package org.apache.nifi.toolkit.cli.impl.command.nifi.access;

import java.io.File;
import java.io.IOException;
import java.util.Properties;
import org.apache.commons.cli.MissingOptionException;
import org.apache.nifi.documentation.init.NopComponentLog;
import org.apache.nifi.security.krb.KerberosAction;
import org.apache.nifi.security.krb.KerberosKeytabUser;
import org.apache.nifi.security.krb.KerberosPasswordUser;
import org.apache.nifi.security.krb.KerberosTicketCacheUser;
import org.apache.nifi.toolkit.cli.api.CommandException;
import org.apache.nifi.toolkit.cli.api.Context;
import org.apache.nifi.toolkit.cli.impl.command.CommandOption;
import org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand;
import org.apache.nifi.toolkit.cli.impl.result.StringResult;
import org.apache.nifi.toolkit.client.NiFiClient;
import org.apache.nifi.toolkit.client.NiFiClientException;
import org.apache.nifi.util.StringUtils;

/* loaded from: input_file:org/apache/nifi/toolkit/cli/impl/command/nifi/access/GetAccessTokenSpnego.class */
public class GetAccessTokenSpnego extends AbstractNiFiCommand<StringResult> {
    public GetAccessTokenSpnego() {
        super("get-access-token-spnego", StringResult.class);
    }

    @Override // org.apache.nifi.toolkit.cli.api.Command
    public String getDescription() {
        return "Authenticates to NiFi via SPNEGO and returns an access token for use on future requests as the value of the " + CommandOption.BEARER_TOKEN.getLongName() + " argument. If a keytab or password is not specified, then the ticket cache will be used and it is assumed that a kinit was done for the given principal outside of the CLI.";
    }

    @Override // org.apache.nifi.toolkit.cli.impl.command.AbstractCommand
    public void doInitialize(Context context) {
        addOption(CommandOption.KERBEROS_PRINCIPAL.createOption());
        addOption(CommandOption.KERBEROS_KEYTAB.createOption());
        addOption(CommandOption.KERBEROS_PASSWORD.createOption());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.nifi.toolkit.cli.impl.command.nifi.AbstractNiFiCommand
    public StringResult doExecute(NiFiClient niFiClient, Properties properties) throws NiFiClientException, IOException, MissingOptionException, CommandException {
        KerberosKeytabUser kerberosPasswordUser;
        String requiredArg = getRequiredArg(properties, CommandOption.KERBEROS_PRINCIPAL);
        String arg = getArg(properties, CommandOption.KERBEROS_KEYTAB);
        String arg2 = getArg(properties, CommandOption.KERBEROS_PASSWORD);
        if (!StringUtils.isBlank(arg) && !StringUtils.isBlank(arg2)) {
            throw new MissingOptionException("Only one of keytab or password can be specified");
        }
        if (StringUtils.isBlank(arg)) {
            kerberosPasswordUser = !StringUtils.isBlank(arg2) ? new KerberosPasswordUser(requiredArg, arg2) : new KerberosTicketCacheUser(requiredArg);
        } else {
            File file = new File(arg);
            if (!file.exists()) {
                throw new CommandException("Unable to find keytab file at: " + file.getAbsolutePath());
            }
            kerberosPasswordUser = new KerberosKeytabUser(requiredArg, arg);
        }
        return new StringResult((String) new KerberosAction(kerberosPasswordUser, () -> {
            return niFiClient.getAccessClient().getTokenFromKerberosTicket();
        }, new NopComponentLog()).execute(), getContext().isInteractive());
    }
}
