package org.apache.qpid.server.test;

import java.io.File;
import java.util.Collections;
import java.util.HashMap;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/qpid/server/test/KerberosUtilities.class */
public class KerberosUtilities {
    private static final Logger LOGGER = LoggerFactory.getLogger(KerberosUtilities.class);
    private static final String IBM_LOGIN_MODULE_CLASS = "com.ibm.security.auth.module.Krb5LoginModule";
    private static final String SUN_LOGIN_MODULE_CLASS = "com.sun.security.auth.module.Krb5LoginModule";
    public static final String KERBEROS_LOGIN_MODULE_CLASS;

    /* loaded from: input_file:org/apache/qpid/server/test/KerberosUtilities$KerberosKeyTabLoginConfiguration.class */
    public static class KerberosKeyTabLoginConfiguration extends Configuration {
        private final String _scopeName;
        private final AppConfigurationEntry _entry;

        KerberosKeyTabLoginConfiguration(String str, String str2, File file) {
            HashMap hashMap = new HashMap();
            hashMap.put("principal", str2);
            hashMap.put("useKeyTab", Boolean.TRUE.toString());
            hashMap.put("keyTab", file.getAbsolutePath());
            hashMap.put("refreshKrb5Config", Boolean.TRUE.toString());
            hashMap.put("doNotPrompt", Boolean.TRUE.toString());
            this._entry = new AppConfigurationEntry(KerberosUtilities.KERBEROS_LOGIN_MODULE_CLASS, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
            this._scopeName = str;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return this._scopeName.equals(str) ? new AppConfigurationEntry[]{this._entry} : new AppConfigurationEntry[0];
        }
    }

    public byte[] buildToken(String str, String str2) throws GSSException {
        GSSManager gSSManager = GSSManager.getInstance();
        GSSCredential createCredential = gSSManager.createCredential(gSSManager.createName(str, GSSName.NT_USER_NAME), 0, new Oid("1.2.840.113554.1.2.2"), 1);
        GSSName createName = gSSManager.createName(str2, GSSName.NT_USER_NAME);
        Oid oid = new Oid("1.3.6.1.5.5.2");
        GSSContext createContext = gSSManager.createContext(createName.canonicalize(oid), oid, createCredential, 0);
        try {
            createContext.requestCredDeleg(true);
            byte[] initSecContext = createContext.initSecContext(new byte[0], 0, 0);
            createContext.dispose();
            return initSecContext;
        } catch (Throwable th) {
            createContext.dispose();
            throw th;
        }
    }

    public LoginContext createKerberosKeyTabLoginContext(String str, String str2, File file) throws LoginException {
        KerberosPrincipal kerberosPrincipal = new KerberosPrincipal(str2);
        return createLoginContext(str, new Subject(false, Collections.singleton(kerberosPrincipal), Collections.emptySet(), Collections.singleton(getKeyTab(kerberosPrincipal, file))), createKeyTabConfiguration(str, file, kerberosPrincipal.getName()));
    }

    public KerberosKeyTabLoginConfiguration createKeyTabConfiguration(String str, File file, String str2) {
        return new KerberosKeyTabLoginConfiguration(str, str2, file);
    }

    private LoginContext createLoginContext(String str, Subject subject, Configuration configuration) throws LoginException {
        return new LoginContext(str, subject, callbackArr -> {
            for (Callback callback : callbackArr) {
                if (callback instanceof TextOutputCallback) {
                    LOGGER.error(((TextOutputCallback) callback).getMessage());
                }
            }
        }, configuration);
    }

    private KeyTab getKeyTab(KerberosPrincipal kerberosPrincipal, File file) {
        if (!file.exists() || !file.canRead()) {
            throw new IllegalArgumentException("Specified file does not exist or is not readable.");
        }
        KeyTab keyTab = KeyTab.getInstance(kerberosPrincipal, file);
        if (!keyTab.exists()) {
            throw new IllegalArgumentException("Specified file is not a keyTab file.");
        }
        KerberosKey[] keys = keyTab.getKeys(kerberosPrincipal);
        if (keys.length == 0) {
            throw new IllegalArgumentException("Specified file does not contain at least one key for this principal.");
        }
        for (KerberosKey kerberosKey : keys) {
            try {
                kerberosKey.destroy();
            } catch (DestroyFailedException e) {
                LOGGER.debug("Unable to destroy key", e);
            }
        }
        return keyTab;
    }

    static {
        KERBEROS_LOGIN_MODULE_CLASS = System.getProperty("java.vendor").contains("IBM") ? IBM_LOGIN_MODULE_CLASS : SUN_LOGIN_MODULE_CLASS;
    }
}
