package org.keycloak.federation.kerberos.impl;

import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.logging.Logger;
import org.keycloak.common.util.KerberosJdkProvider;
import org.keycloak.federation.kerberos.CommonKerberosConfig;

/* loaded from: input_file:org/keycloak/federation/kerberos/impl/KerberosServerSubjectAuthenticator.class */
public class KerberosServerSubjectAuthenticator {
    private static final Logger logger = Logger.getLogger(KerberosServerSubjectAuthenticator.class);
    private static final CallbackHandler NO_CALLBACK_HANDLER = new CallbackHandler() { // from class: org.keycloak.federation.kerberos.impl.KerberosServerSubjectAuthenticator.1
        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            throw new UnsupportedCallbackException(callbackArr[0]);
        }
    };
    private final CommonKerberosConfig config;
    private LoginContext loginContext;

    public KerberosServerSubjectAuthenticator(CommonKerberosConfig commonKerberosConfig) {
        this.config = commonKerberosConfig;
    }

    public Subject authenticateServerSubject() throws LoginException {
        this.loginContext = new LoginContext("does-not-matter", (Subject) null, NO_CALLBACK_HANDLER, createJaasConfiguration());
        this.loginContext.login();
        return this.loginContext.getSubject();
    }

    public void logoutServerSubject() {
        if (this.loginContext != null) {
            try {
                this.loginContext.logout();
            } catch (LoginException e) {
                logger.error("Failed to logout kerberos server subject: " + this.config.getServerPrincipal(), e);
            }
        }
    }

    protected Configuration createJaasConfiguration() {
        return KerberosJdkProvider.getProvider().createJaasConfigurationForServer(this.config.getKeyTab(), this.config.getServerPrincipal(), this.config.isDebug());
    }
}
