package org.apache.zookeeper;

import java.util.Random;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.log4j.Logger;
import org.apache.zookeeper.client.ZooKeeperSaslClient;

/* loaded from: classes5.dex */
public class Login {
    private static final long MIN_TIME_BEFORE_RELOGIN = 60000;
    private static final float TICKET_RENEW_JITTER = 0.05f;
    private static final float TICKET_RENEW_WINDOW = 0.8f;
    private static Random rng = new Random();
    public CallbackHandler callbackHandler;
    private boolean isKrbTicket;
    private boolean isUsingKeytab;
    private boolean isUsingTicketCache;
    private String keytabFile;
    private LoginContext login;
    private String loginContextName;
    private String principal;
    private Subject subject;
    private Thread t;
    Logger LOG = Logger.getLogger(Login.class);
    private long lastLogin = 0;

    public Login(String str, CallbackHandler callbackHandler) throws LoginException {
        this.subject = null;
        this.t = null;
        this.isKrbTicket = false;
        this.isUsingTicketCache = false;
        this.isUsingKeytab = false;
        this.login = null;
        this.loginContextName = null;
        this.keytabFile = null;
        this.principal = null;
        this.callbackHandler = callbackHandler;
        LoginContext login = login(str);
        this.login = login;
        this.loginContextName = str;
        this.subject = login.getSubject();
        this.isKrbTicket = !r6.getPrivateCredentials(KerberosTicket.class).isEmpty();
        AppConfigurationEntry[] appConfigurationEntry = Configuration.getConfiguration().getAppConfigurationEntry(str);
        if (appConfigurationEntry.length > 0) {
            AppConfigurationEntry appConfigurationEntry2 = appConfigurationEntry[0];
            if (appConfigurationEntry2.getOptions().get("useTicketCache") != null && ((String) appConfigurationEntry2.getOptions().get("useTicketCache")).equals("true")) {
                this.isUsingTicketCache = true;
            }
            if (appConfigurationEntry2.getOptions().get("keyTab") != null) {
                this.keytabFile = (String) appConfigurationEntry2.getOptions().get("keyTab");
                this.isUsingKeytab = true;
            }
            if (appConfigurationEntry2.getOptions().get("principal") != null) {
                this.principal = (String) appConfigurationEntry2.getOptions().get("principal");
            }
        }
        if (this.isKrbTicket) {
            Thread thread = new Thread(new Runnable() { // from class: org.apache.zookeeper.Login.1
                /* JADX WARN: Removed duplicated region for block: B:85:0x010c A[SYNTHETIC] */
                @Override // java.lang.Runnable
                /*
                    Code decompiled incorrectly, please refer to instructions dump.
                    To view partially-correct add '--show-bad-code' argument
                */
                public void run() {
                    /*
                        Method dump skipped, instructions count: 622
                        To view this dump add '--comments-level debug' option
                    */
                    throw new UnsupportedOperationException("Method not decompiled: org.apache.zookeeper.Login.AnonymousClass1.run():void");
                }
            });
            this.t = thread;
            thread.setDaemon(true);
        }
    }

    private long getLastLogin() {
        return this.lastLogin;
    }

    private LoginContext getLogin() {
        return this.login;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public long getRefreshTime(KerberosTicket kerberosTicket) {
        long time = kerberosTicket.getStartTime().getTime();
        long time2 = kerberosTicket.getEndTime().getTime();
        this.LOG.info("TGT valid starting at:        " + kerberosTicket.getStartTime().toString());
        this.LOG.info("TGT expires:                  " + kerberosTicket.getEndTime().toString());
        long nextDouble = time + ((long) ((time2 - time) * ((rng.nextDouble() * 0.05000000074505806d) + 0.800000011920929d)));
        return nextDouble > time2 ? System.currentTimeMillis() : nextDouble;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized KerberosTicket getTGT() {
        for (KerberosTicket kerberosTicket : this.subject.getPrivateCredentials(KerberosTicket.class)) {
            KerberosPrincipal server = kerberosTicket.getServer();
            if (server.getName().equals("krbtgt/" + server.getRealm() + "@" + server.getRealm())) {
                this.LOG.debug("Found tgt " + kerberosTicket + ".");
                return kerberosTicket;
            }
        }
        return null;
    }

    private boolean hasSufficientTimeElapsed() {
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - getLastLogin() < 60000) {
            this.LOG.warn("Not attempting to re-login since the last re-login was attempted less than 60 seconds before.");
            return false;
        }
        setLastLogin(currentTimeMillis);
        return true;
    }

    private synchronized LoginContext login(String str) throws LoginException {
        LoginContext loginContext;
        if (str == null) {
            throw new LoginException("loginContext name (JAAS file section header) was null. Please check your java.security.login.auth.config (=" + System.getProperty("java.security.login.auth.config") + ") and your " + ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY + "(=" + System.getProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client") + ")");
        }
        loginContext = new LoginContext(str, this.callbackHandler);
        loginContext.login();
        this.LOG.info("successfully logged in.");
        return loginContext;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void reLogin() throws LoginException {
        if (this.isKrbTicket) {
            LoginContext login = getLogin();
            if (login == null) {
                throw new LoginException("login must be done first");
            }
            if (hasSufficientTimeElapsed()) {
                this.LOG.info("Initiating logout for " + this.principal);
                synchronized (Login.class) {
                    login.logout();
                    LoginContext loginContext = new LoginContext(this.loginContextName, getSubject());
                    this.LOG.info("Initiating re-login for " + this.principal);
                    loginContext.login();
                    setLogin(loginContext);
                }
            }
        }
    }

    private void setLastLogin(long j) {
        this.lastLogin = j;
    }

    private void setLogin(LoginContext loginContext) {
        this.login = loginContext;
    }

    public String getLoginContextName() {
        return this.loginContextName;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public void shutdown() {
        Thread thread = this.t;
        if (thread == null || !thread.isAlive()) {
            return;
        }
        this.t.interrupt();
        try {
            this.t.join();
        } catch (InterruptedException e) {
            this.LOG.warn("error while waiting for Login thread to shutdown: " + e);
        }
    }

    public void startThreadIfNeeded() {
        Thread thread = this.t;
        if (thread != null) {
            thread.start();
        }
    }
}
