package io.trino.jdbc.$internal.client.auth.kerberos;

import io.trino.jdbc.$internal.guava.base.Throwables;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:lib/trino-jdbc-424.jar:io/trino/jdbc/$internal/client/auth/kerberos/AbstractUnconstrainedContextProvider.class */
public abstract class AbstractUnconstrainedContextProvider extends BaseGSSContextProvider {
    private GSSCredential clientCredential;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/trino-jdbc-424.jar:io/trino/jdbc/$internal/client/auth/kerberos/AbstractUnconstrainedContextProvider$GssSupplier.class */
    public interface GssSupplier<T> {
        T get() throws GSSException;
    }

    @Override // io.trino.jdbc.$internal.client.auth.kerberos.GSSContextProvider
    public GSSContext getContext(String str) throws GSSException {
        if (this.clientCredential == null || this.clientCredential.getRemainingLifetime() < MIN_CREDENTIAL_LIFETIME.getValue(TimeUnit.SECONDS)) {
            this.clientCredential = createGssCredential();
        }
        return (GSSContext) doAs(getSubject(), () -> {
            return createContext(str, this.clientCredential);
        });
    }

    private GSSCredential createGssCredential() throws GSSException {
        refresh();
        Subject subject = getSubject();
        Principal next = subject.getPrincipals().iterator().next();
        return (GSSCredential) doAs(subject, () -> {
            return GSS_MANAGER.createCredential(GSS_MANAGER.createName(next.getName(), GSSName.NT_USER_NAME), 0, KERBEROS_OID, 1);
        });
    }

    public abstract void refresh() throws GSSException;

    protected abstract Subject getSubject();

    static <T> T doAs(Subject subject, GssSupplier<T> gssSupplier) throws GSSException {
        try {
            Objects.requireNonNull(gssSupplier);
            return (T) Subject.doAs(subject, gssSupplier::get);
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            Throwables.throwIfInstanceOf(cause, GSSException.class);
            Throwables.throwIfUnchecked(cause);
            throw new RuntimeException(cause);
        }
    }
}
