package org.apache.hadoop.security.login;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.security.User;
import org.apache.hadoop.util.PlatformName;
import org.jline.reader.LineReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:WEB-INF/lib/hadoop-common-3.3.4.107-eep-910.jar:org/apache/hadoop/security/login/HadoopLoginModule.class */
public class HadoopLoginModule implements LoginModule {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) HadoopLoginModule.class);
    private static final Class<? extends Principal> OS_PRINCIPAL_CLASS = getOsPrincipalClass();
    List<Class<? extends Principal>> principalPriority = new ArrayList();
    List<Class<? extends Principal>> additionalPrincipals = new ArrayList();
    private Subject subject;

    private static Class<? extends Principal> getOsPrincipalClass() {
        String str;
        ClassLoader systemClassLoader = ClassLoader.getSystemClassLoader();
        try {
            if (PlatformName.IBM_JAVA) {
                str = PlatformName.IS_64BIT ? "com.ibm.security.auth.UsernamePrincipal" : PlatformName.IS_WINDOWS ? "com.ibm.security.auth.NTUserPrincipal" : PlatformName.IS_AIX ? "com.ibm.security.auth.AIXPrincipal" : "com.ibm.security.auth.LinuxPrincipal";
            } else {
                str = PlatformName.IS_WINDOWS ? "com.sun.security.auth.NTUserPrincipal" : "com.sun.security.auth.UnixPrincipal";
            }
            return systemClassLoader.loadClass(str);
        } catch (ClassNotFoundException e) {
            LOG.error("Unable to find JAAS classes:" + e.getMessage());
            return null;
        }
    }

    public boolean abort() throws LoginException {
        return true;
    }

    private <T extends Principal> T getCanonicalUser(Class<T> cls) {
        for (T t : this.subject.getPrincipals(cls)) {
            if (cls.isInstance(t)) {
                return t;
            }
        }
        return null;
    }

    private void warnIfIdentityAmbiguity(User user, Principal principal) {
        User user2 = new User(principal.getName());
        if (user.getShortName().equals(user2.getShortName())) {
            return;
        }
        LOG.error("Possible identity ambiguity. Found these two different names in Subject: " + user + ", " + user2 + ". Two different identities were found by the LoginModules in the JAAS configuration file.");
    }

    public boolean commit() throws LoginException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("hadoop login commit");
        }
        if (!this.subject.getPrincipals(User.class).isEmpty()) {
            if (!LOG.isDebugEnabled()) {
                return true;
            }
            LOG.debug("Using existing subject:" + this.subject.getPrincipals());
            return true;
        }
        User user = null;
        Iterator<Class<? extends Principal>> it = this.principalPriority.iterator();
        while (it.hasNext()) {
            Principal canonicalUser = getCanonicalUser(it.next());
            if (canonicalUser != null) {
                if (user == null) {
                    user = new User(canonicalUser.getName());
                } else {
                    warnIfIdentityAmbiguity(user, canonicalUser);
                }
            }
        }
        if (user == null) {
            Iterator<Class<? extends Principal>> it2 = this.additionalPrincipals.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Principal canonicalUser2 = getCanonicalUser(it2.next());
                if (canonicalUser2 != null) {
                    user = new User(canonicalUser2.getName());
                    break;
                }
            }
        }
        if (user != null) {
            this.subject.getPrincipals().add(user);
            return true;
        }
        LOG.error("Can't find expected Hadoop user in " + this.subject);
        throw new LoginException("Can't find user name");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        int i;
        this.subject = subject;
        try {
            boolean z = false;
            String str = (String) map2.get("principalPriority");
            if (str != null) {
                String[] split = str.trim().split(",[\\s]*");
                if (split[0].equalsIgnoreCase(LineReader.CLEAR)) {
                    z = true;
                    i = 1;
                } else {
                    i = 0;
                }
                for (int i2 = i; i2 < split.length; i2++) {
                    this.principalPriority.add(Class.forName(split[i2]));
                }
            }
            if (!z) {
                this.principalPriority.add(0, KerberosPrincipal.class);
            }
            if (!z) {
                this.additionalPrincipals.add(OS_PRINCIPAL_CLASS);
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Priority principal search list is " + Arrays.toString(this.principalPriority.toArray()));
                LOG.debug("Additional principal search list is " + Arrays.toString(this.additionalPrincipals.toArray()));
            }
        } catch (Exception e) {
            throw new RuntimeException("Failure to initialize Hadoop login module", e);
        }
    }

    public boolean login() throws LoginException {
        if (!LOG.isDebugEnabled()) {
            return true;
        }
        LOG.debug("hadoop login");
        return true;
    }

    public boolean logout() throws LoginException {
        if (!LOG.isDebugEnabled()) {
            return true;
        }
        LOG.debug("hadoop logout");
        return true;
    }
}
