package io.trino.plugin.base.authentication;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.InetAddress;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;

/* loaded from: input_file:io/trino/plugin/base/authentication/KerberosConfiguration.class */
public final class KerberosConfiguration extends Record {
    private final KerberosPrincipal kerberosPrincipal;
    private final Map<String, String> options;
    private static final String KERBEROS_LOGIN_MODULE = "com.sun.security.auth.module.Krb5LoginModule";
    private static final Pattern PRINCIPAL_NAME_PATTERN = Pattern.compile("(.*/)_HOST(@.*)?");

    /* loaded from: input_file:io/trino/plugin/base/authentication/KerberosConfiguration$Builder.class */
    public static class Builder {
        private KerberosPrincipal kerberosPrincipal;
        private Optional<String> keytabLocation = Optional.empty();
        private Optional<String> credentialCacheLocation = Optional.empty();

        public Builder withKerberosPrincipal(String str) {
            this.kerberosPrincipal = createKerberosPrincipal(str);
            return this;
        }

        public Builder withKeytabLocation(String str) {
            verifyFile(str);
            this.keytabLocation = Optional.of(str);
            return this;
        }

        public Builder withCredentialCacheLocation(String str) {
            verifyFile(str);
            this.credentialCacheLocation = Optional.of(str);
            return this;
        }

        public KerberosConfiguration build() {
            ImmutableMap.Builder put = ImmutableMap.builder().put("doNotPrompt", "true").put("isInitiator", "true").put("principal", this.kerberosPrincipal.getName());
            Preconditions.checkArgument(this.keytabLocation.isPresent() ^ this.credentialCacheLocation.isPresent(), "Either keytab or credential cache must be specified");
            this.keytabLocation.ifPresent(str -> {
                put.put("useKeyTab", "true").put("storeKey", "true").put("keyTab", str);
            });
            this.credentialCacheLocation.ifPresent(str2 -> {
                put.put("useTicketCache", "true").put("renewTGT", "true").put("ticketCache", str2);
            });
            return new KerberosConfiguration(this.kerberosPrincipal, put.buildOrThrow());
        }

        private static KerberosPrincipal createKerberosPrincipal(String str) {
            try {
                return new KerberosPrincipal(getServerPrincipal(str, InetAddress.getLocalHost().getCanonicalHostName()));
            } catch (IOException e) {
                throw new UncheckedIOException(e);
            }
        }

        @VisibleForTesting
        static String getServerPrincipal(String str, String str2) {
            Matcher matcher = KerberosConfiguration.PRINCIPAL_NAME_PATTERN.matcher(str);
            return matcher.matches() ? matcher.replaceAll("$1" + str2.toLowerCase(Locale.ENGLISH) + "$2") : str;
        }

        private static void verifyFile(String str) {
            Path path = Paths.get(str, new String[0]);
            Preconditions.checkArgument(Files.exists(path, new LinkOption[0]), "File does not exist: %s", str);
            Preconditions.checkArgument(Files.isReadable(path), "File is not readable: %s", str);
        }
    }

    public KerberosConfiguration(KerberosPrincipal kerberosPrincipal, Map<String, String> map) {
        Objects.requireNonNull(kerberosPrincipal, "kerberosPrincipal is null");
        ImmutableMap copyOf = ImmutableMap.copyOf((Map) Objects.requireNonNull(map, "options is null"));
        this.kerberosPrincipal = kerberosPrincipal;
        this.options = copyOf;
    }

    public KerberosConfiguration withDebug() {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        builder.putAll(this.options).put("debug", "true");
        return new KerberosConfiguration(this.kerberosPrincipal, builder.buildOrThrow());
    }

    public Configuration getConfiguration() {
        return new Configuration() { // from class: io.trino.plugin.base.authentication.KerberosConfiguration.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry(KerberosConfiguration.KERBEROS_LOGIN_MODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, KerberosConfiguration.this.options)};
            }
        };
    }

    @Override // java.lang.Record
    public final String toString() {
        return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, KerberosConfiguration.class), KerberosConfiguration.class, "kerberosPrincipal;options", "FIELD:Lio/trino/plugin/base/authentication/KerberosConfiguration;->kerberosPrincipal:Ljavax/security/auth/kerberos/KerberosPrincipal;", "FIELD:Lio/trino/plugin/base/authentication/KerberosConfiguration;->options:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final int hashCode() {
        return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, KerberosConfiguration.class), KerberosConfiguration.class, "kerberosPrincipal;options", "FIELD:Lio/trino/plugin/base/authentication/KerberosConfiguration;->kerberosPrincipal:Ljavax/security/auth/kerberos/KerberosPrincipal;", "FIELD:Lio/trino/plugin/base/authentication/KerberosConfiguration;->options:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
    }

    @Override // java.lang.Record
    public final boolean equals(Object obj) {
        return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, KerberosConfiguration.class, Object.class), KerberosConfiguration.class, "kerberosPrincipal;options", "FIELD:Lio/trino/plugin/base/authentication/KerberosConfiguration;->kerberosPrincipal:Ljavax/security/auth/kerberos/KerberosPrincipal;", "FIELD:Lio/trino/plugin/base/authentication/KerberosConfiguration;->options:Ljava/util/Map;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
    }

    public KerberosPrincipal kerberosPrincipal() {
        return this.kerberosPrincipal;
    }

    public Map<String, String> options() {
        return this.options;
    }
}
