package com.pcbsys.foundation.security.sasl;

import com.pcbsys.foundation.base.fException;
import com.pcbsys.foundation.drivers.fDriver;
import com.pcbsys.foundation.fConstants;
import com.pcbsys.foundation.io.fEventInputStream;
import com.pcbsys.foundation.io.fEventOutputStream;
import com.pcbsys.foundation.io.fStreamFactory;
import com.pcbsys.foundation.security.auth.fAuthConstants;
import com.pcbsys.foundation.security.auth.fAuthentication;
import com.pcbsys.foundation.security.auth.fAuthenticationException;
import com.pcbsys.foundation.security.fDefaultResponse;
import com.pcbsys.foundation.security.fDefaultServerLoginContext;
import com.pcbsys.foundation.security.fLoginResponse;
import com.pcbsys.foundation.security.fServerLoginContext;
import com.pcbsys.foundation.security.fSubject;
import com.pcbsys.foundation.utils.fSystemConfiguration;
import com.softwareag.security.jaas.login.SagCredentials;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;

/* loaded from: input_file:com/pcbsys/foundation/security/sasl/fExtAuthServerLoginContext.class */
public class fExtAuthServerLoginContext extends fDefaultServerLoginContext {
    private static final char COMPATMODE = fSystemConfiguration.getProperty("Nirvana.auth.server.jaascompat", "Y").toUpperCase().charAt(0);
    private static final int COMPAT_JAASTYPE_SERVER = 0;
    private static final int COMPAT_JAASTYPE_MUTUAL = 1;
    private static final byte STREAM_MAGIC1 = -84;
    private static final byte STREAM_MAGIC2 = -19;
    private static int session_id_counter;
    private int session_id;

    private void setDebugSessionID() {
        synchronized (getClass()) {
            int i = session_id_counter + 1;
            session_id_counter = i;
            this.session_id = i;
        }
    }

    private String debugPrefix() {
        return "JAAS-ServerLoginContext/" + this.session_id + ": [debug] ";
    }

    @Override // com.pcbsys.foundation.security.fDefaultServerLoginContext, com.pcbsys.foundation.security.fServerLoginContext
    public fServerLoginContext newInstance() {
        return new fExtAuthServerLoginContext();
    }

    @Override // com.pcbsys.foundation.security.fDefaultServerLoginContext, com.pcbsys.foundation.security.fLoginContext
    public fLoginResponse login(fDriver fdriver) throws fException {
        try {
            return login(fdriver, fStreamFactory.createInputStream(fdriver.getInputStream()), new fEventOutputStream(fdriver.getOutputStream()));
        } catch (Exception e) {
            if (e instanceof fException) {
                throw ((fException) e);
            }
            throw new fException("JAAS-Authentication failed with driver=" + (fdriver == null ? null : fdriver.getClass().getName()), e);
        }
    }

    @Override // com.pcbsys.foundation.security.fDefaultServerLoginContext, com.pcbsys.foundation.security.fLoginContext
    public fLoginResponse login(fDriver fdriver, fEventInputStream feventinputstream, fEventOutputStream feventoutputstream) throws IOException, fException {
        if (fAuthConstants.sDebug) {
            setDebugSessionID();
        }
        boolean z = false;
        String str = null;
        try {
            try {
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "New session with driver=" + (fdriver == null ? null : fdriver.getClass().getName()) + ", compat=" + COMPATMODE);
                }
                Object receiveCredentials = receiveCredentials(feventinputstream);
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "Authenticating SAG-JAAS credentials=" + (receiveCredentials == null ? null : receiveCredentials.getClass().getName() + "/" + receiveCredentials));
                }
                SagCredentials sagCredentials = (SagCredentials) receiveCredentials;
                extractTransportCredentials(sagCredentials, fdriver);
                if (fAuthentication.authenticationEnabled) {
                    str = fAuthentication.authenticate(sagCredentials);
                    z = true;
                } else {
                    z = true;
                }
                if (!z) {
                    String str2 = sagCredentials == null ? null : sagCredentials.getUserName() + "/" + sagCredentials;
                    if (fAuthConstants.sDebug) {
                        fConstants.logger.log(debugPrefix() + "Failed to authenticate username=" + str2);
                    }
                    throw new fAuthenticationException("Failed to authenticate JAAS-based credentials for username=" + str2);
                }
                String lowerCase = str == null ? sagCredentials.getUserName().toLowerCase() : str;
                fSubject fsubject = new fSubject(lowerCase, fdriver == null ? "localhost" : getRemoteAddress(fdriver), fAuthentication.authenticationEnabled);
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "Authenticated user=" + lowerCase + " as " + fsubject);
                }
                setSubject(fsubject);
                if (fdriver != null) {
                    fdriver.setSubject(fsubject);
                }
                return new fDefaultResponse(true);
            } catch (IOException e) {
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "Authentication failed - " + e);
                }
                throw e;
            } catch (ClassNotFoundException e2) {
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "Authentication failed - " + e2);
                }
                throw new fException(e2);
            }
        } finally {
            feventoutputstream.writeBoolean(z);
            feventoutputstream.flush();
        }
    }

    private Object receiveCredentials(fEventInputStream feventinputstream) throws IOException, ClassNotFoundException {
        if (COMPATMODE == 'F') {
            return receiveCredentialsCompat(feventinputstream);
        }
        if (COMPATMODE == 'N') {
            return receiveCredentialsSAG(feventinputstream);
        }
        byte[] bArr = new byte[6];
        int read = feventinputstream.read(bArr);
        if (read != bArr.length) {
            throw new IllegalArgumentException("Insufficient credentials data for any compat mode - read=" + read);
        }
        feventinputstream.rollback(bArr);
        return bArr[0] != 0 ? receiveCredentialsCompat(feventinputstream) : (bArr[4] == STREAM_MAGIC1 && bArr[5] == STREAM_MAGIC2) ? receiveCredentialsSAG(feventinputstream) : receiveCredentialsCompat(feventinputstream);
    }

    private Object receiveCredentialsSAG(fEventInputStream feventinputstream) throws IOException, ClassNotFoundException {
        return new ObjectInputStream(new ByteArrayInputStream(feventinputstream.readByteArray())).readObject();
    }

    private Object receiveCredentialsCompat(fEventInputStream feventinputstream) throws IOException, ClassNotFoundException {
        byte readByte = feventinputstream.readByte();
        if (fAuthConstants.sDebug) {
            fConstants.logger.log(debugPrefix() + "Receiving credentials in compat-mode=" + ((int) readByte));
        }
        if (readByte == 1) {
            return receiveCredentialsSAG(feventinputstream);
        }
        if (readByte != 0) {
            throw new IllegalArgumentException("Invalid JAAS-type compat-mode=" + ((int) readByte));
        }
        return fAuthentication.constructCredentials(feventinputstream.readString(), feventinputstream.readString());
    }
}
