package com.exasol.auth.kerberos;

import com.exasol.adapter.sql.SqlConstants;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.logging.Logger;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:com/exasol/auth/kerberos/KerberosConfigurationCreator.class */
public class KerberosConfigurationCreator {
    public static final String USE_SUBJECT_CREDENTIALS_ONLY_PROPERTY = "javax.security.auth.useSubjectCredsOnly";
    public static final String KERBEROS_CONFIG_PROPERTY = "java.security.krb5.conf";
    public static final String LOGIN_CONFIG_PROPERTY = "java.security.auth.login.config";
    public static final String KERBEROS_AUTHENTICATION_PREAMBLE = "ExaAuthType=Kerberos";
    private static final Logger LOGGER = Logger.getLogger(KerberosConfigurationCreator.class.getName());

    public static boolean isKerberosAuthentication(String str) {
        return str.startsWith(KERBEROS_AUTHENTICATION_PREAMBLE);
    }

    public void writeKerberosConfigurationFiles(String str, String str2) {
        String[] split = str2.split(";");
        String str3 = split[0];
        if (split.length != 3 || !KERBEROS_AUTHENTICATION_PREAMBLE.equals(str3)) {
            throw new KerberosConfigurationCreatorException("Syntax error in Kerberos password. Must conform to: 'ExaAuthType=Kerberos;<base 64 kerberos config>;<base 64 key tab>'");
        }
        createKerberosConfiguration(str, split[1], split[2]);
    }

    private void createKerberosConfiguration(String str, String str2, String str3) {
        try {
            Path createCommonDirectoryForKerberosConfigurationFiles = createCommonDirectoryForKerberosConfigurationFiles();
            setKerberosSystemProperties(createTemporaryKerberosConfigFile(str2, createCommonDirectoryForKerberosConfigurationFiles), createTemporaryJaasConfig(createCommonDirectoryForKerberosConfigurationFiles, str, createTemporaryKeyTabFile(str3, createCommonDirectoryForKerberosConfigurationFiles)));
        } catch (IOException e) {
            throw new KerberosConfigurationCreatorException("Unable to create temporary Kerberos configuration file.", e);
        }
    }

    private Path createCommonDirectoryForKerberosConfigurationFiles() throws IOException {
        Path createTempDirectory = Files.createTempDirectory("kerberos_", new FileAttribute[0]);
        createTempDirectory.toFile().deleteOnExit();
        LOGGER.finer(() -> {
            return "Created temporary directory \"" + createTempDirectory + "\" to contain Kerberos authentication files.";
        });
        return createTempDirectory;
    }

    private Path createTemporaryKerberosConfigFile(String str, Path path) throws IOException {
        return createTemporaryFile(path, "krb_", ".conf", DatatypeConverter.parseBase64Binary(str));
    }

    private Path createTemporaryKeyTabFile(String str, Path path) throws IOException {
        return createTemporaryFile(path, "kt_", ".keytab", DatatypeConverter.parseBase64Binary(str));
    }

    private Path createTemporaryFile(Path path, String str, String str2, byte[] bArr) throws IOException {
        Path createTempFile = Files.createTempFile(path, str, str2, new FileAttribute[0]);
        createTempFile.toFile().deleteOnExit();
        Files.write(createTempFile, bArr, new OpenOption[0]);
        LOGGER.finer(() -> {
            return "Wrote " + bArr.length + " bytes to Kerberos configuration file \"" + createTempFile + "\".";
        });
        return createTempFile;
    }

    private Path createTemporaryJaasConfig(Path path, String str, Path path2) throws IOException {
        return createTemporaryFile(path, "jaas_", ".conf", ("Client {\ncom.sun.security.auth.module.Krb5LoginModule required\nprincipal=\"" + str + "\"\nuseKeyTab=true\nkeyTab=\"" + path2 + "\"\ndoNotPrompt=true\nuseTicketCache=false;\n};\ncom.sun.security.jgss.initiate {\ncom.sun.security.auth.module.Krb5LoginModule required\nprincipal=\"" + str + "\"\nuseKeyTab=true\nkeyTab=\"" + path2 + "\"\ndoNotPrompt=true\nuseTicketCache=false;\n};\n").getBytes());
    }

    private void setKerberosSystemProperties(Path path, Path path2) {
        System.setProperty(KERBEROS_CONFIG_PROPERTY, path.toString());
        System.setProperty(LOGIN_CONFIG_PROPERTY, path2.toString());
        System.setProperty(USE_SUBJECT_CREDENTIALS_ONLY_PROPERTY, SqlConstants.FALSE);
    }
}
