package org.apache.druid.security.kerberos;

import com.google.common.base.Throwables;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.SettableFuture;
import java.net.CookieManager;
import java.net.URI;
import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executor;
import org.apache.druid.java.util.common.concurrent.Execs;
import org.apache.druid.java.util.common.logger.Logger;
import org.apache.druid.java.util.http.client.AbstractHttpClient;
import org.apache.druid.java.util.http.client.HttpClient;
import org.apache.druid.java.util.http.client.Request;
import org.apache.druid.java.util.http.client.response.HttpResponseHandler;
import org.apache.hadoop.security.UserGroupInformation;
import org.joda.time.Duration;

/* loaded from: input_file:org/apache/druid/security/kerberos/KerberosHttpClient.class */
public class KerberosHttpClient extends AbstractHttpClient {
    private static final Logger log = new Logger(KerberosHttpClient.class);
    private final HttpClient delegate;
    private final String internalClientPrincipal;
    private final String internalClientKeytab;
    private final Executor exec = Execs.singleThreaded("test-%s");
    private final CookieManager cookieManager = new CookieManager();

    public KerberosHttpClient(HttpClient httpClient, String str, String str2) {
        this.delegate = httpClient;
        this.internalClientPrincipal = str;
        this.internalClientKeytab = str2;
    }

    public <Intermediate, Final> ListenableFuture<Final> go(Request request, HttpResponseHandler<Intermediate, Final> httpResponseHandler, Duration duration) {
        SettableFuture<Final> create = SettableFuture.create();
        inner_go(request, httpResponseHandler, duration, create);
        return create;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <Intermediate, Final> void inner_go(final Request request, final HttpResponseHandler<Intermediate, Final> httpResponseHandler, final Duration duration, final SettableFuture<Final> settableFuture) {
        boolean z;
        try {
            final String host = request.getUrl().getHost();
            final URI uri = request.getUrl().toURI();
            for (Map.Entry<String, List<String>> entry : this.cookieManager.get(uri, Collections.emptyMap()).entrySet()) {
                request.addHeaderValues(entry.getKey(), entry.getValue());
            }
            if (DruidKerberosUtil.needToSendCredentials(this.cookieManager.getCookieStore(), uri)) {
                log.debug("No Auth Cookie found for URI[%s]. Existing Cookies[%s] Authenticating... ", new Object[]{uri, this.cookieManager.getCookieStore().getCookies()});
                DruidKerberosUtil.authenticateIfRequired(this.internalClientPrincipal, this.internalClientKeytab);
                request.setHeader("Authorization", "Negotiate " + ((String) UserGroupInformation.getCurrentUser().doAs(new PrivilegedExceptionAction<String>() { // from class: org.apache.druid.security.kerberos.KerberosHttpClient.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public String run() throws Exception {
                        return DruidKerberosUtil.kerberosChallenge(host);
                    }
                })));
                z = false;
            } else {
                z = true;
                log.debug("Found Auth Cookie found for URI[%s].", new Object[]{uri});
            }
            final boolean z2 = z;
            Futures.addCallback(this.delegate.go(request, new RetryIfUnauthorizedResponseHandler(new ResponseCookieHandler(request.getUrl().toURI(), this.cookieManager, httpResponseHandler)), duration), new FutureCallback<RetryResponseHolder<Final>>() { // from class: org.apache.druid.security.kerberos.KerberosHttpClient.2
                public void onSuccess(RetryResponseHolder<Final> retryResponseHolder) {
                    if (!z2 || !retryResponseHolder.shouldRetry()) {
                        KerberosHttpClient.log.debug("Not retrying and returning future response", new Object[0]);
                        settableFuture.set(retryResponseHolder.getObj());
                    } else {
                        KerberosHttpClient.log.info("Preparing for Retry", new Object[0]);
                        DruidKerberosUtil.removeAuthCookie(KerberosHttpClient.this.cookieManager.getCookieStore(), uri);
                        request.setHeader("Cookie", "");
                        KerberosHttpClient.this.inner_go(request.copy(), httpResponseHandler, duration, settableFuture);
                    }
                }

                public void onFailure(Throwable th) {
                    settableFuture.setException(th);
                }
            }, this.exec);
        } catch (Throwable th) {
            throw Throwables.propagate(th);
        }
    }
}
