package com.dbeaver.net.auth.krb5;

import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Properties;
import javax.security.auth.login.Configuration;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.jkiss.code.NotNull;
import org.jkiss.dbeaver.DBException;
import org.jkiss.dbeaver.Log;
import org.jkiss.dbeaver.model.DBPDataSource;
import org.jkiss.dbeaver.model.DBPDataSourceContainer;
import org.jkiss.dbeaver.model.connection.DBPConnectionConfiguration;
import org.jkiss.dbeaver.model.exec.DBCException;
import org.jkiss.dbeaver.model.impl.auth.AuthModelDatabaseNative;
import org.jkiss.dbeaver.model.runtime.DBRProgressMonitor;
import org.jkiss.dbeaver.runtime.DBWorkbench;
import org.jkiss.utils.CommonUtils;

/* loaded from: input_file:com/dbeaver/net/auth/krb5/AuthModelKerberos.class */
public class AuthModelKerberos extends AuthModelDatabaseNative<AuthModelKerberosCredentials> {
    private static final String JAVA_SECURITY_KRB5_CONF = "java.security.krb5.conf";
    private static final String JAVA_SECURITY_AUTH_LOGIN_CONFIG = "java.security.auth.login.config";
    private static final String JAVA_SECURITY_KRB5_REALM = "java.security.krb5.realm";
    private static final String JAVA_SECURITY_KRB5_KDC = "java.security.krb5.kdc";
    private static final Log log = Log.getLog(AuthModelKerberos.class);

    @NotNull
    /* renamed from: createCredentials, reason: merged with bridge method [inline-methods] */
    public AuthModelKerberosCredentials m1createCredentials() {
        return new AuthModelKerberosCredentials();
    }

    @NotNull
    /* renamed from: loadCredentials, reason: merged with bridge method [inline-methods] */
    public AuthModelKerberosCredentials m2loadCredentials(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull DBPConnectionConfiguration dBPConnectionConfiguration) {
        AuthModelKerberosCredentials authModelKerberosCredentials = (AuthModelKerberosCredentials) super.loadCredentials(dBPDataSourceContainer, dBPConnectionConfiguration);
        String commonUtils = CommonUtils.toString(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.REALM));
        authModelKerberosCredentials.setKdcServer(CommonUtils.toString(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.KDC_SERVER)));
        authModelKerberosCredentials.setKrbUserName(CommonUtils.toString(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.KRB5_USER)));
        if (CommonUtils.isEmpty(authModelKerberosCredentials.getKrbUserName())) {
            authModelKerberosCredentials.setKrbUserName(dBPConnectionConfiguration.getUserName());
        }
        if (CommonUtils.isEmpty(dBPConnectionConfiguration.getUserName())) {
            authModelKerberosCredentials.setUserName(authModelKerberosCredentials.getKrbUserName());
        }
        String krbUserName = authModelKerberosCredentials.getKrbUserName();
        if (!CommonUtils.isEmpty(krbUserName)) {
            String userName = authModelKerberosCredentials.getUserName();
            if (CommonUtils.isEmpty(commonUtils)) {
                if (krbUserName.contains("@")) {
                    commonUtils = krbUserName.substring(krbUserName.lastIndexOf(64) + 1);
                } else if (userName.contains("@")) {
                    commonUtils = userName.substring(userName.lastIndexOf(64) + 1);
                }
            } else if (!krbUserName.contains("@")) {
                authModelKerberosCredentials.setKrbUserName(String.valueOf(krbUserName) + "@" + commonUtils);
            }
        }
        authModelKerberosCredentials.setKrbRealmName(commonUtils);
        authModelKerberosCredentials.setUseKeytab(CommonUtils.getBoolean(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.USE_KEYTAB), Boolean.FALSE.booleanValue()));
        authModelKerberosCredentials.setForceTcp(CommonUtils.getBoolean(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.KRB5_KDC_OVER_TCP), Boolean.FALSE.booleanValue()));
        authModelKerberosCredentials.setKeytabPath(CommonUtils.toString(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.KEYTAB_PATH)));
        authModelKerberosCredentials.setUseKinit(CommonUtils.getBoolean(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.USE_KINIT), Boolean.FALSE.booleanValue()));
        authModelKerberosCredentials.setServiceName(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.SERVICE_NAME));
        authModelKerberosCredentials.setUseSslJks(CommonUtils.getBoolean(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.USE_SSL_JKS), Boolean.FALSE.booleanValue()));
        authModelKerberosCredentials.setSslJksPath(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.SSL_JKS_PATH));
        authModelKerberosCredentials.setSslJksPassword(dBPConnectionConfiguration.getAuthProperty(AuthModelKerberosConstants.SSL_JKS_PASSWORD));
        return authModelKerberosCredentials;
    }

    public void saveCredentials(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull DBPConnectionConfiguration dBPConnectionConfiguration, @NotNull AuthModelKerberosCredentials authModelKerberosCredentials) {
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.KDC_SERVER, authModelKerberosCredentials.getKdcServer());
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.KRB5_USER, authModelKerberosCredentials.getKrbUserName());
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.REALM, authModelKerberosCredentials.getKrbRealmName());
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.USE_KEYTAB, String.valueOf(authModelKerberosCredentials.isUseKeytab()));
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.KRB5_KDC_OVER_TCP, String.valueOf(authModelKerberosCredentials.isForceTcp()));
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.KEYTAB_PATH, authModelKerberosCredentials.getKeytabPath());
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.USE_KINIT, String.valueOf(authModelKerberosCredentials.isUseKinit()));
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.SERVICE_NAME, authModelKerberosCredentials.getServiceName());
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.USE_SSL_JKS, String.valueOf(authModelKerberosCredentials.isUseSslJks()));
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.SSL_JKS_PATH, authModelKerberosCredentials.getSslJksPath());
        dBPConnectionConfiguration.setAuthProperty(AuthModelKerberosConstants.SSL_JKS_PASSWORD, authModelKerberosCredentials.getSslJksPassword());
        super.saveCredentials(dBPDataSourceContainer, dBPConnectionConfiguration, authModelKerberosCredentials);
    }

    public Object initAuthentication(@NotNull DBRProgressMonitor dBRProgressMonitor, @NotNull DBPDataSource dBPDataSource, AuthModelKerberosCredentials authModelKerberosCredentials, DBPConnectionConfiguration dBPConnectionConfiguration, @NotNull Properties properties) throws DBException {
        try {
            initKerberos(dBRProgressMonitor, authModelKerberosCredentials);
            return super.initAuthentication(dBRProgressMonitor, dBPDataSource, authModelKerberosCredentials, dBPConnectionConfiguration, properties);
        } catch (IOException e) {
            throw new DBCException("IO error", e);
        }
    }

    public void endAuthentication(@NotNull DBPDataSourceContainer dBPDataSourceContainer, @NotNull DBPConnectionConfiguration dBPConnectionConfiguration, @NotNull Properties properties) {
        System.clearProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG);
        System.clearProperty(JAVA_SECURITY_KRB5_REALM);
        System.clearProperty(JAVA_SECURITY_KRB5_KDC);
        System.clearProperty(JAVA_SECURITY_KRB5_CONF);
        super.endAuthentication(dBPDataSourceContainer, dBPConnectionConfiguration, properties);
    }

    private void initKerberos(DBRProgressMonitor dBRProgressMonitor, AuthModelKerberosCredentials authModelKerberosCredentials) throws IOException, DBCException {
        if (CommonUtils.isEmpty(authModelKerberosCredentials.getKrbUserName())) {
            throw new DBCException("Can't determine Kerberos user");
        }
        if (CommonUtils.isEmpty(authModelKerberosCredentials.getKrbRealmName())) {
            throw new DBCException("Realm must be specified or provided with Kerberos username");
        }
        dBRProgressMonitor.subTask("Initialize Kerberos configuration");
        String userName = authModelKerberosCredentials.getUserName();
        File tempFolder = DBWorkbench.getPlatform().getTempFolder(dBRProgressMonitor, AuthModelKerberosConstants.MODEL_ID);
        File createTempFile = File.createTempFile("krb5-", ".ccache", tempFolder);
        createTempFile.deleteOnExit();
        if (CommonUtils.isEmpty(userName)) {
            throw new DBCException("Empty user name");
        }
        String krbRealmName = authModelKerberosCredentials.getKrbRealmName();
        String kdcServer = authModelKerberosCredentials.getKdcServer();
        String krbUserName = authModelKerberosCredentials.getKrbUserName();
        boolean isEmpty = CommonUtils.isEmpty(krbRealmName);
        boolean isEmpty2 = CommonUtils.isEmpty(krbUserName);
        boolean isEmpty3 = CommonUtils.isEmpty(userName);
        if (isEmpty2) {
            krbUserName = userName;
        }
        if (isEmpty3) {
            userName = krbUserName;
        }
        if (isEmpty3 && isEmpty2) {
            throw new DBCException("Username and/or Kerberos username must be specified");
        }
        if (isEmpty) {
            if (krbUserName.contains("@")) {
                krbRealmName = krbUserName.substring(krbUserName.lastIndexOf(64) + 1);
            } else {
                if (!userName.contains("@")) {
                    throw new DBCException("Realm must be specified or provided with Kerberos username");
                }
                krbRealmName = userName.substring(userName.lastIndexOf(64) + 1);
            }
        } else if (!krbUserName.contains("@")) {
            krbUserName = String.valueOf(userName) + "@" + krbRealmName;
        }
        if (CommonUtils.isEmpty(kdcServer)) {
            throw new DBCException("KDC Server must be specified");
        }
        System.setProperty(JAVA_SECURITY_KRB5_KDC, kdcServer);
        boolean isUseKeytab = authModelKerberosCredentials.isUseKeytab();
        String keytabPath = authModelKerberosCredentials.getKeytabPath();
        boolean isEmpty4 = CommonUtils.isEmpty(keytabPath);
        if (isUseKeytab && isEmpty4) {
            throw new DBCException("Keytab must be provided.");
        }
        System.setProperty(JAVA_SECURITY_KRB5_REALM, krbRealmName);
        log.debug("KRB5: Setting kerberos properties");
        boolean isForceTcp = authModelKerberosCredentials.isForceTcp();
        if (!authModelKerberosCredentials.isUseKinit()) {
            callKinit(kdcServer, Boolean.valueOf(isForceTcp), krbRealmName, krbUserName, authModelKerberosCredentials.getUserPassword(), Boolean.valueOf(isUseKeytab), keytabPath, createTempFile);
        }
        File createJaasFile = createJaasFile(tempFolder, authModelKerberosCredentials, createTempFile, krbUserName, krbRealmName);
        createJaasFile.deleteOnExit();
        System.setProperty(JAVA_SECURITY_AUTH_LOGIN_CONFIG, createJaasFile.getAbsolutePath());
        authModelKerberosCredentials.setCacheFilePath(createTempFile.getAbsolutePath());
        Configuration.getConfiguration().refresh();
    }

    private void callKinit(String str, Boolean bool, String str2, String str3, String str4, Boolean bool2, String str5, File file) throws DBCException {
        log.debug("KRB5: Bootstraping kinit");
        try {
            KrbClient krbClient = new KrbClient();
            krbClient.setKdcRealm(str2);
            krbClient.setKdcHost(str);
            if (bool.booleanValue()) {
                krbClient.setAllowUdp(false);
                krbClient.setAllowTcp(true);
            }
            krbClient.init();
            krbClient.storeTicket(bool2.booleanValue() ? krbClient.requestTgt(str3, new File(str5)) : krbClient.requestTgt(str3, str4), file);
        } catch (KrbException e) {
            throw new DBCException("KerberosException", e);
        }
    }

    private File createJaasFile(File file, AuthModelKerberosCredentials authModelKerberosCredentials, File file2, String str, String str2) throws IOException {
        log.debug("KRB5: Creating JAAS file for kerberos");
        boolean isShowDebugInfo = authModelKerberosCredentials.isShowDebugInfo();
        boolean isForceTcp = authModelKerberosCredentials.isForceTcp();
        boolean isUseKinit = authModelKerberosCredentials.isUseKinit();
        if (isForceTcp) {
            File createTempFile = File.createTempFile("dbeaver.krb5-", ".conf");
            FileWriter fileWriter = new FileWriter(createTempFile);
            fileWriter.write("[libdefaults]\n");
            fileWriter.write("  udp_preference_limit=1\n");
            fileWriter.close();
            System.setProperty(JAVA_SECURITY_KRB5_CONF, createTempFile.getAbsolutePath());
        }
        File createTempFile2 = File.createTempFile("jaas-", "conf", file);
        FileWriter fileWriter2 = new FileWriter(createTempFile2);
        fileWriter2.write("Krb5ConnectorContext {\n");
        fileWriter2.write("  com.sun.security.auth.module.Krb5LoginModule required\n");
        fileWriter2.write("  doNotPrompt=true\n");
        fileWriter2.write("  useTicketCache=true\n");
        fileWriter2.write("  renewTGT=true\n");
        fileWriter2.write(String.format("  principal=\"%s\"\n", str));
        fileWriter2.write(String.format("  realm=\"%s\"\n", str2));
        if (!isUseKinit) {
            fileWriter2.write(String.format("  ticketCache=\"%s\"\n", file2.getAbsolutePath().replace("\\", "\\\\")));
        }
        fileWriter2.write("  debug=" + isShowDebugInfo + ";\n");
        fileWriter2.write("};\n");
        fileWriter2.flush();
        fileWriter2.close();
        return createTempFile2;
    }
}
