package org.apache.knox.gateway.topology.discovery.cm.auth;

import java.io.File;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.topology.discovery.cm.ClouderaManagerServiceDiscoveryMessages;

/* loaded from: input_file:org/apache/knox/gateway/topology/discovery/cm/auth/AuthUtils.class */
public class AuthUtils {
    static final String JGSS_LOGIN_MODULE = "com.sun.security.jgss.initiate";
    private static ClouderaManagerServiceDiscoveryMessages log = (ClouderaManagerServiceDiscoveryMessages) MessagesFactory.get(ClouderaManagerServiceDiscoveryMessages.class);
    private static Configuration kerberosConfig;

    public static String getKerberosLoginConfigLocation() {
        return System.getProperty("java.security.auth.login.config");
    }

    public static synchronized Configuration getKerberosJAASConfiguration() throws Exception {
        String kerberosLoginConfigLocation;
        if (kerberosConfig == null && (kerberosLoginConfigLocation = getKerberosLoginConfigLocation()) != null && !kerberosLoginConfigLocation.isEmpty()) {
            kerberosConfig = createKerberosJAASConfiguration(kerberosLoginConfigLocation);
        }
        return kerberosConfig;
    }

    public static Configuration createKerberosJAASConfiguration(String str) throws Exception {
        if (str == null) {
            throw new IllegalArgumentException("Invalid login configuration.");
        }
        return new JAASClientConfig(new File(str).toURI().toURL());
    }

    public static Subject getKerberosSubject() {
        Subject subject = null;
        try {
            Configuration kerberosJAASConfiguration = getKerberosJAASConfiguration();
            if (kerberosJAASConfiguration != null) {
                log.attemptingKerberosLogin(getKerberosLoginConfigLocation());
                LoginContext loginContext = new LoginContext(JGSS_LOGIN_MODULE, (Subject) null, (CallbackHandler) null, kerberosJAASConfiguration);
                loginContext.login();
                subject = loginContext.getSubject();
            }
        } catch (Exception e) {
            log.failedKerberosLogin(getKerberosLoginConfigLocation(), JGSS_LOGIN_MODULE, e);
        }
        return subject;
    }
}
