package org.springframework.security.kerberos.client;

import java.net.URI;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.HttpClient;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RequestCallback;
import org.springframework.web.client.ResponseExtractor;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/springframework/security/kerberos/client/KerberosRestTemplate.class */
public class KerberosRestTemplate extends RestTemplate {
    private static final Credentials credentials = new NullCredentials();
    private final String keyTabLocation;
    private final String userPrincipal;
    private final Map<String, Object> loginOptions;

    /* loaded from: input_file:org/springframework/security/kerberos/client/KerberosRestTemplate$ClientLoginConfig.class */
    private static class ClientLoginConfig extends Configuration {
        private final String keyTabLocation;
        private final String userPrincipal;
        private final Map<String, Object> loginOptions;

        public ClientLoginConfig(String str, String str2, Map<String, Object> map) {
            this.keyTabLocation = str;
            this.userPrincipal = str2;
            this.loginOptions = map;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            if (StringUtils.hasText(this.keyTabLocation) && StringUtils.hasText(this.userPrincipal)) {
                hashMap.put("useKeyTab", "true");
                hashMap.put("keyTab", this.keyTabLocation);
                hashMap.put("principal", this.userPrincipal);
                hashMap.put("storeKey", "true");
            } else {
                hashMap.put("useTicketCache", "true");
            }
            hashMap.put("doNotPrompt", "true");
            hashMap.put("isInitiator", "true");
            if (this.loginOptions != null) {
                hashMap.putAll(this.loginOptions);
            }
            return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    /* loaded from: input_file:org/springframework/security/kerberos/client/KerberosRestTemplate$NullCredentials.class */
    private static class NullCredentials implements Credentials {
        private NullCredentials() {
        }

        @Override // org.apache.http.auth.Credentials
        public Principal getUserPrincipal() {
            return null;
        }

        @Override // org.apache.http.auth.Credentials
        public String getPassword() {
            return null;
        }
    }

    public KerberosRestTemplate() {
        this(null, null, null, buildHttpClient());
    }

    public KerberosRestTemplate(HttpClient httpClient) {
        this(null, null, null, httpClient);
    }

    public KerberosRestTemplate(String str, String str2) {
        this(str, str2, buildHttpClient());
    }

    public KerberosRestTemplate(String str, String str2, HttpClient httpClient) {
        this(str, str2, null, httpClient);
    }

    public KerberosRestTemplate(Map<String, Object> map) {
        this(null, null, map, buildHttpClient());
    }

    public KerberosRestTemplate(Map<String, Object> map, HttpClient httpClient) {
        this(null, null, map, httpClient);
    }

    public KerberosRestTemplate(String str, String str2, Map<String, Object> map) {
        this(str, str2, map, buildHttpClient());
    }

    private KerberosRestTemplate(String str, String str2, Map<String, Object> map, HttpClient httpClient) {
        super(new HttpComponentsClientHttpRequestFactory(httpClient));
        this.keyTabLocation = str;
        this.userPrincipal = str2;
        this.loginOptions = map;
    }

    private static HttpClient buildHttpClient() {
        HttpClientBuilder create = HttpClientBuilder.create();
        create.setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("negotiate", new SPNegoSchemeFactory(true)).build());
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope((String) null, -1, (String) null), credentials);
        create.setDefaultCredentialsProvider(basicCredentialsProvider);
        return create.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.web.client.RestTemplate
    public final <T> T doExecute(final URI uri, final HttpMethod httpMethod, final RequestCallback requestCallback, final ResponseExtractor<T> responseExtractor) throws RestClientException {
        try {
            ClientLoginConfig clientLoginConfig = new ClientLoginConfig(this.keyTabLocation, this.userPrincipal, this.loginOptions);
            HashSet hashSet = new HashSet(1);
            hashSet.add(new KerberosPrincipal(this.userPrincipal));
            LoginContext loginContext = new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, clientLoginConfig);
            loginContext.login();
            return (T) Subject.doAs(loginContext.getSubject(), new PrivilegedAction<T>() { // from class: org.springframework.security.kerberos.client.KerberosRestTemplate.1
                @Override // java.security.PrivilegedAction
                public T run() {
                    return (T) KerberosRestTemplate.this.doExecuteSubject(uri, httpMethod, requestCallback, responseExtractor);
                }
            });
        } catch (Exception e) {
            throw new RestClientException("Error running rest call", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T> T doExecuteSubject(URI uri, HttpMethod httpMethod, RequestCallback requestCallback, ResponseExtractor<T> responseExtractor) throws RestClientException {
        return (T) super.doExecute(uri, httpMethod, requestCallback, responseExtractor);
    }
}
