package org.apache.solr.client.solrj.impl;

import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.nio.file.Paths;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.http.HttpEntityEnclosingRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.entity.BufferedHttpEntity;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.solr.common.params.FacetParams;
import org.eclipse.jetty.client.HttpAuthenticationStore;
import org.eclipse.jetty.client.WWWAuthenticationProtocolHandler;
import org.eclipse.jetty.client.util.SPNEGOAuthentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.class */
public class Krb5HttpClientBuilder implements HttpClientBuilderFactory {
    public static final String LOGIN_CONFIG_PROP = "java.security.auth.login.config";
    private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
    private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private static Configuration jaasConfig = new SolrJaasConfiguration();
    private HttpRequestInterceptor bufferedEntityInterceptor = (httpRequest, httpContext) -> {
        if (httpRequest instanceof HttpEntityEnclosingRequest) {
            HttpEntityEnclosingRequest httpEntityEnclosingRequest = (HttpEntityEnclosingRequest) httpRequest;
            httpEntityEnclosingRequest.setEntity(new BufferedHttpEntity(httpEntityEnclosingRequest.getEntity()));
        }
    };

    /* loaded from: input_file:org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder$SolrJaasConfiguration.class */
    public static class SolrJaasConfiguration extends Configuration {
        private Configuration baseConfig;
        private Set<String> initiateAppNames = new HashSet(Arrays.asList("com.sun.security.jgss.krb5.initiate", "com.sun.security.jgss.initiate"));

        public SolrJaasConfiguration() {
            try {
                this.baseConfig = Configuration.getConfiguration();
            } catch (SecurityException e) {
                this.baseConfig = null;
            }
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (this.baseConfig == null) {
                return null;
            }
            if (Krb5HttpClientBuilder.log.isDebugEnabled()) {
                Krb5HttpClientBuilder.log.debug("Login prop: {}", System.getProperty(Krb5HttpClientBuilder.LOGIN_CONFIG_PROP));
            }
            String property = System.getProperty("solr.kerberos.jaas.appname", "Client");
            if (!this.initiateAppNames.contains(str)) {
                return this.baseConfig.getAppConfigurationEntry(str);
            }
            Krb5HttpClientBuilder.log.debug("Using AppConfigurationEntry for appName '{}' instead of: '{}'", property, str);
            return this.baseConfig.getAppConfigurationEntry(property);
        }
    }

    public static void regenerateJaasConfiguration() {
        jaasConfig = new SolrJaasConfiguration();
    }

    public SolrHttpClientBuilder getBuilder() {
        return getBuilder(HttpClientUtil.getHttpClientBuilder());
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        HttpClientUtil.removeRequestInterceptor(this.bufferedEntityInterceptor);
    }

    @Override // org.apache.solr.client.solrj.impl.HttpClientBuilderFactory
    public SolrHttpClientBuilder getHttpClientBuilder(SolrHttpClientBuilder solrHttpClientBuilder) {
        return solrHttpClientBuilder == null ? getBuilder() : getBuilder(solrHttpClientBuilder);
    }

    private SPNEGOAuthentication createSPNEGOAuthentication() {
        SPNEGOAuthentication sPNEGOAuthentication = new SPNEGOAuthentication(null) { // from class: org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder.1
            public boolean matches(String str, URI uri, String str2) {
                return getType().equals(str);
            }
        };
        String property = System.getProperty("solr.kerberos.jaas.appname", "Client");
        AppConfigurationEntry[] appConfigurationEntry = jaasConfig.getAppConfigurationEntry(property);
        if (appConfigurationEntry == null) {
            log.warn("Could not find login configuration entry for {}. SPNego authentication may not be successful.", property);
            return sPNEGOAuthentication;
        }
        if (appConfigurationEntry.length != 1) {
            log.warn("Multiple login modules are specified in the configuration file");
            return sPNEGOAuthentication;
        }
        Map options = appConfigurationEntry[0].getOptions();
        setAuthenticationOptions(sPNEGOAuthentication, options, (String) options.get("principal"));
        return sPNEGOAuthentication;
    }

    static void setAuthenticationOptions(SPNEGOAuthentication sPNEGOAuthentication, Map<String, ?> map, String str) {
        String str2 = (String) map.get("keyTab");
        if (str2 != null) {
            sPNEGOAuthentication.setUserKeyTabPath(Paths.get(str2, new String[0]));
        }
        sPNEGOAuthentication.setServiceName("HTTP");
        sPNEGOAuthentication.setUserName(str);
        if (FacetParams.FACET_SORT_COUNT_LEGACY.equalsIgnoreCase((String) map.get("useTicketCache"))) {
            sPNEGOAuthentication.setUseTicketCache(true);
            String str3 = (String) map.get("ticketCache");
            if (str3 != null) {
                sPNEGOAuthentication.setTicketCachePath(Paths.get(str3, new String[0]));
            }
            sPNEGOAuthentication.setRenewTGT(FacetParams.FACET_SORT_COUNT_LEGACY.equalsIgnoreCase((String) map.get("renewTGT")));
        }
    }

    @Override // org.apache.solr.client.solrj.impl.HttpClientBuilderFactory
    public void setup(Http2SolrClient http2SolrClient) {
        HttpAuthenticationStore httpAuthenticationStore = new HttpAuthenticationStore();
        httpAuthenticationStore.addAuthentication(createSPNEGOAuthentication());
        http2SolrClient.setAuthenticationStore(httpAuthenticationStore);
        http2SolrClient.getProtocolHandlers().put(new WWWAuthenticationProtocolHandler(http2SolrClient.getHttpClient()));
    }

    public SolrHttpClientBuilder getBuilder(SolrHttpClientBuilder solrHttpClientBuilder) {
        if (System.getProperty(LOGIN_CONFIG_PROP) != null) {
            String property = System.getProperty(LOGIN_CONFIG_PROP);
            if (property != null) {
                log.info("Setting up SPNego auth with config: {}", property);
                String property2 = System.getProperty("javax.security.auth.useSubjectCredsOnly");
                if (property2 == null) {
                    System.setProperty("javax.security.auth.useSubjectCredsOnly", FacetParams.FACET_SORT_INDEX_LEGACY);
                } else if (!property2.toLowerCase(Locale.ROOT).equals(FacetParams.FACET_SORT_INDEX_LEGACY)) {
                    log.warn("System Property: {} set to: {} not false.  SPNego authentication may not be successful.", "javax.security.auth.useSubjectCredsOnly", property2);
                }
                Configuration.setConfiguration(jaasConfig);
                solrHttpClientBuilder.setAuthSchemeRegistryProvider(() -> {
                    return RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true, false)).build();
                });
                Credentials credentials = new Credentials() { // from class: org.apache.solr.client.solrj.impl.Krb5HttpClientBuilder.2
                    @Override // org.apache.http.auth.Credentials
                    public String getPassword() {
                        return null;
                    }

                    @Override // org.apache.http.auth.Credentials
                    public Principal getUserPrincipal() {
                        return null;
                    }
                };
                HttpClientUtil.setCookiePolicy(SolrPortAwareCookieSpecFactory.POLICY_NAME);
                solrHttpClientBuilder.setCookieSpecRegistryProvider(() -> {
                    return RegistryBuilder.create().register(SolrPortAwareCookieSpecFactory.POLICY_NAME, new SolrPortAwareCookieSpecFactory()).build();
                });
                solrHttpClientBuilder.setDefaultCredentialsProvider(() -> {
                    BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
                    basicCredentialsProvider.setCredentials(AuthScope.ANY, credentials);
                    return basicCredentialsProvider;
                });
                HttpClientUtil.addRequestInterceptor(this.bufferedEntityInterceptor);
            }
        } else {
            log.warn("{} is configured without specifying system property '{}'", getClass().getName(), LOGIN_CONFIG_PROP);
        }
        return solrHttpClientBuilder;
    }
}
