package com.ibm.team.repository.client.internal.login;

import com.ibm.team.repository.client.internal.nls.Messages;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.util.Locale;
import java.util.Properties;

/* loaded from: input_file:com/ibm/team/repository/client/internal/login/KerberosLoginUtils.class */
public class KerberosLoginUtils {
    private static final String IBM_JRE_JGSSAPI_DEBUG = "com.ibm.security.jgss.debug";
    private static final String IBM_JRE_KRB5_DEBUG = "com.ibm.security.krb5.Krb5Debug";
    private static final String SUN_JRE_JGSSAPI_DEBUG = "sun.security.jgss.debug";
    private static final String SUN_JRE_KRB5_DEBUG = "sun.security.krb5.debug";
    private static final boolean KERBEROS_DEBUG_ENABLED;
    private static final String KERBEROS_CACHE_FILE_PROP = "KRB5CCNAME";
    private static final String SUBJECT_CREDS_ONLY_PROP = "javax.security.auth.useSubjectCredsOnly";
    private static final String JAAS_LOGIN_MODULE_PROP = "java.security.auth.login.config";
    private static final String KERBEROS_REALM_PROP = "java.security.krb5.realm";
    private static final String KERBEROS_KDC_PROP = "java.security.krb5.kdc";
    private static final String KERBEROS_CONFIG_PROP = "java.security.krb5.conf";
    private static final String INTERNAL_KERBEROS_REALM_PROP = "internal.java.security.krb5.realm";
    private static final String INTERNAL_KERBEROS_KDC_PROP = "internal.java.security.krb5.kdc";
    private static final String INTERNAL_KERBEROS_CONFIG_PROP = "internal.java.security.krb5.conf";
    private static final String INTERNAL_KERBEROS_REALM_SET_PROP = "internal.java.security.krb5.realm.set";
    private static final String INTERNAL_KERBEROS_KDC_SET_PROP = "internal.java.security.krb5.kdc.set";
    private static final String INTERNAL_KERBEROS_CONFIG_SET_PROP = "internal.java.security.krb5.conf.set";
    private static final String INTERNAL_KERBEROS_RESTART_REQUIRED_PROP = "internal.com.ibm.team.repository.client.kerberos.restartRequired";
    private static final String INTERNAL_KERBEROS_SUCCESSFUL_LOGIN_PROP = "internal.com.ibm.team.repository.client.kerberos.successfulLogin";
    private static String SPNEGO_CONFIG_FILE_CONTENT;
    private static final String KERBEROS_JRE_OVERRIDE = "kerberos.java.vendor.override";
    private static final String SUN_JRE = "sun";
    private static final String ORACLE_JRE = "oracle";
    private static final String IBM_JRE = "ibm";
    private static final String LS;
    private static final String SPNEGO_CONFIG_FILE_SUN;
    private static final String SPNEGO_CONFIG_FILE_IBM;
    private static boolean KERBEROS_POSSIBLE;

    static {
        KERBEROS_DEBUG_ENABLED = Boolean.getBoolean("com.ibm.team.client.kerberos.debug") || System.getProperty(IBM_JRE_JGSSAPI_DEBUG) != null || Boolean.getBoolean(SUN_JRE_JGSSAPI_DEBUG);
        SPNEGO_CONFIG_FILE_CONTENT = null;
        LS = System.getProperty("line.separator");
        SPNEGO_CONFIG_FILE_SUN = "com.sun.security.jgss.login {" + LS + "\tcom.sun.security.auth.module.Krb5LoginModule required renewTGT=true useTicketCache=true doNotPrompt=true;" + LS + "};" + LS + LS + "com.sun.security.jgss.initiate {" + LS + "\tcom.sun.security.auth.module.Krb5LoginModule required renewTGT=true useTicketCache=true doNotPrompt=true;" + LS + "};" + LS + LS + "com.sun.security.jgss.accept {" + LS + "\tcom.sun.security.auth.module.Krb5LoginModule required renewTGT=true useTicketCache=true doNotPrompt=true;" + LS + "};";
        SPNEGO_CONFIG_FILE_IBM = "com.ibm.security.jgss.login {" + LS + "\tcom.ibm.security.auth.module.Krb5LoginModule required renewable=true useDefaultCcache=true;" + LS + "};" + LS + LS + "com.ibm.security.jgss.initiate {" + LS + "\tcom.ibm.security.auth.module.Krb5LoginModule required renewable=true useDefaultCcache=true;" + LS + "};" + LS + LS + "com.ibm.security.jgss.accept {" + LS + "\tcom.ibm.security.auth.module.Krb5LoginModule required renewable=true useDefaultCcache=true;" + LS + "};";
        KERBEROS_POSSIBLE = true;
        executeJREVersionSpecificActions();
        if (KERBEROS_POSSIBLE) {
            setCacheFile();
            initializeKerberos();
            if (KERBEROS_POSSIBLE) {
                debug("Kerberos is possible on the current system");
                String property = System.getProperty(KERBEROS_REALM_PROP);
                System.setProperty(INTERNAL_KERBEROS_REALM_SET_PROP, Boolean.toString(property != null));
                if (property != null) {
                    System.setProperty(INTERNAL_KERBEROS_REALM_PROP, property);
                    debug("System property java.security.krb5.realm is set to " + property);
                }
                String property2 = System.getProperty(KERBEROS_KDC_PROP);
                System.setProperty(INTERNAL_KERBEROS_KDC_SET_PROP, Boolean.toString(property2 != null));
                if (property2 != null) {
                    System.setProperty(INTERNAL_KERBEROS_KDC_PROP, property2);
                    debug("System property internal.java.security.krb5.kdc is set to " + property2);
                }
                String property3 = System.getProperty(KERBEROS_CONFIG_PROP);
                System.setProperty(INTERNAL_KERBEROS_CONFIG_SET_PROP, Boolean.toString(property3 != null));
                if (property3 != null) {
                    System.setProperty(INTERNAL_KERBEROS_CONFIG_PROP, property3);
                    debug("System property internal.java.security.krb5.conf is set to " + property3);
                }
            }
        }
        if (KERBEROS_POSSIBLE) {
            return;
        }
        debug("Kerberos is not possible on the current system");
    }

    private static final void executeJREVersionSpecificActions() {
        String lowerCase = System.getProperty("java.vendor").toLowerCase(Locale.ENGLISH);
        debug("Running with " + lowerCase + "JRE.");
        String property = System.getProperty(KERBEROS_JRE_OVERRIDE);
        if (IBM_JRE.equals(property)) {
            debug("Overriding default JRE with ibm");
            lowerCase = property;
        } else if (ORACLE_JRE.equals(property)) {
            debug("Overriding default JRE with oracle");
            lowerCase = property;
        }
        if (lowerCase.contains(SUN_JRE) || lowerCase.contains(ORACLE_JRE)) {
            debug("Running with Oracle JRE");
            SPNEGO_CONFIG_FILE_CONTENT = SPNEGO_CONFIG_FILE_SUN;
            if (KERBEROS_DEBUG_ENABLED && System.getProperty(SUN_JRE_KRB5_DEBUG) == null) {
                System.setProperty(SUN_JRE_KRB5_DEBUG, "true");
                return;
            }
            return;
        }
        if (!lowerCase.contains(IBM_JRE)) {
            debug("This JRE is not supported.");
            debug("The -Dkerberos.java.vendor.override=(ibm|oracle) is not set.");
            debug("Kerberos support will be disabled");
            KERBEROS_POSSIBLE = false;
            System.clearProperty(JAAS_LOGIN_MODULE_PROP);
            return;
        }
        debug("Running with IBM JRE");
        SPNEGO_CONFIG_FILE_CONTENT = SPNEGO_CONFIG_FILE_IBM;
        if (KERBEROS_DEBUG_ENABLED && System.getProperty(IBM_JRE_KRB5_DEBUG) == null) {
            System.setProperty(IBM_JRE_KRB5_DEBUG, "all");
        }
    }

    private static final void setCacheFile() {
        String str = System.getenv(KERBEROS_CACHE_FILE_PROP);
        if (str == null || str.isEmpty()) {
            str = System.getProperty(KERBEROS_CACHE_FILE_PROP);
        }
        if (str != null && !str.isEmpty()) {
            debug("Variable KRB5CCNAME is set, so don't pre-calculate");
            System.setProperty(KERBEROS_CACHE_FILE_PROP, str);
            return;
        }
        if (isWindows()) {
            debug("Running on Windows, so no unix cache file");
            return;
        }
        String property = System.getProperty("user.home");
        String property2 = System.getProperty("user.name");
        if (property != null) {
            String str2 = property2 != null ? String.valueOf(property) + "/krb5cc_" + property2 : String.valueOf(property) + "/krb5cc";
            debug("Searching for JRE default cache path " + str2);
            File file = new File(str2);
            String absolutePath = file.getAbsolutePath();
            if (file.exists()) {
                debug("The cache file " + absolutePath + " appears to exist, so we give it preference");
                return;
            }
            debug("No JRE default cache found at " + absolutePath);
        }
        if (property2 != null) {
            debug("Searching default Unix cache path for user " + property2);
            try {
                Process exec = Runtime.getRuntime().exec("id -u " + property2);
                InputStream inputStream = null;
                try {
                    InputStream inputStream2 = exec.getInputStream();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    for (int read = inputStream2.read(); read != -1; read = inputStream2.read()) {
                        byteArrayOutputStream.write(read);
                    }
                    File file2 = new File(("/tmp/krb5cc_" + byteArrayOutputStream.toString("UTF-8")).trim());
                    String absolutePath2 = file2.getAbsolutePath();
                    debug("Running on a Unix system where the cache file should be " + absolutePath2);
                    if (!file2.exists()) {
                        debug("No cache file " + absolutePath2 + " found.");
                        if (inputStream2 != null) {
                            inputStream2.close();
                            return;
                        }
                        return;
                    }
                    debug("The cache file " + absolutePath2 + " also appears to exist, so we set system property " + KERBEROS_CACHE_FILE_PROP);
                    System.setProperty(KERBEROS_CACHE_FILE_PROP, absolutePath2);
                    if (inputStream2 != null) {
                        inputStream2.close();
                    }
                } catch (Throwable th) {
                    if (0 != 0) {
                        inputStream.close();
                    }
                    throw th;
                }
            } catch (Throwable th2) {
                debug("Failed trying to determine whether /tmp/krb5cc_uid exists", th2);
            }
        }
    }

    private static boolean isWindows() {
        return System.getProperty("os.name").toLowerCase(Locale.ENGLISH).indexOf("win") >= 0;
    }

    public static void setKerberosRealm(String str) {
        if (str == null || str.trim().isEmpty()) {
            System.clearProperty(INTERNAL_KERBEROS_REALM_PROP);
            if (isKerberosRealmPreset()) {
                return;
            }
            System.clearProperty(KERBEROS_REALM_PROP);
            return;
        }
        String upperCase = str.toUpperCase();
        String property = System.getProperty(KERBEROS_REALM_PROP);
        boolean booleanValue = Boolean.valueOf(System.getProperty(INTERNAL_KERBEROS_RESTART_REQUIRED_PROP)).booleanValue();
        if (property == null || !booleanValue) {
            System.setProperty(KERBEROS_REALM_PROP, upperCase);
        }
        System.setProperty(INTERNAL_KERBEROS_REALM_PROP, upperCase);
    }

    public static void setKerberosKdc(String str) {
        if (str == null || str.trim().isEmpty()) {
            System.clearProperty(INTERNAL_KERBEROS_KDC_PROP);
            if (isKerberosKdcPreset()) {
                return;
            }
            System.clearProperty(KERBEROS_KDC_PROP);
            return;
        }
        String lowerCase = str.toLowerCase();
        String property = System.getProperty(KERBEROS_KDC_PROP);
        boolean booleanValue = Boolean.valueOf(System.getProperty(INTERNAL_KERBEROS_RESTART_REQUIRED_PROP)).booleanValue();
        if (property == null || !booleanValue) {
            System.setProperty(KERBEROS_KDC_PROP, lowerCase);
        }
        System.setProperty(INTERNAL_KERBEROS_KDC_PROP, lowerCase);
    }

    public static void setKerberosConfigPath(String str) {
        if (str == null || str.trim().isEmpty()) {
            System.clearProperty(INTERNAL_KERBEROS_CONFIG_PROP);
            if (isKerberosConfigPathPreset()) {
                return;
            }
            System.clearProperty(KERBEROS_CONFIG_PROP);
            return;
        }
        String property = System.getProperty(KERBEROS_CONFIG_PROP);
        boolean booleanValue = Boolean.valueOf(System.getProperty(INTERNAL_KERBEROS_RESTART_REQUIRED_PROP)).booleanValue();
        if (property == null || !booleanValue) {
            System.setProperty(KERBEROS_CONFIG_PROP, str);
        }
        System.setProperty(INTERNAL_KERBEROS_CONFIG_PROP, str);
    }

    public static boolean isKerberosRealmPreset() {
        return Boolean.getBoolean(INTERNAL_KERBEROS_REALM_SET_PROP);
    }

    public static boolean isKerberosKdcPreset() {
        return Boolean.getBoolean(INTERNAL_KERBEROS_KDC_SET_PROP);
    }

    public static boolean isKerberosConfigPathPreset() {
        return Boolean.getBoolean(INTERNAL_KERBEROS_CONFIG_SET_PROP);
    }

    public static String getKerberosRealm() {
        return System.getProperty(INTERNAL_KERBEROS_REALM_PROP);
    }

    public static String getKerberosKdc() {
        return System.getProperty(INTERNAL_KERBEROS_KDC_PROP);
    }

    public static String getKerberosConfigPath() {
        return System.getProperty(INTERNAL_KERBEROS_CONFIG_PROP);
    }

    public static boolean isRestartRequired() {
        return Boolean.valueOf(System.getProperty(INTERNAL_KERBEROS_RESTART_REQUIRED_PROP)).booleanValue();
    }

    public static void restartRequired() {
        System.setProperty(INTERNAL_KERBEROS_RESTART_REQUIRED_PROP, "true");
    }

    public static void transferInternalPropertiesToProperties(Properties properties) {
        String kerberosKdc;
        String kerberosConfigPath;
        String kerberosRealm;
        if (!isKerberosRealmPreset() && (kerberosRealm = getKerberosRealm()) != null) {
            properties.setProperty(INTERNAL_KERBEROS_REALM_PROP, kerberosRealm);
        }
        if (!isKerberosConfigPathPreset() && (kerberosConfigPath = getKerberosConfigPath()) != null) {
            properties.setProperty(INTERNAL_KERBEROS_CONFIG_PROP, kerberosConfigPath);
        }
        if (isKerberosKdcPreset() || (kerberosKdc = getKerberosKdc()) == null) {
            return;
        }
        properties.setProperty(INTERNAL_KERBEROS_KDC_PROP, kerberosKdc);
    }

    public static void transferInternalPropertiesFromProperties(Properties properties) {
        boolean booleanValue = Boolean.valueOf(System.getProperty(INTERNAL_KERBEROS_RESTART_REQUIRED_PROP)).booleanValue();
        String property = System.getProperty(KERBEROS_REALM_PROP);
        if (property == null) {
            if (properties != null) {
                setKerberosRealm(properties.getProperty(INTERNAL_KERBEROS_REALM_PROP));
            }
        } else if (!booleanValue) {
            setKerberosRealm(property);
        }
        String property2 = System.getProperty(KERBEROS_KDC_PROP);
        if (property2 == null) {
            if (properties != null) {
                setKerberosKdc(properties.getProperty(INTERNAL_KERBEROS_KDC_PROP));
            }
        } else if (!booleanValue) {
            setKerberosKdc(property2);
        }
        String property3 = System.getProperty(KERBEROS_CONFIG_PROP);
        if (property3 == null) {
            if (properties != null) {
                setKerberosConfigPath(properties.getProperty(INTERNAL_KERBEROS_CONFIG_PROP));
            }
        } else {
            if (booleanValue) {
                return;
            }
            setKerberosConfigPath(property3);
        }
    }

    public static void successfulLogin() {
        System.setProperty(INTERNAL_KERBEROS_SUCCESSFUL_LOGIN_PROP, "true");
    }

    public static boolean isSuccessfullyLoggedIn() {
        return Boolean.valueOf(System.getProperty(INTERNAL_KERBEROS_SUCCESSFUL_LOGIN_PROP)).booleanValue();
    }

    public static void initializeKerberos() {
        File createTempFile;
        if (System.getProperty(SUBJECT_CREDS_ONLY_PROP) == null) {
            System.setProperty(SUBJECT_CREDS_ONLY_PROP, "false");
        }
        FileOutputStream fileOutputStream = null;
        String property = System.getProperty(JAAS_LOGIN_MODULE_PROP);
        try {
            try {
                if (property != null) {
                    debug("java.security.auth.login.config explicitly set to " + property);
                    createTempFile = new File(property);
                    if (!createTempFile.createNewFile()) {
                        debug(String.valueOf(createTempFile.getAbsolutePath()) + " exists and won't be touched");
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                                return;
                            } catch (IOException e) {
                                KERBEROS_POSSIBLE = false;
                                System.err.println(Messages.getClientString("AbstractLoginInfo.UnableToActivateKerberos"));
                                e.printStackTrace(System.err);
                                System.clearProperty(JAAS_LOGIN_MODULE_PROP);
                                return;
                            }
                        }
                        return;
                    }
                    debug(String.valueOf(createTempFile.getAbsolutePath()) + " does not exists and will be written default content");
                } else {
                    createTempFile = File.createTempFile("login", ".conf");
                    debug("java.security.auth.login.config is not set, so creating " + createTempFile.getAbsolutePath());
                    createTempFile.deleteOnExit();
                }
                String absolutePath = createTempFile.getAbsolutePath();
                FileOutputStream fileOutputStream2 = new FileOutputStream(createTempFile);
                if (KERBEROS_DEBUG_ENABLED) {
                    debug("Writing the following content to" + createTempFile.getAbsolutePath());
                    debug(SPNEGO_CONFIG_FILE_CONTENT);
                }
                fileOutputStream2.write(SPNEGO_CONFIG_FILE_CONTENT.getBytes("UTF-8"));
                if (fileOutputStream2 != null) {
                    try {
                        fileOutputStream2.close();
                    } catch (IOException e2) {
                        KERBEROS_POSSIBLE = false;
                        System.err.println(Messages.getClientString("AbstractLoginInfo.UnableToActivateKerberos"));
                        e2.printStackTrace(System.err);
                        System.clearProperty(JAAS_LOGIN_MODULE_PROP);
                        return;
                    }
                }
                System.setProperty(JAAS_LOGIN_MODULE_PROP, absolutePath);
            } catch (UnsupportedEncodingException e3) {
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e4) {
                        KERBEROS_POSSIBLE = false;
                        System.err.println(Messages.getClientString("AbstractLoginInfo.UnableToActivateKerberos"));
                        e4.printStackTrace(System.err);
                        System.clearProperty(JAAS_LOGIN_MODULE_PROP);
                    }
                }
            } catch (IOException e5) {
                KERBEROS_POSSIBLE = false;
                System.err.println(Messages.getClientString("AbstractLoginInfo.UnableToActivateKerberos"));
                e5.printStackTrace(System.err);
                System.clearProperty(JAAS_LOGIN_MODULE_PROP);
                if (0 != 0) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e6) {
                        KERBEROS_POSSIBLE = false;
                        System.err.println(Messages.getClientString("AbstractLoginInfo.UnableToActivateKerberos"));
                        e6.printStackTrace(System.err);
                        System.clearProperty(JAAS_LOGIN_MODULE_PROP);
                    }
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    fileOutputStream.close();
                } catch (IOException e7) {
                    KERBEROS_POSSIBLE = false;
                    System.err.println(Messages.getClientString("AbstractLoginInfo.UnableToActivateKerberos"));
                    e7.printStackTrace(System.err);
                    System.clearProperty(JAAS_LOGIN_MODULE_PROP);
                    return;
                }
            }
            throw th;
        }
    }

    public static boolean isKerberosPossible() {
        return KERBEROS_POSSIBLE;
    }

    private static void debug(String str) {
        if (KERBEROS_DEBUG_ENABLED) {
            System.out.println(str);
        }
    }

    private static void debug(String str, Throwable th) {
        if (KERBEROS_DEBUG_ENABLED) {
            System.out.println(str);
            th.printStackTrace();
        }
    }
}
