package org.yamcs.client.base;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedActionException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.HashMap;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/yamcs/client/base/SpnegoUtils.class */
public final class SpnegoUtils {
    private static final String JAAS_KRB5 = "com.sun.security.auth.module.Krb5LoginModule";
    private static final Oid SPNEGO_OID;
    private static final HostnameVerifier NO_HOSTNAME_VERIFICATION;
    private static final TrustManager[] TRUST_ALL_CERTS;

    /* loaded from: input_file:org/yamcs/client/base/SpnegoUtils$SpnegoException.class */
    static class SpnegoException extends Exception {
        private SpnegoException(String str) {
            super(str);
        }

        private SpnegoException(Throwable th) {
            super(th);
        }
    }

    public static synchronized String fetchAuthenticationCode(SpnegoInfo spnegoInfo) throws SpnegoException {
        try {
            try {
                byte[] createToken = createToken(spnegoInfo.getServerURL().getHost(), spnegoInfo.getPrincipal());
                HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(spnegoInfo.getServerURL() + "/auth/spnego").openConnection();
                httpURLConnection.setRequestProperty("Authorization", "Negotiate " + new String(createToken));
                if (spnegoInfo.getServerURL().isTLS() && !spnegoInfo.isVerifyTLS()) {
                    try {
                        SSLContext sSLContext = SSLContext.getInstance("TLS");
                        sSLContext.init(null, TRUST_ALL_CERTS, new SecureRandom());
                        ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(sSLContext.getSocketFactory());
                        ((HttpsURLConnection) httpURLConnection).setHostnameVerifier(NO_HOSTNAME_VERIFICATION);
                    } catch (KeyManagementException | NoSuchAlgorithmException e) {
                        throw new SpnegoException(e);
                    }
                }
                httpURLConnection.connect();
                if (httpURLConnection.getResponseCode() != 200) {
                    throw new SpnegoException("Unexpected server response " + httpURLConnection.getResponseCode());
                }
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                try {
                    String readLine = bufferedReader.readLine();
                    bufferedReader.close();
                    return readLine;
                } catch (Throwable th) {
                    try {
                        bufferedReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (LoginException | GSSException | IOException e2) {
                throw new SpnegoException(e2);
            }
        } catch (PrivilegedActionException e3) {
            throw new SpnegoException(e3.getCause());
        }
    }

    private static synchronized byte[] createToken(String str, String str2) throws LoginException, PrivilegedActionException, GSSException {
        GSSManager gSSManager = GSSManager.getInstance();
        GSSName createName = gSSManager.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE, SPNEGO_OID);
        Subject login = login(str2);
        GSSContext gSSContext = (GSSContext) Subject.doAs(login, () -> {
            GSSContext createContext = gSSManager.createContext(createName, SPNEGO_OID, gSSManager.createCredential((GSSName) null, 0, SPNEGO_OID, 1), 0);
            createContext.requestMutualAuth(true);
            createContext.requestConf(true);
            createContext.requestInteg(true);
            createContext.requestReplayDet(true);
            createContext.requestSequenceDet(true);
            return createContext;
        });
        try {
            byte[] encode = Base64.getEncoder().encode((byte[]) Subject.doAs(login, () -> {
                return gSSContext.initSecContext(new byte[0], 0, 0);
            }));
            if (gSSContext != null) {
                gSSContext.dispose();
            }
            return encode;
        } catch (Throwable th) {
            if (gSSContext != null) {
                gSSContext.dispose();
            }
            throw th;
        }
    }

    private static Subject login(String str) throws LoginException {
        final HashMap hashMap = new HashMap();
        hashMap.put("renewTGT", "true");
        hashMap.put("principal", str);
        hashMap.put("useTicketCache", "true");
        hashMap.put("doNotPrompt", "true");
        LoginContext loginContext = new LoginContext("", (Subject) null, (CallbackHandler) null, new Configuration() { // from class: org.yamcs.client.base.SpnegoUtils.2
            public AppConfigurationEntry[] getAppConfigurationEntry(String str2) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry(SpnegoUtils.JAAS_KRB5, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
            }
        });
        loginContext.login();
        return loginContext.getSubject();
    }

    static {
        try {
            SPNEGO_OID = new Oid("1.3.6.1.5.5.2");
            NO_HOSTNAME_VERIFICATION = (str, sSLSession) -> {
                return true;
            };
            TRUST_ALL_CERTS = new TrustManager[]{new X509TrustManager() { // from class: org.yamcs.client.base.SpnegoUtils.1
                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                }
            }};
        } catch (GSSException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
