package eu.openanalytics.containerproxy.auth.impl.kerberos;

import java.io.IOException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import javax.security.auth.kerberos.KerberosTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:BOOT-INF/lib/containerproxy-0.8.2.jar:eu/openanalytics/containerproxy/auth/impl/kerberos/KRBTicketRenewalManager.class */
public class KRBTicketRenewalManager {
    private String servicePrincipal;
    private String serviceKeytab;
    private volatile KerberosTicket serviceTGT;
    private String[] backendPrincipals;
    private KRBClientCacheRegistry ccacheReg;
    private long renewInterval;
    private Logger log = LogManager.getLogger((Class<?>) KRBTicketRenewalManager.class);
    private ScheduledExecutorService executor = Executors.newSingleThreadScheduledExecutor();
    private Map<String, ScheduledFuture<?>> renewalJobs = new ConcurrentHashMap();

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-0.8.2.jar:eu/openanalytics/containerproxy/auth/impl/kerberos/KRBTicketRenewalManager$ProxyRenewalJob.class */
    private class ProxyRenewalJob implements Runnable {
        private ProxyRenewalJob() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                KRBTicketRenewalManager.this.serviceTGT = KRBUtils.createGSSContext(KRBTicketRenewalManager.this.servicePrincipal, KRBTicketRenewalManager.this.serviceKeytab);
            } catch (Exception e) {
                KRBTicketRenewalManager.this.log.error("Error while renewing TGT for " + KRBTicketRenewalManager.this.servicePrincipal, (Throwable) e);
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/containerproxy-0.8.2.jar:eu/openanalytics/containerproxy/auth/impl/kerberos/KRBTicketRenewalManager$RenewalJob.class */
    private class RenewalJob implements Runnable {
        private String principal;

        public RenewalJob(String str) {
            this.principal = str;
        }

        @Override // java.lang.Runnable
        public void run() {
            if (KRBTicketRenewalManager.this.backendPrincipals == null || KRBTicketRenewalManager.this.backendPrincipals.length == 0) {
                return;
            }
            try {
                String str = KRBTicketRenewalManager.this.ccacheReg.get(this.principal);
                if (str == null) {
                    str = KRBTicketRenewalManager.this.ccacheReg.create(this.principal);
                }
                SgtTicket obtainImpersonationTicket = KRBUtils.obtainImpersonationTicket(this.principal, KRBTicketRenewalManager.this.serviceTGT);
                KRBUtils.persistTicket(obtainImpersonationTicket, str);
                for (String str2 : KRBTicketRenewalManager.this.backendPrincipals) {
                    KRBUtils.persistTicket(KRBUtils.obtainBackendServiceTicket(str2, obtainImpersonationTicket.getTicket(), KRBTicketRenewalManager.this.serviceTGT), str);
                }
                KRBTicketRenewalManager.this.log.info("Renewed " + KRBTicketRenewalManager.this.backendPrincipals.length + " service tickets for user " + this.principal);
            } catch (Exception e) {
                KRBTicketRenewalManager.this.log.error("Error while renewing service tickets for " + this.principal, (Throwable) e);
            }
        }
    }

    public KRBTicketRenewalManager(String str, String str2, String[] strArr, KRBClientCacheRegistry kRBClientCacheRegistry, long j) {
        this.servicePrincipal = str;
        this.serviceKeytab = str2;
        this.backendPrincipals = strArr;
        this.ccacheReg = kRBClientCacheRegistry;
        this.renewInterval = j;
        this.executor.scheduleAtFixedRate(new ProxyRenewalJob(), 0L, j, TimeUnit.MILLISECONDS);
    }

    public synchronized void start(String str) {
        if (this.renewalJobs.containsKey(str)) {
            return;
        }
        this.renewalJobs.put(str, this.executor.scheduleAtFixedRate(new RenewalJob(str), 0L, this.renewInterval, TimeUnit.MILLISECONDS));
    }

    public synchronized void stop(String str) {
        ScheduledFuture<?> scheduledFuture = this.renewalJobs.get(str);
        if (scheduledFuture != null) {
            scheduledFuture.cancel(true);
            this.renewalJobs.remove(str);
        }
        try {
            this.ccacheReg.remove(str);
        } catch (IOException e) {
            this.log.error("Error while removing ccache for " + str, (Throwable) e);
        }
    }
}
