package org.keycloak.federation.kerberos.impl;

import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.logging.Logger;
import org.keycloak.constants.KerberosConstants;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.protocol.saml.SamlProtocol;

/* loaded from: input_file:WEB-INF/lib/keycloak-kerberos-federation-1.2.0.Beta1.jar:org/keycloak/federation/kerberos/impl/KerberosServerSubjectAuthenticator.class */
public class KerberosServerSubjectAuthenticator {
    private static final Logger logger = Logger.getLogger((Class<?>) KerberosServerSubjectAuthenticator.class);
    private final CommonKerberosConfig config;
    private LoginContext loginContext;

    public KerberosServerSubjectAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        this.config = commonKerberosConfig;
    }

    public Subject authenticateServerSubject() throws LoginException {
        this.loginContext = new LoginContext("does-not-matter", (Subject) null, (CallbackHandler) null, createJaasConfiguration());
        this.loginContext.login();
        return this.loginContext.getSubject();
    }

    public void logoutServerSubject() {
        if (this.loginContext != null) {
            try {
                this.loginContext.logout();
            } catch (LoginException e) {
                logger.error("Failed to logout kerberos server subject: " + this.config.getServerPrincipal(), e);
            }
        }
    }

    protected Configuration createJaasConfiguration() {
        return new Configuration() { // from class: org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                HashMap hashMap = new HashMap();
                hashMap.put("storeKey", SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                hashMap.put("doNotPrompt", SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                hashMap.put("isInitiator", SamlProtocol.ATTRIBUTE_FALSE_VALUE);
                hashMap.put("useKeyTab", SamlProtocol.ATTRIBUTE_TRUE_VALUE);
                hashMap.put(KerberosConstants.KEYTAB, KerberosServerSubjectAuthenticator.this.config.getKeyTab());
                hashMap.put("principal", KerberosServerSubjectAuthenticator.this.config.getServerPrincipal());
                hashMap.put("debug", String.valueOf(KerberosServerSubjectAuthenticator.this.config.getDebug()));
                return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
            }
        };
    }
}
