package org.apache.bookkeeper.sasl;

import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.sasl.SaslException;
import org.apache.bookkeeper.auth.AuthCallbacks;
import org.apache.bookkeeper.auth.ClientAuthProvider;
import org.apache.bookkeeper.conf.AbstractConfiguration;
import org.apache.bookkeeper.conf.ClientConfiguration;
import org.apache.bookkeeper.proto.ClientConnectionPeer;
import org.apache.bookkeeper.sasl.SaslClientState;
import org.apache.zookeeper.server.util.JvmPauseMonitor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/bundled-dependencies/bookkeeper-server-4.14.3.jar:org/apache/bookkeeper/sasl/SASLClientProviderFactory.class */
public class SASLClientProviderFactory implements ClientAuthProvider.Factory, JAASCredentialsContainer {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SASLClientProviderFactory.class);
    private ClientConfiguration clientConfiguration;
    private LoginContext login;
    private Subject subject;
    private String principal;
    private boolean isKrbTicket;
    private boolean isUsingTicketCache;
    private String loginContextName;
    private TGTRefreshThread ticketRefreshThread;

    @Override // org.apache.bookkeeper.auth.ClientAuthProvider.Factory
    public void init(ClientConfiguration clientConfiguration) throws IOException {
        this.clientConfiguration = clientConfiguration;
        try {
            this.login = loginClient();
            this.subject = this.login.getSubject();
            this.isKrbTicket = !this.subject.getPrivateCredentials(KerberosTicket.class).isEmpty();
            this.loginContextName = ClientConfiguration.CLIENT_ROLE_SYSTEM.equals(this.clientConfiguration.getClientRole()) ? this.clientConfiguration.getString(SaslConstants.JAAS_AUDITOR_SECTION_NAME, SaslConstants.JAAS_DEFAULT_AUDITOR_SECTION_NAME) : this.clientConfiguration.getString("saslJaasClientSectionName", SaslConstants.JAAS_DEFAULT_CLIENT_SECTION_NAME);
            if (this.isKrbTicket) {
                this.isUsingTicketCache = SaslConstants.isUsingTicketCache(this.loginContextName);
                this.principal = SaslConstants.getPrincipal(this.loginContextName);
                this.ticketRefreshThread = new TGTRefreshThread(this);
                this.ticketRefreshThread.start();
            }
        } catch (SaslException | LoginException e) {
            throw new IOException((Throwable) e);
        }
    }

    @Override // org.apache.bookkeeper.auth.ClientAuthProvider.Factory
    public ClientAuthProvider newProvider(ClientConnectionPeer clientConnectionPeer, AuthCallbacks.GenericCallback<Void> genericCallback) {
        return new SASLClientAuthProvider(clientConnectionPeer, genericCallback, this.subject);
    }

    @Override // org.apache.bookkeeper.auth.ClientAuthProvider.Factory
    public String getPluginName() {
        return "sasl";
    }

    private LoginContext loginClient() throws SaslException, LoginException {
        String string = ClientConfiguration.CLIENT_ROLE_SYSTEM.equals(this.clientConfiguration.getClientRole()) ? this.clientConfiguration.getString(SaslConstants.JAAS_AUDITOR_SECTION_NAME, SaslConstants.JAAS_DEFAULT_AUDITOR_SECTION_NAME) : this.clientConfiguration.getString("saslJaasClientSectionName", SaslConstants.JAAS_DEFAULT_CLIENT_SECTION_NAME);
        if (Configuration.getConfiguration().getAppConfigurationEntry(string) == null) {
            LOG.info("No JAAS Configuration found with section BookKeeper");
            return null;
        }
        try {
            LoginContext loginContext = new LoginContext(string, new SaslClientState.ClientCallbackHandler(null));
            loginContext.login();
            return loginContext;
        } catch (LoginException e) {
            LOG.error("Error JAAS Configuration subject", (Throwable) e);
            return null;
        }
    }

    @Override // org.apache.bookkeeper.auth.ClientAuthProvider.Factory
    public void close() {
        if (this.ticketRefreshThread != null) {
            this.ticketRefreshThread.interrupt();
            try {
                this.ticketRefreshThread.join(JvmPauseMonitor.WARN_THRESHOLD_DEFAULT);
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("interrupted while waiting for TGT reresh thread to stop", (Throwable) e);
                }
            }
        }
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public LoginContext getLogin() {
        return this.login;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public void setLogin(LoginContext loginContext) {
        this.login = loginContext;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public Subject getSubject() {
        return this.subject;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public boolean isUsingTicketCache() {
        return this.isUsingTicketCache;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public String getPrincipal() {
        return this.principal;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public AbstractConfiguration getConfiguration() {
        return this.clientConfiguration;
    }

    @Override // org.apache.bookkeeper.sasl.JAASCredentialsContainer
    public String getLoginContextName() {
        return this.loginContextName;
    }
}
