package org.teiid.transport;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.security.auth.login.LoginException;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.client.security.ILogon;
import org.teiid.client.security.InvalidSessionException;
import org.teiid.client.security.LogonException;
import org.teiid.client.security.LogonResult;
import org.teiid.client.security.SessionToken;
import org.teiid.client.util.ResultsFuture;
import org.teiid.core.TeiidComponentException;
import org.teiid.core.util.Base64;
import org.teiid.core.util.LRUCache;
import org.teiid.dqp.internal.process.DQPWorkContext;
import org.teiid.dqp.service.GSSResult;
import org.teiid.dqp.service.SessionService;
import org.teiid.dqp.service.SessionServiceException;
import org.teiid.logging.LogManager;
import org.teiid.net.CommunicationException;
import org.teiid.net.socket.AuthenticationType;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
import org.teiid.security.SecurityHelper;

/* loaded from: input_file:org/teiid/transport/LogonImpl.class */
public class LogonImpl implements ILogon {
    private SessionService service;
    private String clusterName;
    protected Map<String, Object> gssServiceTickets = Collections.synchronizedMap(new LRUCache());

    public LogonImpl(SessionService sessionService, String str) {
        this.service = sessionService;
        this.clusterName = str;
    }

    public LogonResult logon(Properties properties) throws LogonException {
        AuthenticationType authenticationType = this.service.getAuthenticationType(properties.getProperty("VirtualDatabaseName"), properties.getProperty("VirtualDatabaseVersion"), properties.getProperty("user"));
        if (properties.get("KRB5TOKEN") != null) {
            if (authenticationType == AuthenticationType.GSS) {
                SecurityHelper securityHelper = this.service.getSecurityHelper();
                try {
                    byte[] bArr = (byte[]) properties.get("KRB5TOKEN");
                    Object remove = this.gssServiceTickets.remove(Base64.encodeBytes(MD5(bArr)));
                    if (remove == null) {
                        throw new LogonException(RuntimePlugin.Event.TEIID40054, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40054, new Object[0]));
                    }
                    Object associateSecurityContext = securityHelper.associateSecurityContext(remove);
                    LogonResult logon = logon(properties, bArr, AuthenticationType.GSS);
                    if (1 != 0) {
                        securityHelper.associateSecurityContext(associateSecurityContext);
                    }
                    return logon;
                } catch (Throwable th) {
                    if (0 != 0) {
                        securityHelper.associateSecurityContext((Object) null);
                    }
                    throw th;
                }
            }
        } else if (authenticationType == AuthenticationType.GSS) {
            if (DQPWorkContext.getWorkContext().getClientVersion().compareTo(DQPWorkContext.Version.EIGHT_7) < 0) {
                throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, new Object[]{authenticationType}));
            }
            LogonResult logonResult = new LogonResult();
            logonResult.addProperty("authType", authenticationType);
            return logonResult;
        }
        if (AuthenticationType.USERPASSWORD.equals(authenticationType)) {
            return logon(properties, null, AuthenticationType.USERPASSWORD);
        }
        throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, new Object[]{authenticationType}));
    }

    private LogonResult logon(Properties properties, byte[] bArr, AuthenticationType authenticationType) throws LogonException {
        String securityDomain = this.service.getSecurityDomain(properties.getProperty("VirtualDatabaseName"), properties.getProperty("VirtualDatabaseVersion"));
        String property = properties.getProperty("ApplicationName");
        String property2 = properties.getProperty("user", SSLConfiguration.ANONYMOUS);
        String property3 = properties.getProperty("password");
        Credentials credentials = null;
        if (property3 != null) {
            credentials = new Credentials(property3.toCharArray());
        }
        try {
            SessionMetadata createSession = this.service.createSession(securityDomain, authenticationType, property2, credentials, property, properties, securityDomain != null);
            updateDQPContext(createSession);
            if (DQPWorkContext.getWorkContext().getClientAddress() == null) {
                createSession.setEmbedded(true);
            }
            LogonResult logonResult = new LogonResult(createSession.getSessionToken(), createSession.getVDBName(), createSession.getVDBVersion(), this.clusterName);
            if (bArr != null) {
                logonResult.addProperty("KRB5TOKEN", bArr);
            }
            return logonResult;
        } catch (SessionServiceException e) {
            throw new LogonException(e);
        } catch (LoginException e2) {
            throw new LogonException(e2);
        }
    }

    public LogonResult neogitiateGssLogin(Properties properties, byte[] bArr, boolean z) throws LogonException {
        String property = properties.getProperty("VirtualDatabaseName");
        String property2 = properties.getProperty("VirtualDatabaseVersion");
        if (!AuthenticationType.GSS.equals(this.service.getAuthenticationType(property, property2, properties.getProperty("user")))) {
            throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, new Object[]{"Kerberos"}));
        }
        try {
            String securityDomain = this.service.getSecurityDomain(property, property2);
            if (securityDomain == null) {
                throw new LogonException(RuntimePlugin.Event.TEIID40059, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40059, new Object[0]));
            }
            GSSResult neogitiateGssLogin = this.service.neogitiateGssLogin(securityDomain, bArr);
            if (neogitiateGssLogin == null) {
                throw new LogonException(RuntimePlugin.Event.TEIID40014, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014, new Object[0]));
            }
            if (neogitiateGssLogin.isAuthenticated()) {
                LogManager.logDetail("org.teiid.SECURITY", "Kerberos context established");
                properties.setProperty("user", neogitiateGssLogin.getUserName());
                this.gssServiceTickets.put(Base64.encodeBytes(MD5(neogitiateGssLogin.getServiceToken())), neogitiateGssLogin.getSecurityContext());
            }
            if (neogitiateGssLogin.isAuthenticated() && z) {
                properties.put("KRB5TOKEN", neogitiateGssLogin.getServiceToken());
                return logon(properties);
            }
            LogonResult logonResult = new LogonResult(new SessionToken(0L, "temp"), "internal", 0, "internal");
            logonResult.addProperty("KRB5TOKEN", neogitiateGssLogin.getServiceToken());
            logonResult.addProperty("KRB5_CONTEXT_ESTABLISHED", new Boolean(neogitiateGssLogin.isAuthenticated()));
            return logonResult;
        } catch (LoginException e) {
            throw new LogonException(RuntimePlugin.Event.TEIID40014, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014, new Object[0]));
        }
    }

    protected static byte[] MD5(byte[] bArr) {
        try {
            return MessageDigest.getInstance("MD5").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            return bArr;
        }
    }

    private String updateDQPContext(SessionMetadata sessionMetadata) {
        String sessionId = sessionMetadata.getSessionId();
        DQPWorkContext.getWorkContext().setSession(sessionMetadata);
        return sessionId;
    }

    public ResultsFuture<?> logoff() throws InvalidSessionException {
        DQPWorkContext workContext = DQPWorkContext.getWorkContext();
        this.service.closeSession(workContext.getSessionId());
        workContext.getSession().setSessionId((String) null);
        workContext.getSession().setSecurityContext((Object) null);
        workContext.getSession().getSessionVariables().clear();
        return ResultsFuture.NULL_FUTURE;
    }

    public ResultsFuture<?> ping() throws InvalidSessionException, TeiidComponentException {
        String sessionId = DQPWorkContext.getWorkContext().getSessionId();
        if (sessionId != null) {
            this.service.pingServer(sessionId);
        }
        LogManager.logTrace("org.teiid.SECURITY", "Ping", sessionId);
        return ResultsFuture.NULL_FUTURE;
    }

    public ResultsFuture<?> ping(Collection<String> collection) throws TeiidComponentException, CommunicationException {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            try {
                this.service.pingServer(it.next());
            } catch (InvalidSessionException e) {
            }
        }
        return ResultsFuture.NULL_FUTURE;
    }

    public void assertIdentity(SessionToken sessionToken) throws InvalidSessionException, TeiidComponentException {
        if (sessionToken == null) {
            updateDQPContext(new SessionMetadata());
            return;
        }
        try {
            SessionMetadata validateSession = this.service.validateSession(sessionToken.getSessionID());
            if (validateSession == null) {
                throw new InvalidSessionException(RuntimePlugin.Event.TEIID40063);
            }
            if (!validateSession.getSessionToken().equals(sessionToken)) {
                throw new InvalidSessionException(RuntimePlugin.Event.TEIID40064);
            }
            updateDQPContext(validateSession);
        } catch (SessionServiceException e) {
            throw new TeiidComponentException(RuntimePlugin.Event.TEIID40062, e);
        }
    }

    public SessionService getSessionService() {
        return this.service;
    }
}
