package org.apache.kyuubi.jdbc.hive.auth;

import java.util.Locale;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;

/* loaded from: input_file:org/apache/kyuubi/jdbc/hive/auth/KerberosUtils.class */
public final class KerberosUtils {
    private static final String HOSTNAME_PATTERN = "_HOST";
    private static final float TICKET_RENEW_WINDOW = 0.8f;

    public static String[] splitPrincipal(String str) {
        return str.split("[/@]");
    }

    public static String canonicalPrincipal(String str, String str2) {
        String[] splitPrincipal = splitPrincipal(str);
        if (splitPrincipal.length != 3) {
            throw new IllegalArgumentException("Kerberos principal should have 3 parts: " + str);
        }
        return !splitPrincipal[1].equals("_HOST") ? str : String.format("%s/%s@%s", splitPrincipal[0], str2.toLowerCase(Locale.ENGLISH), splitPrincipal[2]);
    }

    public static String canonicalClientPrincipal(String str, String str2) {
        String[] splitPrincipal = splitPrincipal(str);
        return (splitPrincipal.length == 3 && splitPrincipal[1].equals("_HOST")) ? canonicalPrincipal(str, str2) : str;
    }

    public static KerberosTicket getTgt(Subject subject) {
        for (KerberosTicket kerberosTicket : subject.getPrivateCredentials(KerberosTicket.class)) {
            if (isOriginalTgt(kerberosTicket)) {
                return kerberosTicket;
            }
        }
        throw new IllegalArgumentException("kerberos ticket not found in " + subject);
    }

    public static long getTgtRefreshTime(KerberosTicket kerberosTicket) {
        return kerberosTicket.getStartTime().getTime() + (((float) (kerberosTicket.getEndTime().getTime() - r0)) * TICKET_RENEW_WINDOW);
    }

    public static boolean isOriginalTgt(KerberosTicket kerberosTicket) {
        return isTgsPrincipal(kerberosTicket.getServer());
    }

    private static boolean isTgsPrincipal(KerberosPrincipal kerberosPrincipal) {
        if (kerberosPrincipal == null) {
            return false;
        }
        return kerberosPrincipal.getName().equals("krbtgt/" + kerberosPrincipal.getRealm() + "@" + kerberosPrincipal.getRealm());
    }
}
