package io.trino.plugin.base.authentication;

import com.google.common.collect.ImmutableSet;
import io.airlift.log.Logger;
import java.util.Collections;
import java.util.Objects;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:io/trino/plugin/base/authentication/KerberosAuthentication.class */
public class KerberosAuthentication {
    private static final Logger log = Logger.get(KerberosAuthentication.class);
    private final KerberosPrincipal principal;
    private final Configuration configuration;

    public KerberosAuthentication(KerberosConfiguration kerberosConfiguration) {
        Objects.requireNonNull(kerberosConfiguration, "kerberosConfiguration is null");
        this.principal = kerberosConfiguration.kerberosPrincipal();
        this.configuration = (log.isDebugEnabled() ? kerberosConfiguration.withDebug() : kerberosConfiguration).getConfiguration();
    }

    public Subject getSubject() {
        try {
            LoginContext loginContext = new LoginContext("", new Subject(false, ImmutableSet.of(this.principal), Collections.emptySet(), Collections.emptySet()), (CallbackHandler) null, this.configuration);
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw new RuntimeException(e);
        }
    }

    public void attemptLogin(Subject subject) {
        try {
            new LoginContext("", subject, (CallbackHandler) null, this.configuration).login();
        } catch (LoginException e) {
            throw new RuntimeException(e);
        }
    }
}
