package alluxio.security;

import alluxio.Configuration;
import alluxio.Constants;
import alluxio.security.authentication.AuthType;
import alluxio.security.login.AppLoginModule;
import alluxio.security.login.LoginModuleConfiguration;
import java.io.IOException;
import java.util.Set;
import javax.annotation.concurrent.ThreadSafe;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

@ThreadSafe
/* loaded from: input_file:alluxio/security/LoginUser.class */
public final class LoginUser {
    private static User sLoginUser;

    private LoginUser() {
    }

    public static User get() throws IOException {
        if (sLoginUser == null) {
            synchronized (LoginUser.class) {
                if (sLoginUser == null) {
                    sLoginUser = login();
                }
            }
        }
        return sLoginUser;
    }

    private static User login() throws IOException {
        AuthType authType = (AuthType) Configuration.getEnum(Constants.SECURITY_AUTHENTICATION_TYPE, AuthType.class);
        checkSecurityEnabled(authType);
        try {
            Subject subject = new Subject();
            AppLoginModule.AppCallbackHandler appCallbackHandler = null;
            if (authType.equals(AuthType.SIMPLE) || authType.equals(AuthType.CUSTOM)) {
                appCallbackHandler = new AppLoginModule.AppCallbackHandler();
            }
            new LoginContext(authType.getAuthName(), subject, appCallbackHandler, new LoginModuleConfiguration()).login();
            Set principals = subject.getPrincipals(User.class);
            if (principals.isEmpty()) {
                throw new LoginException("No Alluxio User is found.");
            }
            if (principals.size() > 1) {
                throw new LoginException("More than one Alluxio User is found");
            }
            return (User) principals.iterator().next();
        } catch (LoginException e) {
            throw new IOException("Failed to login: " + e.getMessage(), e);
        }
    }

    private static void checkSecurityEnabled(AuthType authType) {
        if (authType != AuthType.SIMPLE && authType != AuthType.CUSTOM) {
            throw new UnsupportedOperationException("User is not supported in " + authType.getAuthName() + " mode");
        }
    }
}
