package com.ibm.rational.test.lt.kernel.impl;

import com.ibm.rational.test.lt.kernel.IKerberos;
import com.ibm.rational.test.lt.kernel.KerberosException;
import com.ibm.rational.test.lt.kernel.logging.ICache;
import com.ibm.rational.test.lt.kernel.logging.ISimpleLog;
import com.ibm.rational.test.lt.kernel.runner.IRatlRunner;
import com.ibm.security.auth.module.Krb5LoginModule;
import com.ibm.xml.crypto.util.Base64;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.StringTokenizer;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/ibm/rational/test/lt/kernel/impl/KerberosInternal.class */
public class KerberosInternal implements IKerberos {
    private String principal;
    private String password;
    private String clientRealm;
    private String serverRealm;
    private String service;
    private String server;
    private String theTicket;
    private Subject subject;
    private ISimpleLog logger;
    private boolean debug;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/rational/test/lt/kernel/impl/KerberosInternal$RPTKerberosCallbackHandler.class */
    public class RPTKerberosCallbackHandler implements CallbackHandler {
        private RPTKerberosCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(KerberosInternal.this.principal);
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    ((PasswordCallback) callbackArr[i]).setPassword(KerberosInternal.this.password.toCharArray());
                }
            }
        }

        /* synthetic */ RPTKerberosCallbackHandler(KerberosInternal kerberosInternal, RPTKerberosCallbackHandler rPTKerberosCallbackHandler) {
            this();
        }
    }

    public KerberosInternal() {
        this.serverRealm = "";
        this.debug = false;
    }

    public KerberosInternal(ISimpleLog iSimpleLog, boolean z) {
        this.serverRealm = "";
        this.debug = false;
        this.logger = iSimpleLog;
        this.debug = z;
    }

    @Override // com.ibm.rational.test.lt.kernel.IKerberos
    public String getKerberosSpnegoTicket(String str, String str2, String str3, String str4, String str5) throws KerberosException {
        return getKerberosSpnegoTicket(str, str2, str3, "", str4, str5);
    }

    public String getKerberosSpnegoTicket(String str, String str2, String str3, String str4, String str5, String str6) throws KerberosException {
        this.principal = str;
        this.password = str2;
        this.clientRealm = str3;
        this.serverRealm = str4;
        this.service = str5;
        this.server = str6;
        if (this.server.indexOf(":") != -1) {
            this.server = this.server.substring(0, this.server.indexOf(":"));
        }
        String str7 = System.getenv("RPTKERBSERVER");
        if (str7 != null) {
            this.server = str7;
        }
        log("getKerberosSpnegoTicket:  user=" + str + " pw=" + str2 + " clientRealm=" + str3 + " serverRealm=" + str4 + " service=" + this.service + " server=" + this.server);
        if (this.serverRealm == null) {
            this.serverRealm = "";
        }
        if (!this.serverRealm.equalsIgnoreCase("")) {
            this.serverRealm = "@" + this.serverRealm;
        }
        if (System.getProperty("rptKerberosServerRealm") != null) {
            str4 = "@" + System.getProperty("rptKerberosServerRealm");
        }
        log("Server realm is '" + str4 + "'");
        log("java.security.krb5.conf=" + System.getProperty("java.security.krb5.conf"));
        System.setProperty("javax.security.auth.useSubjectCredsOnly", IRatlRunner.RPT_REPORT_NET_SERVER_TIME_DEFAULT);
        Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
        HashMap hashMap = new HashMap();
        hashMap.put("principal", this.principal);
        this.subject = new Subject();
        krb5LoginModule.initialize(this.subject, new RPTKerberosCallbackHandler(this, null), (Map) null, hashMap);
        try {
            krb5LoginModule.login();
            krb5LoginModule.commit();
            return getTGS();
        } catch (LoginException e) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            e.printStackTrace(new PrintWriter((OutputStream) byteArrayOutputStream, true));
            log(byteArrayOutputStream.toString());
            throw new KerberosException("Kerberos login failed", e);
        }
    }

    @Override // com.ibm.rational.test.lt.kernel.IKerberos
    public String getTGS() throws KerberosException {
        Subject.doAs(this.subject, new PrivilegedAction<Object>() { // from class: com.ibm.rational.test.lt.kernel.impl.KerberosInternal.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    Oid oid = new Oid("1.2.840.113554.1.2.2");
                    Oid oid2 = new Oid("1.3.6.1.5.5.2");
                    GSSManager gSSManager = GSSManager.getInstance();
                    KerberosInternal.this.log("create credential using Kerberos ticket in the subject");
                    KerberosInternal.this.log("javax.security.auth.useSubjectCredsOnly=" + System.getProperty("javax.security.auth.useSubjectCredsOnly"));
                    GSSName createName = gSSManager.createName(KerberosInternal.this.principal, GSSName.NT_USER_NAME, oid);
                    GSSCredential createCredential = gSSManager.createCredential(createName.canonicalize(oid), ICache.REALTIME, oid, 1);
                    createCredential.add(createName, ICache.REALTIME, ICache.REALTIME, oid2, 1);
                    KerberosInternal.this.log("Client GSS creds " + createCredential);
                    GSSName createName2 = gSSManager.createName(String.valueOf(KerberosInternal.this.service) + "/" + KerberosInternal.this.server + KerberosInternal.this.serverRealm, GSSName.NT_USER_NAME);
                    KerberosInternal.this.log("Target server name " + createName2);
                    GSSContext createContext = gSSManager.createContext(createName2.canonicalize(oid2), oid2, createCredential, 0);
                    boolean z = true;
                    if (System.getProperty("rptKerberosRequestCredDeleg") != null) {
                        z = Boolean.parseBoolean(System.getProperty("rptKerberosRequestCredDeleg"));
                    }
                    createContext.requestCredDeleg(z);
                    KerberosInternal.this.log("Client context " + createContext);
                    byte[] bArr = new byte[0];
                    byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                    KerberosInternal.this.log("Kerberos service principal: " + createContext.getTargName());
                    KerberosInternal.this.log("State of GSS delegation: " + createContext.getCredDelegState());
                    KerberosInternal.this.theTicket = Base64.encode(initSecContext);
                    return null;
                } catch (Exception e) {
                    KerberosInternal.this.log(e);
                    return null;
                }
            }
        });
        log("RPT Kerberos returning ticket '" + this.theTicket + "'");
        if (this.theTicket != null) {
            return this.theTicket;
        }
        log("RPT Kerberos ticket NULL.  Possible invalid server or KDC specified.");
        throw new KerberosException("RPT Kerberos ticket NULL.  Possible invalid server or KDC specified.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void log(String str) {
        if (this.debug) {
            System.out.println(str);
        }
        if (this.logger != null) {
            this.logger.log(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void log(Throwable th) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        th.printStackTrace(new PrintWriter((OutputStream) byteArrayOutputStream, true));
        log(byteArrayOutputStream.toString());
    }

    public void test(String str, String str2) {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.ibm.rational.test.lt.kernel.impl.KerberosInternal.2
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str3) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
        try {
            HostnameVerifier hostnameVerifier = new HostnameVerifier() { // from class: com.ibm.rational.test.lt.kernel.impl.KerberosInternal.3
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str3, SSLSession sSLSession) {
                    return true;
                }
            };
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(null, trustManagerArr, new SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
            HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
            URLConnection openConnection = new URL(str).openConnection();
            openConnection.addRequestProperty("Authorization", "Negotiate " + str2);
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(openConnection.getInputStream()));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    System.out.println("Resposne status code = " + ((HttpURLConnection) openConnection).getResponseCode());
                    return;
                }
                System.out.println(readLine);
            }
        } catch (MalformedURLException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        } catch (KeyManagementException e3) {
            e3.printStackTrace();
        } catch (NoSuchAlgorithmException e4) {
            e4.printStackTrace();
        }
    }

    public static void main(String[] strArr) {
        String str = "kerbtester1";
        String str2 = "rptT3st";
        String str3 = "NA.KERBRPT.IBM.COM";
        String str4 = "";
        String str5 = "rptkerb4.na.kerbrpt.ibm.com";
        String str6 = "http://rptkerb4.na.kerbrpt.ibm.com:9080/HitCountWeb/HitCountServlet";
        String str7 = "rptkerb3";
        String str8 = "";
        for (int i = 0; i < strArr.length; i++) {
            StringTokenizer stringTokenizer = new StringTokenizer(strArr[i], "= ");
            String nextToken = stringTokenizer.nextToken();
            String nextToken2 = stringTokenizer.nextToken();
            System.out.println("args[" + i + "]='" + strArr[i] + "', name='" + nextToken + "', value='" + nextToken2 + "'");
            if (nextToken.equalsIgnoreCase("username")) {
                str = nextToken2;
            } else if (nextToken.equalsIgnoreCase("password")) {
                str2 = nextToken2;
            } else if (nextToken.equalsIgnoreCase("clientRealm")) {
                str3 = nextToken2;
            } else if (nextToken.equalsIgnoreCase("serverRealm")) {
                str4 = nextToken2;
            } else if (nextToken.equalsIgnoreCase("server")) {
                str5 = nextToken2;
            } else if (nextToken.equalsIgnoreCase("clientKDC")) {
                str7 = nextToken2;
            } else if (nextToken.equalsIgnoreCase("serverKDC")) {
                str8 = nextToken2;
            } else if (nextToken.equalsIgnoreCase("url")) {
                str6 = nextToken2;
            } else {
                System.err.println("Unknown argument:  name=" + nextToken + " value=" + nextToken2);
            }
        }
        System.out.println("Argument summary:");
        System.out.println("username=" + str + " password=" + str2 + " clientRealm=" + str3 + " clientKDC=" + str7 + " service=HTTP server=" + str5 + " serverRealm=" + str4 + " serverKDC=" + str8 + " url=" + str6);
        try {
            KerberosInternal kerberosInternal = new KerberosInternal(null, true);
            String canonicalHostName = InetAddress.getLocalHost().getCanonicalHostName();
            canonicalHostName.substring(canonicalHostName.indexOf(".") + 1);
            kerberosInternal.test(str6, str4.equalsIgnoreCase("") ? kerberosInternal.getKerberosSpnegoTicket(str, str2, str3, "HTTP", str5) : kerberosInternal.getKerberosSpnegoTicket(str, str2, str3, str4, "HTTP", str5));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
