package org.jgroups.auth;

import java.io.DataInput;
import java.io.DataOutput;
import java.io.IOException;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.xml.bind.DatatypeConverter;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.jgroups.logging.Log;
import org.jgroups.logging.LogFactory;
import org.jgroups.util.Bits;

/* loaded from: input_file:WEB-INF/lib/infinispan-embedded-7.0.1.Final.jar:org/jgroups/auth/Krb5TokenUtils.class */
public class Krb5TokenUtils {
    private static final Log log = LogFactory.getLog(Krb5TokenUtils.class);
    private static Oid krb5Oid;

    /* loaded from: input_file:WEB-INF/lib/infinispan-embedded-7.0.1.Final.jar:org/jgroups/auth/Krb5TokenUtils$LoginCallbackHandler.class */
    public static class LoginCallbackHandler implements CallbackHandler {
        private String password;
        private String username;

        public LoginCallbackHandler() {
        }

        public LoginCallbackHandler(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        public LoginCallbackHandler(String str) {
            this.password = str;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if ((callback instanceof NameCallback) && this.username != null) {
                    ((NameCallback) callback).setName(this.username);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                }
            }
        }
    }

    public Subject generateSecuritySubject(String str, String str2, String str3) throws LoginException {
        try {
            LoginContext loginContext = new LoginContext(str, new LoginCallbackHandler(str2, str3));
            loginContext.login();
            log.debug(" : Krb5Token Kerberos login succeeded against user: %s", str2);
            return loginContext.getSubject();
        } catch (LoginException e) {
            log.debug(" : Krb5Token Kerberos login failed against user: %s", str2);
            throw e;
        }
    }

    public static byte[] initiateSecurityContext(Subject subject, String str) throws GSSException {
        GSSManager gSSManager = GSSManager.getInstance();
        final GSSContext createContext = gSSManager.createContext(gSSManager.createName(str, GSSName.NT_HOSTBASED_SERVICE), krb5Oid, (GSSCredential) null, 0);
        return (byte[]) Subject.doAs(subject, new PrivilegedAction<byte[]>() { // from class: org.jgroups.auth.Krb5TokenUtils.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public byte[] run() {
                try {
                    byte[] bArr = new byte[0];
                    createContext.requestMutualAuth(false);
                    createContext.requestCredDeleg(false);
                    return createContext.initSecContext(bArr, 0, bArr.length);
                } catch (GSSException e) {
                    Krb5TokenUtils.log.error("Krb5Token Kerberos context processing exception", e);
                    return null;
                }
            }
        });
    }

    public static String validateSecurityContext(Subject subject, final byte[] bArr) throws GSSException {
        return (String) Subject.doAs(subject, new PrivilegedAction<String>() { // from class: org.jgroups.auth.Krb5TokenUtils.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                try {
                    GSSContext createContext = GSSManager.getInstance().createContext((GSSCredential) null);
                    createContext.acceptSecContext(bArr, 0, bArr.length);
                    return createContext.getSrcName().toString();
                } catch (Exception e) {
                    Krb5TokenUtils.log.error("Krb5Token Kerberos context processing exception", e);
                    return null;
                }
            }
        });
    }

    public static void encodeDataToStream(byte[] bArr, DataOutput dataOutput) throws Exception {
        String printBase64Binary = DatatypeConverter.printBase64Binary(bArr);
        log.debug(" : Written Encoded Data: \n%s", printBase64Binary);
        Bits.writeString(printBase64Binary, dataOutput);
    }

    public static byte[] decodeDataFromStream(DataInput dataInput) throws Exception {
        String readString = Bits.readString(dataInput);
        log.debug(" : Read Encoded Data: \n%s", readString);
        return DatatypeConverter.parseBase64Binary(readString);
    }

    static {
        try {
            krb5Oid = new Oid("1.2.840.113554.1.2.2");
        } catch (Exception e) {
            log.error("Exception was generated while creating an Oid instance", e);
            krb5Oid = null;
        }
    }
}
