package org.elasticsearch.hadoop.security;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:org/elasticsearch/hadoop/security/LoginUtil.class */
public class LoginUtil {
    private static final String SUN_KRB5_LOGIN_MODULE = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String KERBEROS_CONFIG_NAME = "es-hadoop-user-kerberos";

    /* loaded from: input_file:org/elasticsearch/hadoop/security/LoginUtil$KerberosKeytabConfiguration.class */
    private static class KerberosKeytabConfiguration extends Configuration {
        private final String principalName;
        private final String keytabFile;

        public KerberosKeytabConfiguration(String str, String str2) {
            this.principalName = str;
            this.keytabFile = str2;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("doNotPrompt", "true");
            hashMap.put("principal", this.principalName);
            hashMap.put("storeKey", "true");
            hashMap.put("isInitiator", "true");
            hashMap.put("refreshKrb5Config", "true");
            hashMap.put("useKeyTab", "true");
            hashMap.put("keyTab", this.keytabFile);
            return new AppConfigurationEntry[]{new AppConfigurationEntry(LoginUtil.SUN_KRB5_LOGIN_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    /* loaded from: input_file:org/elasticsearch/hadoop/security/LoginUtil$KerberosPasswordCallbackHandler.class */
    private static class KerberosPasswordCallbackHandler implements CallbackHandler {
        private final String principalName;
        private final String password;

        public KerberosPasswordCallbackHandler(String str, String str2) {
            this.principalName = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (passwordCallback.getPrompt().contains(this.principalName)) {
                        passwordCallback.setPassword(this.password.toCharArray());
                        return;
                    }
                }
            }
        }
    }

    /* loaded from: input_file:org/elasticsearch/hadoop/security/LoginUtil$KerberosPasswordConfiguration.class */
    private static class KerberosPasswordConfiguration extends Configuration {
        private final String principalName;

        public KerberosPasswordConfiguration(String str) {
            this.principalName = str;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("principal", this.principalName);
            hashMap.put("storeKey", "true");
            hashMap.put("isInitiator", "true");
            hashMap.put("refreshKrb5Config", "true");
            return new AppConfigurationEntry[]{new AppConfigurationEntry(LoginUtil.SUN_KRB5_LOGIN_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    public static LoginContext login(String str, String str2) throws LoginException {
        LoginContext loginContext = new LoginContext(KERBEROS_CONFIG_NAME, new Subject(false, Collections.singleton(new KerberosPrincipal(str)), Collections.emptySet(), Collections.emptySet()), new KerberosPasswordCallbackHandler(str, str2), new KerberosPasswordConfiguration(str));
        loginContext.login();
        return loginContext;
    }

    public static LoginContext keytabLogin(String str, String str2) throws LoginException {
        LoginContext loginContext = new LoginContext(KERBEROS_CONFIG_NAME, new Subject(false, Collections.singleton(new KerberosPrincipal(str)), Collections.emptySet(), Collections.emptySet()), (CallbackHandler) null, new KerberosKeytabConfiguration(str, str2));
        loginContext.login();
        return loginContext;
    }
}
