package com.ngdata.hbaseindexer.indexer;

import com.google.common.collect.Sets;
import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.entity.BufferedHttpEntity;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.protocol.HttpContext;
import org.apache.solr.client.solrj.impl.HttpClientConfigurer;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.apache.solr.common.params.SolrParams;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ngdata/hbaseindexer/indexer/FusionKrb5HttpClientConfigurer.class */
public class FusionKrb5HttpClientConfigurer extends HttpClientConfigurer {
    private static final Logger logger = LoggerFactory.getLogger(FusionKrb5HttpClientConfigurer.class);
    private String fusionPrincipal;
    public static final String LOGIN_CONFIG_PROP = "java.security.auth.login.config";
    public static final String LOGIN_APP_NAME = "fusion.jaas.appname";
    private Configuration jaasConfig;
    private HttpRequestInterceptor bufferedEntityInterceptor = new HttpRequestInterceptor() { // from class: com.ngdata.hbaseindexer.indexer.FusionKrb5HttpClientConfigurer.1
        @Override // org.apache.http.HttpRequestInterceptor
        public void process(HttpRequest httpRequest, HttpContext httpContext) throws HttpException, IOException {
            if (httpRequest instanceof HttpEntityEnclosingRequest) {
                HttpEntityEnclosingRequest httpEntityEnclosingRequest = (HttpEntityEnclosingRequest) httpRequest;
                httpEntityEnclosingRequest.setEntity(new BufferedHttpEntity(httpEntityEnclosingRequest.getEntity()));
            }
        }
    };

    /* loaded from: input_file:com/ngdata/hbaseindexer/indexer/FusionKrb5HttpClientConfigurer$FusionJaasConfiguration.class */
    private static class FusionJaasConfiguration extends Configuration {
        private Configuration baseConfig;
        private String fusionPrincipal;
        private AppConfigurationEntry[] globalAppConfigurationEntry;

        public FusionJaasConfiguration(String str) {
            this.fusionPrincipal = str;
            try {
                this.baseConfig = Configuration.getConfiguration();
            } catch (SecurityException e) {
                this.baseConfig = null;
            }
            if (this.baseConfig != null) {
                this.globalAppConfigurationEntry = this.baseConfig.getAppConfigurationEntry(System.getProperty(FusionKrb5HttpClientConfigurer.LOGIN_APP_NAME, "Client"));
            }
        }

        private AppConfigurationEntry overwriteOptions(AppConfigurationEntry appConfigurationEntry) {
            Map options = appConfigurationEntry.getOptions();
            AppConfigurationEntry.LoginModuleControlFlag controlFlag = appConfigurationEntry.getControlFlag();
            String loginModuleName = appConfigurationEntry.getLoginModuleName();
            Object obj = options.get("principal");
            if (obj != null) {
                FusionKrb5HttpClientConfigurer.logger.debug(obj.getClass() + "not using" + obj);
            }
            HashMap hashMap = new HashMap(options);
            hashMap.put("principal", this.fusionPrincipal);
            hashMap.put("doNotPrompt", "true");
            return new AppConfigurationEntry(loginModuleName, controlFlag, hashMap);
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (this.baseConfig == null) {
                return null;
            }
            FusionKrb5HttpClientConfigurer.logger.debug("Login prop: " + System.getProperty(FusionKrb5HttpClientConfigurer.LOGIN_CONFIG_PROP));
            if (this.fusionPrincipal == null) {
                FusionKrb5HttpClientConfigurer.logger.debug("fusionPrincipal is null using principal from JAAS file.");
                return this.globalAppConfigurationEntry;
            }
            if (this.globalAppConfigurationEntry == null) {
                return null;
            }
            return new AppConfigurationEntry[]{overwriteOptions(this.globalAppConfigurationEntry[0])};
        }
    }

    public Configuration getJaasConfig() {
        return this.jaasConfig;
    }

    public static synchronized CloseableHttpClient createClient(String str) {
        if (logger.isDebugEnabled()) {
            System.setProperty("sun.security.krb5.debug", "true");
        }
        if (str == null) {
            logger.error("fusion.user (principal) must be set in order to use kerberos!");
        }
        HttpClientUtil.setConfigurer(new FusionKrb5HttpClientConfigurer(str));
        CloseableHttpClient createClient = HttpClientUtil.createClient((SolrParams) null);
        HttpClientUtil.setMaxConnections(createClient, 500);
        HttpClientUtil.setMaxConnectionsPerHost(createClient, 100);
        return createClient;
    }

    public FusionKrb5HttpClientConfigurer(String str) {
        this.fusionPrincipal = null;
        this.jaasConfig = null;
        this.fusionPrincipal = str;
        this.jaasConfig = new FusionJaasConfiguration(str);
    }

    public void configure(DefaultHttpClient defaultHttpClient, SolrParams solrParams) {
        super.configure(defaultHttpClient, solrParams);
        if (System.getProperty(LOGIN_CONFIG_PROP) != null) {
            String property = System.getProperty(LOGIN_CONFIG_PROP);
            if (property == null) {
                defaultHttpClient.getCredentialsProvider().clear();
                return;
            }
            logger.debug("Setting up kerberos auth with config: " + property);
            System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
            if (this.fusionPrincipal != null) {
                try {
                    new LoginContext("", new Subject(false, Sets.newHashSet(new KerberosPrincipal[]{new KerberosPrincipal(this.fusionPrincipal)}), Collections.emptySet(), Collections.emptySet()), (CallbackHandler) null, this.jaasConfig).login();
                    logger.debug("Successful Fusion Login with principal: " + this.fusionPrincipal);
                } catch (LoginException e) {
                    String str = "Unsuccessful Fusion Login with principal: " + this.fusionPrincipal;
                    logger.error(str, e);
                    throw new RuntimeException(str, e);
                }
            }
            Configuration.setConfiguration(this.jaasConfig);
            defaultHttpClient.getAuthSchemes().register("Negotiate", new SPNegoSchemeFactory(true, false));
            defaultHttpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, new Credentials() { // from class: com.ngdata.hbaseindexer.indexer.FusionKrb5HttpClientConfigurer.2
                @Override // org.apache.http.auth.Credentials
                public String getPassword() {
                    return null;
                }

                @Override // org.apache.http.auth.Credentials
                public Principal getUserPrincipal() {
                    return null;
                }
            });
            defaultHttpClient.addRequestInterceptor(this.bufferedEntityInterceptor);
        }
    }
}
