package com.lucidworks.hadoop.security;

import com.lucidworks.hadoop.fusion.Constants;
import com.sun.security.auth.login.ConfigFile;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Optional;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.solr.client.solrj.impl.HttpClientUtil;
import org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/lucidworks/hadoop/security/SolrSecurity.class */
public class SolrSecurity {
    public static final String LWW_JAAS_FILE = "lww.jaas.file";
    public static final String LWW_JAAS_APPNAME = "lww.jaas.appname";
    public static final String LWW_KEYSTORE = "lww.keystore";
    public static final String LWW_KEYSTOREPASSWORD = "lww.keystore.password";
    public static final String LWW_TRUSTSTORE = "lww.truststore";
    public static final String LWW_TRUSTSTOREPASSWORD = "lww.truststore.password";
    private static LoginContext loginContext;
    private static Logger log = LoggerFactory.getLogger(SolrSecurity.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/lucidworks/hadoop/security/SolrSecurity$HiveSolrJaasConfiguration.class */
    public static class HiveSolrJaasConfiguration extends Configuration {
        private Configuration jaasConfig;
        private Configuration baseConfig;

        public HiveSolrJaasConfiguration(String str) {
            try {
                this.baseConfig = Configuration.getConfiguration();
            } catch (SecurityException e) {
                this.baseConfig = null;
            }
            System.setProperty(Constants.FUSION_LOGIN_CONFIG, str);
            this.jaasConfig = new ConfigFile();
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            AppConfigurationEntry[] appConfigurationEntry = this.jaasConfig.getAppConfigurationEntry(str);
            if (appConfigurationEntry != null) {
                return appConfigurationEntry;
            }
            if (this.baseConfig != null) {
                return this.baseConfig.getAppConfigurationEntry(str);
            }
            return null;
        }
    }

    public static void setSecurityConfig(org.apache.hadoop.conf.Configuration configuration) {
        String str = configuration.get(LWW_JAAS_FILE);
        if (str != null) {
            try {
                setupJaasFile(configuration, str);
            } catch (LoginException e) {
                log.warn("LoginContext setup failed! Communication with solr might be bad {}", e);
            }
        }
        String str2 = configuration.get(LWW_KEYSTORE);
        if (str2 != null) {
            log.debug("Using keystore: " + str2);
            System.setProperty("javax.net.ssl.keyStore", str2);
        }
        String str3 = configuration.get(LWW_KEYSTOREPASSWORD);
        if (str3 != null) {
            System.setProperty("javax.net.ssl.keyStorePassword", str3);
        }
        String str4 = configuration.get(LWW_TRUSTSTORE);
        if (str4 != null) {
            log.debug("Using truststore: " + str4);
            System.setProperty("javax.net.ssl.trustStore", str4);
        }
        String str5 = configuration.get(LWW_TRUSTSTOREPASSWORD);
        if (str5 != null) {
            System.setProperty("javax.net.ssl.trustStorePassword", str5);
        }
    }

    private static void setupJaasFile(org.apache.hadoop.conf.Configuration configuration, String str) throws LoginException {
        log.info("Using kerberized Solr. " + str);
        HiveSolrJaasConfiguration hiveSolrJaasConfiguration = new HiveSolrJaasConfiguration(str);
        Configuration.setConfiguration(hiveSolrJaasConfiguration);
        Krb5HttpClientBuilder.regenerateJaasConfiguration();
        String str2 = configuration.get(LWW_JAAS_APPNAME, "Client");
        System.setProperty("solr.kerberos.jaas.appname", str2);
        loginContext = new LoginContext(str2, new Subject(), (CallbackHandler) null, hiveSolrJaasConfiguration);
        HttpClientUtil.setHttpClientBuilder(new Krb5HttpClientBuilder().getHttpClientBuilder(Optional.empty()));
    }

    public static <T> T executeSecuredSolrAction(PrivilegedExceptionAction<T> privilegedExceptionAction) throws LoginException, PrivilegedActionException {
        loginContext.login();
        log.debug("Logged in!");
        log.debug("Call solr as: {}", loginContext.getSubject().toString());
        return (T) Subject.doAs(loginContext.getSubject(), privilegedExceptionAction);
    }

    public static LoginContext getLoginContext() {
        return loginContext;
    }
}
