package org.apache.solr.client.solrj.impl;

import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.params.AuthPolicy;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.solr.common.params.SolrParams;
import org.apache.zookeeper.client.ZooKeeperSaslClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/solr-solrj-4.4.0-cdh5.1.0.jar:org/apache/solr/client/solrj/impl/Krb5HttpClientConfigurer.class */
public class Krb5HttpClientConfigurer extends HttpClientConfigurer {
    public static final String LOGIN_CONFIG_PROP = "java.security.auth.login.config";
    private static final Logger logger = LoggerFactory.getLogger(HttpClientUtil.class);
    private static final ZKJaasConfiguration jaasConf = new ZKJaasConfiguration();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/solr-solrj-4.4.0-cdh5.1.0.jar:org/apache/solr/client/solrj/impl/Krb5HttpClientConfigurer$ZKJaasConfiguration.class */
    public static class ZKJaasConfiguration extends Configuration {
        private Configuration baseConfig;
        private String zkClientLoginContext;
        private Set<String> initiateAppNames = new HashSet(Arrays.asList("com.sun.security.jgss.krb5.initiate", "com.sun.security.jgss.initiate"));

        public ZKJaasConfiguration() {
            try {
                this.baseConfig = Configuration.getConfiguration();
            } catch (SecurityException e) {
                this.baseConfig = null;
            }
            this.zkClientLoginContext = System.getProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, "Client");
            Krb5HttpClientConfigurer.logger.debug("ZK client login context is: " + this.zkClientLoginContext);
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (this.baseConfig == null) {
                return null;
            }
            if (!this.initiateAppNames.contains(str)) {
                return this.baseConfig.getAppConfigurationEntry(str);
            }
            Krb5HttpClientConfigurer.logger.debug("Using AppConfigurationEntry for appName: " + this.zkClientLoginContext + " instead of: " + str);
            return this.baseConfig.getAppConfigurationEntry(this.zkClientLoginContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.solr.client.solrj.impl.HttpClientConfigurer
    public void configure(DefaultHttpClient defaultHttpClient, SolrParams solrParams) {
        super.configure(defaultHttpClient, solrParams);
        if (System.getProperty(LOGIN_CONFIG_PROP) != null) {
            String str = solrParams.get(HttpClientUtil.PROP_BASIC_AUTH_USER);
            String str2 = solrParams.get(HttpClientUtil.PROP_BASIC_AUTH_PASS);
            if (str != null && str2 != null) {
                logger.warn("Setting both SPNego auth and basic auth not supported.  Preferring SPNego auth, ignoring basic auth.");
                defaultHttpClient.getCredentialsProvider().clear();
            }
            setSPNegoAuth(defaultHttpClient);
        }
    }

    public static boolean setSPNegoAuth(DefaultHttpClient defaultHttpClient) {
        String property = System.getProperty(LOGIN_CONFIG_PROP);
        if (property == null) {
            defaultHttpClient.getCredentialsProvider().clear();
            return false;
        }
        logger.info("Setting up SPNego auth with config: " + property);
        String property2 = System.getProperty("javax.security.auth.useSubjectCredsOnly");
        if (property2 == null) {
            System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        } else if (!property2.toLowerCase(Locale.ROOT).equals("false")) {
            logger.warn("System Property: javax.security.auth.useSubjectCredsOnly set to: " + property2 + " not false.  SPNego authentication may not be successful.");
        }
        Configuration.setConfiguration(jaasConf);
        defaultHttpClient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(true));
        defaultHttpClient.getCredentialsProvider().setCredentials(AuthScope.ANY, new Credentials() { // from class: org.apache.solr.client.solrj.impl.Krb5HttpClientConfigurer.1
            @Override // org.apache.http.auth.Credentials
            public String getPassword() {
                return null;
            }

            @Override // org.apache.http.auth.Credentials
            public Principal getUserPrincipal() {
                return null;
            }
        });
        return true;
    }
}
