 = System.getProperty("kerberos.client.principal.name");
        String property6 = System.getProperty("kerberos.client.password");
        this.krbServicePrincipalName = System.getProperty("kerberos.service.principal.name");
        if (property3 == null) {
            System.setProperty("sun.security.krb5.debug", "false");
        }
        if (property == null) {
            System.setProperty("java.security.auth.login.config", "jaas.conf");
        }
        if (property2 == null) {
            System.setProperty("java.security.krb5.conf", "krb5.conf");
        }
        property4 = property4 == null ? "Client" : property4;
        if (this.krbServicePrincipalName == null) {
            this.krbServicePrincipalName = "cassandra";
        }
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
        log.info("Kerberos V5 was enabled for client<->server communications.");
        log.info("Properties:");
        log.info("  sun.security.krb5.debug = {}", System.getProperty("sun.security.krb5.debug"));
        log.info("  java.security.auth.login.config = {}", System.getProperty("java.security.auth.login.config"));
        log.info("  java.security.krb5.conf = {}", System.getProperty("java.security.krb5.conf"));
        log.info("  kerberos.client.reference.name = {}", System.getProperty("kerberos.client.reference.name", property4));
        log.info("  kerberos.service.principal.name = {}", System.getProperty("kerberos.service.principal.name", this.krbServicePrincipalName));
        log.info("  kerberos.client.principal.name = {}", System.getProperty("kerberos.client.principal.name"));
        log.info("  kerberos.client.password = {}", System.getProperty("kerberos.client.password"));
        log.info("  javax.security.auth.useSubjectCredsOnly = true");
        log.info("Trying to login to the KDC...");
        try {
            if (property5 == null || property6 == null) {
                this.kerberosTicket = KerberosHelper.loginService(property4);
            } else {
                this.kerberosTicket = KerberosHelper.loginService(property4, property5, property6);
            }
            log.info("Kerberos authenticated successfully against KDC");
        } catch (LoginException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // me.prettyprint.cassandra.connection.factory.HClientFactory
    public HClient createClient(CassandraHost cassandraHost) {
        if (log.isDebugEnabled()) {
            log.debug("Creation of new client");
        }
        return this.params == null ? new HKerberosThriftClient(this.kerberosTicket, cassandraHost, this.krbServicePrincipalName) : new HKerberosThriftClient(this.kerberosTicket, cassandraHost, this.krbServicePrincipalName, this.params);
    }
}
