package org.apache.linkis.manager.rm.utils;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.HttpClientBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/linkis/manager/rm/utils/RequestKerberosUrlUtils.class */
public class RequestKerberosUrlUtils {
    public static Logger logger = LoggerFactory.getLogger(RequestKerberosUrlUtils.class);
    private String principal;
    private String keyTabLocation;

    public RequestKerberosUrlUtils(String str, String str2) {
        this.principal = str;
        this.keyTabLocation = str2;
    }

    public RequestKerberosUrlUtils(String str, String str2, boolean z) {
        this(str, str2);
        if (z) {
            System.setProperty("sun.security.spnego.debug", "true");
            System.setProperty("sun.security.krb5.debug", "true");
        }
    }

    public RequestKerberosUrlUtils(String str, String str2, String str3, boolean z) {
        this(str, str2, z);
        System.setProperty("java.security.krb5.conf", str3);
    }

    private static HttpClient buildSpengoHttpClient() {
        HttpClientBuilder create = HttpClientBuilder.create();
        create.setDefaultAuthSchemeRegistry(RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true)).build());
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope(null, -1, null), new Credentials() { // from class: org.apache.linkis.manager.rm.utils.RequestKerberosUrlUtils.1
            @Override // org.apache.http.auth.Credentials
            public Principal getUserPrincipal() {
                return null;
            }

            @Override // org.apache.http.auth.Credentials
            public String getPassword() {
                return null;
            }
        });
        create.setDefaultCredentialsProvider(basicCredentialsProvider);
        return create.build();
    }

    public HttpResponse callRestUrl(final String str, String str2) {
        logger.warn(String.format("Calling KerberosHttpClient %s %s %s", this.principal, this.keyTabLocation, str));
        Configuration configuration = new Configuration() { // from class: org.apache.linkis.manager.rm.utils.RequestKerberosUrlUtils.2
            public AppConfigurationEntry[] getAppConfigurationEntry(String str3) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, new HashMap<String, Object>() { // from class: org.apache.linkis.manager.rm.utils.RequestKerberosUrlUtils.2.1
                    {
                        put("useTicketCache", "false");
                        put("useKeyTab", "true");
                        put("keyTab", RequestKerberosUrlUtils.this.keyTabLocation);
                        put("refreshKrb5Config", "true");
                        put("principal", RequestKerberosUrlUtils.this.principal);
                        put("storeKey", "true");
                        put("doNotPrompt", "true");
                        put("isInitiator", "true");
                        put("debug", "false");
                    }
                })};
            }
        };
        HashSet hashSet = new HashSet(1);
        hashSet.add(new KerberosPrincipal(str2));
        try {
            LoginContext loginContext = new LoginContext("Krb5Login", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, configuration);
            loginContext.login();
            return (HttpResponse) Subject.doAs(loginContext.getSubject(), new PrivilegedAction<HttpResponse>() { // from class: org.apache.linkis.manager.rm.utils.RequestKerberosUrlUtils.3
                HttpResponse httpResponse = null;

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public HttpResponse run() {
                    try {
                        this.httpResponse = RequestKerberosUrlUtils.access$200().execute(new HttpGet(str));
                        return this.httpResponse;
                    } catch (IOException e) {
                        RequestKerberosUrlUtils.logger.error("request yarn url:{} failed", str, e);
                        return this.httpResponse;
                    }
                }
            });
        } catch (Exception e) {
            logger.error("Krb5Login login failed", e);
            return null;
        }
    }

    static /* synthetic */ HttpClient access$200() {
        return buildSpengoHttpClient();
    }
}
