package org.apache.sshd.server.auth.gss;

import org.apache.mina.proxy.handlers.socks.SocksProxyConstants;
import org.apache.sshd.common.NamedFactory;
import org.apache.sshd.common.SshConstants;
import org.apache.sshd.common.util.Buffer;
import org.apache.sshd.server.HandshakingUserAuth;
import org.apache.sshd.server.UserAuth;
import org.apache.sshd.server.session.ServerSession;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/sshd/server/auth/gss/UserAuthGSS.class */
public class UserAuthGSS implements HandshakingUserAuth {
    public static final Oid KRB5_MECH = createOID(SocksProxyConstants.KERBEROS_V5_OID);
    public static final Oid KRB5_NT_PRINCIPAL = createOID("1.2.840.113554.1.2.2.1");
    private String servicePrincipalName;
    private String keytabFile;
    private GSSContext ctxt;
    private GSSCredential creds;
    private String user;
    private String service;
    private String identity;
    private Logger log = LoggerFactory.getLogger(getClass());

    /* loaded from: input_file:org/apache/sshd/server/auth/gss/UserAuthGSS$Factory.class */
    public static class Factory implements NamedFactory<UserAuth> {
        @Override // org.apache.sshd.common.NamedFactory
        public String getName() {
            return "gssapi-with-mic";
        }

        @Override // org.apache.sshd.common.Factory
        public UserAuth create() {
            return new UserAuthGSS();
        }
    }

    @Override // org.apache.sshd.server.UserAuth
    public Boolean auth(ServerSession serverSession, String str, Buffer buffer) throws Exception {
        GSSManager gSSManager;
        GSSCredential gSSCredential;
        GSSAuthenticator authenticator = getAuthenticator(serverSession);
        this.user = str;
        int i = buffer.getInt();
        for (int i2 = 0; i2 < i; i2++) {
            Oid oid = new Oid(buffer.getBytes());
            if (oid.equals(KRB5_MECH)) {
                this.log.debug("UserAuthGSS: found Kerberos 5");
                if (authenticator.validateInitialUser(serverSession, str) && (gSSCredential = authenticator.getGSSCredential((gSSManager = authenticator.getGSSManager()))) != null) {
                    this.ctxt = gSSManager.createContext(gSSCredential);
                    Buffer createBuffer = serverSession.createBuffer(SshConstants.Message.SSH_MSG_USERAUTH_INFO_REQUEST, 0);
                    createBuffer.putBytes(oid.getDER());
                    serverSession.writePacket(createBuffer);
                    return null;
                }
                return Boolean.FALSE;
            }
        }
        return Boolean.FALSE;
    }

    @Override // org.apache.sshd.server.HandshakingUserAuth
    public void setServiceName(String str) {
        this.service = str;
    }

    @Override // org.apache.sshd.server.HandshakingUserAuth
    public boolean handles(SshConstants.Message message) {
        return message == SshConstants.Message.SSH_MSG_USERAUTH_INFO_RESPONSE || (message == SshConstants.Message.SSH_MSG_USERAUTH_GSSAPI_MIC && this.ctxt.isEstablished());
    }

    @Override // org.apache.sshd.server.HandshakingUserAuth
    public Boolean next(ServerSession serverSession, SshConstants.Message message, Buffer buffer) throws Exception {
        GSSAuthenticator authenticator = getAuthenticator(serverSession);
        this.log.debug("In krb5.next: msg = " + message);
        if (this.ctxt.isEstablished()) {
            if (message != SshConstants.Message.SSH_MSG_USERAUTH_GSSAPI_MIC) {
                return Boolean.FALSE;
            }
            Buffer buffer2 = new Buffer();
            buffer2.putString(serverSession.getSessionId());
            buffer2.putByte(SshConstants.Message.SSH_MSG_USERAUTH_REQUEST.toByte());
            buffer2.putString(this.user.getBytes("UTF-8"));
            buffer2.putString(this.service);
            buffer2.putString("gssapi-with-mic");
            byte[] compactData = buffer2.getCompactData();
            byte[] bytes = buffer.getBytes();
            try {
                this.ctxt.verifyMIC(bytes, 0, bytes.length, compactData, 0, compactData.length, new MessageProp(false));
                this.log.debug("MIC verified");
                return Boolean.TRUE;
            } catch (GSSException e) {
                this.log.info("GSS verification error: {}", e.toString());
                return Boolean.FALSE;
            }
        }
        byte[] bytes2 = buffer.getBytes();
        byte[] acceptSecContext = this.ctxt.acceptSecContext(bytes2, 0, bytes2.length);
        boolean isEstablished = this.ctxt.isEstablished();
        if (isEstablished && this.identity == null) {
            this.identity = this.ctxt.getSrcName().toString();
            this.log.info("GSS identity is {}", this.identity);
            if (!authenticator.validateIdentity(serverSession, this.identity)) {
                return Boolean.FALSE;
            }
        }
        if (acceptSecContext == null || acceptSecContext.length <= 0) {
            return Boolean.valueOf(isEstablished);
        }
        Buffer createBuffer = serverSession.createBuffer(SshConstants.Message.SSH_MSG_USERAUTH_INFO_RESPONSE, 0);
        createBuffer.putBytes(acceptSecContext);
        serverSession.writePacket(createBuffer);
        return null;
    }

    @Override // org.apache.sshd.server.HandshakingUserAuth
    public String getUserName() throws GSSException {
        return this.identity;
    }

    @Override // org.apache.sshd.server.HandshakingUserAuth
    public void destroy() {
        if (this.creds != null) {
            try {
                this.creds.dispose();
            } catch (GSSException e) {
            }
            if (this.ctxt != null) {
                try {
                    this.ctxt.dispose();
                } catch (GSSException e2) {
                }
            }
        }
    }

    private GSSAuthenticator getAuthenticator(ServerSession serverSession) throws Exception {
        GSSAuthenticator gSSAuthenticator = serverSession.getServerFactoryManager().getGSSAuthenticator();
        if (gSSAuthenticator == null) {
            throw new Exception("No GSSAuthenticator configured");
        }
        return gSSAuthenticator;
    }

    private static Oid createOID(String str) {
        try {
            return new Oid(str);
        } catch (GSSException e) {
            return null;
        }
    }
}
