package org.apache.hop.mongo;

import com.sun.security.auth.module.Krb5LoginModule;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.hop.i18n.BaseMessages;
import org.apache.hop.mongo.wrapper.MongoClientWrapper;

/* loaded from: input_file:org/apache/hop/mongo/KerberosUtil.class */
public class KerberosUtil {
    private static final String KERBEROS_APP_NAME = "Hop";
    private static final String HOP_JAAS_DEBUG = "HOP_JAAS_DEBUG";
    private static final Map<String, String> LOGIN_CONFIG_BASE = new HashMap();
    private static final Map<String, String> LOGIN_CONFIG_OPTS_KERBEROS_USER;
    private static final Map<String, String> LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB;
    private static final AppConfigurationEntry CONFIG_ENTRY_HOP_KERBEROS_USER;
    private static final AppConfigurationEntry[] CONFIG_ENTRIES_KERBEROS_USER;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hop/mongo/KerberosUtil$HopLoginConfiguration.class */
    public static class HopLoginConfiguration extends Configuration {
        private AppConfigurationEntry[] entries;

        public HopLoginConfiguration(AppConfigurationEntry[] appConfigurationEntryArr) {
            if (appConfigurationEntryArr == null) {
                throw new NullPointerException("AppConfigurationEntry[] is required");
            }
            this.entries = appConfigurationEntryArr;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return this.entries;
        }
    }

    /* loaded from: input_file:org/apache/hop/mongo/KerberosUtil$JaasAuthenticationMode.class */
    public enum JaasAuthenticationMode {
        KERBEROS_USER,
        KERBEROS_KEYTAB,
        EXTERNAL;

        public static JaasAuthenticationMode byName(String str) throws MongoDbException {
            if (str == null) {
                return KERBEROS_USER;
            }
            for (JaasAuthenticationMode jaasAuthenticationMode : values()) {
                if (jaasAuthenticationMode.name().equalsIgnoreCase(str)) {
                    return jaasAuthenticationMode;
                }
            }
            throw new MongoDbException(BaseMessages.getString(MongoClientWrapper.class, "MongoKerberosWrapper.Message.Error.JaasAuthModeIncorrect", new String[]{Arrays.toString(values()), "'" + str + "'"}));
        }
    }

    public static LoginContext loginAs(JaasAuthenticationMode jaasAuthenticationMode, String str, String str2) throws LoginException {
        LoginContext createLoginContextWithKeytab;
        switch (jaasAuthenticationMode) {
            case EXTERNAL:
                createLoginContextWithKeytab = new LoginContext(KERBEROS_APP_NAME);
                break;
            case KERBEROS_USER:
                createLoginContextWithKeytab = new LoginContext(KERBEROS_APP_NAME, new Subject(), (CallbackHandler) null, new HopLoginConfiguration(CONFIG_ENTRIES_KERBEROS_USER));
                break;
            case KERBEROS_KEYTAB:
                createLoginContextWithKeytab = createLoginContextWithKeytab(str, str2);
                break;
            default:
                throw new IllegalArgumentException("Unsupported authentication mode: " + jaasAuthenticationMode);
        }
        createLoginContextWithKeytab.login();
        return createLoginContextWithKeytab;
    }

    private static LoginContext createLoginContextWithKeytab(String str, String str2) throws LoginException {
        if (str2 == null) {
            throw new IllegalArgumentException("A keytab file is required to authenticate with Kerberos via keytab");
        }
        HashMap hashMap = new HashMap(LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB);
        hashMap.put("keyTab", str2);
        hashMap.put("principal", str);
        return new LoginContext(KERBEROS_APP_NAME, new Subject(), (CallbackHandler) null, new HopLoginConfiguration(new AppConfigurationEntry[]{new AppConfigurationEntry(Krb5LoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)}));
    }

    static {
        if (Boolean.parseBoolean(System.getenv(HOP_JAAS_DEBUG))) {
            LOGIN_CONFIG_BASE.put("debug", Boolean.TRUE.toString());
        }
        LOGIN_CONFIG_OPTS_KERBEROS_USER = new HashMap(LOGIN_CONFIG_BASE);
        LOGIN_CONFIG_OPTS_KERBEROS_USER.put("doNotPrompt", Boolean.TRUE.toString());
        LOGIN_CONFIG_OPTS_KERBEROS_USER.put("useTicketCache", Boolean.TRUE.toString());
        LOGIN_CONFIG_OPTS_KERBEROS_USER.put("renewTGT", Boolean.TRUE.toString());
        String str = System.getenv("KRB5CCNAME");
        if (str != null) {
            LOGIN_CONFIG_OPTS_KERBEROS_USER.put("ticketCache", str);
        }
        LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB = new HashMap(LOGIN_CONFIG_BASE);
        LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB.put("doNotPrompt", Boolean.TRUE.toString());
        LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB.put("useKeyTab", Boolean.TRUE.toString());
        LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB.put("storeKey", Boolean.TRUE.toString());
        LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB.put("refreshKrb5Config", Boolean.TRUE.toString());
        CONFIG_ENTRY_HOP_KERBEROS_USER = new AppConfigurationEntry(Krb5LoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, LOGIN_CONFIG_OPTS_KERBEROS_USER);
        CONFIG_ENTRIES_KERBEROS_USER = new AppConfigurationEntry[]{CONFIG_ENTRY_HOP_KERBEROS_USER};
    }
}
