package com.lucidworks.hadoop.security;

import com.google.common.collect.Sets;
import com.lucidworks.hadoop.fusion.Constants;
import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpException;
import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.entity.BufferedHttpEntity;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.protocol.HttpContext;
import org.apache.solr.client.solrj.impl.HttpClientBuilderFactory;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.apache.solr.client.solrj.impl.SolrHttpClientBuilder;
import org.apache.solr.common.params.ModifiableSolrParams;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/lucidworks/hadoop/security/FusionKrb5HttpClientConfigurer.class */
public class FusionKrb5HttpClientConfigurer implements HttpClientBuilderFactory {
    private static final Logger logger = LoggerFactory.getLogger(FusionKrb5HttpClientConfigurer.class);
    private String fusionPrincipal;
    private Configuration jaasConfig;
    private HttpRequestInterceptor bufferedEntityInterceptor = new HttpRequestInterceptor() { // from class: com.lucidworks.hadoop.security.FusionKrb5HttpClientConfigurer.2
        @Override // org.apache.http.HttpRequestInterceptor
        public void process(HttpRequest httpRequest, HttpContext httpContext) throws HttpException, IOException {
            if (httpRequest instanceof HttpEntityEnclosingRequest) {
                HttpEntityEnclosingRequest httpEntityEnclosingRequest = (HttpEntityEnclosingRequest) httpRequest;
                httpEntityEnclosingRequest.setEntity(new BufferedHttpEntity(httpEntityEnclosingRequest.getEntity()));
            }
        }
    };

    /* loaded from: input_file:com/lucidworks/hadoop/security/FusionKrb5HttpClientConfigurer$FusionJaasConfiguration.class */
    private static class FusionJaasConfiguration extends Configuration {
        private Configuration baseConfig;
        private String fusionPrincipal;
        private AppConfigurationEntry[] globalAppConfigurationEntry;

        public FusionJaasConfiguration(String str) {
            this.fusionPrincipal = str;
            try {
                this.baseConfig = Configuration.getConfiguration();
            } catch (SecurityException e) {
                this.baseConfig = null;
            }
            if (this.baseConfig != null) {
                this.globalAppConfigurationEntry = this.baseConfig.getAppConfigurationEntry(System.getProperty(Constants.FUSION_LOGIN_APP_NAME, "FusionClient"));
            }
        }

        private AppConfigurationEntry overwriteOptions(AppConfigurationEntry appConfigurationEntry) {
            Map options = appConfigurationEntry.getOptions();
            AppConfigurationEntry.LoginModuleControlFlag controlFlag = appConfigurationEntry.getControlFlag();
            String loginModuleName = appConfigurationEntry.getLoginModuleName();
            HashMap hashMap = new HashMap(options);
            hashMap.put("principal", this.fusionPrincipal);
            hashMap.put("doNotPrompt", "true");
            FusionKrb5HttpClientConfigurer.logger.debug("Overwriting kerberos principal with [: " + this.fusionPrincipal + "]");
            return new AppConfigurationEntry(loginModuleName, controlFlag, hashMap);
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (this.baseConfig == null) {
                return null;
            }
            FusionKrb5HttpClientConfigurer.logger.debug("Login prop: " + System.getProperty(Constants.FUSION_LOGIN_CONFIG));
            if (this.fusionPrincipal == null) {
                FusionKrb5HttpClientConfigurer.logger.debug("fusionPrincipal is null using principal from JAAS file.");
                return this.globalAppConfigurationEntry;
            }
            if (this.globalAppConfigurationEntry == null) {
                return null;
            }
            return new AppConfigurationEntry[]{overwriteOptions(this.globalAppConfigurationEntry[0])};
        }
    }

    public FusionKrb5HttpClientConfigurer(String str) {
        this.fusionPrincipal = null;
        this.jaasConfig = null;
        this.fusionPrincipal = str;
        this.jaasConfig = new FusionJaasConfiguration(str);
    }

    public SolrHttpClientBuilder getHttpClientBuilder(Optional<SolrHttpClientBuilder> optional) {
        return optional.isPresent() ? getBuilder(optional.get()) : getBuilder();
    }

    private SolrHttpClientBuilder getBuilder(SolrHttpClientBuilder solrHttpClientBuilder) {
        if (System.getProperty(Constants.FUSION_LOGIN_CONFIG) == null) {
            return solrHttpClientBuilder;
        }
        logger.debug("Setting up kerberos auth with config: " + System.getProperty(Constants.FUSION_LOGIN_CONFIG));
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        if (this.fusionPrincipal != null) {
            try {
                new LoginContext("", new Subject(false, Sets.newHashSet(new KerberosPrincipal[]{new KerberosPrincipal(this.fusionPrincipal)}), Collections.emptySet(), Collections.emptySet()), (CallbackHandler) null, this.jaasConfig).login();
                logger.debug("Successful Fusion Login with principal: " + this.fusionPrincipal);
            } catch (LoginException e) {
                String str = "Unsuccessful Fusion Login with principal: " + this.fusionPrincipal;
                logger.error(str, e);
                throw new RuntimeException(str, e);
            }
        }
        Configuration.setConfiguration(this.jaasConfig);
        solrHttpClientBuilder.setAuthSchemeRegistryProvider(() -> {
            return RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true, false)).build();
        });
        Credentials credentials = new Credentials() { // from class: com.lucidworks.hadoop.security.FusionKrb5HttpClientConfigurer.1
            @Override // org.apache.http.auth.Credentials
            public String getPassword() {
                return null;
            }

            @Override // org.apache.http.auth.Credentials
            public Principal getUserPrincipal() {
                return null;
            }
        };
        solrHttpClientBuilder.setDefaultCredentialsProvider(() -> {
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, credentials);
            return basicCredentialsProvider;
        });
        HttpClientUtil.addRequestInterceptor(this.bufferedEntityInterceptor);
        return solrHttpClientBuilder;
    }

    public void close() {
        HttpClientUtil.removeRequestInterceptor(this.bufferedEntityInterceptor);
    }

    private SolrHttpClientBuilder getBuilder() {
        return getBuilder(HttpClientUtil.getHttpClientBuilder());
    }

    public static synchronized CloseableHttpClient createClient(String str) {
        if (logger.isDebugEnabled()) {
            System.setProperty("sun.security.krb5.debug", "true");
        }
        if (str == null) {
            logger.error("fusion.user [principal] must be set in order to use kerberos");
        }
        HttpClientUtil.setHttpClientBuilder(new FusionKrb5HttpClientConfigurer(str).getHttpClientBuilder(Optional.empty()));
        ModifiableSolrParams modifiableSolrParams = new ModifiableSolrParams();
        modifiableSolrParams.set("maxConnectionsPerHost", 100);
        modifiableSolrParams.set("maxConnections", 500);
        return HttpClientUtil.createClient(modifiableSolrParams);
    }
}
