package org.pentaho.di.trans.ael.websocket;

import com.google.common.base.Strings;
import java.net.URI;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.websocket.ClientEndpointConfig;
import javax.websocket.HandshakeResponse;
import org.apache.http.Header;
import org.apache.http.HeaderElement;
import org.apache.http.HttpHost;
import org.apache.http.ParseException;
import org.apache.http.auth.Credentials;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.conn.routing.HttpRoute;
import org.apache.http.impl.auth.SPNegoScheme;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.params.HttpParams;
import org.apache.http.protocol.HttpContext;
import org.pentaho.di.core.util.PluginProperty;

/* loaded from: input_file:org/pentaho/di/trans/ael/websocket/SessionConfigurator.class */
public class SessionConfigurator extends ClientEndpointConfig.Configurator {
    private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String NEGOTIATE = "NEGOTIATE";
    private static final String LOGIN_MODULE_NAME = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String ERROR_MSG = "Error starting websocket session";
    private static final String USE_KEY_TAB_OPT = "useKeyTab";
    private static final String KEY_TAB_OPT = "keyTab";
    private static final String PRINCIPAL_OPT = "principal";
    private static final String STORE_KEY_OPT = "storeKey";
    private static final String USE_TICKET_CACHE_OPT = "useTicketCache";
    private static final String DO_NOT_PROMPT_OPT = "doNotPrompt";
    private static final String IS_INITIATOR_OPT = "isInitiator";
    private boolean withAuth;
    private String principal;
    private String keytab;
    private URI url;
    private LoginContext loginContext;
    private static final Credentials credentials = new NullCredentials();
    private static final Header AUTHENTICATE_HEADER = new Header() { // from class: org.pentaho.di.trans.ael.websocket.SessionConfigurator.1
        @Override // org.apache.http.Header
        public String getName() {
            return SessionConfigurator.WWW_AUTHENTICATE;
        }

        @Override // org.apache.http.Header
        public String getValue() {
            return SessionConfigurator.NEGOTIATE;
        }

        @Override // org.apache.http.Header
        public HeaderElement[] getElements() throws ParseException {
            return new HeaderElement[0];
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/pentaho/di/trans/ael/websocket/SessionConfigurator$ClientLoginConfig.class */
    public static class ClientLoginConfig extends Configuration {
        private final String keyTabLocation;
        private final String userPrincipal;

        private ClientLoginConfig(String str, String str2) {
            this.keyTabLocation = str;
            this.userPrincipal = str2;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            if (Strings.isNullOrEmpty(this.keyTabLocation) || Strings.isNullOrEmpty(this.userPrincipal)) {
                hashMap.put(SessionConfigurator.USE_TICKET_CACHE_OPT, Boolean.TRUE.toString());
            } else {
                hashMap.put(SessionConfigurator.USE_KEY_TAB_OPT, Boolean.TRUE.toString());
                hashMap.put(SessionConfigurator.KEY_TAB_OPT, this.keyTabLocation);
                hashMap.put(SessionConfigurator.PRINCIPAL_OPT, this.userPrincipal);
                hashMap.put(SessionConfigurator.STORE_KEY_OPT, Boolean.TRUE.toString());
            }
            hashMap.put(SessionConfigurator.DO_NOT_PROMPT_OPT, Boolean.TRUE.toString());
            hashMap.put(SessionConfigurator.IS_INITIATOR_OPT, Boolean.TRUE.toString());
            return new AppConfigurationEntry[]{new AppConfigurationEntry(SessionConfigurator.LOGIN_MODULE_NAME, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    /* loaded from: input_file:org/pentaho/di/trans/ael/websocket/SessionConfigurator$NullCredentials.class */
    private static class NullCredentials implements Credentials {
        private NullCredentials() {
        }

        @Override // org.apache.http.auth.Credentials
        public Principal getUserPrincipal() {
            return null;
        }

        @Override // org.apache.http.auth.Credentials
        public String getPassword() {
            return null;
        }
    }

    public SessionConfigurator(URI uri, String str, String str2) {
        this.withAuth = false;
        this.principal = null;
        this.keytab = null;
        this.url = uri;
        this.withAuth = !Strings.isNullOrEmpty(str2);
        this.principal = str2;
        this.keytab = str;
    }

    public void beforeRequest(Map<String, List<String>> map) {
        Header authenticationHeader;
        if (!this.withAuth || (authenticationHeader = getAuthenticationHeader(this.url)) == null) {
            return;
        }
        map.put(authenticationHeader.getName(), Collections.singletonList(authenticationHeader.getValue()));
    }

    public void afterResponse(HandshakeResponse handshakeResponse) {
        try {
            if (this.loginContext != null) {
                this.loginContext.logout();
            }
        } catch (LoginException e) {
            e.printStackTrace();
        }
    }

    private Header getAuthenticationHeader(final URI uri) throws RuntimeException {
        try {
            return (Header) Subject.doAs(getServiceSubject(new ClientLoginConfig(this.keytab, this.principal)), new PrivilegedAction<Header>() { // from class: org.pentaho.di.trans.ael.websocket.SessionConfigurator.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public Header run() {
                    try {
                        return SessionConfigurator.this.spnegoAuthenticate(false, uri);
                    } catch (Exception e) {
                        try {
                            return SessionConfigurator.this.spnegoAuthenticate(true, uri);
                        } catch (Exception e2) {
                            throw new RuntimeException(e);
                        }
                    }
                }
            });
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new RuntimeException(ERROR_MSG, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Header spnegoAuthenticate(boolean z, URI uri) throws Exception {
        SPNegoScheme newInstance = new SPNegoSchemeFactory(z).newInstance((HttpParams) null);
        newInstance.processChallenge(AUTHENTICATE_HEADER);
        return newInstance.authenticate(credentials, new HttpGet(PluginProperty.DEFAULT_STRING_VALUE), getContext(uri));
    }

    private HttpContext getContext(URI uri) {
        HttpClientContext create = HttpClientContext.create();
        create.setAttribute("http.route", new HttpRoute(new HttpHost(uri.getHost(), uri.getPort())));
        create.setAttribute("http.target_host", new HttpHost(uri.getHost(), uri.getPort()));
        return create;
    }

    private Subject getServiceSubject(ClientLoginConfig clientLoginConfig) throws Exception {
        HashSet hashSet = new HashSet(1);
        hashSet.add(new KerberosPrincipal(this.principal));
        this.loginContext = new LoginContext(PluginProperty.DEFAULT_STRING_VALUE, new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, clientLoginConfig);
        this.loginContext.login();
        return this.loginContext.getSubject();
    }
}
