package com.cloudera.impala.jdbc.kerberos;

import com.cloudera.impala.jdbc41.internal.apache.zookeeper.Environment;
import com.cloudera.impala.jdbc41.internal.apache.zookeeper.client.ZooKeeperSaslClient;
import com.cloudera.impala.support.ILogger;
import com.cloudera.impala.support.LogUtilities;
import java.security.AccessController;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/cloudera/impala/jdbc/kerberos/Kerberos.class */
public class Kerberos {
    private static String AUTH_LOGIN_CONFIG = Environment.JAAS_CONF_KEY;

    public static Subject getSubjectViaJAASConfig(String str, ILogger iLogger) throws LoginException {
        LogUtilities.logFunctionEntrance(iLogger, str);
        String property = System.getProperty(AUTH_LOGIN_CONFIG);
        if (null == property) {
            String str2 = System.getenv("JAAS_CONFIG");
            if (null != str2) {
                System.setProperty(AUTH_LOGIN_CONFIG, str2);
                LogUtilities.logInfo(AUTH_LOGIN_CONFIG + " is set using enviroment variable 'JAAS_CONFIG' to:" + str2, iLogger);
            } else if (null != str) {
                System.setProperty(AUTH_LOGIN_CONFIG, str);
                LogUtilities.logInfo(AUTH_LOGIN_CONFIG + " is set using connection String property 'JAAS_CONFIG' to:" + str, iLogger);
            } else {
                LogUtilities.logDebug(AUTH_LOGIN_CONFIG + " is not set", iLogger);
            }
        } else {
            LogUtilities.logInfo("java.security.auth.login.config is already set to: " + property, iLogger);
        }
        return getSubjectViaJAASConfig(iLogger);
    }

    public static Subject getSubjectViaJAASConfig(ILogger iLogger) throws LoginException {
        LogUtilities.logFunctionEntrance(iLogger, new Object[0]);
        String property = System.getProperty(AUTH_LOGIN_CONFIG);
        if (null == property) {
            return null;
        }
        LogUtilities.logDebug("System.getProperty(" + AUTH_LOGIN_CONFIG + "): " + property, iLogger);
        if (null != System.getenv("KRB5_CONFIG")) {
            System.setProperty("java.security.krb5.conf", System.getenv("KRB5_CONFIG"));
        }
        LoginContext loginContext = new LoginContext("Client", (Subject) null, (CallbackHandler) null, Configuration.getConfiguration());
        loginContext.login();
        return loginContext.getSubject();
    }

    public static Subject getSubjectViaAccessControlContext(ILogger iLogger) {
        LogUtilities.logFunctionEntrance(iLogger, new Object[0]);
        return Subject.getSubject(AccessController.getContext());
    }

    public static Subject getSubjectViaTicketCache(ILogger iLogger) throws LoginException {
        Configuration kerberosAuthenticationHelper;
        LogUtilities.logFunctionEntrance(iLogger, new Object[0]);
        if (null != System.getenv("KRB5_CONFIG")) {
            System.setProperty("java.security.krb5.conf", System.getenv("KRB5_CONFIG"));
        }
        HashMap hashMap = new HashMap();
        if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
            hashMap.put("refreshKrb5Config", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            hashMap.put("useDefaultCcache", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            hashMap.put("renewTGT", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            hashMap.put("credsType", "initiator");
            kerberosAuthenticationHelper = new IBMKerberosAuthenticationHelper(hashMap);
        } else {
            String str = System.getenv("KRB5CCNAME");
            if (null != str) {
                hashMap.put("ticketCache", str);
            }
            hashMap.put("doNotPrompt", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            hashMap.put("renewTGT", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            hashMap.put("useTicketCache", ZooKeeperSaslClient.ENABLE_CLIENT_SASL_DEFAULT);
            kerberosAuthenticationHelper = new KerberosAuthenticationHelper(hashMap);
        }
        LoginContext loginContext = new LoginContext("Client", (Subject) null, (CallbackHandler) null, kerberosAuthenticationHelper);
        loginContext.login();
        return loginContext.getSubject();
    }
}
