package org.apache.dolphinscheduler.common.utils;

import java.security.Principal;
import java.util.HashMap;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import lombok.Generated;
import org.apache.dolphinscheduler.common.constants.Constants;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/dolphinscheduler/common/utils/KerberosHttpClient.class */
public class KerberosHttpClient {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(KerberosHttpClient.class);
    private String principal;
    private String keyTabLocation;

    public KerberosHttpClient(String str, String str2) {
        this.principal = str;
        this.keyTabLocation = str2;
    }

    public KerberosHttpClient(String str, String str2, boolean z) {
        this(str, str2);
        if (z) {
            System.setProperty("sun.security.spnego.debug", Constants.STRING_TRUE);
            System.setProperty("sun.security.krb5.debug", Constants.STRING_TRUE);
        }
    }

    public KerberosHttpClient(String str, String str2, String str3, boolean z) {
        this(str, str2, z);
        System.setProperty(Constants.JAVA_SECURITY_KRB5_CONF, str3);
    }

    private static CloseableHttpClient buildSpengoHttpClient() {
        HttpClientBuilder httpClientBuilder = HttpUtils.getHttpClientBuilder();
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope(null, -1, null), new Credentials() { // from class: org.apache.dolphinscheduler.common.utils.KerberosHttpClient.1
            @Override // org.apache.http.auth.Credentials
            public Principal getUserPrincipal() {
                return null;
            }

            @Override // org.apache.http.auth.Credentials
            public String getPassword() {
                return null;
            }
        });
        httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
        return httpClientBuilder.build();
    }

    public String get(String str, String str2) {
        log.info("Calling KerberosHttpClient {} {} {}", new Object[]{this.principal, this.keyTabLocation, str});
        Configuration configuration = new Configuration() { // from class: org.apache.dolphinscheduler.common.utils.KerberosHttpClient.2
            public AppConfigurationEntry[] getAppConfigurationEntry(String str3) {
                HashMap hashMap = new HashMap(9);
                hashMap.put("useTicketCache", Constants.STRING_FALSE);
                hashMap.put("useKeyTab", Constants.STRING_TRUE);
                hashMap.put("keyTab", KerberosHttpClient.this.keyTabLocation);
                hashMap.put("refreshKrb5Config", Constants.STRING_TRUE);
                hashMap.put(Constants.PRINCIPAL, KerberosHttpClient.this.principal);
                hashMap.put("storeKey", Constants.STRING_TRUE);
                hashMap.put("doNotPrompt", Constants.STRING_TRUE);
                hashMap.put("isInitiator", Constants.STRING_TRUE);
                hashMap.put("debug", Constants.STRING_TRUE);
                return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
            }
        };
        HashSet hashSet = new HashSet(1);
        hashSet.add(new KerberosPrincipal(str2));
        try {
            LoginContext loginContext = new LoginContext(Constants.EMPTY_STRING, new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, configuration);
            loginContext.login();
            return (String) Subject.doAs(loginContext.getSubject(), () -> {
                return HttpUtils.getResponseContentString(new HttpGet(str), buildSpengoHttpClient());
            });
        } catch (LoginException e) {
            log.error("Kerberos authentication failed ", e);
            return null;
        }
    }

    public static String get(String str) {
        return new KerberosHttpClient(PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_USERNAME), PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_PATH), PropertyUtils.getString(Constants.JAVA_SECURITY_KRB5_CONF_PATH), true).get(str, PropertyUtils.getString(Constants.LOGIN_USER_KEY_TAB_USERNAME));
    }
}
