package org.apache.sentry.service.thrift;

import com.google.common.collect.Sets;
import java.io.File;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sentry/service/thrift/SentryKerberosContext.class */
public class SentryKerberosContext implements Runnable {
    private static final float TICKET_RENEW_WINDOW = 0.8f;
    private static final Logger LOGGER = LoggerFactory.getLogger(SentryKerberosContext.class);
    private LoginContext loginContext;
    private Subject subject;
    private final Configuration kerberosConfig;
    private Thread renewerThread;
    private boolean shutDownRenewer = false;

    public SentryKerberosContext(String str, String str2, boolean z) throws LoginException {
        this.subject = new Subject(false, Sets.newHashSet(new KerberosPrincipal[]{new KerberosPrincipal(str)}), new HashSet(), new HashSet());
        this.kerberosConfig = KerberosConfiguration.createClientConfig(str, new File(str2));
        loginWithNewContext();
        if (z) {
            startRenewerThread();
        }
    }

    public void loginWithNewContext() throws LoginException {
        String property = System.getProperty("hadoop.login");
        if (property == null) {
            property = "default";
        }
        String str = property.startsWith("hadoop_") ? property : "hadoop_" + property;
        String str2 = str.endsWith("_keytab") ? str : str + "_keytab";
        logoutSubject();
        this.loginContext = new LoginContext(str2, this.subject, (CallbackHandler) null, this.kerberosConfig);
        this.loginContext.login();
        this.subject = this.loginContext.getSubject();
    }

    private void logoutSubject() {
        if (this.loginContext != null) {
            try {
                this.loginContext.logout();
            } catch (LoginException e) {
                LOGGER.warn("Error logging out the subject", e);
            }
        }
        this.loginContext = null;
    }

    public Subject getSubject() {
        return this.subject;
    }

    private KerberosTicket getTGT() {
        for (KerberosTicket kerberosTicket : this.subject.getPrivateCredentials(KerberosTicket.class)) {
            KerberosPrincipal server = kerberosTicket.getServer();
            if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
                return kerberosTicket;
            }
        }
        return null;
    }

    private long getRefreshTime(KerberosTicket kerberosTicket) {
        return kerberosTicket.getStartTime().getTime() + (((float) (kerberosTicket.getEndTime().getTime() - r0)) * TICKET_RENEW_WINDOW);
    }

    @Override // java.lang.Runnable
    public void run() {
        try {
            try {
                try {
                    LOGGER.info("Sentry Ticket renewer thread started");
                    while (!this.shutDownRenewer) {
                        KerberosTicket tgt = getTGT();
                        long refreshTime = getRefreshTime(tgt);
                        if (tgt == null) {
                            LOGGER.warn("No ticket found in the cache");
                            logoutSubject();
                            LOGGER.info("Sentry Ticket renewer thread finished");
                            return;
                        }
                        while (System.currentTimeMillis() < refreshTime) {
                            Thread.sleep(1000L);
                            if (this.shutDownRenewer) {
                                logoutSubject();
                                LOGGER.info("Sentry Ticket renewer thread finished");
                                return;
                            }
                        }
                        loginWithNewContext();
                        LOGGER.debug("Renewed ticket");
                    }
                    logoutSubject();
                    LOGGER.info("Sentry Ticket renewer thread finished");
                } catch (InterruptedException e) {
                    LOGGER.warn("Sentry Ticket renewer thread interrupted", e);
                    logoutSubject();
                    LOGGER.info("Sentry Ticket renewer thread finished");
                }
            } catch (LoginException e2) {
                LOGGER.warn("Failed to renew ticket", e2);
                logoutSubject();
                LOGGER.info("Sentry Ticket renewer thread finished");
            }
        } catch (Throwable th) {
            logoutSubject();
            LOGGER.info("Sentry Ticket renewer thread finished");
            throw th;
        }
    }

    public void startRenewerThread() {
        this.renewerThread = new Thread(this);
        this.renewerThread.start();
    }

    public void shutDown() throws LoginException {
        if (this.renewerThread != null) {
            this.shutDownRenewer = true;
        } else {
            logoutSubject();
        }
    }
}
