package io.prestosql.tempto.kerberos;

import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:io/prestosql/tempto/kerberos/KerberosAuthentication.class */
public class KerberosAuthentication {
    private final Set<Principal> principalsSet;
    private final Configuration kerberosConfiguration;

    public KerberosAuthentication(String str, String str2) {
        Objects.requireNonNull(str, "principal is null");
        Objects.requireNonNull(str2, "keytab is null");
        this.principalsSet = ImmutableSet.of(new KerberosPrincipal(str));
        this.kerberosConfiguration = createKerberosConfiguration(str, str2);
    }

    private static Configuration createKerberosConfiguration(String str, String str2) {
        final Map<String, String> createLoginOptions = createLoginOptions(str, str2);
        return new Configuration() { // from class: io.prestosql.tempto.kerberos.KerberosAuthentication.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str3) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, createLoginOptions)};
            }
        };
    }

    private static Map<String, String> createLoginOptions(String str, String str2) {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.put("useKeyTab", "true");
        builder.put("principal", str);
        builder.put("keyTab", str2);
        builder.put("storeKey", "true");
        builder.put("doNotPrompt", "true");
        builder.put("isInitiator", "true");
        return builder.build();
    }

    public Subject authenticate() {
        try {
            LoginContext loginContext = new LoginContext("", new Subject(false, this.principalsSet, Collections.emptySet(), Collections.emptySet()), (CallbackHandler) null, this.kerberosConfiguration);
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw Throwables.propagate(e);
        }
    }
}
