package org.springframework.security.kerberos.client.config;

import java.util.HashMap;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.kerby.kerberos.kerb.client.jaas.TokenAuthLoginModule;
import org.keycloak.common.constants.KerberosConstants;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.util.Assert;
import org.springframework.util.ResourceUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-kerberos-client-1.0.1.RELEASE.jar:org/springframework/security/kerberos/client/config/SunJaasKrb5LoginConfig.class */
public class SunJaasKrb5LoginConfig extends Configuration implements InitializingBean {
    private static final Log LOG = LogFactory.getLog((Class<?>) SunJaasKrb5LoginConfig.class);
    private String servicePrincipal;
    private Resource keyTabLocation;
    private Boolean useTicketCache = false;
    private Boolean isInitiator = false;
    private Boolean debug = false;
    private String keyTabLocationAsString;

    public void setServicePrincipal(String str) {
        this.servicePrincipal = str;
    }

    public void setKeyTabLocation(Resource resource) {
        this.keyTabLocation = resource;
    }

    public void setUseTicketCache(Boolean bool) {
        this.useTicketCache = bool;
    }

    public void setIsInitiator(Boolean bool) {
        this.isInitiator = bool;
    }

    public void setDebug(Boolean bool) {
        this.debug = bool;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.hasText(this.servicePrincipal, "servicePrincipal must be specified");
        if (this.keyTabLocation != null && (this.keyTabLocation instanceof ClassPathResource)) {
            LOG.warn("Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath.");
        }
        if (this.useTicketCache.booleanValue()) {
            return;
        }
        Assert.notNull(this.keyTabLocation, "keyTabLocation must be specified when useTicketCache is false");
        this.keyTabLocationAsString = this.keyTabLocation.getURL().toExternalForm();
        if (this.keyTabLocationAsString.startsWith(ResourceUtils.FILE_URL_PREFIX)) {
            this.keyTabLocationAsString = this.keyTabLocationAsString.substring(5);
        }
    }

    public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(TokenAuthLoginModule.PRINCIPAL, this.servicePrincipal);
        if (this.keyTabLocation != null) {
            hashMap.put("useKeyTab", "true");
            hashMap.put(KerberosConstants.KEYTAB, this.keyTabLocationAsString);
            hashMap.put("storeKey", "true");
        }
        hashMap.put("doNotPrompt", "true");
        if (this.useTicketCache.booleanValue()) {
            hashMap.put("useTicketCache", "true");
            hashMap.put("renewTGT", "true");
        }
        hashMap.put("isInitiator", this.isInitiator.toString());
        hashMap.put("debug", this.debug.toString());
        return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
    }
}
