package org.jfrog.client.http.auth;

import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.impl.client.CloseableHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jfrog/client/http/auth/KerberosAuthProvider.class */
public class KerberosAuthProvider {
    private final CloseableHttpClient closeableHttpClient;
    private static final Logger log = LoggerFactory.getLogger(KerberosAuthProvider.class);
    public static final String KRB_LOGIN = "KrbLogin";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jfrog/client/http/auth/KerberosAuthProvider$KerberosCallBackHandler.class */
    public class KerberosCallBackHandler implements CallbackHandler {
        private final String principal;
        private final char[] password;

        public KerberosCallBackHandler(String str, char[] cArr) {
            this.principal = str;
            this.password = cArr;
        }

        public KerberosCallBackHandler(String str) {
            this.principal = str;
            this.password = null;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            KerberosAuthProvider.log.trace("KerberosCallBackHandler is invoked");
            for (Callback callback : callbackArr) {
                KerberosAuthProvider.log.trace("processing callback {}", callback.getClass().getSimpleName());
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.principal);
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback, "Unknown Callback");
                    }
                    ((PasswordCallback) callback).setPassword(this.password);
                }
            }
        }
    }

    public KerberosAuthProvider(CloseableHttpClient closeableHttpClient) {
        this.closeableHttpClient = closeableHttpClient;
    }

    public CloseableHttpResponse executeKerberos(String str, char[] cArr, final HttpRequestBase httpRequestBase) {
        LoginContext loginContext = null;
        try {
            try {
                final AppConfigurationEntry[] passwordConfigurationEntry = getPasswordConfigurationEntry();
                loginContext = new LoginContext(KRB_LOGIN, new Subject(), new KerberosCallBackHandler(str, cArr), new Configuration() { // from class: org.jfrog.client.http.auth.KerberosAuthProvider.1
                    public AppConfigurationEntry[] getAppConfigurationEntry(String str2) {
                        if (KerberosAuthProvider.KRB_LOGIN.equals(str2)) {
                            return passwordConfigurationEntry;
                        }
                        return null;
                    }
                });
                log.trace("Obtaining password subject for principal '{}'", str);
                loginContext.login();
                PrivilegedAction privilegedAction = new PrivilegedAction() { // from class: org.jfrog.client.http.auth.KerberosAuthProvider.2
                    CloseableHttpResponse res = null;

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            KerberosAuthProvider.log.trace("Executing PrivilegedAction callback");
                            this.res = KerberosAuthProvider.this.closeableHttpClient.execute(httpRequestBase);
                        } catch (IOException e) {
                            KerberosAuthProvider.log.error("Error during privileged action execution, " + e.getMessage());
                        }
                        return this.res;
                    }
                };
                log.trace("Executing PrivilegedAction using password subject principals '{}'", loginContext.getSubject().getPrincipals());
                CloseableHttpResponse closeableHttpResponse = (CloseableHttpResponse) Subject.doAs(loginContext.getSubject(), privilegedAction);
                logoutKerberos(loginContext);
                return closeableHttpResponse;
            } catch (LoginException e) {
                log.error("Kerberos login has failed, " + e.getMessage());
                log.debug("Cause: {}", e);
                logoutKerberos(loginContext);
                return null;
            }
        } catch (Throwable th) {
            logoutKerberos(loginContext);
            throw th;
        }
    }

    private void logoutKerberos(LoginContext loginContext) {
        if (loginContext != null) {
            try {
                log.trace("Log out of principals {}", loginContext.getSubject().getPrincipals());
                loginContext.logout();
            } catch (LoginException e) {
                log.debug("Logout has failed: " + e.getMessage(), e);
            }
        }
    }

    public CloseableHttpResponse executeKerberos(String str, String str2, final HttpRequestBase httpRequestBase) {
        LoginContext loginContext = null;
        try {
            try {
                final AppConfigurationEntry[] keyTabConfigurationEntry = getKeyTabConfigurationEntry(str2, str);
                loginContext = new LoginContext(KRB_LOGIN, new Subject(), new KerberosCallBackHandler(str), new Configuration() { // from class: org.jfrog.client.http.auth.KerberosAuthProvider.3
                    public AppConfigurationEntry[] getAppConfigurationEntry(String str3) {
                        if (KerberosAuthProvider.KRB_LOGIN.equals(str3)) {
                            return keyTabConfigurationEntry;
                        }
                        return null;
                    }
                });
                log.trace("Obtaining keytab subject for principal '{}'", str);
                loginContext.login();
                PrivilegedAction privilegedAction = new PrivilegedAction() { // from class: org.jfrog.client.http.auth.KerberosAuthProvider.4
                    CloseableHttpResponse res = null;

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            KerberosAuthProvider.log.trace("Executing PrivilegedAction callback");
                            this.res = KerberosAuthProvider.this.closeableHttpClient.execute(httpRequestBase);
                        } catch (IOException e) {
                            KerberosAuthProvider.log.error("Error during privileged action execution, " + e.getMessage());
                        }
                        return this.res;
                    }
                };
                log.trace("Executing PrivilegedAction using keytab subject principals '{}'", loginContext.getSubject().getPrincipals());
                CloseableHttpResponse closeableHttpResponse = (CloseableHttpResponse) Subject.doAs(loginContext.getSubject(), privilegedAction);
                logoutKerberos(loginContext);
                return closeableHttpResponse;
            } catch (LoginException e) {
                log.error("Kerberos login has failed, " + e.getMessage());
                logoutKerberos(loginContext);
                return null;
            }
        } catch (Throwable th) {
            logoutKerberos(loginContext);
            throw th;
        }
    }

    private AppConfigurationEntry[] getKeyTabConfigurationEntry(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("useKeyTab", "true");
        hashMap.put("storeKey", "true");
        hashMap.put("keyTab", str);
        hashMap.put("principal", str2);
        hashMap.put("isInitiator", "true");
        hashMap.put("debug", Boolean.toString(log.isDebugEnabled()));
        return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
    }

    private AppConfigurationEntry[] getPasswordConfigurationEntry() {
        HashMap hashMap = new HashMap();
        hashMap.put("useSubjectCredsOnly", "false");
        hashMap.put("doNotPrompt", "false");
        hashMap.put("useTicketCache", "true");
        return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
    }
}
