package org.teiid.transport;

import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Iterator;
import java.util.Properties;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.teiid.adminapi.impl.SessionMetadata;
import org.teiid.client.security.ILogon;
import org.teiid.client.security.InvalidSessionException;
import org.teiid.client.security.LogonException;
import org.teiid.client.security.LogonResult;
import org.teiid.client.security.SessionToken;
import org.teiid.client.util.ResultsFuture;
import org.teiid.core.TeiidComponentException;
import org.teiid.dqp.internal.process.DQPWorkContext;
import org.teiid.dqp.service.SessionService;
import org.teiid.dqp.service.SessionServiceException;
import org.teiid.logging.LogManager;
import org.teiid.net.CommunicationException;
import org.teiid.net.socket.AuthenticationType;
import org.teiid.runtime.RuntimePlugin;
import org.teiid.security.Credentials;
import org.teiid.security.SecurityHelper;

/* loaded from: input_file:org/teiid/transport/LogonImpl.class */
public class LogonImpl implements ILogon {
    private SessionService service;
    private String clusterName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/teiid/transport/LogonImpl$GSSResult.class */
    public class GSSResult {
        GSSContext context;
        byte[] serviceTicket;

        public GSSResult(GSSContext gSSContext, byte[] bArr) {
            this.context = gSSContext;
            this.serviceTicket = bArr;
        }
    }

    /* loaded from: input_file:org/teiid/transport/LogonImpl$GssAction.class */
    class GssAction implements PrivilegedAction<GSSResult> {
        byte[] serviceTicket;

        public GssAction(byte[] bArr) {
            this.serviceTicket = bArr;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedAction
        public GSSResult run() {
            try {
                GSSContext createContext = GSSManager.getInstance().createContext((GSSCredential) null);
                this.serviceTicket = createContext.acceptSecContext(this.serviceTicket, 0, this.serviceTicket.length);
                return new GSSResult(createContext, this.serviceTicket);
            } catch (GSSException e) {
                LogManager.logError("org.teiid.SECURITY", e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014, new Object[0]));
                return null;
            }
        }
    }

    public LogonImpl(SessionService sessionService, String str) {
        this.service = sessionService;
        this.clusterName = str;
    }

    public LogonResult logon(Properties properties) throws LogonException, TeiidComponentException, CommunicationException {
        if (this.service.getGssSecurityDomain() == null || properties.get("KRB5TOKEN") == null) {
            if (AuthenticationType.CLEARTEXT.equals(this.service.getAuthenticationType())) {
                return logon(properties, null);
            }
            throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, new Object[]{"JAAS"}));
        }
        if (this.service.getSecurityHelper().getSubjectInContext(this.service.getGssSecurityDomain()) == null) {
            throw new LogonException(RuntimePlugin.Event.TEIID40054, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40054, new Object[0]));
        }
        return logon(properties, (byte[]) properties.get("KRB5TOKEN"));
    }

    private LogonResult logon(Properties properties, byte[] bArr) throws LogonException {
        String sessionId = DQPWorkContext.getWorkContext().getSessionId();
        String property = properties.getProperty("ApplicationName");
        String property2 = properties.getProperty("user", SSLConfiguration.ANONYMOUS);
        String property3 = properties.getProperty("password");
        Credentials credentials = null;
        if (property3 != null) {
            credentials = new Credentials(property3.toCharArray());
        }
        try {
            SessionMetadata createSession = this.service.createSession(property2, credentials, property, properties, true);
            updateDQPContext(createSession);
            if (DQPWorkContext.getWorkContext().getClientAddress() == null) {
                createSession.setEmbedded(true);
            }
            if (sessionId != null) {
                try {
                    this.service.closeSession(sessionId);
                } catch (InvalidSessionException e) {
                }
            }
            LogonResult logonResult = new LogonResult(createSession.getSessionToken(), createSession.getVDBName(), createSession.getVDBVersion(), this.clusterName);
            if (bArr != null) {
                logonResult.addProperty("KRB5TOKEN", bArr);
            }
            return logonResult;
        } catch (LoginException e2) {
            throw new LogonException(e2);
        } catch (SessionServiceException e3) {
            throw new LogonException(e3);
        }
    }

    public LogonResult neogitiateGssLogin(Properties properties, byte[] bArr, boolean z) throws LogonException {
        if (!AuthenticationType.GSS.equals(this.service.getAuthenticationType())) {
            throw new LogonException(RuntimePlugin.Event.TEIID40055, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40055, new Object[]{"Kerberos"}));
        }
        String property = properties.getProperty("user");
        String property2 = properties.getProperty("password");
        Object obj = null;
        boolean z2 = false;
        try {
            try {
                String gssSecurityDomain = this.service.getGssSecurityDomain();
                if (gssSecurityDomain == null) {
                    throw new LogonException(RuntimePlugin.Event.TEIID40059, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40059, new Object[0]));
                }
                LoginContext createLoginContext = this.service.createLoginContext(gssSecurityDomain, property, property2);
                createLoginContext.login();
                Subject subject = createLoginContext.getSubject();
                GSSResult gSSResult = (GSSResult) Subject.doAs(subject, new GssAction(bArr));
                if (gSSResult == null) {
                    throw new LogonException(RuntimePlugin.Event.TEIID40014, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014, new Object[0]));
                }
                if (gSSResult.context.isEstablished()) {
                    Principal principal = null;
                    Iterator<Principal> it = subject.getPrincipals().iterator();
                    if (it.hasNext()) {
                        principal = it.next();
                    }
                    SecurityHelper securityHelper = this.service.getSecurityHelper();
                    obj = securityHelper.associateSecurityContext(securityHelper.createSecurityContext(gssSecurityDomain, principal, (Object) null, subject));
                    z2 = true;
                }
                if (gSSResult.context.isEstablished() && z) {
                    LogManager.logDetail("org.teiid.SECURITY", new Object[]{"Kerberos context established"});
                    LogonResult logon = logon(properties, gSSResult.serviceTicket);
                    if (z2) {
                        this.service.getSecurityHelper().associateSecurityContext(obj);
                    }
                    return logon;
                }
                LogonResult logonResult = new LogonResult(new SessionToken(0L, "temp"), "internal", 0, "internal");
                logonResult.addProperty("KRB5TOKEN", gSSResult.serviceTicket);
                logonResult.addProperty("KRB5_CONTEXT_ESTABLISHED", new Boolean(gSSResult.context.isEstablished()));
                if (z2) {
                    this.service.getSecurityHelper().associateSecurityContext(obj);
                }
                return logonResult;
            } catch (LoginException e) {
                throw new LogonException(RuntimePlugin.Event.TEIID40014, e, RuntimePlugin.Util.gs(RuntimePlugin.Event.TEIID40014, new Object[0]));
            }
        } catch (Throwable th) {
            if (0 != 0) {
                this.service.getSecurityHelper().associateSecurityContext((Object) null);
            }
            throw th;
        }
    }

    private String updateDQPContext(SessionMetadata sessionMetadata) {
        String sessionId = sessionMetadata.getSessionId();
        DQPWorkContext.getWorkContext().setSession(sessionMetadata);
        return sessionId;
    }

    public ResultsFuture<?> logoff() throws InvalidSessionException {
        this.service.closeSession(DQPWorkContext.getWorkContext().getSessionId());
        DQPWorkContext.getWorkContext().getSession().setSessionId((String) null);
        return ResultsFuture.NULL_FUTURE;
    }

    public ResultsFuture<?> ping() throws InvalidSessionException, TeiidComponentException {
        String sessionId = DQPWorkContext.getWorkContext().getSessionId();
        if (sessionId != null) {
            this.service.pingServer(sessionId);
        }
        LogManager.logTrace("org.teiid.SECURITY", new Object[]{"Ping", sessionId});
        return ResultsFuture.NULL_FUTURE;
    }

    public ResultsFuture<?> ping(Collection<String> collection) throws TeiidComponentException, CommunicationException {
        Iterator<String> it = collection.iterator();
        while (it.hasNext()) {
            try {
                this.service.pingServer(it.next());
            } catch (InvalidSessionException e) {
            }
        }
        return ResultsFuture.NULL_FUTURE;
    }

    public void assertIdentity(SessionToken sessionToken) throws InvalidSessionException, TeiidComponentException {
        try {
            SessionMetadata validateSession = this.service.validateSession(sessionToken.getSessionID());
            if (validateSession == null) {
                throw new InvalidSessionException(RuntimePlugin.Event.TEIID40063);
            }
            if (!validateSession.getSessionToken().equals(sessionToken)) {
                throw new InvalidSessionException(RuntimePlugin.Event.TEIID40064);
            }
            updateDQPContext(validateSession);
        } catch (SessionServiceException e) {
            throw new TeiidComponentException(RuntimePlugin.Event.TEIID40062, e);
        }
    }
}
