package com.unboundid.ldap.sdk;

import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.util.Debug;
import com.unboundid.util.DebugType;
import com.unboundid.util.InternalUseOnly;
import com.unboundid.util.NotMutable;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import com.unboundid.util.Validator;
import java.io.File;
import java.io.FileWriter;
import java.io.PrintWriter;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.concurrent.atomic.AtomicReference;
import java.util.logging.Level;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.login.LoginContext;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;

@ThreadSafety(level = ThreadSafetyLevel.NOT_THREADSAFE)
@NotMutable
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-1.1.3.jar:com/unboundid/ldap/sdk/GSSAPIBindRequest.class */
public final class GSSAPIBindRequest extends SASLBindRequest implements CallbackHandler, PrivilegedExceptionAction<Object> {
    public static final String GSSAPI_MECHANISM_NAME = "GSSAPI";
    private static final String PROPERTY_KDC_ADDRESS = "java.security.krb5.kdc";
    private static final String PROPERTY_REALM = "java.security.krb5.realm";
    private static final String PROPERTY_CONFIG_FILE = "java.security.auth.login.config";
    private static final String PROPERTY_SUBJECT_CREDS_ONLY = "javax.security.auth.useSubjectCredsOnly";
    private static final AtomicReference<String> DEFAULT_CONFIG_FILE_PATH = new AtomicReference<>();
    private static final String JAAS_CLIENT_NAME = "GSSAPIBindRequest";
    private static final long serialVersionUID = 2511890818146955112L;
    private final ASN1OctetString password;
    private final AtomicReference<LDAPConnection> conn;
    private int messageID;
    private final String authenticationID;
    private final String authorizationID;
    private final String configFilePath;
    private final String kdcAddress;
    private final String realm;

    public GSSAPIBindRequest(String str, String str2) throws LDAPException {
        this(str, (String) null, str2, (String) null, (String) null, (String) null, (Control[]) null);
    }

    public GSSAPIBindRequest(String str, byte[] bArr) throws LDAPException {
        this(str, (String) null, bArr, (String) null, (String) null, (String) null, (Control[]) null);
    }

    public GSSAPIBindRequest(String str, String str2, Control[] controlArr) throws LDAPException {
        this(str, (String) null, str2, (String) null, (String) null, (String) null, controlArr);
    }

    public GSSAPIBindRequest(String str, byte[] bArr, Control[] controlArr) throws LDAPException {
        this(str, (String) null, bArr, (String) null, (String) null, (String) null, controlArr);
    }

    public GSSAPIBindRequest(String str, String str2, String str3, String str4, String str5, String str6) throws LDAPException {
        this(str, str2, new ASN1OctetString(str3), str4, str5, str6, (Control[]) null);
    }

    public GSSAPIBindRequest(String str, String str2, byte[] bArr, String str3, String str4, String str5) throws LDAPException {
        this(str, str2, new ASN1OctetString(bArr), str3, str4, str5, (Control[]) null);
    }

    public GSSAPIBindRequest(String str, String str2, String str3, String str4, String str5, String str6, Control[] controlArr) throws LDAPException {
        this(str, str2, new ASN1OctetString(str3), str4, str5, str6, controlArr);
    }

    public GSSAPIBindRequest(String str, String str2, byte[] bArr, String str3, String str4, String str5, Control[] controlArr) throws LDAPException {
        this(str, str2, new ASN1OctetString(bArr), str3, str4, str5, controlArr);
    }

    private GSSAPIBindRequest(String str, String str2, ASN1OctetString aSN1OctetString, String str3, String str4, String str5, Control[] controlArr) throws LDAPException {
        super(controlArr);
        this.messageID = -1;
        Validator.ensureNotNull(str, aSN1OctetString);
        this.authenticationID = str;
        this.password = aSN1OctetString;
        this.realm = str3;
        this.kdcAddress = str4;
        this.conn = new AtomicReference<>();
        if (str2 == null) {
            this.authorizationID = str;
        } else {
            this.authorizationID = str2;
        }
        if (str5 == null) {
            this.configFilePath = getDefaultConfigFilePath();
        } else {
            this.configFilePath = str5;
        }
    }

    @Override // com.unboundid.ldap.sdk.SASLBindRequest
    public String getSASLMechanismName() {
        return GSSAPI_MECHANISM_NAME;
    }

    public String getAuthenticationID() {
        return this.authenticationID;
    }

    public String getAuthorizationID() {
        return this.authorizationID;
    }

    public String getPasswordString() {
        return this.password.stringValue();
    }

    public byte[] getPasswordBytes() {
        return this.password.getValue();
    }

    public String getRealm() {
        return this.realm;
    }

    public String getKDCAddress() {
        return this.kdcAddress;
    }

    public String getConfigFilePath() {
        return this.configFilePath;
    }

    private static String getDefaultConfigFilePath() throws LDAPException {
        try {
            String str = DEFAULT_CONFIG_FILE_PATH.get();
            if (str == null) {
                File createTempFile = File.createTempFile("GSSAPIBindRequest-JAAS-Config-", ".conf");
                createTempFile.deleteOnExit();
                PrintWriter printWriter = new PrintWriter(new FileWriter(createTempFile));
                try {
                    printWriter.println("GSSAPIBindRequest {");
                    printWriter.println("  com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true;");
                    printWriter.println("};");
                    printWriter.close();
                    if (!DEFAULT_CONFIG_FILE_PATH.compareAndSet(null, createTempFile.getAbsolutePath())) {
                        createTempFile.delete();
                    }
                    str = DEFAULT_CONFIG_FILE_PATH.get();
                } catch (Throwable th) {
                    printWriter.close();
                    throw th;
                }
            }
            return str;
        } catch (Exception e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.LOCAL_ERROR, LDAPMessages.ERR_GSSAPI_CANNOT_CREATE_JAAS_CONFIG.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.unboundid.ldap.sdk.BindRequest, com.unboundid.ldap.sdk.LDAPRequest
    public BindResult process(LDAPConnection lDAPConnection, int i) throws LDAPException {
        if (!this.conn.compareAndSet(null, lDAPConnection)) {
            throw new LDAPException(ResultCode.LOCAL_ERROR, LDAPMessages.ERR_GSSAPI_MULTIPLE_CONCURRENT_REQUESTS.get());
        }
        System.setProperty(PROPERTY_CONFIG_FILE, this.configFilePath);
        System.setProperty(PROPERTY_SUBJECT_CREDS_ONLY, "true");
        if (this.kdcAddress != null) {
            System.setProperty(PROPERTY_KDC_ADDRESS, this.kdcAddress);
        }
        if (this.realm != null) {
            System.setProperty(PROPERTY_REALM, this.realm);
        }
        try {
            try {
                LoginContext loginContext = new LoginContext(JAAS_CLIENT_NAME, this);
                loginContext.login();
                try {
                    BindResult bindResult = (BindResult) Subject.doAs(loginContext.getSubject(), this);
                    this.conn.set(null);
                    return bindResult;
                } catch (Exception e) {
                    Debug.debugException(e);
                    if (e instanceof LDAPException) {
                        throw ((LDAPException) e);
                    }
                    throw new LDAPException(ResultCode.LOCAL_ERROR, LDAPMessages.ERR_GSSAPI_AUTHENTICATION_FAILED.get(StaticUtils.getExceptionMessage(e)), e);
                }
            } catch (Exception e2) {
                Debug.debugException(e2);
                throw new LDAPException(ResultCode.LOCAL_ERROR, LDAPMessages.ERR_GSSAPI_CANNOT_INITIALIZE_JAAS_CONTEXT.get(StaticUtils.getExceptionMessage(e2)), e2);
            }
        } catch (Throwable th) {
            this.conn.set(null);
            throw th;
        }
    }

    @Override // java.security.PrivilegedExceptionAction
    @InternalUseOnly
    public Object run() throws LDAPException {
        LDAPConnection lDAPConnection = this.conn.get();
        String[] strArr = {GSSAPI_MECHANISM_NAME};
        HashMap hashMap = new HashMap();
        hashMap.put("javax.security.sasl.qop", "auth");
        hashMap.put("javax.security.sasl.server.authentication", "true");
        try {
            SASLHelper sASLHelper = new SASLHelper(this, lDAPConnection, GSSAPI_MECHANISM_NAME, Sasl.createSaslClient(strArr, this.authorizationID, "ldap", lDAPConnection.getConnectedAddress(), hashMap, this), getControls(), getResponseTimeoutMillis(lDAPConnection));
            try {
                BindResult processSASLBind = sASLHelper.processSASLBind();
                this.messageID = sASLHelper.getMessageID();
                return processSASLBind;
            } catch (Throwable th) {
                this.messageID = sASLHelper.getMessageID();
                throw th;
            }
        } catch (Exception e) {
            Debug.debugException(e);
            throw new LDAPException(ResultCode.LOCAL_ERROR, LDAPMessages.ERR_GSSAPI_CANNOT_CREATE_SASL_CLIENT.get(StaticUtils.getExceptionMessage(e)), e);
        }
    }

    @Override // com.unboundid.ldap.sdk.BindRequest
    public GSSAPIBindRequest getRebindRequest(String str, int i) {
        try {
            return new GSSAPIBindRequest(this.authenticationID, this.authorizationID, this.password, this.realm, this.kdcAddress, this.configFilePath, getControls());
        } catch (Exception e) {
            Debug.debugException(e);
            return null;
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    @InternalUseOnly
    public void handle(Callback[] callbackArr) {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(this.authenticationID);
            } else if (callback instanceof PasswordCallback) {
                ((PasswordCallback) callback).setPassword(this.password.stringValue().toCharArray());
            } else if (callback instanceof RealmCallback) {
                if (this.realm != null) {
                    ((RealmCallback) callback).setText(this.realm);
                }
            } else if (Debug.debugEnabled(DebugType.LDAP)) {
                Debug.debug(Level.WARNING, DebugType.LDAP, "Unexpected GSSAPI SASL callback of type " + callback.getClass().getName());
            }
        }
    }

    @Override // com.unboundid.ldap.sdk.SASLBindRequest, com.unboundid.ldap.sdk.LDAPRequest
    public int getLastMessageID() {
        return this.messageID;
    }

    @Override // com.unboundid.ldap.sdk.BindRequest, com.unboundid.ldap.sdk.ReadOnlyLDAPRequest
    public GSSAPIBindRequest duplicate() {
        return duplicate(getControls());
    }

    @Override // com.unboundid.ldap.sdk.BindRequest, com.unboundid.ldap.sdk.ReadOnlyLDAPRequest
    public GSSAPIBindRequest duplicate(Control[] controlArr) {
        try {
            GSSAPIBindRequest gSSAPIBindRequest = new GSSAPIBindRequest(this.authenticationID, this.authorizationID, this.password, this.realm, this.kdcAddress, this.configFilePath, controlArr);
            gSSAPIBindRequest.setResponseTimeoutMillis(getResponseTimeoutMillis(null));
            return gSSAPIBindRequest;
        } catch (Exception e) {
            Debug.debugException(e);
            return null;
        }
    }

    @Override // com.unboundid.ldap.sdk.LDAPRequest, com.unboundid.ldap.sdk.ReadOnlyLDAPRequest
    public void toString(StringBuilder sb) {
        sb.append("GSSAPIBindRequest(authenticationID='");
        sb.append(this.authenticationID);
        sb.append('\'');
        if (this.authorizationID != null) {
            sb.append(", authorizationID='");
            sb.append(this.authorizationID);
            sb.append('\'');
        }
        if (this.realm != null) {
            sb.append(", realm='");
            sb.append(this.realm);
            sb.append('\'');
        }
        if (this.kdcAddress != null) {
            sb.append(", kdcAddress='");
            sb.append(this.kdcAddress);
            sb.append('\'');
        }
        sb.append(", configFilePath='");
        sb.append(this.configFilePath);
        sb.append('\'');
        Control[] controls = getControls();
        if (controls.length > 0) {
            sb.append(", controls={");
            for (int i = 0; i < controls.length; i++) {
                if (i > 0) {
                    sb.append(", ");
                }
                sb.append(controls[i]);
            }
            sb.append('}');
        }
        sb.append(')');
    }
}
