package oracle.kv.impl.security.login;

import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import oracle.kv.LoginCredentials;
import oracle.kv.impl.param.ParameterUtils;
import oracle.kv.impl.security.util.SecurityUtils;
import oracle.kv.impl.util.TopologyLocator;

/* loaded from: input_file:oracle/kv/impl/security/login/KerberosClientCreds.class */
public class KerberosClientCreds implements LoginCredentials, Serializable {
    private static final long serialVersionUID = 1;
    private static final String HOST_PRINCIPAL_PAIR_PATTERN = "^([^:,]+):([^:,]+)(,([^:,]+):([^:,]+))*";
    private final String username;
    private Subject loginSubj;
    private final KrbServicePrincipals servicePrincipalInfo;
    private final boolean requireMutualAuth;

    /* loaded from: input_file:oracle/kv/impl/security/login/KerberosClientCreds$KrbServicePrincipals.class */
    public static class KrbServicePrincipals {
        private static final char KRB_COMPONENT_SEPARATOR = '/';
        private static final char KRB_REALM_SEPARATOR = '@';
        private static final String KRB_SERVICE_NAME_DEFAULT = "oraclenosql";
        private final Map<String, String> principals;
        private String defaultRealm;
        private String serviceName;

        KrbServicePrincipals() {
            this.serviceName = "oraclenosql";
            this.principals = new HashMap();
        }

        KrbServicePrincipals(Map<String, String> map) throws IllegalArgumentException {
            this.principals = map;
            discoverPrincipalInfo();
        }

        public Map<String, String> getHelperhostPrincipals() {
            return this.principals;
        }

        public String getPrincipal(String str) {
            return (!this.principals.isEmpty() || this.serviceName == null) ? this.principals.get(str) : this.serviceName;
        }

        public void addPrincipal(String str, String str2) {
            StringBuilder sb = new StringBuilder();
            sb.append(this.serviceName);
            if (str2 != null && !str2.equals("")) {
                sb.append("/");
                sb.append(str2);
            }
            if (this.defaultRealm != null) {
                sb.append(SecurityUtils.KRB_NAME_REALM_SEPARATOR_STR);
                sb.append(this.defaultRealm);
            }
            this.principals.put(str, sb.toString());
        }

        public String getDefaultRealm() {
            return this.defaultRealm;
        }

        public String getServiceName() {
            return this.serviceName;
        }

        private void discoverPrincipalInfo() throws IllegalArgumentException {
            boolean z = true;
            for (String str : this.principals.values()) {
                int i = -1;
                int i2 = -1;
                for (int i3 = 0; i3 < str.length(); i3++) {
                    char charAt = str.charAt(i3);
                    if (charAt == '/' && (i2 == -1 || charAt < i2)) {
                        i = i3;
                    }
                    if (charAt == '@') {
                        if (i2 != -1) {
                            throw new IllegalArgumentException("Invalid principal name " + str);
                        }
                        i2 = i3;
                    }
                }
                String str2 = str;
                if (i != -1) {
                    str2 = str.substring(0, i);
                }
                String substring = i2 != -1 ? str.substring(i2 + 1, str.length()) : null;
                if (this.serviceName == null) {
                    this.serviceName = str2;
                } else if (!this.serviceName.equals(str2)) {
                    throw new IllegalArgumentException("Principal service name must be the same in a store");
                }
                if (z) {
                    this.defaultRealm = substring;
                    z = false;
                } else if (this.defaultRealm == null) {
                    if (substring != null) {
                        throw new IllegalArgumentException("Principal " + str + " cannot specify a realm when the principal for the first host mapping uses the default realm");
                    }
                } else if (!this.defaultRealm.equals(substring)) {
                    throw new IllegalArgumentException("Principal " + str + " must specify the same realm as the first principal: " + this.defaultRealm);
                }
            }
        }
    }

    public KerberosClientCreds(String str, Subject subject, String str2, boolean z) throws IllegalArgumentException {
        if (str == null) {
            throw new IllegalArgumentException("The username argument must not be null");
        }
        if (subject == null) {
            throw new IllegalArgumentException("The subject must not be null");
        }
        this.username = str;
        this.loginSubj = subject;
        if (str2 == null) {
            this.servicePrincipalInfo = new KrbServicePrincipals();
        } else {
            this.servicePrincipalInfo = new KrbServicePrincipals(makeServicePrincipalMap(str2));
        }
        this.requireMutualAuth = z;
    }

    public Subject getLoginSubject() {
        return this.loginSubj;
    }

    public KrbServicePrincipals getKrbServicePrincipals() {
        return this.servicePrincipalInfo;
    }

    public boolean getRequireMutualAuth() {
        return this.requireMutualAuth;
    }

    public void addServicePrincipal(String str, String str2) {
        this.servicePrincipalInfo.addPrincipal(str, str2);
    }

    @Override // oracle.kv.LoginCredentials
    public String getUsername() {
        return this.username;
    }

    public String toString() {
        return "user name: " + this.username + "\nlogin subject: " + this.loginSubj.toString();
    }

    private Map<String, String> makeServicePrincipalMap(String str) {
        if (!Pattern.matches(HOST_PRINCIPAL_PAIR_PATTERN, str)) {
            throw new IllegalArgumentException("Service principal input " + str + " does not match the pattern host:principal [,host:principal]*");
        }
        HashMap hashMap = new HashMap();
        for (String str2 : str.trim().split(ParameterUtils.HELPER_HOST_SEPARATOR)) {
            String[] split = str2.split(TopologyLocator.HOST_PORT_SEPARATOR);
            if (split.length != 2) {
                throw new IllegalArgumentException("Invalid pair of service principal: " + str2);
            }
            hashMap.put(split[0].trim(), split[1].trim());
        }
        return hashMap;
    }
}
