package com.kerb4j.client;

import com.kerb4j.common.jaas.sun.Krb5LoginContext;
import com.kerb4j.common.util.JreVendor;
import com.kerb4j.common.util.SpnegoProvider;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/kerb4j/client/SpnegoClient.class */
public final class SpnegoClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(SpnegoClient.class);
    private final Callable<Subject> subjectSupplier;
    private final AtomicReference<SubjectTgtPair> subjectTgtPairReference = new AtomicReference<>();
    private final Lock authenticateLock = new ReentrantLock();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/kerb4j/client/SpnegoClient$SubjectTgtPair.class */
    public static class SubjectTgtPair {
        private final KerberosTicket tgt;
        private final Subject subject;

        private SubjectTgtPair(KerberosTicket kerberosTicket, Subject subject) {
            this.tgt = kerberosTicket;
            this.subject = subject;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean isExpired() {
            return this.tgt.getEndTime().before(new Date());
        }
    }

    protected SpnegoClient(final Callable<LoginContext> callable) {
        this.subjectSupplier = new Callable<Subject>() { // from class: com.kerb4j.client.SpnegoClient.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Subject call() throws Exception {
                LoginContext loginContext = (LoginContext) callable.call();
                Subject subject = loginContext.getSubject();
                if (null == subject) {
                    try {
                        loginContext.login();
                        subject = loginContext.getSubject();
                    } catch (LoginException e) {
                        SpnegoClient.LOGGER.error(e.getMessage(), e);
                        throw new RuntimeException(e);
                    }
                }
                return subject;
            }
        };
    }

    public Subject getSubject() {
        SubjectTgtPair subjectTgtPair = this.subjectTgtPairReference.get();
        if (null == subjectTgtPair || subjectTgtPair.isExpired()) {
            this.authenticateLock.lock();
            try {
                try {
                    try {
                        subjectTgtPair = this.subjectTgtPairReference.get();
                        if (null == subjectTgtPair || subjectTgtPair.isExpired()) {
                            Subject call = this.subjectSupplier.call();
                            Iterator it = call.getPrivateCredentials(KerberosTicket.class).iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                KerberosTicket kerberosTicket = (KerberosTicket) it.next();
                                if (kerberosTicket.getServer().getName().startsWith("krbtgt")) {
                                    this.subjectTgtPairReference.set(new SubjectTgtPair(kerberosTicket, call));
                                    break;
                                }
                            }
                            subjectTgtPair = this.subjectTgtPairReference.get();
                        }
                    } catch (RuntimeException e) {
                        throw e;
                    }
                } catch (Exception e2) {
                    throw new RuntimeException(e2);
                }
            } finally {
                this.authenticateLock.unlock();
            }
        }
        return subjectTgtPair.subject;
    }

    public KerberosKey[] getKerberosKeys() {
        Set privateCredentials = getSubject().getPrivateCredentials(KerberosKey.class);
        if (!privateCredentials.isEmpty()) {
            return (KerberosKey[]) new ArrayList(privateCredentials).toArray(new KerberosKey[privateCredentials.size()]);
        }
        for (KerberosPrincipal kerberosPrincipal : getSubject().getPrincipals(KerberosPrincipal.class)) {
            Iterator it = getSubject().getPrivateCredentials(KeyTab.class).iterator();
            while (it.hasNext()) {
                KerberosKey[] keys = ((KeyTab) it.next()).getKeys(kerberosPrincipal);
                if (null != keys && keys.length > 0) {
                    return keys;
                }
            }
        }
        return null;
    }

    public static SpnegoClient loginWithUsernamePassword(final String str, final String str2) throws LoginException {
        return new SpnegoClient(new Callable<LoginContext>() { // from class: com.kerb4j.client.SpnegoClient.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public LoginContext call() throws Exception {
                return Krb5LoginContext.loginWithUsernameAndPassword(str, str2);
            }
        });
    }

    public static SpnegoClient loginWithKeyTab(final String str, final String str2) throws LoginException {
        return new SpnegoClient(new Callable<LoginContext>() { // from class: com.kerb4j.client.SpnegoClient.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public LoginContext call() throws Exception {
                return Krb5LoginContext.loginWithKeyTab(str, str2);
            }
        });
    }

    public static SpnegoClient loginWithTicketCache(final String str) throws LoginException {
        return new SpnegoClient(new Callable<LoginContext>() { // from class: com.kerb4j.client.SpnegoClient.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public LoginContext call() throws Exception {
                return Krb5LoginContext.loginWithTicketCache(str);
            }
        });
    }

    public SpnegoContext createContext(URL url) throws PrivilegedActionException, GSSException {
        return new SpnegoContext(this, getGSSContext(url));
    }

    public SpnegoContext createContextForSPN(String str) throws PrivilegedActionException, GSSException, MalformedURLException {
        return new SpnegoContext(this, getGSSContextForSPN(str));
    }

    public String createAuthroizationHeader(URL url) throws PrivilegedActionException, GSSException, IOException {
        SpnegoContext createContext = createContext(url);
        try {
            String createTokenAsAuthroizationHeader = createContext.createTokenAsAuthroizationHeader();
            createContext.close();
            return createTokenAsAuthroizationHeader;
        } catch (Throwable th) {
            createContext.close();
            throw th;
        }
    }

    public String createAuthroizationHeaderForSPN(String str) throws PrivilegedActionException, GSSException, IOException {
        SpnegoContext createContextForSPN = createContextForSPN(str);
        try {
            String createTokenAsAuthroizationHeader = createContextForSPN.createTokenAsAuthroizationHeader();
            createContextForSPN.close();
            return createTokenAsAuthroizationHeader;
        } catch (Throwable th) {
            createContextForSPN.close();
            throw th;
        }
    }

    public SpnegoContext createAcceptContext() throws PrivilegedActionException {
        return new SpnegoContext(this, (GSSContext) Subject.doAs(getSubject(), new PrivilegedExceptionAction<GSSContext>() { // from class: com.kerb4j.client.SpnegoClient.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public GSSContext run() throws Exception {
                return SpnegoProvider.GSS_MANAGER.createContext(SpnegoProvider.GSS_MANAGER.createCredential((GSSName) null, JreVendor.IS_IBM_JVM ? Integer.MAX_VALUE : 0, SpnegoProvider.SUPPORTED_OIDS, 2));
            }
        }));
    }

    private GSSContext getGSSContextForSPN(String str) throws GSSException, PrivilegedActionException {
        return getGSSContext(SpnegoProvider.createGSSNameForSPN(str));
    }

    private GSSContext getGSSContext(URL url) throws GSSException, PrivilegedActionException {
        return getGSSContext(SpnegoProvider.getServerName(url));
    }

    private GSSContext getGSSContext(final GSSName gSSName) throws GSSException, PrivilegedActionException {
        try {
            Thread.sleep(31L);
        } catch (InterruptedException e) {
        }
        return (GSSContext) Subject.doAs(getSubject(), new PrivilegedExceptionAction<GSSContext>() { // from class: com.kerb4j.client.SpnegoClient.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public GSSContext run() throws Exception {
                GSSContext createContext = SpnegoProvider.GSS_MANAGER.createContext(gSSName, SpnegoProvider.SPNEGO_OID, SpnegoProvider.GSS_MANAGER.createCredential((GSSName) null, 0, SpnegoProvider.SUPPORTED_OIDS, 1), 0);
                createContext.requestMutualAuth(true);
                createContext.requestConf(true);
                createContext.requestInteg(true);
                createContext.requestReplayDet(true);
                createContext.requestSequenceDet(true);
                return createContext;
            }
        });
    }
}
