package com.maconomy.api.security;

import com.maconomy.api.McInterruptedException;
import com.maconomy.api.credentials.McAuthenticatingKerberosTicketCredentials;
import com.maconomy.api.credentials.McKerberosTicketCredentials;
import com.maconomy.api.credentials.MiKerberosTicketCredentials;
import com.maconomy.api.data.collection.MiGenericDataValues;
import com.maconomy.api.events.MiContainerEventData;
import com.maconomy.api.messages.McApiText;
import com.maconomy.api.security.sspi.McWindowsAccountImpl;
import com.maconomy.api.security.sspi.McWindowsCredentialsHandleImpl;
import com.maconomy.api.security.sspi.McWindowsSecurityContextImpl;
import com.maconomy.api.security.sspi.MiWindowsCredentialsHandle;
import com.maconomy.util.McFileUtil;
import com.maconomy.util.McJaasUtil;
import com.maconomy.util.McKey;
import com.maconomy.util.McOpt;
import com.maconomy.util.MiKey;
import com.maconomy.util.MiOpt;
import com.maconomy.util.MiText;
import com.maconomy.util.errorhandling.McError;
import com.maconomy.util.errorhandling.MiErrorInformation;
import com.maconomy.util.typesafe.McTypeSafe;
import com.maconomy.util.typesafe.MiMap;
import com.sun.jna.platform.win32.Win32Exception;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectStreamException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/maconomy/api/security/McKerberosAuthentication.class */
public final class McKerberosAuthentication {
    private static final Logger logger = LoggerFactory.getLogger(McKerberosAuthentication.class);
    private static final String MACONOMY_SECURITY_CLIENT_CONFIG = "maconomy.security.client.config";
    private static final String GSS_LOGIN_RULE_NAME = "com.sun.security.jgss.initiate";
    private static final String GSS_LOGIN_RULE_NAME_SERVER_POSTFIX = ".server";
    private static final String GSS_LOGIN_RULE_NAME_DEBUG_POSTFIX = ".debug";
    private static final String JAVA_SECURITY_KRB5_REALM = "java.security.krb5.realm";
    private static final String JAVA_SECURITY_KRB5_KDC = "java.security.krb5.kdc";
    private static final String JAVAX_SECURITY_AUTH_USE_SUBJECT_CREDS_ONLY = "javax.security.auth.useSubjectCredsOnly";
    private static final String SUN_SECURITY_KRB5_DEBUG = "sun.security.krb5.debug";
    private static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    private MiKey krbKDC;
    public static final String NATIVE_SSO_PROPERTY = "com.maconomy.native-sso";
    public static final String GSSAPI_SSO_PROPERTY = "com.maconomy.gssapi-sso";
    public static final String GSSAPI_SERVER_PROPERTY = "com.maconomy.gssapi.server";
    public static final String GSSAPI_DEBUG_PROPERTY = "com.maconomy.gssapi.debug";
    public static final String DEFAULT_KDC_TIMEOUT_PROPERTY = "com.maconomy.kdc-timeout-sec";
    private static final int DEFAULT_KDC_TIMEOUT_SEC = 3;
    private MiKey krbDefaultRealm = McKey.undefined();
    private MiMap<MiKey, MiKey> krbRealmToKdcMappings = McTypeSafe.emptyMap();
    private boolean useNativeSSO = getNativeSSOProperty();
    private boolean useGSSApi = getGSSApiProperty();
    private boolean isServer = getGSSApiServerProperty();
    private boolean debug = getGSSApiDebugProperty();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/maconomy/api/security/McKerberosAuthentication$KerberosCallbackHandler.class */
    public static class KerberosCallbackHandler implements CallbackHandler {
        private final CallbackHandler callbackHandler;
        private final MiKey defaultRealm;
        private final MiMap<MiKey, MiKey> realmToKdcMappings;
        private MiKey krbUsername = McKey.undefined();
        private char[] krbPassword = null;
        private boolean preAuthenticationCompleted = false;
        private static final char UPN_SEPARATOR = '@';
        private static final char NETBIOS_SEPARATOR = '\\';

        public KerberosCallbackHandler(CallbackHandler callbackHandler, MiKey miKey, MiMap<MiKey, MiKey> miMap) {
            this.callbackHandler = callbackHandler;
            this.defaultRealm = miKey;
            this.realmToKdcMappings = miMap;
        }

        public boolean isPreAuthenticationCompleted() {
            return this.preAuthenticationCompleted;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            ArrayList arrayList = new ArrayList(callbackArr.length);
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    if (this.krbUsername.isUndefined()) {
                        this.krbUsername = McKey.key(nameCallback.getDefaultName());
                        if (this.krbUsername.isUndefined()) {
                            String prompt = nameCallback.getPrompt();
                            int indexOf = prompt.indexOf(91);
                            int indexOf2 = prompt.indexOf(93);
                            if (indexOf >= 0 && indexOf2 > indexOf) {
                                this.krbUsername = McKey.key(prompt.substring(indexOf + 1, indexOf2));
                            }
                        }
                        promptForKerberosCredentials();
                    }
                    nameCallback.setName(this.krbUsername.asString());
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.krbPassword);
                    this.preAuthenticationCompleted = this.krbUsername.isDefined() && this.krbPassword != null;
                } else {
                    arrayList.add(callback);
                }
            }
            if (arrayList.isEmpty()) {
                return;
            }
            this.callbackHandler.handle((Callback[]) arrayList.toArray(new Callback[arrayList.size()]));
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r5v3, types: [java.lang.Object[], int[]] */
        protected void promptForKerberosCredentials() throws UnsupportedCallbackException, IOException {
            String asString;
            Set keySet = this.realmToKdcMappings.keySet();
            String[] strArr = new String[keySet.size()];
            int i = 0;
            Iterator it = keySet.iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                strArr[i2] = ((MiKey) it.next()).asString();
            }
            McChoiceCallback mcChoiceCallback = new McChoiceCallback(McApiText.domain(), strArr, 0, false);
            McNameCallback mcNameCallback = this.krbUsername.isDefined() ? new McNameCallback(McApiText.username(), this.krbUsername.asString()) : new McNameCallback(McApiText.username());
            McPasswordCallback mcPasswordCallback = new McPasswordCallback(McApiText.password(), true);
            McKerberosAuthentication.logger.debug("Requesting domain credentials from client");
            this.callbackHandler.handle(new Callback[]{mcChoiceCallback, mcNameCallback, mcPasswordCallback});
            int[] selectedIndexes = mcChoiceCallback.getSelectedIndexes();
            this.krbUsername = McKey.key(mcNameCallback.getName());
            this.krbPassword = mcPasswordCallback.getPassword();
            if (selectedIndexes == null) {
                asString = this.defaultRealm.asString();
            } else {
                if (selectedIndexes.length != 1 || selectedIndexes[0] < 0 || selectedIndexes[0] > strArr.length) {
                    if (McKerberosAuthentication.logger.isDebugEnabled()) {
                        Logger logger = McKerberosAuthentication.logger;
                        Object[] objArr = new Object[McKerberosAuthentication.DEFAULT_KDC_TIMEOUT_SEC];
                        objArr[0] = selectedIndexes == null ? null : Arrays.asList(new int[]{selectedIndexes});
                        objArr[1] = this.krbUsername;
                        objArr[2] = this.krbPassword == null ? null : "<password>";
                        logger.debug("Invalid/incomplete values received from Kerberos credentials callback: realm-index={}, username={}, password={}", objArr);
                    }
                    throw new IOException("Invalid/incomplete values received from Kerberos credentials callback");
                }
                asString = strArr[selectedIndexes[0]];
            }
            if (this.krbUsername.isDefined()) {
                MiKey userPrincipalName = getUserPrincipalName(this.krbUsername, asString, this.realmToKdcMappings.keySet());
                if (McKerberosAuthentication.logger.isDebugEnabled()) {
                    McKerberosAuthentication.logger.debug("Translating user name to UPN: {} -> {}", this.krbUsername, userPrincipalName);
                }
                this.krbUsername = userPrincipalName;
            }
        }

        private static MiKey getUserPrincipalName(MiKey miKey, String str, Set<MiKey> set) {
            String str2;
            String asString = miKey.asString();
            int indexOf = asString.indexOf(64);
            if (indexOf > 0 && indexOf + 1 < asString.length()) {
                return miKey;
            }
            int indexOf2 = asString.indexOf(NETBIOS_SEPARATOR);
            if (indexOf2 <= 0 || indexOf2 + 1 >= asString.length()) {
                str2 = str;
            } else {
                str2 = findMatchingRealm(set, McKey.key(asString.substring(0, indexOf2))).asString();
                asString = asString.substring(indexOf2 + 1);
            }
            return McKey.key(String.format(String.valueOf(asString) + '@' + str2, new Object[0]));
        }

        private static MiKey findMatchingRealm(Set<MiKey> set, MiKey miKey) throws IllegalArgumentException {
            if (set.contains(miKey)) {
                return miKey;
            }
            List<MiKey> findRealmCandidates = findRealmCandidates(miKey, set);
            switch (findRealmCandidates.size()) {
                case MiContainerEventData.CARD_ROW_NUMBER /* 0 */:
                    throw new IllegalArgumentException(String.format("Could not map domain to realm name: %s (available realm names: %s)", miKey, set));
                case MiGenericDataValues.removeSuppressWarnings /* 1 */:
                    return findRealmCandidates.get(0);
                default:
                    throw new IllegalArgumentException(String.format("Multiple matching realm names for domain: %s (%s)", miKey, findRealmCandidates));
            }
        }

        private static List<MiKey> findRealmCandidates(MiKey miKey, Set<MiKey> set) {
            ArrayList arrayList = new ArrayList();
            for (MiKey miKey2 : set) {
                if (miKey2.asCanonical().replaceAll("\\.", "").startsWith(miKey.asCanonical()) || Arrays.asList(miKey2.asCanonical().split("\\.")).contains(miKey.asCanonical())) {
                    arrayList.add(miKey2);
                }
            }
            return arrayList;
        }
    }

    /* loaded from: input_file:com/maconomy/api/security/McKerberosAuthentication$LoginExceptionWithAuthenticatingCredentials.class */
    public final class LoginExceptionWithAuthenticatingCredentials extends LoginExceptionWithCause {
        private static final long serialVersionUID = 1;
        private final MiKey username;
        private final char[] password;
        private final MiKey serviceName;

        private LoginExceptionWithAuthenticatingCredentials(String str, Throwable th, MiKey miKey, KerberosCallbackHandler kerberosCallbackHandler) {
            super(str, th);
            this.serviceName = miKey;
            this.username = kerberosCallbackHandler.krbUsername;
            this.password = kerberosCallbackHandler.krbPassword;
        }

        public McAuthenticatingKerberosTicketCredentials getAuthenticatingKerberosTicketCredentials() {
            return new McAuthenticatingKerberosTicketCredentials(this.username, this.password, this.serviceName, McKerberosAuthentication.this.krbKDC, McKerberosAuthentication.this.krbDefaultRealm, McKerberosAuthentication.this.krbRealmToKdcMappings);
        }

        private Object writeReplace() throws ObjectStreamException {
            return new LoginException(String.valueOf(getMessage()) + " (was: McKerberosAuthentication.LoginExceptionWithPostponedCredentials)");
        }

        @Override // com.maconomy.api.security.McKerberosAuthentication.LoginExceptionWithCause
        public /* bridge */ /* synthetic */ boolean showStackTrace() {
            return super.showStackTrace();
        }

        @Override // com.maconomy.api.security.McKerberosAuthentication.LoginExceptionWithCause
        public /* bridge */ /* synthetic */ MiText getDisplayMessage() {
            return super.getDisplayMessage();
        }

        /* synthetic */ LoginExceptionWithAuthenticatingCredentials(McKerberosAuthentication mcKerberosAuthentication, String str, Throwable th, MiKey miKey, KerberosCallbackHandler kerberosCallbackHandler, LoginExceptionWithAuthenticatingCredentials loginExceptionWithAuthenticatingCredentials) {
            this(str, th, miKey, kerberosCallbackHandler);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/maconomy/api/security/McKerberosAuthentication$LoginExceptionWithCause.class */
    public static class LoginExceptionWithCause extends LoginException implements MiErrorInformation {
        private static final long serialVersionUID = 1;

        public LoginExceptionWithCause(Throwable th) {
            this(th.getMessage(), th);
        }

        public LoginExceptionWithCause(String str, Throwable th) {
            super(str);
            initCause(th);
        }

        public MiText getDisplayMessage() {
            return McApiText.domainLoginFailed();
        }

        public boolean showStackTrace() {
            return false;
        }
    }

    public void useNativeSSO(boolean z) {
        this.useNativeSSO = z;
    }

    public void useGSSApi(boolean z) {
        this.useGSSApi = z;
    }

    public void isServer(boolean z) {
        this.isServer = z;
    }

    public void setDebug(boolean z) {
        this.debug = z;
    }

    public void setKerberosProperties(MiKey miKey, MiKey miKey2, MiMap<MiKey, MiKey> miMap) {
        this.krbKDC = miKey;
        this.krbDefaultRealm = miKey2;
        this.krbRealmToKdcMappings = miMap;
        MiOpt<File> createKrb5ConfFile = createKrb5ConfFile(McKey.key("krb5.conf"), miKey2, miMap);
        if (createKrb5ConfFile.isDefined() && ((File) createKrb5ConfFile.get()).exists()) {
            System.setProperty("java.security.krb5.conf", ((File) createKrb5ConfFile.get()).getAbsolutePath());
        } else {
            System.setProperty(JAVA_SECURITY_KRB5_REALM, miKey2.asString());
            System.setProperty(JAVA_SECURITY_KRB5_KDC, miKey.asString());
        }
        System.setProperty(JAVAX_SECURITY_AUTH_USE_SUBJECT_CREDS_ONLY, "false");
        System.setProperty(SUN_SECURITY_KRB5_DEBUG, "false");
        if (System.getProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG) == null) {
            System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, translatePathToLocalClassPath(McKerberosAuthentication.class, McKey.key(MACONOMY_SECURITY_CLIENT_CONFIG)));
        }
        Configuration.getConfiguration().refresh();
    }

    public MiKerberosTicketCredentials getKerberosTicketCredentials(MiKey miKey, MiOpt<CallbackHandler> miOpt) throws SecurityException, LoginException {
        if (!isWindowsPlatform() || !this.useNativeSSO) {
            if (this.useGSSApi) {
                return getKerberosCredentialsGSS(miKey, miOpt);
            }
            throw new LoginExceptionWithCause("No way to obtain Kerberos credentials.", null);
        }
        try {
            return getSSOCredentialsSSPI(miKey);
        } catch (Exception e) {
            if (!this.useGSSApi || !miOpt.isDefined()) {
                throw e;
            }
            if (logger.isErrorEnabled()) {
                logger.error("SSPI authentication failed", e);
            }
            return getKerberosCredentialsGSS(miKey, miOpt);
        }
    }

    public MiKerberosTicketCredentials getSSOCredentialsSSPI(MiKey miKey) throws LoginException {
        return new McKerberosTicketCredentials(McKey.key(McWindowsAccountImpl.getCurrentUsername()), getServiceTicketSSPI(miKey));
    }

    public MiKerberosTicketCredentials getKerberosCredentialsGSS(final MiKey miKey, MiOpt<CallbackHandler> miOpt) throws SecurityException, LoginException {
        KerberosCallbackHandler kerberosCallbackHandler = miOpt.isDefined() ? new KerberosCallbackHandler((CallbackHandler) miOpt.get(), this.krbDefaultRealm, this.krbRealmToKdcMappings) : null;
        String loginRuleName = getLoginRuleName();
        try {
            LoginContext loginContext = kerberosCallbackHandler != null ? new LoginContext(loginRuleName, kerberosCallbackHandler) : new LoginContext(loginRuleName);
            loginContext.login();
            Subject subject = loginContext.getSubject();
            MiOpt optPrincipal = McJaasUtil.getOptPrincipal(subject, KerberosPrincipal.class);
            final MiKey key = McKey.key(optPrincipal.isDefined() ? ((KerberosPrincipal) optPrincipal.get()).getName() : null);
            try {
                byte[] bArr = (byte[]) Subject.doAs(subject, new PrivilegedExceptionAction<byte[]>() { // from class: com.maconomy.api.security.McKerberosAuthentication.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public byte[] run() throws Exception {
                        try {
                            return McKerberosAuthentication.this.getServiceTicketGSS(miKey);
                        } catch (LoginException e) {
                            String format = String.format("Could not get ticket to service '%s' as user '%s'", miKey.asString(), key.asString());
                            if (McKerberosAuthentication.logger.isErrorEnabled()) {
                                McKerberosAuthentication.logger.error(format, e);
                            }
                            throw new LoginExceptionWithCause(format, e);
                        }
                    }
                });
                try {
                    loginContext.logout();
                    return new McKerberosTicketCredentials(key, bArr);
                } catch (LoginException e) {
                    if (logger.isErrorEnabled()) {
                        logger.error("Error during client logout", e);
                    }
                    throw new LoginExceptionWithCause("Error at logout", e);
                }
            } catch (PrivilegedActionException e2) {
                try {
                    throw e2.getException();
                } catch (LoginExceptionWithCause e3) {
                    throw e3;
                } catch (SecurityException | LoginException e4) {
                    throw new LoginExceptionWithCause(e4);
                } catch (Throwable th) {
                    throw McError.create(th);
                }
            }
        } catch (LoginException e5) {
            if (kerberosCallbackHandler == null || !kerberosCallbackHandler.isPreAuthenticationCompleted()) {
                throw new LoginExceptionWithCause(new McInterruptedException(McApiText.domainLoginFailed(), e5));
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Error during login context creation: {}", e5);
            }
            throw new LoginExceptionWithAuthenticatingCredentials(this, "Could not establish login context", e5, miKey, kerberosCallbackHandler, null);
        }
    }

    protected byte[] getServiceTicketSSPI(MiKey miKey) throws LoginExceptionWithCause {
        String asString = miKey.asString();
        MiWindowsCredentialsHandle miWindowsCredentialsHandle = null;
        McWindowsSecurityContextImpl mcWindowsSecurityContextImpl = null;
        if (logger.isDebugEnabled()) {
            logger.debug("Trying to establish context for service name: {}", miKey);
        }
        String currentUsername = McWindowsAccountImpl.getCurrentUsername();
        try {
            try {
                miWindowsCredentialsHandle = McWindowsCredentialsHandleImpl.getCurrent(currentUsername, "Kerberos");
                miWindowsCredentialsHandle.initialize();
                mcWindowsSecurityContextImpl = new McWindowsSecurityContextImpl();
                mcWindowsSecurityContextImpl.setPrincipalName(currentUsername);
                mcWindowsSecurityContextImpl.setCredentialsHandle(miWindowsCredentialsHandle.getHandle());
                mcWindowsSecurityContextImpl.setSecurityPackage("Kerberos");
                do {
                    mcWindowsSecurityContextImpl.initialize(mcWindowsSecurityContextImpl.getHandle(), null, asString);
                } while (mcWindowsSecurityContextImpl.getContinue());
                if (logger.isDebugEnabled()) {
                    logger.debug("Context established for the user {}", mcWindowsSecurityContextImpl.getPrincipalName());
                }
                byte[] token = mcWindowsSecurityContextImpl.getToken();
                if (mcWindowsSecurityContextImpl != null) {
                    mcWindowsSecurityContextImpl.dispose();
                }
                if (miWindowsCredentialsHandle != null) {
                    miWindowsCredentialsHandle.dispose();
                }
                return token;
            } catch (Win32Exception e) {
                if (logger.isErrorEnabled()) {
                    logger.error("Error during attempted SSPI service ticket retrieval: {}", e);
                }
                throw new LoginExceptionWithCause(e);
            }
        } catch (Throwable th) {
            if (mcWindowsSecurityContextImpl != null) {
                mcWindowsSecurityContextImpl.dispose();
            }
            if (miWindowsCredentialsHandle != null) {
                miWindowsCredentialsHandle.dispose();
            }
            throw th;
        }
    }

    protected byte[] getServiceTicketGSS(MiKey miKey) throws LoginExceptionWithCause {
        try {
            if (logger.isDebugEnabled()) {
                logger.debug("Trying to establish context for service name: {}", miKey);
            }
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(miKey.asString(), (Oid) null), oid, (GSSCredential) null, 0);
            createContext.requestMutualAuth(false);
            byte[] bArr = new byte[0];
            byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
            if (!createContext.isEstablished()) {
                throw new LoginExceptionWithCause("Context not established", null);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Context established, client is {},server is {}", createContext.getSrcName(), createContext.getTargName());
            }
            createContext.dispose();
            return initSecContext;
        } catch (GSSException e) {
            if (logger.isErrorEnabled()) {
                logger.error("Error during attempted GSS service ticket retrieval", e);
            }
            throw new LoginExceptionWithCause("Error during attempted GSS service ticket retrieval", e);
        }
    }

    private String getLoginRuleName() {
        StringBuilder sb = new StringBuilder(GSS_LOGIN_RULE_NAME);
        if (this.isServer) {
            sb.append(GSS_LOGIN_RULE_NAME_SERVER_POSTFIX);
        }
        if (this.debug) {
            sb.append(GSS_LOGIN_RULE_NAME_DEBUG_POSTFIX);
        }
        return sb.toString();
    }

    private String translatePathToLocalClassPath(Class cls, MiKey miKey) {
        URL resource = cls.getResource(miKey.asString());
        if (resource == null) {
            if (logger.isErrorEnabled()) {
                logger.error("Could not find resource: {}", miKey);
            }
            throw McError.create("Could not find resource: " + miKey);
        }
        if (resource != null && "jar".equalsIgnoreCase(resource.getProtocol()) && resource.toExternalForm().indexOf("!/") == -1) {
            String str = "jar:" + cls.getProtectionDomain().getCodeSource().getLocation().toExternalForm() + "!" + miKey;
            if (!str.equals(resource.toExternalForm())) {
                try {
                    resource = new URL(str);
                } catch (MalformedURLException e) {
                    String str2 = "URL translation failed for '" + resource.toExternalForm() + "' -> '" + str;
                    if (logger.isErrorEnabled()) {
                        logger.error(str2, e);
                    }
                    throw McError.create(str2, e);
                }
            }
        }
        return resource.toExternalForm();
    }

    private MiOpt<File> createKrb5ConfFile(MiKey miKey, MiKey miKey2, MiMap<MiKey, MiKey> miMap) {
        McOpt.none();
        try {
            MiOpt<File> opt = McOpt.opt(new File(McFileUtil.getTempFileDir(), miKey.asString()));
            if (logger.isDebugEnabled()) {
                logger.debug("Creating Kerberos configuration file");
            } else {
                ((File) opt.get()).deleteOnExit();
            }
            long convert = TimeUnit.MILLISECONDS.convert(Integer.getInteger(DEFAULT_KDC_TIMEOUT_PROPERTY, DEFAULT_KDC_TIMEOUT_SEC).intValue(), TimeUnit.SECONDS);
            FileOutputStream fileOutputStream = new FileOutputStream((File) opt.get());
            StringBuilder sb = new StringBuilder();
            sb.append("[libdefaults]\n").append("default_realm = ").append(miKey2.asString()).append("\n)").append("kdc_timeout = ").append(convert).append("\n").append("\n").append("[realms]\n");
            for (Map.Entry entry : miMap.entrySetTS()) {
                sb.append(String.valueOf(((MiKey) entry.getKey()).asString()) + " = {\n  kdc = " + ((MiKey) entry.getValue()).asString() + "\n}\n");
            }
            fileOutputStream.write(sb.toString().getBytes());
            fileOutputStream.close();
            if (logger.isDebugEnabled()) {
                logger.debug(sb.toString());
            }
            return opt;
        } catch (Exception e) {
            String str = "Error during Kerberos configuration file creation: " + miKey.asString();
            if (logger.isErrorEnabled()) {
                logger.error(str, e);
            }
            throw McError.create(str, e);
        }
    }

    private static boolean getNativeSSOProperty() {
        String property = System.getProperty(NATIVE_SSO_PROPERTY);
        if (property == null) {
            return true;
        }
        return Boolean.parseBoolean(property);
    }

    private static boolean getGSSApiProperty() {
        String property = System.getProperty(GSSAPI_SSO_PROPERTY);
        if (property == null) {
            return true;
        }
        return Boolean.parseBoolean(property);
    }

    private static boolean getGSSApiServerProperty() {
        return Boolean.getBoolean(GSSAPI_SERVER_PROPERTY);
    }

    private static boolean getGSSApiDebugProperty() {
        return Boolean.getBoolean(GSSAPI_DEBUG_PROPERTY);
    }

    private static boolean isWindowsPlatform() {
        return System.getProperty("os.name").toLowerCase().indexOf("win") >= 0;
    }
}
