package org.apache.nifi.hadoop;

import java.net.UnknownHostException;
import java.util.HashSet;
import java.util.concurrent.Callable;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.hadoop.security.authentication.util.KerberosUtil;
import org.apache.http.auth.Credentials;
import org.apache.http.impl.auth.SPNegoScheme;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;

/* loaded from: input_file:org/apache/nifi/hadoop/KerberosKeytabSPNegoScheme.class */
public class KerberosKeytabSPNegoScheme extends SPNegoScheme {
    public KerberosKeytabSPNegoScheme() {
        super(true, false);
    }

    public byte[] generateToken(final byte[] bArr, final String str, Credentials credentials) {
        HashSet hashSet = new HashSet();
        hashSet.add(credentials.getUserPrincipal());
        try {
            LoginContext loginContext = new LoginContext("", new Subject(false, hashSet, new HashSet(), new HashSet()), (CallbackHandler) null, new KerberosConfiguration(credentials.getUserPrincipal().getName(), ((KerberosKeytabCredentials) credentials).getKeytab()));
            loginContext.login();
            return (byte[]) Subject.callAs(loginContext.getSubject(), new Callable<byte[]>(this) { // from class: org.apache.nifi.hadoop.KerberosKeytabSPNegoScheme.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public byte[] call() throws UnknownHostException, GSSException {
                    GSSManager gSSManager = GSSManager.getInstance();
                    GSSContext createContext = gSSManager.createContext(gSSManager.createName(KerberosUtil.getServicePrincipal("HTTP", str), KerberosUtil.NT_GSS_KRB5_PRINCIPAL_OID), KerberosUtil.GSS_KRB5_MECH_OID, (GSSCredential) null, 0);
                    createContext.requestCredDeleg(true);
                    createContext.requestMutualAuth(true);
                    return createContext.initSecContext(bArr, 0, bArr.length);
                }
            });
        } catch (LoginException e) {
            throw new RuntimeException(e);
        }
    }
}
