package org.apache.solr.client.solrj.impl;

import com.huawei.solr.client.solrj.impl.InsecureHttpClient;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import org.apache.http.HttpResponse;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.KerberosCredentials;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.auth.SPNegoScheme;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/solr/client/solrj/impl/SolrSPNegoScheme.class */
public class SolrSPNegoScheme extends SPNegoScheme {
    private static final Logger LOGGER = LoggerFactory.getLogger(SolrSPNegoScheme.class);
    private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
    private static final String NT_GSS_KRB5_PRINCIPAL = "1.2.840.113554.1.2.2.1";
    private static final String HTTPS_SCHEMA = "https://";
    private static final String SOLR_CONTEXT_PATH = "/solr";
    public static final String SOLR_SERVER_REALM_SERVLET_PATH = "/serverrealm";

    public SolrSPNegoScheme(boolean z, boolean z2) {
        super(z, z2);
    }

    public SolrSPNegoScheme(boolean z) {
        super(z);
    }

    public SolrSPNegoScheme() {
        super(false);
    }

    private String getServerRealm(String str) {
        HttpResponse execute;
        String str2 = HTTPS_SCHEMA + str + SOLR_CONTEXT_PATH + SOLR_SERVER_REALM_SERVLET_PATH;
        InsecureHttpClient insecureHttpClient = new InsecureHttpClient(HttpClientUtil.createClient(null), null);
        HttpGet httpGet = new HttpGet(str2);
        String str3 = str;
        InputStream inputStream = null;
        try {
            try {
                execute = insecureHttpClient.execute(httpGet);
            } catch (IOException e) {
                LOGGER.error("Read server:{} default realm failed.", str, e);
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        LOGGER.error("Close http response input stream failed.", e2);
                    }
                }
                HttpClientUtil.close(insecureHttpClient);
            }
            if (200 != execute.getStatusLine().getStatusCode()) {
                LOGGER.error("Cannot get server realm.");
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e3) {
                        LOGGER.error("Close http response input stream failed.", e3);
                    }
                }
                HttpClientUtil.close(insecureHttpClient);
                return str3;
            }
            InputStream content = execute.getEntity().getContent();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[64];
            while (true) {
                int read = content.read(bArr);
                if (-1 == read) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            str3 = byteArrayOutputStream.toString();
            LOGGER.debug("Read server:{} default realm:{}", new Object[]{str, str3});
            if (null != content) {
                try {
                    content.close();
                } catch (IOException e4) {
                    LOGGER.error("Close http response input stream failed.", e4);
                }
            }
            HttpClientUtil.close(insecureHttpClient);
            return str3;
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e5) {
                    LOGGER.error("Close http response input stream failed.", e5);
                }
            }
            HttpClientUtil.close(insecureHttpClient);
            throw th;
        }
    }

    private GSSName getGSSName(GSSManager gSSManager, String str) throws GSSException {
        GSSName createName;
        if (str.contains(":")) {
            createName = gSSManager.createName("HTTP/" + str.substring(0, str.indexOf(":")) + "@" + getServerRealm(str), new Oid(NT_GSS_KRB5_PRINCIPAL));
        } else {
            createName = gSSManager.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE);
        }
        return createName;
    }

    protected byte[] generateToken(byte[] bArr, String str, Credentials credentials) throws GSSException {
        Oid oid = new Oid(SPNEGO_OID);
        byte[] bArr2 = bArr;
        if (bArr2 == null) {
            bArr2 = new byte[0];
        }
        GSSManager manager = getManager();
        GSSContext createContext = manager.createContext(getGSSName(manager, str).canonicalize(oid), oid, credentials instanceof KerberosCredentials ? ((KerberosCredentials) credentials).getGSSCredential() : null, 0);
        createContext.requestMutualAuth(true);
        createContext.requestCredDeleg(true);
        return createContext.initSecContext(bArr2, 0, bArr2.length);
    }
}
