package org.apache.nifi.registry.web.security.authentication.kerberos;

import java.io.File;
import org.apache.nifi.registry.properties.NiFiRegistryProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.FileSystemResource;
import org.springframework.security.kerberos.authentication.KerberosTicketValidator;
import org.springframework.security.kerberos.authentication.sun.GlobalSunJaasKerberosConfig;
import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator;

@Configuration
/* loaded from: input_file:WEB-INF/classes/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosTicketValidatorFactory.class */
public class KerberosTicketValidatorFactory {
    private NiFiRegistryProperties properties;
    private KerberosTicketValidator kerberosTicketValidator;

    @Autowired
    public KerberosTicketValidatorFactory(NiFiRegistryProperties niFiRegistryProperties) {
        this.properties = niFiRegistryProperties;
    }

    @Bean
    public KerberosTicketValidator kerberosTicketValidator() throws Exception {
        if (this.kerberosTicketValidator == null && this.properties.isKerberosSpnegoSupportEnabled()) {
            File kerberosConfigurationFile = this.properties.getKerberosConfigurationFile();
            if (kerberosConfigurationFile != null) {
                GlobalSunJaasKerberosConfig globalSunJaasKerberosConfig = new GlobalSunJaasKerberosConfig();
                globalSunJaasKerberosConfig.setKrbConfLocation(kerberosConfigurationFile.getAbsolutePath());
                globalSunJaasKerberosConfig.afterPropertiesSet();
            }
            SunJaasKerberosTicketValidator sunJaasKerberosTicketValidator = new SunJaasKerberosTicketValidator();
            sunJaasKerberosTicketValidator.setServicePrincipal(this.properties.getKerberosSpnegoPrincipal());
            sunJaasKerberosTicketValidator.setKeyTabLocation(new FileSystemResource(this.properties.getKerberosSpnegoKeytabLocation()));
            sunJaasKerberosTicketValidator.afterPropertiesSet();
            this.kerberosTicketValidator = sunJaasKerberosTicketValidator;
        }
        return this.kerberosTicketValidator;
    }
}
