package com.teradata.tempto.internal.hadoop.hdfs;

import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.inject.Inject;
import com.google.inject.PrivateModule;
import com.google.inject.Provides;
import com.google.inject.Scopes;
import com.google.inject.Singleton;
import com.teradata.tempto.configuration.Configuration;
import com.teradata.tempto.kerberos.KerberosAuthentication;
import java.io.IOException;
import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import javax.security.auth.Subject;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.protocol.HttpContext;

/* loaded from: input_file:com/teradata/tempto/internal/hadoop/hdfs/SpnegoHttpRequestsExecutor.class */
public class SpnegoHttpRequestsExecutor implements HttpRequestsExecutor {
    private final CloseableHttpClient httpClient;
    private final KerberosAuthentication kerberosAuthentication;
    private final HttpContext spnegoAwareHttpContext = createSpnegoAwareHttpContext();
    private final boolean useCanonicalHostname;

    /* loaded from: input_file:com/teradata/tempto/internal/hadoop/hdfs/SpnegoHttpRequestsExecutor$Module.class */
    public static class Module extends PrivateModule {
        protected void configure() {
            bind(HttpRequestsExecutor.class).to(SpnegoHttpRequestsExecutor.class).in(Scopes.SINGLETON);
            expose(HttpRequestsExecutor.class);
        }

        @Inject
        @Singleton
        @Provides
        KerberosAuthentication createKerberosAuthentication(Configuration configuration) {
            String stringMandatory = configuration.getStringMandatory(WebHdfsClient.CONF_HDFS_USERNAME_KEY);
            Optional<String> string = configuration.getString("hdfs.webhdfs.keytab");
            Preconditions.checkState(string.isPresent(), "In order to use SPNEGO authenticated HDFS you must specify keytab location with the 'hdfs.webhdfs.keytab' property");
            return new KerberosAuthentication(stringMandatory, string.get());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/teradata/tempto/internal/hadoop/hdfs/SpnegoHttpRequestsExecutor$NullCredentials.class */
    public static class NullCredentials implements Credentials {
        private NullCredentials() {
        }

        @Override // org.apache.http.auth.Credentials
        public Principal getUserPrincipal() {
            return null;
        }

        @Override // org.apache.http.auth.Credentials
        public String getPassword() {
            return null;
        }
    }

    @Inject
    public SpnegoHttpRequestsExecutor(CloseableHttpClient closeableHttpClient, KerberosAuthentication kerberosAuthentication, Configuration configuration) {
        this.httpClient = (CloseableHttpClient) Objects.requireNonNull(closeableHttpClient, "httpClient is null");
        this.kerberosAuthentication = (KerberosAuthentication) Objects.requireNonNull(kerberosAuthentication, "kerberosAuthentication is null");
        this.useCanonicalHostname = configuration.getBoolean("hdfs.webhdfs.spnego_use_canonical_hostname").orElse(false).booleanValue();
    }

    private HttpContext createSpnegoAwareHttpContext() {
        HttpClientContext create = HttpClientContext.create();
        create.setAuthSchemeRegistry(RegistryBuilder.create().register("Negotiate", new SPNegoSchemeFactory(true, this.useCanonicalHostname)).build());
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(new AuthScope(null, -1, null), new NullCredentials());
        create.setCredentialsProvider(basicCredentialsProvider);
        return create;
    }

    @Override // com.teradata.tempto.internal.hadoop.hdfs.HttpRequestsExecutor
    public CloseableHttpResponse execute(HttpUriRequest httpUriRequest) throws IOException {
        return (CloseableHttpResponse) Subject.doAs(this.kerberosAuthentication.authenticate(), () -> {
            try {
                return this.httpClient.execute(httpUriRequest, this.spnegoAwareHttpContext);
            } catch (IOException e) {
                throw Throwables.propagate(e);
            }
        });
    }
}
