package com.filenet.apiimpl.authentication.util;

import com.filenet.api.util.WSILoginModule;
import com.filenet.apiimpl.authentication.FnceCallbackHandler;
import com.filenet.apiimpl.exception.ExceptionAuthn;
import com.filenet.apiimpl.util.J2EEType;
import java.io.IOException;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:runtime/Jace.jar:com/filenet/apiimpl/authentication/util/J2EEAuthnUtil.class */
public class J2EEAuthnUtil {

    /* renamed from: util, reason: collision with root package name */
    private static J2EEAuthnUtil f0util;
    private static int appServerType = -1;
    private static final String FNAME = "[J2EEAuthnUtil] ";
    protected static String fname = FNAME;
    protected static final String CLIENT_LOGIN_CONFIG = "FileNetP8";
    protected String krb5LoginModuleClass = "com.sun.security.auth.module.Krb5LoginModule";
    protected String[] krb5NormalClientLoginOptions = {"storeKey=true"};
    protected String[] krb5CachedClientLoginOptions = {"useTicketCache=true"};
    protected String[] krb5ServiceLoginOptions = {"useKeyTab=true", "storeKey=true"};
    protected String[] krb5ServiceLoginOptionsKeytab = this.krb5ServiceLoginOptions;
    protected String krb5KeytabOption = "keyTab";
    protected String krb5KeytabPrefix = "";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:runtime/Jace.jar:com/filenet/apiimpl/authentication/util/J2EEAuthnUtil$Init.class */
    public static class Init {
        static int appServerType = J2EEType.getAppServerType();

        /* renamed from: util, reason: collision with root package name */
        static J2EEAuthnUtil f1util;

        private Init() {
        }

        static {
            String str = null;
            switch (appServerType) {
                case 2:
                    str = "com.filenet.apiimpl.authentication.util.J2EEAuthnUtilJB";
                    break;
                case 3:
                    str = "com.filenet.apiimpl.authentication.util.J2EEAuthnUtilWL";
                    break;
                case 4:
                    str = "com.filenet.apiimpl.authentication.util.J2EEAuthnUtilWS";
                    break;
            }
            if (str != null) {
                try {
                    f1util = (J2EEAuthnUtil) Class.forName(str).newInstance();
                } catch (Exception e) {
                    AuthnUtil.error("[J2EEAuthnUtil] creation of handler failed: " + e.getLocalizedMessage());
                    throw J2EEAuthnUtil.wrappedException(e);
                }
            }
            if (f1util == null) {
                String exceptionAuthn = ExceptionAuthn.SECURITY_APP_SERVER_NOT_RECOGNIZED.toString(new Object[]{J2EEAuthnUtil.getProviderURL()});
                AuthnUtil.error(J2EEAuthnUtil.FNAME + exceptionAuthn);
                throw new IllegalStateException(exceptionAuthn);
            }
        }
    }

    public static J2EEAuthnUtil getInstance() {
        if (f0util == null) {
            f0util = Init.f1util;
            appServerType = Init.appServerType;
        }
        return f0util;
    }

    public static int getAppServerType() {
        if (appServerType == -1) {
            f0util = Init.f1util;
            appServerType = Init.appServerType;
        }
        return appServerType;
    }

    public static String getProviderURL() {
        return J2EEType.getProviderURL();
    }

    public Subject doServerLogin(String str, String str2, char[] cArr, boolean z) throws LoginException {
        if (z) {
            AuthnUtil.log(fname + "doServerLogin for '" + str2 + '\'');
        }
        LoginContext loginContext = new LoginContext(str, new FnceCallbackHandler(str2, cArr));
        loginContext.login();
        return loginContext.getSubject();
    }

    public Subject doServerLogin(String str, CallbackHandler callbackHandler, boolean z) throws LoginException {
        if (z) {
            AuthnUtil.log(fname + "doServerLogin using a callback handler");
        }
        LoginContext loginContext = new LoginContext(str, callbackHandler);
        loginContext.login();
        return loginContext.getSubject();
    }

    public boolean handleServerCallbacks(LmState lmState, Callback[] callbackArr) throws UnsupportedCallbackException, IOException {
        lmState.callbackHandler.handle(callbackArr);
        return true;
    }

    public boolean precommitClientLogin(LmState lmState, char[] cArr) throws LoginException, IOException {
        return precommitLogin(lmState);
    }

    public boolean precommitServerLogin(LmState lmState) throws LoginException, IOException {
        return precommitLogin(lmState);
    }

    public boolean precommitLogin(LmState lmState) throws LoginException, IOException {
        addUserPrincipal(lmState, lmState.princName);
        if (lmState.realm != null) {
            addGroupPrincipal(lmState, lmState.realm);
        }
        if (lmState.extraCred == null) {
            return true;
        }
        lmState.newPrivateCredentials.add(lmState.extraCred);
        return true;
    }

    public boolean commitClientLogin(LmState lmState) {
        return commitLogin(lmState);
    }

    public boolean commitServerLogin(LmState lmState) {
        return commitLogin(lmState);
    }

    public boolean commitLogin(LmState lmState) {
        lmState.subject.getPrincipals().addAll(lmState.newPrincipals);
        lmState.subject.getPublicCredentials().addAll(lmState.newPublicCredentials);
        lmState.subject.getPrivateCredentials().addAll(lmState.newPrivateCredentials);
        if (!lmState.isDebug) {
            return true;
        }
        AuthnUtil.log(fname + "commit successful");
        return true;
    }

    public void cleanupLogin(LmState lmState) {
        Subject subject = lmState.subject;
        Iterator it = lmState.newPrincipals.iterator();
        while (it.hasNext()) {
            subject.getPrincipals().remove(it.next());
        }
        lmState.newPrincipals.clear();
        zapCreds(subject.getPublicCredentials(), lmState.newPublicCredentials);
        zapCreds(subject.getPrivateCredentials(), lmState.newPrivateCredentials);
        if (lmState.isDebug) {
            AuthnUtil.log(fname + "cleanup successful");
        }
    }

    public Subject defaultTgtLogin(String str, char[] cArr, String str2, boolean z) throws LoginException {
        String[] strArr;
        if (z) {
            AuthnUtil.log(fname + "defaultTgtLogin");
        }
        FnceCallbackHandler fnceCallbackHandler = new FnceCallbackHandler(str != null ? str : "", cArr != null ? cArr : new char[0]);
        HashMap hashMap = new HashMap();
        hashMap.put(WSILoginModule.PARAM_DEBUG, z ? "true" : "false");
        if (str == null || str.length() <= 0) {
            strArr = this.krb5CachedClientLoginOptions;
        } else if (cArr == null) {
            hashMap.put("principal", str);
            if (str2 != null) {
                int length = this.krb5KeytabPrefix.length();
                if (length > 0 && length < str2.length() && !this.krb5KeytabPrefix.equals(str2.substring(0, length).toUpperCase(Locale.ENGLISH))) {
                    str2 = this.krb5KeytabPrefix + str2;
                }
                hashMap.put(this.krb5KeytabOption, str2);
                strArr = this.krb5ServiceLoginOptionsKeytab;
            } else {
                strArr = this.krb5ServiceLoginOptions;
            }
        } else {
            strArr = this.krb5NormalClientLoginOptions;
        }
        try {
            DynLoginContext dynLoginContext = new DynLoginContext((Subject) null, fnceCallbackHandler, DynLoginContext.buildConf(this.krb5LoginModuleClass, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap, strArr), z);
            dynLoginContext.login();
            Subject subject = dynLoginContext.getSubject();
            if (subject != null) {
                return subject;
            }
            String exceptionAuthn = ExceptionAuthn.SECURITY_FAILED_DEFAULT_TGT_LOGIN.toString(new Object[]{ExceptionAuthn.SECURITY_SUBJECT_NULL.toString()});
            if (z) {
                AuthnUtil.log(FNAME + exceptionAuthn);
            }
            throw new LoginException(exceptionAuthn);
        } catch (Exception e) {
            if (z) {
                AuthnUtil.log("[J2EEAuthnUtil] TGT login failure", e);
            }
            if (e instanceof LoginException) {
                throw ((LoginException) e);
            }
            LoginException loginException = new LoginException(ExceptionAuthn.SECURITY_FAILED_DEFAULT_TGT_LOGIN.toString(new Object[]{e.getLocalizedMessage()}));
            loginException.initCause(e);
            throw loginException;
        }
    }

    public void addUserPrincipal(LmState lmState, String str) {
        throw new UnsupportedOperationException();
    }

    public void addGroupPrincipal(LmState lmState, String str) {
        throw new UnsupportedOperationException();
    }

    public Object runAs(Subject subject, PrivilegedAction privilegedAction) {
        return Subject.doAs(subject, privilegedAction);
    }

    public Object runAs(Subject subject, PrivilegedExceptionAction privilegedExceptionAction) throws Exception {
        return Subject.doAs(subject, privilegedExceptionAction);
    }

    public Subject getCurrentSubject() {
        return Subject.getSubject(AccessController.getContext());
    }

    public void fixupCachedSubject(Subject subject) {
    }

    public void handleCallback(Callback callback, Map map) throws UnsupportedCallbackException {
        throw new UnsupportedCallbackException(callback);
    }

    public boolean isTicketsSPNToMatchLogins() {
        return false;
    }

    public boolean isCachingNeeded() {
        return false;
    }

    public boolean setupSubjectSecurity(Subject subject) {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void fetchStaticConstants(Class cls, HashMap hashMap) {
        for (Field field : cls.getDeclaredFields()) {
            int modifiers = field.getModifiers();
            if (Modifier.isStatic(modifiers) && Modifier.isPublic(modifiers)) {
                try {
                    hashMap.put(field.getName(), field.get(null));
                } catch (Exception e) {
                }
            }
        }
    }

    public static Object reflectionCall(Method method, Object obj, Object[] objArr) {
        try {
            return method.invoke(obj, objArr);
        } catch (Exception e) {
            throw processedException(e, method.getDeclaringClass(), method.getName());
        }
    }

    public static Object reflectionConstructor(Class cls) {
        try {
            return cls.newInstance();
        } catch (Exception e) {
            throw processedException(e, cls, "<ctor>");
        }
    }

    public static Object reflectionConstructor(Constructor constructor, Object[] objArr) {
        try {
            return constructor.newInstance(objArr);
        } catch (Exception e) {
            throw processedException(e, constructor.getDeclaringClass(), "<ctor>");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static RuntimeException processedException(Exception exc, Class cls, String str) {
        String name = cls.getName();
        int lastIndexOf = name.lastIndexOf(46);
        if (lastIndexOf >= 0) {
            name = name.substring(lastIndexOf + 1);
        }
        String str2 = f0util != null ? fname : FNAME;
        Exception exc2 = exc;
        if ((exc instanceof InvocationTargetException) && exc.getCause() != null) {
            exc2 = exc.getCause();
        }
        AuthnUtil.error(str2 + name + '.' + str + ": " + exc2.getLocalizedMessage());
        return exc instanceof RuntimeException ? (RuntimeException) exc : wrappedException(exc);
    }

    public static IllegalStateException wrappedException(Exception exc) {
        return (IllegalStateException) new IllegalStateException(ExceptionAuthn.E_AUTHN_UNEXPECTED_EXCEPTION.toString(new Object[]{exc.getLocalizedMessage()})).initCause(exc);
    }

    private static void zapCreds(Collection collection, Collection collection2) {
        for (Object obj : collection2) {
            collection.remove(obj);
            AuthnUtil.destroyCred(obj);
        }
        collection2.clear();
    }
}
