package com.ibm.etools.iseries.connectorservice;

import com.ibm.as400.access.AS400;
import com.ibm.as400.access.AS400SecurityException;
import com.ibm.etools.iseries.connectorservice.ui.KerberosLoginDialog;
import com.ibm.etools.iseries.connectorservice.ui.KerberosPreferencePage;
import com.ibm.iaccess.base.AcsGSSManager;
import java.beans.PropertyVetoException;
import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.eclipse.osgi.util.NLS;
import org.eclipse.rse.services.clientserver.messages.SimpleSystemMessage;
import org.eclipse.swt.widgets.Display;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:runtime/connect.jar:com/ibm/etools/iseries/connectorservice/ToolboxConnectorKerberos.class */
public class ToolboxConnectorKerberos {
    private final GSSManager mGSSManager = GSSManager.getInstance();
    private static ToolboxConnectorKerberos _instance;
    private LoginContext krbLoginContext;
    private int krbLoginDialogState;
    private ToolboxConnectorKerberosConfig krbConfig;
    private String krbRealm;
    private String krbKDC;
    private String krbPrinciplePrimary;

    /* loaded from: input_file:runtime/connect.jar:com/ibm/etools/iseries/connectorservice/ToolboxConnectorKerberos$RetrieveKrbCredentialAction.class */
    public class RetrieveKrbCredentialAction implements PrivilegedExceptionAction<GSSCredential> {
        private String userId;

        public RetrieveKrbCredentialAction() {
            this.userId = null;
        }

        public RetrieveKrbCredentialAction(String str) {
            this.userId = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public GSSCredential run() throws GSSException {
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            ToolboxConnectorServicePlugin.logInfo("RetrieveKrbCredentialAction.run() enter");
            if (this.userId == null || this.userId.isEmpty()) {
                return ToolboxConnectorKerberos.this.mGSSManager.createCredential(1);
            }
            GSSName createName = ToolboxConnectorKerberos.this.mGSSManager.createName(this.userId, GSSName.NT_USER_NAME);
            GSSCredential createCredential = ToolboxConnectorKerberos.this.mGSSManager.createCredential(createName, 0, oid, 1);
            ToolboxConnectorServicePlugin.logInfo("RetrieveKrbCredentialAction.run() userId: " + this.userId + " GssNam: " + createName.toString());
            return createCredential;
        }
    }

    public static ToolboxConnectorKerberos getInstance() {
        if (_instance == null) {
            _instance = new ToolboxConnectorKerberos();
        }
        _instance.prepKerberos();
        return _instance;
    }

    private ToolboxConnectorKerberos() {
    }

    private void prepKerberos() {
        this.krbRealm = KerberosPreferencePage.getRealmFromPrefStore().trim();
        this.krbKDC = KerberosPreferencePage.getKDCFromPrefStore().trim();
        if (this.krbKDC == null || this.krbKDC.isEmpty()) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.prepKerberos(): krbKDC=null, try to auto determine");
            this.krbKDC = ToolboxConnectorKerberosUtil.getKrbKDC();
        }
        if (this.krbRealm == null || this.krbRealm.isEmpty()) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.prepKerberos(): krbRealm=null, try to auto determine");
            this.krbRealm = ToolboxConnectorKerberosUtil.getKrbRealm();
        }
        System.setProperty("java.security.krb5.realm", this.krbRealm);
        System.setProperty("java.security.krb5.kdc", this.krbKDC);
        this.krbPrinciplePrimary = ToolboxConnectorKerberosUtil.getLogonUserName();
        this.krbConfig = new ToolboxConnectorKerberosConfig(this.krbPrinciplePrimary);
    }

    public boolean authenticateKrb(AS400 as400) {
        as400.setGSSOption(0);
        try {
            as400.setGuiAvailable(false);
        } catch (PropertyVetoException unused) {
        }
        try {
            authenticateKrbNative();
            as400.connectService(2);
            return true;
        } catch (AS400SecurityException unused2) {
            try {
                authenticateKrbJAAS(as400);
                return true;
            } catch (IOException e) {
                ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrb(): {2} IOException.. \n" + e.toString());
                return false;
            } catch (PrivilegedActionException e2) {
                ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrb(): {2} PrivilegedActionException.. \n" + e2.toString());
                return false;
            } catch (AS400SecurityException e3) {
                ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrb(): {2} AS400SecurityException.. \n" + e3.toString());
                showDetailedMessageForAS400SecurityException(e3, as400);
                return false;
            }
        } catch (GSSException e4) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrb(): {1} GSSException.. \n" + e4.toString());
            authenticateKrbJAAS(as400);
            return true;
        } catch (IOException e5) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrb(): {1} IOException.. \n" + e5.toString());
            authenticateKrbJAAS(as400);
            return true;
        }
    }

    private void authenticateKrbNative() throws GSSException {
        if (ToolboxConnectorKerberosUtil.isWindows()) {
            new AcsGSSManager().setAsAS400Manager();
        }
    }

    private boolean authenticateKrbJAAS(AS400 as400) throws AS400SecurityException, IOException, PrivilegedActionException {
        AS400.setGSSManager(this.mGSSManager);
        try {
            if (this.krbLoginContext == null) {
                this.krbLoginContext = new LoginContext(ToolboxConnectorKerberosUtil.JASS_LOGIN_CONTEXT_NAME, (Subject) null, (CallbackHandler) null, this.krbConfig);
            }
            this.krbLoginContext.login();
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJAAS(): {2.1} Login Successful.");
        } catch (SecurityException e) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJAAS(): {2.1} SecurityE. " + e.getMessage());
            authenticateKrbJREKinit();
        } catch (LoginException e2) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJAAS(): {2.1} LoginE. " + e2.getMessage());
            authenticateKrbJREKinit();
        }
        GSSCredential gSSCredential = (GSSCredential) Subject.doAs(this.krbLoginContext.getSubject(), new RetrieveKrbCredentialAction(this.krbPrinciplePrimary));
        if (gSSCredential == null) {
            return false;
        }
        if (this.krbLoginContext.getSubject() == null || this.krbLoginContext.getSubject().getPrivateCredentials() == null) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateAS400KrbJAAS(): krbCredential " + gSSCredential.toString());
        } else {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateAS400KrbJAAS(): Login Successful. Private Cred from Subject:\n" + this.krbLoginContext.getSubject().getPrivateCredentials().toString());
        }
        as400.setGSSCredential(gSSCredential);
        as400.connectService(2);
        ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateAS400KrbJAAS(): Kerberos authentication successful!!");
        return true;
    }

    private boolean authenticateKrbJREKinit() {
        AS400.setGSSManager(this.mGSSManager);
        try {
            ToolboxConnectorKerberosUtil.retrieveTGTFromWindowsKlistGet();
            this.krbLoginContext.login();
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJREKinit(): {2.2} Login Successful. Private Cred from Subject:\n" + this.krbLoginContext.getSubject().getPrivateCredentials().toString());
            return true;
        } catch (LoginException e) {
            ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJREKinit(): {2.2} Kerberos authentication retry failed. " + e.getMessage());
            try {
                Display.getDefault().syncExec(new Runnable() { // from class: com.ibm.etools.iseries.connectorservice.ToolboxConnectorKerberos.1
                    @Override // java.lang.Runnable
                    public void run() {
                        KerberosLoginDialog kerberosLoginDialog = new KerberosLoginDialog(ToolboxConnectorServicePlugin.getActiveWorkbenchShell());
                        ToolboxConnectorKerberos.this.krbLoginDialogState = kerberosLoginDialog.open();
                    }
                });
                if (this.krbLoginDialogState == 1) {
                    ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJREKinit(): {2.3} Cancel button pressed on Kerberos Login Dialog");
                }
                this.krbLoginContext.login();
                ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJREKinit(): {2.3} Login Successful. Private Cred from Subject:\n" + this.krbLoginContext.getSubject().getPrivateCredentials().toString());
                return true;
            } catch (LoginException e2) {
                ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorKerberos.authenticateKrbJREKinit(): {2.3} Kerberos authentication retry failed. " + e2.getMessage());
                return false;
            }
        }
    }

    private void showDetailedMessageForAS400SecurityException(AS400SecurityException aS400SecurityException, AS400 as400) {
        SimpleSystemMessage simpleSystemMessage;
        String str;
        String bind;
        String str2 = KerberosPreferencePage.EMPTY_STR;
        String systemName = as400.getSystemName();
        if (aS400SecurityException.getCause() != null) {
            str2 = aS400SecurityException.getCause().toString();
        }
        switch (aS400SecurityException.getReturnCode()) {
            case 32:
                ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorService.internalConnect: EIM user mapping is invalid or does not exist. \n" + str2);
                simpleSystemMessage = new SimpleSystemMessage(ToolboxConnectorServicePlugin.PLUGIN_ID, IToolboxConnectorServiceMessageIDs.MSG_SIGNON_KRB_USERID_MAPPING_INVALID, 1, NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_USERID_MAPPING_INVALID, getKrbPrinciplePrimary(), systemName), NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_USERID_MAPPING_INVALID_DETAIL, getKrbPrinciplePrimary(), systemName));
                break;
            case 62:
                if (str2.contains("java.net.UnknownHostException")) {
                    ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorService.internalConnect: KDC hostname unknown. \n" + str2);
                    String substring = str2.substring(str2.lastIndexOf("java.net.UnknownHostException: ") + "java.net.UnknownHostException: ".length());
                    str = NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_KDC_INVALID, substring);
                    bind = NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_KDC_INVALID_DETAIL, substring);
                } else if (str2.contains("java.net.ConnectException: Connection timed out: connect")) {
                    ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorService.internalConnect: Connect to KDC timeout. Likely it's not a KDC server. \n" + aS400SecurityException.getCause());
                    str = NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_KDC_TIMEOUT, KerberosPreferencePage.getKDCFromPrefStore());
                    bind = NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_KDC_TIMEOUT_DETAIL, KerberosPreferencePage.getKDCFromPrefStore());
                } else if (str2.contains("KrbException")) {
                    ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorService.internalConnect: Kerbreos is not configured properly on IBM i server: " + systemName + ". Caused by \n" + aS400SecurityException.getCause());
                    str = NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_INVALID_CONFIGURATION_ON_IBMI, systemName);
                    bind = NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_INVALID_CONFIGURATION_ON_IBMI_DETAIL, systemName, str2);
                } else {
                    ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorService.internalConnect: Krb Credential cannot be retrieved. \n" + aS400SecurityException.getCause());
                    str = ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_AUTH_FAILED_GENERIC;
                    bind = NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_AUTH_FAILED_GENERIC_DETAIL, str2);
                }
                simpleSystemMessage = new SimpleSystemMessage(ToolboxConnectorServicePlugin.PLUGIN_ID, IToolboxConnectorServiceMessageIDs.MSG_SIGNON_KRB_AUTH_FAILED_GENERIC, 1, str, bind);
                break;
            default:
                ToolboxConnectorServicePlugin.logInfo("ToolboxConnectorService.internalConnect: Kerberos Authentication failed on IBM i (" + systemName + ")\n" + str2);
                simpleSystemMessage = new SimpleSystemMessage(ToolboxConnectorServicePlugin.PLUGIN_ID, IToolboxConnectorServiceMessageIDs.MSG_SIGNON_KRB_AUTH_FAILED_GENERIC, 1, ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_AUTH_FAILED_GENERIC, NLS.bind(ToolboxConnectorServiceMessages.MSG_SIGNON_KRB_AUTH_FAILED_GENERIC_DETAIL, str2.isEmpty() ? "-1127" : str2));
                break;
        }
        if (simpleSystemMessage != null) {
            ToolboxConnectorKerberosUtil.showMessageDialogWithDetail(simpleSystemMessage);
        }
    }

    public void setKrbPrinciplePrimary(String str) {
        this.krbPrinciplePrimary = str;
    }

    public String getKrbPrinciplePrimary() {
        return this.krbPrinciplePrimary;
    }
}
