package com.pcbsys.foundation.security.sasl;

import com.pcbsys.foundation.base.fException;
import com.pcbsys.foundation.drivers.fDriver;
import com.pcbsys.foundation.fConstants;
import com.pcbsys.foundation.io.fEventInputStream;
import com.pcbsys.foundation.io.fEventOutputStream;
import com.pcbsys.foundation.io.fStreamFactory;
import com.pcbsys.foundation.security.auth.fAuthConstants;
import com.pcbsys.foundation.security.auth.fAuthenticationException;
import com.pcbsys.foundation.security.auth.fSAGInternalUserRepositoryAdapter;
import com.pcbsys.foundation.security.fClientLoginContext;
import com.pcbsys.foundation.security.fDefaultLoginContext;
import com.pcbsys.foundation.security.fDefaultResponse;
import com.pcbsys.foundation.security.fLoginContext;
import com.pcbsys.foundation.security.fLoginContextSSLAttributes;
import com.pcbsys.foundation.security.fLoginResponse;
import com.pcbsys.foundation.security.fSubject;
import com.pcbsys.foundation.utils.fSystemConfiguration;
import java.io.IOException;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

/* loaded from: input_file:com/pcbsys/foundation/security/sasl/fSaslClientLoginContext.class */
public class fSaslClientLoginContext extends fDefaultLoginContext implements fLoginContextSSLAttributes {
    public static final String SYSPROP_JAASKEY = "Nirvana.auth.client.jaaskey";
    private static final String JAASKEY_COMPAT_NOAUTH = "noauth";
    private static final String[] MECHPREFS = {Defs.MECHNAME_PLAIN, Defs.MECHNAME_CRAMMD5, Defs.MECHNAME_DIGESTMD5, Defs.MECHNAME_EXTERNAL};
    private static String MECH_OVERRIDE = fSystemConfiguration.getProperty("Nirvana.sasl.client.mechanism");
    private static boolean SASL_LOCALHOST_REVERSE_RESOLVE = Boolean.parseBoolean(System.getProperty("Nirvana.sasl.client.localhostResolve", "True"));
    private static boolean PASSWORD_PREHASH = Boolean.parseBoolean(fSystemConfiguration.getProperty("Nirvana.sasl.client.enablePrehash"));
    private static final String HASH_TYPE = fSystemConfiguration.getProperty("Nirvana.sasl.client.prehashtype");
    private static final byte[] CTXTYPE_SASL = {-2};
    private final String driver_protocol;
    private final CredentialsHolder creds;
    private fLoginResponse loginrsp;
    private String keyStorePath;
    private String keyStorePass;
    private String keyStoreCert;
    private String trustStorePath;
    private String trustStorePass;
    private String sslProtocol;
    private String[] enabledCiphers;
    private String pkcs11NSSConfigFile;
    private String pkcs11NSSName;
    private boolean isCramOrDigest;
    private static int session_id_counter;
    private int session_id;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/pcbsys/foundation/security/sasl/fSaslClientLoginContext$ClientMessage.class */
    public static class ClientMessage extends Message {
        public byte status;

        public ClientMessage(fEventInputStream feventinputstream, fEventOutputStream feventoutputstream) {
            super(feventinputstream, feventoutputstream);
            this.status = (byte) 1;
        }

        public byte[] readChallenge(String str, String str2) throws fAuthenticationException, IOException, ClassNotFoundException {
            this.status = this.is.readByte();
            if (this.status == 3) {
                throw new fAuthenticationException("Authentication failed during SASL-" + str + " for user=" + str2);
            }
            return readMessage();
        }

        public void sendContextSelector(byte[] bArr) throws IOException {
            this.os.write(bArr);
        }

        public void sendResponse(String str, byte[] bArr) throws IOException {
            if (str != null) {
                this.os.writeString(str);
            }
            write(bArr);
            this.os.flush();
        }
    }

    /* loaded from: input_file:com/pcbsys/foundation/security/sasl/fSaslClientLoginContext$CredentialsHolder.class */
    public class CredentialsHolder implements CallbackHandler {
        public final String username;
        private final String password;

        public CredentialsHolder(String str, String str2) {
            str2 = str2 == null ? "" : str2;
            this.username = str;
            this.password = str2;
        }

        /* JADX WARN: Type inference failed for: r2v15, types: [int[], java.lang.Object[]] */
        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) {
            for (Callback callback : callbackArr) {
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(fSaslClientLoginContext.debugPrefix(0) + "Callback=" + callback + "/" + callbackArr.length);
                }
                if (callback instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callback;
                    if (fAuthConstants.sDebug) {
                        fConstants.logger.log(fSaslClientLoginContext.debugPrefix(0) + "NameCallback: Default=" + nameCallback.getDefaultName() + ", Current=" + nameCallback.getName());
                    }
                    nameCallback.setName(this.username);
                } else if (callback instanceof PasswordCallback) {
                    PasswordCallback passwordCallback = (PasswordCallback) callback;
                    if (fSaslClientLoginContext.this.isCramOrDigest && fSaslClientLoginContext.PASSWORD_PREHASH) {
                        passwordCallback.setPassword(fSAGInternalUserRepositoryAdapter.hashedPassword(this.username, this.password, fSaslClientLoginContext.HASH_TYPE).toCharArray());
                    } else {
                        passwordCallback.setPassword(this.password.toCharArray());
                    }
                } else if (callback instanceof RealmCallback) {
                    RealmCallback realmCallback = (RealmCallback) callback;
                    if (fAuthConstants.sDebug) {
                        fConstants.logger.log(fSaslClientLoginContext.debugPrefix(0) + "RealmCallback: " + realmCallback.getPrompt() + " Default=" + realmCallback.getDefaultText() + ", Current=" + realmCallback.getText());
                    }
                    realmCallback.setText(realmCallback.getDefaultText());
                } else if (callback instanceof RealmChoiceCallback) {
                    RealmChoiceCallback realmChoiceCallback = (RealmChoiceCallback) callback;
                    if (fAuthConstants.sDebug) {
                        fConstants.logger.log(fSaslClientLoginContext.debugPrefix(0) + "RealmChoiceCallback: " + realmChoiceCallback.getPrompt() + " Choices=" + Arrays.asList(realmChoiceCallback.getChoices()) + "/Default=" + realmChoiceCallback.getDefaultChoice() + ", Selected=" + Arrays.asList(new int[]{realmChoiceCallback.getSelectedIndexes()}) + "/allowmult=" + realmChoiceCallback.allowMultipleSelections());
                    }
                    realmChoiceCallback.setSelectedIndex(realmChoiceCallback.getDefaultChoice());
                }
            }
        }
    }

    static void setMechOverride(String str) {
        MECH_OVERRIDE = str;
    }

    public static void setPasswordPrehash(boolean z) {
        PASSWORD_PREHASH = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getUsername() {
        return this.creds.username;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public fLoginResponse getLoginResponse() {
        return this.loginrsp;
    }

    private void setDebugSessionID() {
        synchronized (getClass()) {
            int i = session_id_counter + 1;
            session_id_counter = i;
            this.session_id = i;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String debugPrefix(int i) {
        return "SASL-ClientLoginContext/" + i + ": [debug] ";
    }

    private String debugPrefix() {
        return debugPrefix(this.session_id);
    }

    public fSaslClientLoginContext(String str, String str2, String str3) {
        super(str2);
        this.isCramOrDigest = false;
        this.creds = new CredentialsHolder(str2, str3);
        this.driver_protocol = str.toLowerCase();
    }

    @Override // com.pcbsys.foundation.security.fDefaultLoginContext, com.pcbsys.foundation.security.fLoginContext
    public fLoginResponse login(fDriver fdriver) throws fException {
        try {
            return login(fdriver, fStreamFactory.createInputStream(fdriver.getInputStream()), new fEventOutputStream(fdriver.getOutputStream()));
        } catch (Exception e) {
            if (e instanceof fException) {
                throw ((fException) e);
            }
            throw new fException("SASL-Authentication failed with driver=" + (fdriver == null ? null : fdriver.getClass().getName()), e);
        }
    }

    @Override // com.pcbsys.foundation.security.fDefaultLoginContext, com.pcbsys.foundation.security.fLoginContext
    public fLoginResponse login(fDriver fdriver, fEventInputStream feventinputstream, fEventOutputStream feventoutputstream) throws fAuthenticationException, IOException {
        fSaslClientLoginContext doLogin;
        String property = fSystemConfiguration.getProperty(SYSPROP_JAASKEY);
        if (fAuthConstants.sDebug) {
            setDebugSessionID();
            fConstants.logger.log(debugPrefix() + "Authenticating user=" + this.creds.username + " with JAAS=" + property + " - driver=" + (fdriver == null ? null : fdriver.getClass().getName()));
        }
        if (property == null || property.equals(JAASKEY_COMPAT_NOAUTH)) {
            try {
                doLogin = doLogin(fdriver, new ClientMessage(feventinputstream, feventoutputstream));
            } catch (Exception e) {
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "SASL negotiation failed - " + e);
                }
                if (e instanceof fAuthenticationException) {
                    throw ((fAuthenticationException) e);
                }
                if (e instanceof IOException) {
                    throw ((IOException) e);
                }
                throw new fAuthenticationException(e);
            }
        } else {
            try {
                this.loginrsp = JaasHelper.doLogin(property, fdriver, feventinputstream, feventoutputstream, this, this.creds.username, this.creds.password.toCharArray());
                doLogin = this;
            } catch (Exception e2) {
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "JAAS authentication failed for user=" + this.creds.username + " - " + e2);
                }
                if (e2 instanceof fAuthenticationException) {
                    throw ((fAuthenticationException) e2);
                }
                if (e2 instanceof IOException) {
                    throw ((IOException) e2);
                }
                throw new fAuthenticationException(e2);
            }
        }
        fSubject fsubject = doLogin == this ? new fSubject(this.creds.username.toLowerCase(), InetAddress.getLocalHost().getHostName()) : doLogin.getSubject();
        setSubject(fsubject);
        if (fdriver != null) {
            fdriver.setSubject(fsubject);
        }
        return this.loginrsp;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public fLoginContext doLogin(fDriver fdriver, ClientMessage clientMessage) throws fException, IOException, ClassNotFoundException {
        String[] strArr = MECH_OVERRIDE == null ? MECHPREFS : new String[]{MECH_OVERRIDE};
        String host = fdriver.getConnectionDetails().getHost();
        if (SASL_LOCALHOST_REVERSE_RESOLVE) {
            host = Defs.checkAgainstLocalHostNames(host, host);
        }
        fConstants.logger.debug(debugPrefix() + "client using Digest URI for server: " + host);
        SaslClient saslClient = null;
        for (String str : strArr) {
            this.isCramOrDigest = str.equalsIgnoreCase(Defs.MECHNAME_DIGESTMD5) || str.equalsIgnoreCase(Defs.MECHNAME_CRAMMD5);
            saslClient = Sasl.createSaslClient(new String[]{str}, (String) null, Message.PROTONAME, host, (Map) null, this.creds);
            if (saslClient != null) {
                break;
            }
        }
        if (saslClient == null) {
            throw new SaslException("Failed to create SASL client for mechs=" + Arrays.asList(strArr) + ", proto=" + Message.PROTONAME);
        }
        String mechanismName = saslClient.getMechanismName();
        try {
            byte[] bArr = saslClient.hasInitialResponse() ? Message.NULLMSG : null;
            clientMessage.sendContextSelector(CTXTYPE_SASL);
            if (fAuthConstants.sDebug) {
                fConstants.logger.log(debugPrefix() + "Mechanism=" + mechanismName + ", srvname=" + host + ", initial challenge=" + (bArr == null ? null : bArr.length + "/" + new String(bArr)) + " - state=" + ((int) clientMessage.status));
            }
            while (!saslClient.isComplete()) {
                byte[] evaluateChallenge = bArr == null ? null : saslClient.evaluateChallenge(bArr);
                if (fAuthConstants.sDebug) {
                    fConstants.logger.log(debugPrefix() + "Constructed response=" + (evaluateChallenge == null ? null : evaluateChallenge.length + "/" + new String(evaluateChallenge)) + " - state=" + ((int) clientMessage.status) + ", complete=" + saslClient.isComplete());
                }
                if (clientMessage.status == 2 && evaluateChallenge != null) {
                    throw new SaslException("Protocol out of sync during SASL-" + saslClient.getMechanismName() + " for user=" + this.creds.username + " - " + new String(evaluateChallenge));
                }
                if (!saslClient.isComplete() || evaluateChallenge != null) {
                    clientMessage.sendResponse(mechanismName, evaluateChallenge);
                }
                mechanismName = null;
                if (clientMessage.status == 1) {
                    bArr = clientMessage.readChallenge(saslClient.getMechanismName(), this.creds.username);
                    if (fAuthConstants.sDebug) {
                        fConstants.logger.log(debugPrefix() + "Received challenge=" + (bArr == null ? null : bArr.length + "/" + new String(bArr)) + " - state=" + ((int) clientMessage.status));
                    }
                }
                if (clientMessage.status == 4) {
                    if (this.driver_protocol.equals("nhp") || this.driver_protocol.equals("nhps")) {
                        throw new fAuthenticationException(1);
                    }
                    fLoginContext fclientlogincontext = fClientLoginContext.getInstance(this.driver_protocol, this.creds.username.toLowerCase());
                    this.loginrsp = fclientlogincontext.login(fdriver);
                    try {
                        saslClient.dispose();
                    } catch (Throwable th) {
                        fConstants.logger.log(debugPrefix() + "Failed to dispose of " + saslClient.getClass().getName() + " for mech=" + ((String) null) + " - " + th);
                    }
                    return fclientlogincontext;
                }
            }
            try {
                saslClient.dispose();
            } catch (Throwable th2) {
                fConstants.logger.log(debugPrefix() + "Failed to dispose of " + saslClient.getClass().getName() + " for mech=" + mechanismName + " - " + th2);
            }
            this.loginrsp = new fDefaultResponse(true);
            return this;
        } catch (Throwable th3) {
            try {
                saslClient.dispose();
            } catch (Throwable th4) {
                fConstants.logger.log(debugPrefix() + "Failed to dispose of " + saslClient.getClass().getName() + " for mech=" + mechanismName + " - " + th4);
            }
            throw th3;
        }
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public void setKeyStore(String str, String str2, String str3) {
        this.keyStorePath = str;
        this.keyStorePass = str2;
        this.keyStoreCert = str3;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public void setTrustStore(String str, String str2) {
        this.trustStorePath = str;
        this.trustStorePass = str2;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public void setSSLProtocol(String str) {
        this.sslProtocol = str;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public void setEnabledCiphers(String[] strArr) {
        this.enabledCiphers = strArr;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public void setPKCS11NSSConfigFile(String str) {
        this.pkcs11NSSConfigFile = str;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public void setPKCS11NSSName(String str) {
        this.pkcs11NSSName = str;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getKeyStorePath() {
        return this.keyStorePath;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getKeyStorePass() {
        return this.keyStorePass;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getKeyStoreCert() {
        return this.keyStoreCert;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getTrustStorePass() {
        return this.trustStorePass;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getProtocol() {
        return this.sslProtocol;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String[] getEnabledCiphers() {
        return this.enabledCiphers;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getPKCS11NSSConfigFile() {
        return this.pkcs11NSSConfigFile;
    }

    @Override // com.pcbsys.foundation.security.fLoginContextSSLAttributes
    public String getPKCS11NSSName() {
        return this.pkcs11NSSName;
    }
}
