package com.dbeaver.db.mariadb.krb5;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.sql.Connection;
import java.util.Iterator;
import java.util.Properties;
import javax.security.auth.login.Configuration;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.connection.DBPConnectionConfiguration;
import org.jkiss.dbeaver.model.exec.DBCException;
import org.jkiss.dbeaver.model.impl.jdbc.JDBCConnectionConfigurer;
import org.jkiss.dbeaver.model.net.DBWHandlerConfiguration;
import org.jkiss.dbeaver.model.runtime.DBRProgressMonitor;
import org.jkiss.dbeaver.runtime.DBWorkbench;
import org.jkiss.utils.CommonUtils;

/* loaded from: input_file:com/dbeaver/db/mariadb/krb5/MariaDBKerberosConnectionConfigurer.class */
public class MariaDBKerberosConnectionConfigurer implements JDBCConnectionConfigurer {
    private static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    private static final String JAVA_SECURITY_KRB5_REALM = "java.security.krb5.realm";
    private static final String JAVA_SECURITY_KRB5_KDC = "java.security.krb5.kdc";
    private static final Log log = Log.getLog(MariaDBKerberosConnectionConfigurer.class);
    private File credentialCacheFile;
    private File jaasFile;

    public void beforeConnection(DBRProgressMonitor dBRProgressMonitor, DBPConnectionConfiguration dBPConnectionConfiguration, Properties properties) throws DBCException {
        try {
            initKerberos(dBRProgressMonitor, dBPConnectionConfiguration);
        } catch (IOException e) {
            throw new DBCException("IO error", e);
        }
    }

    public void afterConnection(DBRProgressMonitor dBRProgressMonitor, DBPConnectionConfiguration dBPConnectionConfiguration, Properties properties, Connection connection, Throwable th) {
        System.clearProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
        System.clearProperty(JAVA_SECURITY_KRB5_REALM);
        System.clearProperty(JAVA_SECURITY_KRB5_KDC);
        try {
            if (this.credentialCacheFile != null) {
                this.credentialCacheFile.delete();
            }
            if (this.jaasFile != null) {
                this.jaasFile.delete();
            }
        } catch (Exception unused) {
            log.error("Cannot destroy kerberos session after connection.");
        }
    }

    private void initKerberos(DBRProgressMonitor dBRProgressMonitor, DBPConnectionConfiguration dBPConnectionConfiguration) throws IOException, DBCException {
        DBWHandlerConfiguration dBWHandlerConfiguration = null;
        Iterator it = dBPConnectionConfiguration.getHandlers().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DBWHandlerConfiguration dBWHandlerConfiguration2 = (DBWHandlerConfiguration) it.next();
            if (dBWHandlerConfiguration2.getId().equals("mariadb_kerberos") && dBWHandlerConfiguration2.isEnabled()) {
                dBWHandlerConfiguration = dBWHandlerConfiguration2;
                break;
            }
        }
        if (dBWHandlerConfiguration == null) {
            return;
        }
        dBRProgressMonitor.subTask("Initialize Kerberos configuration");
        String userName = dBPConnectionConfiguration.getUserName();
        File tempFolder = DBWorkbench.getPlatform().getTempFolder(dBRProgressMonitor, "krb5");
        this.credentialCacheFile = File.createTempFile("krb5-", ".ccache", tempFolder);
        this.jaasFile = createJaasFile(tempFolder, dBWHandlerConfiguration, this.credentialCacheFile);
        String absolutePath = this.jaasFile.getAbsolutePath();
        if (CommonUtils.isEmpty(userName)) {
            throw new DBCException("Empty user name");
        }
        String commonUtils = CommonUtils.toString(dBWHandlerConfiguration.getProperties().get(MariaDBKerberosConstants.REALM));
        String commonUtils2 = CommonUtils.toString(dBWHandlerConfiguration.getProperties().get(MariaDBKerberosConstants.KDC_SERVER));
        String commonUtils3 = CommonUtils.toString(dBWHandlerConfiguration.getProperties().get(MariaDBKerberosConstants.KRB5_USER));
        boolean isEmpty = CommonUtils.isEmpty(commonUtils);
        boolean isEmpty2 = CommonUtils.isEmpty(commonUtils2);
        boolean isEmpty3 = CommonUtils.isEmpty(commonUtils3);
        if (isEmpty) {
            if (!isEmpty3) {
                if (commonUtils3.contains("@")) {
                    commonUtils = commonUtils3.substring(commonUtils3.lastIndexOf(64) + 1);
                } else if (!commonUtils3.contains("@")) {
                    commonUtils3 = String.valueOf(commonUtils3) + "@" + commonUtils;
                }
            }
            if (!CommonUtils.isEmpty(commonUtils2)) {
                System.setProperty(JAVA_SECURITY_KRB5_KDC, commonUtils2);
            }
        }
        if (isEmpty3) {
            commonUtils3 = String.valueOf(userName) + "@" + commonUtils;
        }
        log.debug("MARIADB: Setting kerberos properties");
        System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, absolutePath);
        boolean isEmpty4 = CommonUtils.isEmpty(commonUtils);
        if (isEmpty4) {
            throw new DBCException(MariaDBKerberosResources.exception_specify_realm);
        }
        System.setProperty(JAVA_SECURITY_KRB5_REALM, commonUtils);
        if (!isEmpty2) {
            System.setProperty(JAVA_SECURITY_KRB5_KDC, commonUtils2);
        }
        if (isEmpty4 ^ isEmpty2) {
            throw new DBCException(MariaDBKerberosResources.exception_specify_kdc_and_realm);
        }
        callKinit(commonUtils2, Boolean.valueOf(CommonUtils.getBoolean(dBWHandlerConfiguration.getProperties().get(MariaDBKerberosConstants.KRB5_KDC_OVER_TCP), Boolean.FALSE.booleanValue())), commonUtils, commonUtils3, dBPConnectionConfiguration.getUserPassword(), Boolean.valueOf(CommonUtils.getBoolean(dBWHandlerConfiguration.getProperties().get(MariaDBKerberosConstants.USE_KEYTAB), Boolean.FALSE.booleanValue())), CommonUtils.toString(dBWHandlerConfiguration.getProperties().get(MariaDBKerberosConstants.KEYTAB_PATH)), this.credentialCacheFile);
        Configuration.getConfiguration().refresh();
    }

    private void callKinit(String str, Boolean bool, String str2, String str3, String str4, Boolean bool2, String str5, File file) throws DBCException {
        try {
            KrbClient krbClient = new KrbClient();
            krbClient.setKdcRealm(str2);
            krbClient.setKdcHost(str);
            if (bool.booleanValue()) {
                krbClient.setAllowUdp(false);
                krbClient.setAllowTcp(true);
            }
            krbClient.init();
            krbClient.storeTicket(bool2.booleanValue() ? krbClient.requestTgt(str3, new File(str5)) : krbClient.requestTgt(str3, str4), file);
        } catch (KrbException e) {
            throw new DBCException("KerberosException", e);
        }
    }

    private File createJaasFile(File file, DBWHandlerConfiguration dBWHandlerConfiguration, File file2) throws IOException {
        log.debug("MARIADB: Creating JAAS file for kerberos");
        Boolean valueOf = Boolean.valueOf(CommonUtils.getBoolean(dBWHandlerConfiguration.getProperties().get(MariaDBKerberosConstants.KRB5_DEBUG), Boolean.FALSE.booleanValue()));
        File createTempFile = File.createTempFile("jaas-", "conf", file);
        FileWriter fileWriter = new FileWriter(createTempFile);
        fileWriter.write("Krb5ConnectorContext {\n");
        fileWriter.write("  com.sun.security.auth.module.Krb5LoginModule required\n");
        fileWriter.write("  doNotPrompt=true\n");
        fileWriter.write("  useTicketCache=true\n");
        fileWriter.write("  renewTGT=true\n");
        fileWriter.write(String.format("  ticketCache=\"%s\"\n", file2.getAbsolutePath().replace("\\", "\\\\")));
        fileWriter.write("  debug=" + valueOf + ";\n");
        fileWriter.write("};\n");
        fileWriter.flush();
        fileWriter.close();
        return createTempFile;
    }
}
