package org.jboss.as.domain.management.security;

import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.as.controller.services.path.PathEntry;
import org.jboss.as.controller.services.path.PathManager;
import org.jboss.as.domain.management.ModelDescriptionConstants;
import org.jboss.as.domain.management.SubjectIdentity;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.as.domain.management.security.KeytabIdentityFactoryService;
import org.jboss.msc.inject.Injector;
import org.jboss.msc.service.Service;
import org.jboss.msc.service.ServiceBuilder;
import org.jboss.msc.service.ServiceName;
import org.jboss.msc.service.StartContext;
import org.jboss.msc.service.StartException;
import org.jboss.msc.service.StopContext;
import org.jboss.msc.value.InjectedValue;

/* loaded from: input_file:org/jboss/as/domain/management/security/KeytabService.class */
public class KeytabService implements Service<KeytabService> {
    private static final String KRB5LoginModule = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String IBMKRB5LoginModule = "com.ibm.security.auth.module.Krb5LoginModule";
    private final String principal;
    private final String path;
    private final String relativeTo;
    private final String[] forHosts;
    private final boolean debug;
    private final InjectedValue<PathManager> pathManager = new InjectedValue<>();
    private PathManager.Callback.Handle pathHandle = null;
    private Configuration clientConfiguration;
    private Configuration serverConfiguration;
    private static final boolean IS_IBM = System.getProperty("java.vendor").contains("IBM");
    private static final CallbackHandler NO_CALLBACK_HANDLER = new CallbackHandler() { // from class: org.jboss.as.domain.management.security.KeytabService.1
        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            throw new UnsupportedCallbackException(callbackArr[0]);
        }
    };

    /* loaded from: input_file:org/jboss/as/domain/management/security/KeytabService$ServiceUtil.class */
    public static final class ServiceUtil {
        private ServiceUtil() {
        }

        public static ServiceName createServiceName(String str, String str2) {
            return KeytabIdentityFactoryService.ServiceUtil.createServiceName(str).append(new String[]{str2});
        }

        public static ServiceBuilder<?> addDependency(ServiceBuilder<?> serviceBuilder, Injector<KeytabService> injector, String str, String str2) {
            serviceBuilder.addDependency(ServiceBuilder.DependencyType.REQUIRED, createServiceName(str, str2), KeytabService.class, injector);
            return serviceBuilder;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeytabService(String str, String str2, String str3, String[] strArr, boolean z) {
        this.principal = str;
        this.path = str2;
        this.relativeTo = str3;
        this.forHosts = strArr;
        this.debug = z;
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public KeytabService m86getValue() throws IllegalStateException, IllegalArgumentException {
        return this;
    }

    public void start(StartContext startContext) throws StartException {
        String str = this.path;
        if (this.relativeTo != null) {
            PathManager pathManager = (PathManager) this.pathManager.getValue();
            str = pathManager.resolveRelativePathEntry(str, this.relativeTo);
            this.pathHandle = pathManager.registerCallback(this.relativeTo, new PathManager.Callback() { // from class: org.jboss.as.domain.management.security.KeytabService.2
                public void pathModelEvent(PathManager.PathEventContext pathEventContext, String str2) {
                    if (pathEventContext.isResourceServiceRestartAllowed()) {
                        return;
                    }
                    pathEventContext.reloadRequired();
                }

                public void pathEvent(PathManager.Event event, PathEntry pathEntry) {
                }
            }, new PathManager.Event[]{PathManager.Event.REMOVED, PathManager.Event.UPDATED});
        }
        try {
            this.clientConfiguration = createConfiguration(false, str);
            this.serverConfiguration = createConfiguration(true, str);
        } catch (MalformedURLException e) {
            throw DomainManagementLogger.SECURITY_LOGGER.invalidKeytab(e);
        }
    }

    private Configuration createConfiguration(boolean z, String str) throws MalformedURLException {
        AppConfigurationEntry appConfigurationEntry;
        HashMap hashMap = new HashMap();
        if (this.debug) {
            hashMap.put(ModelDescriptionConstants.DEBUG, "true");
        }
        hashMap.put(ModelDescriptionConstants.PRINCIPAL, this.principal);
        if (IS_IBM) {
            hashMap.put("noAddress", "true");
            hashMap.put("credsType", z ? "acceptor" : "initiator");
            hashMap.put("useKeytab", new File(str).toURI().toURL().toString());
            appConfigurationEntry = new AppConfigurationEntry(IBMKRB5LoginModule, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
        } else {
            hashMap.put("storeKey", "true");
            hashMap.put("useKeyTab", "true");
            hashMap.put("keyTab", str);
            hashMap.put("isInitiator", z ? "false" : "true");
            appConfigurationEntry = new AppConfigurationEntry(KRB5LoginModule, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
        }
        final AppConfigurationEntry[] appConfigurationEntryArr = {appConfigurationEntry};
        return new Configuration() { // from class: org.jboss.as.domain.management.security.KeytabService.3
            static final /* synthetic */ boolean $assertionsDisabled;

            public AppConfigurationEntry[] getAppConfigurationEntry(String str2) {
                if ($assertionsDisabled || "KDC".equals(str2)) {
                    return appConfigurationEntryArr;
                }
                throw new AssertionError();
            }

            static {
                $assertionsDisabled = !KeytabService.class.desiredAssertionStatus();
            }
        };
    }

    public void stop(StopContext stopContext) {
        this.clientConfiguration = null;
        this.serverConfiguration = null;
        if (this.pathHandle != null) {
            this.pathHandle.remove();
            this.pathHandle = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Injector<PathManager> getPathManagerInjector() {
        return this.pathManager;
    }

    public String getPrincipal() {
        return this.principal;
    }

    public String[] getForHosts() {
        return (String[]) this.forHosts.clone();
    }

    public SubjectIdentity createSubjectIdentity(boolean z) throws LoginException {
        final Subject subject = new Subject();
        final LoginContext loginContext = new LoginContext("KDC", subject, NO_CALLBACK_HANDLER, z ? this.clientConfiguration : this.serverConfiguration);
        loginContext.login();
        return new SubjectIdentity() { // from class: org.jboss.as.domain.management.security.KeytabService.4
            volatile boolean available = true;

            @Override // org.jboss.as.domain.management.SubjectIdentity
            public Subject getSubject() {
                assertAvailable();
                return subject;
            }

            @Override // org.jboss.as.domain.management.SubjectIdentity
            public void logout() {
                assertAvailable();
                try {
                    loginContext.logout();
                } catch (LoginException e) {
                    DomainManagementLogger.SECURITY_LOGGER.trace("Unable to logout.", e);
                }
            }

            private void assertAvailable() {
                if (!this.available) {
                    throw DomainManagementLogger.SECURITY_LOGGER.subjectIdentityLoggedOut();
                }
            }
        };
    }
}
