package com.sun.security.auth.module;

import java.io.IOException;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.xalan.xsltc.trax.TransformerFactoryImpl;
import org.apache.xerces.impl.xs.SchemaSymbols;
import sun.security.krb5.Config;
import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;

/* loaded from: input_file:efixes/PK83758_Solaris_SPARC/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:com/sun/security/auth/module/Krb5LoginModule.class */
public class Krb5LoginModule implements LoginModule {
    private Subject subject;
    private CallbackHandler callbackHandler;
    private Map sharedState;
    private Map options;
    private String username;
    private EncryptionKey encKey;
    private static final String NAME = "javax.security.auth.login.name";
    private static final String PWD = "javax.security.auth.login.password";
    static final ResourceBundle rb = ResourceBundle.getBundle("sun.security.util.AuthResources");
    private boolean debug = false;
    private boolean storeKey = false;
    private boolean doNotPrompt = false;
    private boolean useTicketCache = false;
    private boolean useKeyTab = false;
    private String ticketCacheName = null;
    private String keyTabName = null;
    private String princName = null;
    private boolean useFirstPass = false;
    private boolean tryFirstPass = false;
    private boolean storePass = false;
    private boolean clearPass = false;
    private boolean refreshKrb5Config = false;
    private boolean isInitiator = true;
    private boolean succeeded = false;
    private boolean commitSucceeded = false;
    private Credentials cred = null;
    private PrincipalName principal = null;
    private KerberosPrincipal kerbClientPrinc = null;
    private KerberosTicket kerbTicket = null;
    private KerberosKey kerbKey = null;
    private StringBuffer krb5PrincName = null;
    private char[] password = null;

    private void cleanState() {
        if (this.succeeded && this.storePass && !this.sharedState.containsKey(NAME) && !this.sharedState.containsKey(PWD)) {
            this.sharedState.put(NAME, this.username);
            this.sharedState.put(PWD, this.password);
        }
        this.username = null;
        this.password = null;
        if (this.krb5PrincName != null && this.krb5PrincName.length() != 0) {
            this.krb5PrincName.delete(0, this.krb5PrincName.length());
        }
        this.krb5PrincName = null;
        if (this.clearPass) {
            this.sharedState.remove(NAME);
            this.sharedState.remove(PWD);
        }
    }

    private void validateConfiguration() throws LoginException {
        if (this.doNotPrompt && !this.useTicketCache && !this.useKeyTab) {
            throw new LoginException("Configuration Error - either doNotPrompt should be  false or useTicketCache/useKeyTab  should be true");
        }
        if (this.ticketCacheName != null && !this.useTicketCache) {
            throw new LoginException(new StringBuffer().append("Configuration Error  - useTicketCache should be set to true to use the ticket cache").append(this.ticketCacheName).toString());
        }
        if ((this.keyTabName != null) && (!this.useKeyTab)) {
            throw new LoginException(new StringBuffer().append("Configuration Error - useKeyTab should be set to true to use the keytab").append(this.keyTabName).toString());
        }
        if (this.storeKey && this.doNotPrompt && !this.useKeyTab) {
            throw new LoginException("Configuration Error - either doNotPrompt should be set to false or useKeyTab must be set to true for storeKey option");
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean abort() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        if (!this.succeeded || this.commitSucceeded) {
            logout();
            return true;
        }
        this.succeeded = false;
        this.username = null;
        try {
            if (this.kerbTicket != null) {
                this.kerbTicket.destroy();
            }
            if (this.kerbKey != null) {
                this.kerbKey.destroy();
            }
            this.kerbTicket = null;
            this.kerbKey = null;
            this.kerbClientPrinc = null;
            return true;
        } catch (DestroyFailedException e) {
            throw new LoginException("Destroy Failed on Kerberos Private Credentials");
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean commit() throws LoginException {
        if (!this.succeeded) {
            return false;
        }
        Set privateCredentials = this.subject.getPrivateCredentials();
        Set principals = this.subject.getPrincipals();
        this.kerbClientPrinc = new KerberosPrincipal(this.principal.getName());
        if (this.isInitiator && this.cred == null) {
            this.succeeded = false;
            throw new LoginException("Null Client Credential");
        }
        if (this.isInitiator) {
            EncryptionKey sessionKey = this.cred.getSessionKey();
            this.kerbTicket = new KerberosTicket(this.cred.getEncoded(), new KerberosPrincipal(this.cred.getClient().getName()), new KerberosPrincipal(this.cred.getServer().getName()), sessionKey.getBytes(), sessionKey.getEType(), this.cred.getFlags(), this.cred.getAuthTime(), this.cred.getStartTime(), this.cred.getEndTime(), this.cred.getRenewTill(), this.cred.getClientAddresses());
        }
        if (this.storeKey) {
            if (this.encKey == null) {
                this.succeeded = false;
                throw new LoginException("Null Server Key ");
            }
            Integer keyVersionNumber = this.encKey.getKeyVersionNumber();
            this.kerbKey = new KerberosKey(this.kerbClientPrinc, this.encKey.getBytes(), this.encKey.getEType(), keyVersionNumber == null ? 0 : keyVersionNumber.intValue());
        }
        if (!principals.contains(principals)) {
            principals.add(this.kerbClientPrinc);
        }
        if (this.kerbTicket != null && !privateCredentials.contains(this.kerbTicket)) {
            privateCredentials.add(this.kerbTicket);
        }
        if (this.storeKey) {
            if (!privateCredentials.contains(this.kerbKey)) {
                privateCredentials.add(this.kerbKey);
            }
            this.encKey.destroy();
            this.encKey = null;
            if (this.debug) {
                System.out.println(new StringBuffer().append("Added server's key").append(this.kerbKey).toString());
                System.out.println(new StringBuffer().append("\t\t[Krb5LoginModule] added Krb5Principal  ").append(this.kerbClientPrinc.toString()).append(" to Subject").toString());
            }
        }
        this.commitSucceeded = true;
        if (!this.debug) {
            return true;
        }
        System.out.println("Commit Succeeded \n");
        return true;
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean login() throws LoginException {
        validateConfiguration();
        if (this.refreshKrb5Config) {
            try {
                if (this.debug) {
                    System.out.println("Refreshing Kerberos configuration");
                }
                Config.refresh();
            } catch (KrbException e) {
                LoginException loginException = new LoginException(e.getMessage());
                loginException.initCause(e);
                throw loginException;
            }
        }
        String property = System.getProperty("sun.security.krb5.principal");
        if (property != null) {
            this.krb5PrincName = new StringBuffer(property);
        } else if (this.princName != null) {
            this.krb5PrincName = new StringBuffer(this.princName);
        }
        if (this.tryFirstPass) {
            try {
                attemptAuthentication(true);
                if (this.debug) {
                    System.out.println("\t\t[Krb5LoginModule] authentication succeeded");
                }
                this.succeeded = true;
                cleanState();
                return true;
            } catch (LoginException e2) {
                cleanState();
                if (this.debug) {
                    System.out.println(new StringBuffer().append("\t\t[Krb5LoginModule] tryFirstPass failed with:").append(e2.getMessage()).toString());
                }
            }
        } else if (this.useFirstPass) {
            try {
                attemptAuthentication(true);
                this.succeeded = true;
                cleanState();
                return true;
            } catch (LoginException e3) {
                if (this.debug) {
                    System.out.println(new StringBuffer().append("\t\t[Krb5LoginModule] authentication failed \n").append(e3.getMessage()).toString());
                }
                this.succeeded = false;
                cleanState();
                throw e3;
            }
        }
        try {
            attemptAuthentication(false);
            this.succeeded = true;
            cleanState();
            return true;
        } catch (LoginException e4) {
            if (this.debug) {
                System.out.println(new StringBuffer().append("\t\t[Krb5LoginModule] authentication failed \n").append(e4.getMessage()).toString());
            }
            this.succeeded = false;
            cleanState();
            throw e4;
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public boolean logout() throws LoginException {
        this.subject.getPrincipals().remove(this.kerbClientPrinc);
        Iterator it = this.subject.getPrivateCredentials().iterator();
        while (it.hasNext()) {
            Object next = it.next();
            if ((next instanceof KerberosTicket) || (next instanceof KerberosKey)) {
                it.remove();
            }
        }
        try {
            if (this.kerbTicket != null) {
                this.kerbTicket.destroy();
            }
            if (this.kerbKey != null) {
                this.kerbKey.destroy();
            }
            this.kerbTicket = null;
            this.kerbKey = null;
            this.kerbClientPrinc = null;
            this.succeeded = false;
            this.commitSucceeded = false;
            this.username = null;
            if (!this.debug) {
                return true;
            }
            System.out.println("\t\t[Krb5LoginModule]: logged out Subject");
            return true;
        } catch (DestroyFailedException e) {
            throw new LoginException("Destroy Failed on Kerberos Private Credentials");
        }
    }

    private void attemptAuthentication(boolean z) throws LoginException {
        if (this.krb5PrincName != null) {
            try {
                this.principal = new PrincipalName(this.krb5PrincName.toString(), 1);
            } catch (KrbException e) {
                LoginException loginException = new LoginException(e.getMessage());
                loginException.initCause(e);
                throw loginException;
            }
        }
        try {
            if (this.useTicketCache) {
                this.cred = Credentials.acquireTGTFromCache(this.principal, this.ticketCacheName);
                if (this.cred != null && this.principal == null) {
                    this.principal = this.cred.getClient();
                }
                if (this.debug) {
                    System.out.println(new StringBuffer().append("Principal is ").append(this.principal).toString());
                    if (this.cred == null) {
                        System.out.println("null credentials from Ticket Cache");
                    }
                }
            }
            if (this.cred == null) {
                if (this.principal == null) {
                    promptForName(z);
                    this.principal = new PrincipalName(this.krb5PrincName.toString(), 1);
                }
                if (this.useKeyTab) {
                    this.encKey = EncryptionKey.acquireSecretKey(this.principal, this.keyTabName);
                    if (this.debug) {
                        if (this.encKey != null) {
                            System.out.println("principal's key obtained from the keytab");
                        } else {
                            System.out.println(new StringBuffer().append("Key for the principal ").append(this.principal).append(" not available in ").append(this.keyTabName == null ? "default key tab" : this.keyTabName).toString());
                        }
                    }
                }
                if (this.encKey == null) {
                    promptForPass(z);
                    this.encKey = new EncryptionKey(this.password == null ? null : new StringBuffer().append(this.password), this.principal.getSalt());
                    if (this.debug) {
                        System.out.println(new StringBuffer().append("principal is ").append(this.principal).toString());
                    }
                    if (this.isInitiator) {
                        if (this.debug) {
                            System.out.println("Acquire TGT using AS Exchange");
                        }
                        this.cred = Credentials.acquireTGT(this.principal, this.encKey, this.password == null ? null : new StringBuffer().append(this.password));
                        this.encKey = new EncryptionKey(this.password == null ? null : new StringBuffer().append(this.password), this.principal.getSalt());
                    }
                } else if (this.isInitiator) {
                    if (this.debug) {
                        System.out.println("Acquire TGT using AS Exchange");
                    }
                    this.cred = Credentials.acquireTGT(this.principal, this.encKey, this.password == null ? null : new StringBuffer().append(this.password));
                }
                if (this.isInitiator && this.cred == null) {
                    throw new LoginException("TGT Can not be obtained from the KDC ");
                }
            }
        } catch (IOException e2) {
            LoginException loginException2 = new LoginException(e2.getMessage());
            loginException2.initCause(e2);
            throw loginException2;
        } catch (KrbException e3) {
            LoginException loginException3 = new LoginException(e3.getMessage());
            loginException3.initCause(e3);
            throw loginException3;
        }
    }

    private void promptForName(boolean z) throws LoginException {
        this.krb5PrincName = new StringBuffer("");
        if (z) {
            this.username = (String) this.sharedState.get(NAME);
            if (this.debug) {
                System.out.println(new StringBuffer().append("username from shared state is ").append(this.username).append("\n").toString());
            }
            if (this.username == null) {
                System.out.println("username from shared state is null\n");
                throw new LoginException("Username can not be obtained from sharedstate ");
            }
            if (this.debug) {
                System.out.println(new StringBuffer().append("username from shared state is ").append(this.username).append("\n").toString());
            }
            if (this.username != null && this.username.length() > 0) {
                this.krb5PrincName.insert(0, this.username);
                return;
            }
        }
        if (this.doNotPrompt) {
            throw new LoginException("Unable to obtain Princpal Name for authentication ");
        }
        if (this.callbackHandler == null) {
            throw new LoginException("No CallbackHandler available to garner authentication information from the user");
        }
        try {
            String property = System.getProperty("user.name");
            Callback[] callbackArr = {new NameCallback(new MessageFormat(rb.getString("Kerberos username [[defUsername]]: ")).format(new Object[]{property}))};
            this.callbackHandler.handle(callbackArr);
            this.username = ((NameCallback) callbackArr[0]).getName();
            if (this.username == null || this.username.length() == 0) {
                this.username = property;
            }
            this.krb5PrincName.insert(0, this.username);
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException(new StringBuffer().append(e2.getMessage()).append(" not available to garner ").append(" authentication information ").append(" from the user").toString());
        }
    }

    private void promptForPass(boolean z) throws LoginException {
        if (z) {
            this.password = (char[]) this.sharedState.get(PWD);
            if (this.password == null) {
                if (this.debug) {
                    System.out.println("Password from shared state is null");
                }
                throw new LoginException("Password can not be obtained from sharedstate ");
            }
            if (this.debug) {
                System.out.println(new StringBuffer().append("password is ").append(new String(this.password)).toString());
                return;
            }
            return;
        }
        if (this.doNotPrompt) {
            throw new LoginException("Unable to obtain password from user\n");
        }
        try {
            Callback[] callbackArr = {new PasswordCallback(new MessageFormat(rb.getString("Kerberos password for [username]: ")).format(new Object[]{this.krb5PrincName.toString()}), false)};
            this.callbackHandler.handle(callbackArr);
            char[] password = ((PasswordCallback) callbackArr[0]).getPassword();
            if (password == null) {
                password = new char[0];
            }
            this.password = new char[password.length];
            System.arraycopy(password, 0, this.password, 0, password.length);
            ((PasswordCallback) callbackArr[0]).clearPassword();
            for (int i = 0; i < password.length; i++) {
                password[i] = ' ';
            }
            if (this.debug) {
                System.out.println(new StringBuffer().append("\t\t[Krb5LoginModule] user entered username: ").append((Object) this.krb5PrincName).toString());
                System.out.println();
            }
        } catch (IOException e) {
            throw new LoginException(e.getMessage());
        } catch (UnsupportedCallbackException e2) {
            throw new LoginException(new StringBuffer().append(e2.getMessage()).append(" not available to garner ").append(" authentication information ").append("from the user").toString());
        }
    }

    @Override // javax.security.auth.spi.LoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = map;
        this.options = map2;
        this.debug = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get(TransformerFactoryImpl.DEBUG));
        this.storeKey = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("storeKey"));
        this.doNotPrompt = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("doNotPrompt"));
        this.useTicketCache = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("useTicketCache"));
        this.useKeyTab = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("useKeyTab"));
        this.ticketCacheName = (String) map2.get("ticketCache");
        this.keyTabName = (String) map2.get("keyTab");
        this.princName = (String) map2.get("principal");
        this.refreshKrb5Config = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("refreshKrb5Config"));
        String str = (String) map2.get("isInitiator");
        if (str != null) {
            this.isInitiator = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase(str);
        }
        this.tryFirstPass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("tryFirstPass"));
        this.useFirstPass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("useFirstPass"));
        this.storePass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("storePass"));
        this.clearPass = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase((String) map2.get("clearPass"));
        if (this.debug) {
            System.out.print(new StringBuffer().append("Debug is  ").append(this.debug).append(" storeKey ").append(this.storeKey).append(" useTicketCache ").append(this.useTicketCache).append(" useKeyTab ").append(this.useKeyTab).append(" doNotPrompt ").append(this.doNotPrompt).append(" ticketCache is ").append(this.ticketCacheName).append(" isInitiator ").append(this.isInitiator).append(" KeyTab is ").append(this.keyTabName).append(" refreshKrb5Config is ").append(this.refreshKrb5Config).append(" principal is ").append(this.princName).append(" tryFirstPass is ").append(this.tryFirstPass).append(" useFirstPass is ").append(this.useFirstPass).append(" storePass is ").append(this.storePass).append(" clearPass is ").append(this.clearPass).append("\n").toString());
        }
    }
}
