package com.maconomy.gss.client;

import com.maconomy.gss.KerberosErrors;
import com.maconomy.gss.KerberosPluginUtil;
import com.maconomy.gss.LoginCallBackHandler;
import com.maconomy.util.MByteSerializer;
import com.maconomy.util.MParameterParser;
import com.maconomy.util.MParserException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.PrintStream;
import java.net.UnknownHostException;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.login.LoginException;
import sun.security.krb5.KrbException;

/* loaded from: input_file:com/maconomy/gss/client/KerberosClientPlugin.class */
public class KerberosClientPlugin {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/maconomy/gss/client/KerberosClientPlugin$Impl.class */
    public static class Impl implements Runnable {
        private final KerberosPluginUtil util;
        private String loginRuleName = "com.sun.security.jgss.initiate.server";
        private String realm;
        private Map<String, String> realms;
        private String kdc;
        private String serviceName;
        private String username;
        private String password;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:com/maconomy/gss/client/KerberosClientPlugin$Impl$KerberosMessageCallback.class */
        public class KerberosMessageCallback implements KerberosErrors.MessageCallback {
            private KerberosMessageCallback() {
            }

            @Override // com.maconomy.gss.KerberosErrors.MessageCallback
            public String getMessage(int i) {
                switch (i) {
                    case 6:
                        return "Unknown user: " + Impl.this.username + (Impl.this.username.indexOf(64) < 0 ? " (on realm: " + Impl.this.realm + ")" : "");
                    case 7:
                        return "Unknown service: " + Impl.this.serviceName;
                    case 24:
                        return "Incorrect password for user: " + Impl.this.username;
                    case 31:
                        return "Integrity check failed for user: " + Impl.this.username + " (incorrect password or casing?)";
                    case 41:
                        return "Checksum error for user: " + Impl.this.username + " (check casing?)";
                    case 68:
                        return "Realm mismatch for user: " + Impl.this.realm + " " + Impl.this.username;
                    default:
                        return null;
                }
            }
        }

        Impl(KerberosPluginUtil kerberosPluginUtil, String[] strArr) {
            this.util = kerberosPluginUtil;
            parseArguments(strArr);
            MKerberosSingleLoginCredentials.setDebug(kerberosPluginUtil.debug);
            MKerberosSingleLoginCredentials.setNativeSSO(false);
            MKerberosSingleLoginCredentials.setupKerberosProperties(this.realm, this.kdc, this.realms, false);
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                this.util.result(MByteSerializer.convertBytesToString(MKerberosSingleLoginCredentials.getTicketAs(this.serviceName, this.loginRuleName, new LoginCallBackHandler(this.username, this.password, this.util.debug))));
            } catch (Throwable th) {
                fail(th, "Unknown error");
            }
        }

        private void parseArguments(String[] strArr) {
            int i;
            int i2 = 0;
            if ((strArr.length > 0 && "-h".equals(strArr[0])) || "--help".equals(strArr[0])) {
                printHelp();
                System.exit(0);
            }
            if (strArr.length > 0 && ("-d".equals(strArr[0]) || "--debug".equals(strArr[0]))) {
                this.util.debug = true;
                i2 = 0 + 1;
            }
            if (strArr.length <= i2 || strArr[i2].length() < 7 || !"--conf=".equals(strArr[i2].substring(0, 7))) {
                if (strArr.length != 5 + i2) {
                    this.util.fail("Illegal number of parameters to " + KerberosClientPlugin.class + ": 5 parameters expected");
                }
                this.realm = parseRealm(strArr[i2 + 0]);
                this.kdc = strArr[i2 + 1];
                this.serviceName = strArr[i2 + 2];
                i = i2 + 3;
            } else {
                if (strArr.length != 3 + i2) {
                    this.util.fail("Illegal number of parameters to " + KerberosClientPlugin.class + ": 3 parameters expected");
                }
                String substring = strArr[i2].substring(7);
                i = i2 + 1;
                Properties readConfigurationFile = readConfigurationFile(substring);
                this.realm = parseRealm(readConfigurationFile.getProperty("realm"));
                this.kdc = readConfigurationFile.getProperty("kdc");
                this.serviceName = readConfigurationFile.getProperty("serviceName");
            }
            if (this.realms != null && this.realms.get(this.realm) == null) {
                this.realms.put(this.realm, this.kdc);
            }
            this.username = strArr[i + 0];
            this.password = strArr[i + 1];
        }

        private void fail(Throwable th, String str) {
            this.util.fail(th instanceof LoginException ? 1 : -1, getErrorMessage(th, str), th);
        }

        private String getErrorMessage(Throwable th, String str) {
            String message;
            String str2 = null;
            Throwable th2 = th;
            while (true) {
                Throwable th3 = th2;
                if (th3 == null) {
                    break;
                }
                if (th3 instanceof UnknownHostException) {
                    str2 = "Unknown host name: " + this.kdc;
                    break;
                }
                if (th3 instanceof IOException) {
                    str2 = "Network error: " + th3.getMessage();
                    break;
                }
                if (th3 instanceof KrbException) {
                    int returnCode = ((KrbException) th3).returnCode();
                    str2 = returnCode != 0 ? KerberosErrors.getKerberosErrorMessage(returnCode, new KerberosMessageCallback()) : th.getMessage() + ": " + th3.getMessage();
                    if (str2 != null) {
                        break;
                    }
                }
                if ((th3 instanceof SecurityException) && (message = th3.getMessage()) != null) {
                    str2 = this.util.getKerberosErrorMessage(message, new KerberosMessageCallback());
                    if (str2 != null) {
                        str2 = th.getMessage() + ": " + str2;
                        break;
                    }
                }
                if (th3.getCause() == null) {
                    break;
                }
                th2 = th3.getCause();
            }
            if (str2 == null) {
                str2 = th != null ? "" + th.getMessage() + " (" + th.getClass().getSimpleName() + ")" : str;
            }
            return str2;
        }

        private Properties readConfigurationFile(String str) {
            File file = new File(str);
            if (!file.isFile()) {
                this.util.fail("Could to locate the specified configuration file: " + str);
            }
            Properties properties = new Properties();
            try {
                properties.load(new FileInputStream(file));
            } catch (FileNotFoundException e) {
                this.util.fail("Could not find configuration file '" + str + "'");
            } catch (IOException e2) {
                this.util.fail("Could not read configuration file '" + str + "': " + e2.getMessage());
            }
            return properties;
        }

        private String parseRealm(String str) {
            if (str.contains(";")) {
                int indexOf = str.indexOf(59);
                this.realm = str.substring(0, indexOf);
                this.realms = parseRealms(str.substring(indexOf + 1));
            } else {
                this.realm = str;
            }
            return this.realm;
        }

        private Map<String, String> parseRealms(String str) {
            try {
                return MParameterParser.parseKeyValuePairs(str);
            } catch (MParserException e) {
                this.util.fail("Error parsing 'realms' property: " + e.getMessage(), e);
                return null;
            }
        }

        private void printHelp() {
            PrintStream printStream = this.util.stdout;
            printStream.println("Maconomy Kerberos SSO Client. Returns a hex-encoded ticket to a service name");
            printStream.println("on behalf of a named user");
            printStream.println();
            printStream.println("Usage: java -jar <jar-file> [-h,--help] [-d,--debug] ...");
            printStream.println();
            printStream.println("  -h,--help    Print this help text and exit.");
            printStream.println("  -d,--debug   Enable debug output");
            printStream.println();
            printStream.println("followed by:");
            printStream.println("  --conf=FILE  Read configuration from FILE");
            printStream.println("or:");
            printStream.println("  REALM        The realm of the service - possibly followed by other realm-");
            printStream.println("               to-kdc mappings: (REALM;[REALM_1=KDC_1[,REALM_n=KDC_n]*]");
            printStream.println("  KDC          Address of the KDC hosting the service(*)");
            printStream.println("  SPN          The Service Principal Name");
            printStream.println("  USERNAME     The name of the user to obtain a ticket for");
            printStream.println("  PASSWORD     The password of the user");
            printStream.println();
            printStream.println("Examples:");
            printStream.println("  <jar-file> EXAMPLE.COM KDC.EXAMPLE.COM Service/KDC.EXAMPLE.COM \"user\" \"secret\"");
            printStream.println("  <jar-file> --conf=./conf.txt \"John Doe\" \"password\"");
            printStream.println("where 'conf.txt' contains:");
            printStream.println("  realm = EXAMPLE.COM; TEST.COM=TEST.EXAMPLE.COM,...");
            printStream.println("  kdc = KDC.EXAMPLE.COM");
            printStream.println("  serviceName = ServiceName/KDC.EXAMPLE.COM");
            printStream.println("");
            printStream.println("Log output folder is: " + this.util.getLogDir());
            printStream.println();
            printStream.println(" *) Multi-realm authentication requires Java version 1.5_14, 1.6_4 or newer.");
        }
    }

    public static void main(String[] strArr) {
        KerberosPluginUtil kerberosPluginUtil = new KerberosPluginUtil();
        kerberosPluginUtil.setupStreamsAndLogFiles("KerberosClientPlugin", KerberosClientPlugin.class);
        try {
            new Impl(kerberosPluginUtil, strArr).run();
            kerberosPluginUtil.restoreStandardStreams();
        } catch (Throwable th) {
            kerberosPluginUtil.restoreStandardStreams();
            throw th;
        }
    }
}
