package com.simba.spark.hivecommon.api;

import com.simba.spark.jdbc42.internal.apache.commons.codec.binary.Base64;
import com.simba.spark.jdbc42.internal.apache.http.auth.AuthenticationException;
import java.security.PrivilegedExceptionAction;
import java.util.concurrent.locks.ReentrantLock;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/simba/spark/hivecommon/api/HiveServerHttpPrivilegedAction.class */
public class HiveServerHttpPrivilegedAction<T> implements PrivilegedExceptionAction<T> {
    private static ReentrantLock s_kerberosLock;
    private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
    private static Oid s_kerberosOid;
    private GSSManager m_gssManager = GSSManager.getInstance();
    private GSSName m_gssServerName;
    private String m_service;
    private String m_tokenStr;

    public HiveServerHttpPrivilegedAction(String str) {
        this.m_service = str;
    }

    public String getKerberosTokenString() {
        return this.m_tokenStr;
    }

    @Override // java.security.PrivilegedExceptionAction
    public T run() throws Exception {
        try {
            s_kerberosLock.lock();
            GSSContext createContext = this.m_gssManager.createContext(this.m_gssManager.createName(this.m_service, GSSName.NT_HOSTBASED_SERVICE).canonicalize(s_kerberosOid), s_kerberosOid, (GSSCredential) null, 0);
            createContext.requestMutualAuth(true);
            createContext.requestCredDeleg(true);
            byte[] bArr = new byte[0];
            byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
            if (null == initSecContext) {
                throw new AuthenticationException("GSS security context initialization failed");
            }
            this.m_tokenStr = new String(Base64.encodeBase64(initSecContext, false));
            createContext.dispose();
            s_kerberosLock.unlock();
            return null;
        } catch (Throwable th) {
            s_kerberosLock.unlock();
            throw th;
        }
    }

    static {
        try {
            System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
            if (null != System.getenv("KRB5_CONFIG")) {
                System.setProperty("java.security.krb5.conf", System.getenv("KRB5_CONFIG"));
            }
            s_kerberosOid = new Oid(KERBEROS_OID);
            s_kerberosLock = new ReentrantLock(true);
        } catch (GSSException e) {
            throw new ExceptionInInitializerError((Throwable) e);
        }
    }
}
