package com.maconomy.gss.client;

import com.maconomy.client.MClientProperties;
import com.maconomy.gss.LoginCallBackHandler;
import com.maconomy.gss.client.sspi.IWindowsCredentialsHandle;
import com.maconomy.gss.client.sspi.IWindowsSecurityContext;
import com.maconomy.gss.client.sspi.WindowsSecurityContextImpl;
import com.maconomy.util.MThisPlatform;
import com.sun.jna.platform.win32.Win32Exception;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PrivilegedAction;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import sun.security.krb5.Credentials;

/* loaded from: input_file:com/maconomy/gss/client/MKerberosSingleLoginCredentials.class */
public class MKerberosSingleLoginCredentials {
    private static volatile boolean debug = false;
    private static volatile boolean nativeSSO = true;

    public static byte[] getTicket(String str, String str2, String str3, Map<String, String> map, boolean z) throws SecurityException {
        if (map != null && map.get(str) == null) {
            map.put(str, str2);
            str = Credentials.acquireDefaultCreds().getClient().getRealmAsString();
        }
        setupKerberosProperties(str, str2, map, z);
        return (isWindowsPlatform() && useNativeSSO()) ? getServiceTicketSSPI(str3) : getServiceTicketGSS(str3);
    }

    public static void setDebug(boolean z) {
        debug = z;
        if (debug) {
            System.out.println("SSO Debug enabled");
        }
    }

    public static void setNativeSSO(boolean z) {
        if (debug) {
            System.out.println("Native SSO " + (z ? "enabled" : "disabled"));
        }
        nativeSSO = z;
    }

    public static void setupKerberosProperties(String str, String str2, Map<String, String> map, boolean z) {
        File file = new File(MClientProperties.getUserDataDir(), "krb5.local.conf");
        if (!file.exists() && (map != null || z)) {
            file = createKrb5ConfigurationFile("krb5.conf", str, map, z);
        }
        if (file.exists()) {
            System.setProperty("java.security.krb5.conf", file.getAbsolutePath());
        } else {
            System.setProperty("java.security.krb5.realm", str);
            System.setProperty("java.security.krb5.kdc", str2);
        }
        System.setProperty("sun.security.krb5.debug", debug ? "true" : "false");
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
        if (System.getProperty("java.security.auth.login.config") == null) {
            System.setProperty("java.security.auth.login.config", translatePathToLocalClassPath(MKerberosSingleLoginCredentials.class, debug ? "/conf/login.debug.conf" : "/conf/login.conf"));
        }
        if (debug) {
            System.out.println("Realm is " + str);
            System.out.println("Kdc is " + str2);
        }
    }

    public static byte[] getTicketAs(final String str, String str2, LoginCallBackHandler loginCallBackHandler) throws LoginException, SecurityException {
        byte[] bArr;
        if (isWindowsPlatform() && useNativeSSO()) {
            bArr = getServiceTicketSSPI(str);
        } else {
            try {
                LoginContext loginContext = new LoginContext(str2, loginCallBackHandler);
                loginContext.login();
                bArr = (byte[]) Subject.doAs(loginContext.getSubject(), new PrivilegedAction<byte[]>() { // from class: com.maconomy.gss.client.MKerberosSingleLoginCredentials.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedAction
                    public byte[] run() {
                        try {
                            return MKerberosSingleLoginCredentials.getServiceTicketGSS(str);
                        } catch (SecurityException e) {
                            throw new SecurityException("Could not get ticket for service '" + str + "'", e);
                        }
                    }
                });
                try {
                    loginContext.logout();
                } catch (LoginException e) {
                    throw new SecurityException("Error at logout", e);
                }
            } catch (LoginException e2) {
                throw new SecurityException("Could not establish login context", e2);
            }
        }
        return bArr;
    }

    public static byte[] getServiceTicketSSPI(String str) throws SecurityException {
        IWindowsCredentialsHandle iWindowsCredentialsHandle = null;
        IWindowsSecurityContext iWindowsSecurityContext = null;
        if (debug) {
            System.out.println();
            System.out.println("Trying to establish SSPI Context:");
            System.out.println("service name is " + str);
        }
        try {
            try {
                iWindowsSecurityContext = WindowsSecurityContextImpl.getCurrent("Kerberos", str);
                do {
                    iWindowsSecurityContext.initialize(iWindowsSecurityContext.getHandle(), null, str);
                } while (iWindowsSecurityContext.getContinue());
                if (debug) {
                    System.out.println("Security Context established! ");
                    System.out.println("User is " + iWindowsSecurityContext.getPrincipalName());
                }
                byte[] token = iWindowsSecurityContext.getToken();
                if (iWindowsSecurityContext != null) {
                    iWindowsSecurityContext.dispose();
                }
                if (0 != 0) {
                    iWindowsCredentialsHandle.dispose();
                }
                return token;
            } catch (Win32Exception e) {
                if (debug) {
                    System.out.println("Error during attempted SSPI service ticket retrieval: " + e.getMessage() + "\n" + e.toString());
                }
                throw new SecurityException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            if (iWindowsSecurityContext != null) {
                iWindowsSecurityContext.dispose();
            }
            if (0 != 0) {
                iWindowsCredentialsHandle.dispose();
            }
            throw th;
        }
    }

    public static byte[] getServiceTicketGSS(String str) throws SecurityException {
        try {
            if (debug) {
                System.out.println();
                System.out.println("Trying to establish GSS Context:");
                System.out.println("service name is " + str);
            }
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(str, (Oid) null), oid, (GSSCredential) null, 0);
            createContext.requestMutualAuth(false);
            byte[] bArr = new byte[0];
            byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
            if (!createContext.isEstablished()) {
                throw new SecurityException("Context not established");
            }
            if (debug) {
                System.out.println("Context Established! ");
                System.out.println("Client is " + createContext.getSrcName());
                System.out.println("Server is " + createContext.getTargName());
            }
            createContext.dispose();
            return initSecContext;
        } catch (GSSException e) {
            if (debug) {
                System.out.println("GSSException: " + e.getMessage() + "\n" + e.toString());
            }
            throw new SecurityException(e.getMessage(), e);
        }
    }

    private static String translatePathToLocalClassPath(Class cls, String str) {
        URL resource = cls.getResource(str);
        if (resource == null) {
            throw new SecurityException("Single login : could not find resource: " + str);
        }
        if (MThisPlatform.getThisPlatform().isJava150_016()) {
            String externalForm = cls.getProtectionDomain().getCodeSource().getLocation().toExternalForm();
            if (resource != null && "jar".equalsIgnoreCase(resource.getProtocol()) && resource.toExternalForm().indexOf("!/") == -1) {
                String str2 = "jar:" + externalForm + "!" + str;
                if (!str2.equals(resource.toExternalForm())) {
                    try {
                        resource = new URL(str2);
                    } catch (MalformedURLException e) {
                        if (debug) {
                            System.out.println("URL translation failed for '" + resource.toExternalForm() + "' -> '" + str2 + "': " + e.getMessage());
                        }
                    }
                }
            }
        }
        return resource.toExternalForm();
    }

    private static File createKrb5ConfigurationFile(String str, String str2, Map<String, String> map, boolean z) {
        File file = new File(MClientProperties.getUserDataDir(), str);
        System.setProperty("java.security.krb5.conf", file.getAbsolutePath());
        if (!debug) {
            file.deleteOnExit();
        }
        try {
            if (debug) {
                System.out.println("Creating Kerberos configuration file:");
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            StringBuilder sb = new StringBuilder();
            sb.append("[libdefaults]\ndefault_realm = " + str2 + "\n");
            if (z) {
                sb.append("allow_weak_crypto = true\n");
            } else {
                sb.append("\n");
            }
            if (map != null) {
                sb.append("[realms]\n");
                for (Map.Entry<String, String> entry : map.entrySet()) {
                    sb.append(entry.getKey() + " = {\n  kdc = " + entry.getValue() + "\n}\n");
                }
            }
            fileOutputStream.write(sb.toString().getBytes());
            fileOutputStream.close();
            if (debug) {
                System.out.println(sb.toString());
            }
            return file;
        } catch (FileNotFoundException e) {
            throw new SecurityException("Could not create file: " + file.getAbsolutePath() + " (" + e.getMessage() + ")");
        } catch (IOException e2) {
            throw new SecurityException("Could not write to file: " + file.getAbsolutePath() + " (" + e2.getMessage() + ")");
        }
    }

    private static boolean useNativeSSO() {
        String property = System.getProperty("com.maconomy.native-sso");
        return nativeSSO && (property == null || Boolean.parseBoolean(property));
    }

    private static boolean isWindowsPlatform() {
        return System.getProperty("os.name").toLowerCase().indexOf("win") >= 0;
    }
}
