package org.eclipse.jetty.client.util;

import java.io.IOException;
import java.net.URI;
import java.nio.file.Path;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Objects;
import java.util.stream.Stream;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.eclipse.jetty.client.api.Authentication;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.client.api.Request;
import org.eclipse.jetty.client.shaded.http.HttpHeader;
import org.eclipse.jetty.client.shaded.util.Attributes;
import org.eclipse.jetty.client.shaded.util.Scanner;
import org.eclipse.jetty.client.shaded.util.log.Log;
import org.eclipse.jetty.client.shaded.util.log.Logger;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/eclipse/jetty/client/util/SPNEGOAuthentication.class */
public class SPNEGOAuthentication extends AbstractAuthentication {
    private static final Logger LOG = Log.getLogger((Class<?>) SPNEGOAuthentication.class);
    private static final String NEGOTIATE = HttpHeader.NEGOTIATE.asString();
    private final GSSManager gssManager;
    private String userName;
    private String userPassword;
    private Path userKeyTabPath;
    private String serviceName;
    private boolean useTicketCache;
    private Path ticketCachePath;
    private boolean renewTGT;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jetty/client/util/SPNEGOAuthentication$PasswordCallbackHandler.class */
    public class PasswordCallbackHandler implements CallbackHandler {
        private PasswordCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException {
            Stream stream = Arrays.stream(callbackArr);
            Class<PasswordCallback> cls = PasswordCallback.class;
            Objects.requireNonNull(PasswordCallback.class);
            Stream filter = stream.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<PasswordCallback> cls2 = PasswordCallback.class;
            Objects.requireNonNull(PasswordCallback.class);
            ((PasswordCallback) filter.map((v1) -> {
                return r1.cast(v1);
            }).findAny().filter(passwordCallback -> {
                return passwordCallback.getPrompt().contains(SPNEGOAuthentication.this.getUserName());
            }).orElseThrow(IOException::new)).setPassword(SPNEGOAuthentication.this.getUserPassword().toCharArray());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jetty/client/util/SPNEGOAuthentication$SPNEGOConfiguration.class */
    public class SPNEGOConfiguration extends Configuration {
        private SPNEGOConfiguration() {
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            if (SPNEGOAuthentication.LOG.isDebugEnabled()) {
                hashMap.put("debug", "true");
            }
            hashMap.put("refreshKrb5Config", "true");
            hashMap.put("principal", SPNEGOAuthentication.this.getUserName());
            hashMap.put("isInitiator", "true");
            Path userKeyTabPath = SPNEGOAuthentication.this.getUserKeyTabPath();
            if (userKeyTabPath != null) {
                hashMap.put("doNotPrompt", "true");
                hashMap.put("useKeyTab", "true");
                hashMap.put("keyTab", userKeyTabPath.toAbsolutePath().toString());
                hashMap.put("storeKey", "true");
            }
            if (SPNEGOAuthentication.this.isUseTicketCache()) {
                hashMap.put("useTicketCache", "true");
                Path ticketCachePath = SPNEGOAuthentication.this.getTicketCachePath();
                if (ticketCachePath != null) {
                    hashMap.put("ticketCache", ticketCachePath.toAbsolutePath().toString());
                }
                hashMap.put("renewTGT", String.valueOf(SPNEGOAuthentication.this.isRenewTGT()));
            }
            return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/jetty/client/util/SPNEGOAuthentication$SPNEGOContext.class */
    public static class SPNEGOContext {
        private static final String ATTRIBUTE = SPNEGOContext.class.getName();
        private Subject subject;
        private GSSContext gssContext;

        private SPNEGOContext() {
        }

        public String toString() {
            return String.format("%s@%x[context=%s]", getClass().getSimpleName(), Integer.valueOf(hashCode()), this.gssContext);
        }
    }

    /* loaded from: input_file:org/eclipse/jetty/client/util/SPNEGOAuthentication$SPNEGOResult.class */
    public static class SPNEGOResult implements Authentication.Result {
        private final URI uri;
        private final HttpHeader header;
        private final String value;

        public SPNEGOResult(URI uri, String str) {
            this(uri, HttpHeader.AUTHORIZATION, str);
        }

        public SPNEGOResult(URI uri, HttpHeader httpHeader, String str) {
            this.uri = uri;
            this.header = httpHeader;
            this.value = SPNEGOAuthentication.NEGOTIATE + (str == null ? "" : " " + str);
        }

        @Override // org.eclipse.jetty.client.api.Authentication.Result
        public URI getURI() {
            return this.uri;
        }

        @Override // org.eclipse.jetty.client.api.Authentication.Result
        public void apply(Request request) {
            request.header(this.header, this.value);
        }
    }

    public SPNEGOAuthentication(URI uri) {
        super(uri, Authentication.ANY_REALM);
        this.gssManager = GSSManager.getInstance();
    }

    @Override // org.eclipse.jetty.client.util.AbstractAuthentication
    public String getType() {
        return NEGOTIATE;
    }

    public String getUserName() {
        return this.userName;
    }

    public void setUserName(String str) {
        this.userName = str;
    }

    public String getUserPassword() {
        return this.userPassword;
    }

    public void setUserPassword(String str) {
        this.userPassword = str;
    }

    public Path getUserKeyTabPath() {
        return this.userKeyTabPath;
    }

    public void setUserKeyTabPath(Path path) {
        this.userKeyTabPath = path;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    public boolean isUseTicketCache() {
        return this.useTicketCache;
    }

    public void setUseTicketCache(boolean z) {
        this.useTicketCache = z;
    }

    public Path getTicketCachePath() {
        return this.ticketCachePath;
    }

    public void setTicketCachePath(Path path) {
        this.ticketCachePath = path;
    }

    public boolean isRenewTGT() {
        return this.renewTGT;
    }

    public void setRenewTGT(boolean z) {
        this.renewTGT = z;
    }

    @Override // org.eclipse.jetty.client.api.Authentication
    public Authentication.Result authenticate(Request request, ContentResponse contentResponse, Authentication.HeaderInfo headerInfo, Attributes attributes) {
        SPNEGOContext sPNEGOContext = (SPNEGOContext) attributes.getAttribute(SPNEGOContext.ATTRIBUTE);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Authenticate with context {}", sPNEGOContext);
        }
        if (sPNEGOContext == null) {
            sPNEGOContext = login();
            attributes.setAttribute(SPNEGOContext.ATTRIBUTE, sPNEGOContext);
        }
        String base64 = headerInfo.getBase64();
        byte[] bArr = (byte[]) Subject.doAs(sPNEGOContext.subject, initGSSContext(sPNEGOContext, request.getHost(), base64 == null ? new byte[0] : Base64.getDecoder().decode(base64)));
        return new SPNEGOResult(null, bArr == null ? null : new String(Base64.getEncoder().encode(bArr)));
    }

    private SPNEGOContext login() {
        try {
            String userName = getUserName();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Logging in user {}", userName);
            }
            LoginContext loginContext = new LoginContext("", (Subject) null, new PasswordCallbackHandler(), new SPNEGOConfiguration());
            loginContext.login();
            Subject subject = loginContext.getSubject();
            SPNEGOContext sPNEGOContext = new SPNEGOContext();
            sPNEGOContext.subject = subject;
            if (LOG.isDebugEnabled()) {
                LOG.debug("Initialized {}", sPNEGOContext);
            }
            return sPNEGOContext;
        } catch (LoginException e) {
            throw new RuntimeException(e);
        }
    }

    private PrivilegedAction<byte[]> initGSSContext(SPNEGOContext sPNEGOContext, String str, byte[] bArr) {
        return () -> {
            try {
                GSSContext gSSContext = sPNEGOContext.gssContext;
                if (gSSContext == null) {
                    gSSContext = this.gssManager.createContext(this.gssManager.createName(getServiceName() + "@" + str, GSSName.NT_HOSTBASED_SERVICE), new Oid("1.3.6.1.5.5.2"), (GSSCredential) null, Scanner.MAX_SCAN_DEPTH);
                    sPNEGOContext.gssContext = gSSContext;
                    gSSContext.requestMutualAuth(true);
                }
                byte[] initSecContext = gSSContext.initSecContext(bArr, 0, bArr.length);
                if (LOG.isDebugEnabled()) {
                    Logger logger = LOG;
                    Object[] objArr = new Object[2];
                    objArr[0] = gSSContext.isEstablished() ? "Initialized" : "Initializing";
                    objArr[1] = gSSContext;
                    logger.debug("{} {}", objArr);
                }
                return initSecContext;
            } catch (GSSException e) {
                throw new RuntimeException((Throwable) e);
            }
        };
    }
}
