package org.apache.calcite.avatica.server;

import java.lang.reflect.Field;
import java.util.Objects;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import org.eclipse.jetty.security.SpnegoLoginService;
import org.eclipse.jetty.security.SpnegoUserPrincipal;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.util.B64Code;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/avatica-server-1.16.0.jar:org/apache/calcite/avatica/server/PropertyBasedSpnegoLoginService.class */
public class PropertyBasedSpnegoLoginService extends SpnegoLoginService {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) PropertyBasedSpnegoLoginService.class);
    private static final String TARGET_NAME_FIELD_NAME = "_targetName";
    private final String serverPrincipal;

    public PropertyBasedSpnegoLoginService(String str, String str2) {
        super(str);
        this.serverPrincipal = (String) Objects.requireNonNull(str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.eclipse.jetty.security.SpnegoLoginService, org.eclipse.jetty.util.component.AbstractLifeCycle
    public void doStart() throws Exception {
        Field declaredField = SpnegoLoginService.class.getDeclaredField(TARGET_NAME_FIELD_NAME);
        declaredField.setAccessible(true);
        declaredField.set(this, this.serverPrincipal);
    }

    @Override // org.eclipse.jetty.security.SpnegoLoginService, org.eclipse.jetty.security.LoginService
    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        byte[] decode = B64Code.decode((String) obj);
        GSSManager gSSManager = GSSManager.getInstance();
        try {
            Oid oid = new Oid("1.3.6.1.5.5.2");
            GSSContext createContext = gSSManager.createContext(gSSManager.createCredential(gSSManager.createName(this.serverPrincipal, (Oid) null), Integer.MAX_VALUE, new Oid[]{new Oid("1.2.840.113554.1.2.2"), oid}, 2));
            if (createContext == null) {
                LOG.debug("SpnegoUserRealm: failed to establish GSSContext");
                return null;
            }
            while (!createContext.isEstablished()) {
                decode = createContext.acceptSecContext(decode, 0, decode.length);
            }
            if (!createContext.isEstablished()) {
                return null;
            }
            String gSSName = createContext.getSrcName().toString();
            String substring = gSSName.substring(gSSName.indexOf(64) + 1);
            LOG.debug("SpnegoUserRealm: established a security context");
            LOG.debug("Client Principal is: {}", createContext.getSrcName());
            LOG.debug("Server Principal is: {}", createContext.getTargName());
            LOG.debug("Client Default Role: {}", substring);
            SpnegoUserPrincipal spnegoUserPrincipal = new SpnegoUserPrincipal(gSSName, decode);
            Subject subject = new Subject();
            subject.getPrincipals().add(spnegoUserPrincipal);
            return this._identityService.newUserIdentity(subject, spnegoUserPrincipal, new String[]{substring});
        } catch (GSSException e) {
            LOG.warn("Caught GSSException trying to authenticate the client", e);
            return null;
        }
    }
}
