package org.apache.hadoop.hive.druid.security;

import java.net.CookieStore;
import java.net.HttpCookie;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/druid/security/DruidKerberosUtil.class */
public final class DruidKerberosUtil {
    protected static final Logger LOG = LoggerFactory.getLogger(DruidKerberosUtil.class);
    private static final Base64 BASE_64_CODEC = new Base64(0);
    private static final ReentrantLock KERBEROS_LOCK = new ReentrantLock(true);

    private DruidKerberosUtil() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String kerberosChallenge(String str) throws AuthenticationException {
        KERBEROS_LOCK.lock();
        try {
            try {
                Oid oidInstance = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID");
                GSSManager gSSManager = GSSManager.getInstance();
                GSSName createName = gSSManager.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE);
                GSSContext createContext = gSSManager.createContext(createName.canonicalize(oidInstance), oidInstance, (GSSCredential) null, 0);
                createContext.requestMutualAuth(true);
                createContext.requestCredDeleg(true);
                byte[] bArr = new byte[0];
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                createContext.dispose();
                LOG.debug("Got valid challenge for host {}", createName);
                String str2 = new String(BASE_64_CODEC.encode(initSecContext), StandardCharsets.US_ASCII);
                KERBEROS_LOCK.unlock();
                return str2;
            } catch (GSSException | ClassNotFoundException | IllegalAccessException | NoSuchFieldException e) {
                throw new AuthenticationException(e);
            }
        } catch (Throwable th) {
            KERBEROS_LOCK.unlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static HttpCookie getAuthCookie(CookieStore cookieStore, URI uri) {
        if (cookieStore == null) {
            return null;
        }
        boolean equals = uri.getScheme().equals("https");
        for (HttpCookie httpCookie : cookieStore.getCookies()) {
            if (!httpCookie.getSecure() || equals) {
                if (httpCookie.getName().equals("hadoop.auth")) {
                    return httpCookie;
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void removeAuthCookie(CookieStore cookieStore, URI uri) {
        HttpCookie authCookie = getAuthCookie(cookieStore, uri);
        if (authCookie != null) {
            cookieStore.remove(uri, authCookie);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean needToSendCredentials(CookieStore cookieStore, URI uri) {
        return getAuthCookie(cookieStore, uri) == null;
    }
}
