package org.jboss.as.test.integration.security.common.negotiation;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Base64;
import org.apache.commons.lang.SystemUtils;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Enumerated;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERApplicationSpecific;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.util.ASN1Dump;
import org.jboss.as.network.NetworkUtils;
import org.jboss.as.test.integration.security.common.Utils;
import org.jboss.logging.Logger;
import org.junit.AssumptionViolatedException;

/* loaded from: input_file:org/jboss/as/test/integration/security/common/negotiation/KerberosTestUtils.class */
public final class KerberosTestUtils {
    private static final Logger LOGGER = Logger.getLogger(KerberosTestUtils.class);
    public static final boolean PREFER_IPV4_STACK = Boolean.parseBoolean(System.getProperty("java.net.preferIPv4Stack", "true"));
    public static final boolean PREFER_IPV6_ADDR = Boolean.getBoolean("java.net.preferIPv6Addresses");
    public static final String OID_KERBEROS_V5 = "1.2.840.113554.1.2.2";
    public static final String OID_KERBEROS_V5_LEGACY = "1.2.840.48018.1.2.2";
    public static final String OID_NTLM = "1.3.6.1.4.1.311.2.2.10";
    public static final String OID_SPNEGO = "1.3.6.1.5.5.2";
    public static final String OID_DUMMY = "1.1.2.5.6.7";

    private KerberosTestUtils() {
    }

    public static void assumeKerberosAuthenticationSupported(String str) throws AssumptionViolatedException {
        if (Utils.IBM_JDK && isRunningOnIPv6()) {
            throw new AssumptionViolatedException("Kerberos tests are not supported on IBM Java with IPv6. Find more info in https://bugzilla.redhat.com/show_bug.cgi?id=1188632");
        }
        if (isIPv6Hostname(str)) {
            throw new AssumptionViolatedException("Kerberos tests are not supported when hostname is not available for tested IPv6 address. Find more info in https://issues.jboss.org/browse/WFLY-5409");
        }
    }

    public static void assumeEjbKerberosAuthenticationSupported(String str) {
        if (isIPv6Hostname(str) && Utils.ORACLE_JDK && SystemUtils.IS_JAVA_1_6) {
            throw new AssumptionViolatedException("Kerberos tests are not supported on Oracle Java 6 with IPv6-based hostnames. Find more info in https://bugzilla.redhat.com/show_bug.cgi?id=1179710");
        }
        assumeKerberosAuthenticationSupported(str);
    }

    public static void assumeCLIKerberosAuthenticationSupported(String str) throws AssumptionViolatedException {
        if (Utils.IBM_JDK) {
            throw new AssumptionViolatedException("Kerberos CLI tests are not supported on IBM Java. Find more info in https://bugzilla.redhat.com/show_bug.cgi?id=1174156");
        }
        if (Utils.ORACLE_JDK && SystemUtils.IS_JAVA_1_6) {
            throw new AssumptionViolatedException("Kerberos CLI tests are not supported on Oracle Java 6, because wrong support of KRB5CCNAME environment property. Find more info in https://bugzilla.redhat.com/show_bug.cgi?id=1173530#c3");
        }
        assumeKerberosAuthenticationSupported(str);
    }

    private static boolean isIPv6Hostname(String str) {
        if (str == null) {
            str = Utils.getDefaultHost(true);
            LOGGER.warn("Fallback to a default host is used hostname = " + str);
        }
        return NetworkUtils.formatPossibleIpv6Address(str).startsWith("[");
    }

    private static boolean isRunningOnIPv6() {
        return !PREFER_IPV4_STACK && PREFER_IPV6_ADDR;
    }

    public static byte[] generateSpnegoTokenInit(byte[] bArr, String... strArr) throws IOException {
        DEROctetString dEROctetString = new DEROctetString(bArr);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (String str : strArr) {
            aSN1EncodableVector.add(new ASN1ObjectIdentifier(str));
        }
        DERTaggedObject dERTaggedObject = new DERTaggedObject(0, new DERSequence(aSN1EncodableVector));
        DERTaggedObject dERTaggedObject2 = new DERTaggedObject(2, dEROctetString);
        ASN1EncodableVector aSN1EncodableVector2 = new ASN1EncodableVector();
        aSN1EncodableVector2.add(dERTaggedObject);
        aSN1EncodableVector2.add(dERTaggedObject2);
        DERTaggedObject dERTaggedObject3 = new DERTaggedObject(0, new DERSequence(aSN1EncodableVector2));
        ASN1EncodableVector aSN1EncodableVector3 = new ASN1EncodableVector();
        aSN1EncodableVector3.add(new ASN1ObjectIdentifier(OID_SPNEGO));
        aSN1EncodableVector3.add(dERTaggedObject3);
        return new DERApplicationSpecific(0, aSN1EncodableVector3).getEncoded();
    }

    public static byte[] generateSpnegoTokenResp(byte[] bArr) throws IOException {
        DEROctetString dEROctetString = new DEROctetString(bArr);
        DERTaggedObject dERTaggedObject = new DERTaggedObject(0, new ASN1Enumerated(1));
        DERTaggedObject dERTaggedObject2 = new DERTaggedObject(2, dEROctetString);
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(dERTaggedObject);
        aSN1EncodableVector.add(dERTaggedObject2);
        return new DERTaggedObject(1, new DERSequence(aSN1EncodableVector)).getEncoded();
    }

    public static String dumpAsn1Obj(byte[] bArr) throws IOException {
        if (bArr == null) {
            return null;
        }
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
            Throwable th = null;
            try {
                String dumpAsString = ASN1Dump.dumpAsString(aSN1InputStream.readObject(), true);
                if (aSN1InputStream != null) {
                    if (0 != 0) {
                        try {
                            aSN1InputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        aSN1InputStream.close();
                    }
                }
                return dumpAsString;
            } finally {
            }
        } catch (Exception e) {
            LOGGER.debug("ASN1Dump failed", e);
            return "[Unable to dump ASN.1: " + Base64.getEncoder().encodeToString(bArr) + " ]";
        }
    }

    public static String dumpNegotiateHeader(HttpResponse httpResponse) throws IOException {
        if (httpResponse == null) {
            return null;
        }
        for (Header header : httpResponse.getHeaders("WWW-Authenticate")) {
            String value = header.getValue();
            if (value.startsWith("Negotiate ")) {
                return dumpAsn1Obj(Base64.getDecoder().decode(value.substring("Negotiate ".length())));
            }
        }
        return null;
    }
}
