package com.cloudera.cmf.service.auth;

import com.cloudera.cmf.ProductState;
import com.cloudera.cmf.security.KerberosCredentialsNotAvailableRuntimeException;
import com.cloudera.cmf.security.KerberosCredentialsReader;
import com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor;
import com.cloudera.cmf.service.csd.components.CsdVariableProvider;
import com.cloudera.server.cmf.FeatureManager;
import com.google.common.collect.Maps;
import com.sun.security.auth.module.Krb5LoginModule;
import java.io.File;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import org.apache.commons.io.FileUtils;

/* loaded from: input_file:com/cloudera/cmf/service/auth/KdcLoginMonitor.class */
public class KdcLoginMonitor extends AbstractExternalServerLoginMonitor {
    private final Map<String, String> kerberosLoginOptions;
    private final KerberosCredentialsReader kerberosCredentialsReader;
    private CallbackHandler callbackHandler;
    private Map<String, String> krbCredentials;

    public KdcLoginMonitor(FeatureManager featureManager, KerberosCredentialsReader kerberosCredentialsReader) {
        super(featureManager, "KDC");
        this.kerberosLoginOptions = Maps.newHashMap();
        this.callbackHandler = null;
        this.kerberosCredentialsReader = kerberosCredentialsReader;
    }

    @Override // com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor
    protected void initLoginCredentials() {
        try {
            if (!this.featureManager.hasFeature(ProductState.Feature.KERBEROS)) {
                this.initState = AbstractExternalServerLoginMonitor.InitializationState.STOP_RUNNING;
                THROTTLED_LOGGER.info("Kerberos feature is not available.");
                return;
            }
            this.krbCredentials = this.kerberosCredentialsReader.readAdminCredentials();
            String str = this.krbCredentials.get(KerberosCredentialsReader.CMF_KEYTAB_FILE_KEY);
            String str2 = this.krbCredentials.get(KerberosCredentialsReader.CMF_PRINCIPAL_KEY);
            String str3 = this.krbCredentials.get("SIMPLE_AUTH_PASSWORD_KEY");
            Boolean valueOf = Boolean.valueOf(!Boolean.parseBoolean(this.krbCredentials.get(KerberosCredentialsReader.USE_SIMPLE_AUTH_KEY)));
            this.kerberosLoginOptions.put("refreshKrb5Config", TRUE);
            this.kerberosLoginOptions.put("useTicketCache", FALSE);
            this.kerberosLoginOptions.put("renewTGT", FALSE);
            this.kerberosLoginOptions.put("doNotPrompt", valueOf.toString());
            this.kerberosLoginOptions.put("storeKey", FALSE);
            this.kerberosLoginOptions.put("isInitiator", TRUE);
            this.kerberosLoginOptions.put("useKeyTab", valueOf.toString());
            this.kerberosLoginOptions.put(CsdVariableProvider.PRINCIPAL_PLACEHOLDER, str2);
            if (valueOf.booleanValue()) {
                this.kerberosLoginOptions.put("keyTab", str);
            } else {
                this.callbackHandler = callbackArr -> {
                    for (Callback callback : callbackArr) {
                        if (callback instanceof NameCallback) {
                            ((NameCallback) callback).setName(str2);
                        }
                        if (callback instanceof PasswordCallback) {
                            ((PasswordCallback) callback).setPassword(str3.toCharArray());
                        }
                    }
                };
            }
            this.initState = AbstractExternalServerLoginMonitor.InitializationState.READY_TO_MEASURE;
        } catch (KerberosCredentialsNotAvailableRuntimeException e) {
            THROTTLED_LOGGER.info("KDC Login Monitor is not initialized, missing kerberos credentials.");
        } catch (Exception e2) {
            THROTTLED_LOGGER.info("KDC Login Monitor initialization failed:", e2);
        }
    }

    @Override // com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor
    protected void measure() {
        Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
        krb5LoginModule.initialize(new Subject(), this.callbackHandler, (Map) null, this.kerberosLoginOptions);
        measureLoginTime(krb5LoginModule);
    }

    @Override // com.cloudera.cmf.service.auth.AbstractExternalServerLoginMonitor
    protected void finalizeMonitoring() {
        try {
            if (this.krbCredentials != null && TRUE.equals(this.krbCredentials.get(KerberosCredentialsReader.DELETE_ADMIN_KEYTAB_AT_END))) {
                FileUtils.deleteQuietly(new File(this.krbCredentials.get(KerberosCredentialsReader.CMF_KEYTAB_FILE_KEY)));
                LOGGER.debug("Temporary keytab file removed successfully.");
            }
        } catch (Exception e) {
            LOGGER.error("Error during deleting temporary keytab file:", e);
        }
    }
}
