package org.wso2.carbon.identity.authenticator.krb5;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.common.AuthenticationException;
import org.wso2.carbon.core.security.AuthenticatorsConfiguration;
import org.wso2.carbon.core.services.authentication.AuthenticationAdmin;
import org.wso2.carbon.core.services.authentication.CarbonServerAuthenticator;

/* loaded from: input_file:org/wso2/carbon/identity/authenticator/krb5/Krb5Authenticator.class */
public class Krb5Authenticator implements CarbonServerAuthenticator {
    private static final int DEFAULT_PRIORITY_LEVEL = 10;
    private static final String AUTHENTICATOR_NAME = "Krb5UIAuthenticator";
    private final String tgtCachePrefix = "/tmp/";
    private String CARBON_HOME = System.getProperty("carbon.home");
    private String KRB5_CONFIG = this.CARBON_HOME + File.separator + "repository" + File.separator + "conf" + File.separator + "krb5.conf";
    private static final Log log = LogFactory.getLog(Krb5Authenticator.class);
    private static HashMap<String, String> nameToUuidMap = new HashMap<>();

    private boolean loginWithKrb5(String str, String str2, String str3) throws AuthenticationException {
        String readLine;
        String uuid = UUID.randomUUID().toString();
        ProcessBuilder processBuilder = new ProcessBuilder("/usr/bin/kinit", "-l", "10d", "-r", "5d", "-c", "/tmp/" + uuid, str);
        processBuilder.directory(new File(this.CARBON_HOME));
        Map<String, String> environment = processBuilder.environment();
        if (this.KRB5_CONFIG == null) {
            this.KRB5_CONFIG = "/etc/krb5.conf";
        }
        environment.put("KRB5_CONFIG", this.KRB5_CONFIG);
        log.info(environment.get("KRB5_CONFIG"));
        HttpSession httpSession = getHttpSession();
        try {
            Process start = processBuilder.start();
            InputStream errorStream = start.getErrorStream();
            start.getInputStream();
            byte[] bArr = new byte[256];
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(start.getOutputStream()));
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(errorStream));
            if (errorStream.available() > 0) {
                log.error("Incorrect kinit command: " + bufferedReader.readLine());
                throw new AuthenticationException("Incorrect kinit command");
            }
            bufferedWriter.write(str2);
            bufferedWriter.newLine();
            bufferedWriter.close();
            if (start.waitFor() != 0) {
                log.warn("Kinit Failed");
                if (errorStream.available() > 0) {
                    String str4 = "";
                    while (bufferedReader.ready() && (readLine = bufferedReader.readLine()) != null) {
                        str4 = str4 + readLine;
                    }
                    if (!str4.equals("")) {
                        throw new AuthenticationException(str4);
                    }
                }
            }
            if (new ProcessBuilder("/usr/bin/kinit", "-R", "-c", "/tmp/" + uuid).start().waitFor() != 0) {
                log.warn("TGT Renewal Failed");
                new File("/tmp/" + uuid).delete();
                throw new AuthenticationException("TGT Renewal Failed");
            }
            boolean login = new AuthenticationAdmin().login(str, str2, str3);
            if (login) {
                nameToUuidMap.put(str, uuid);
                httpSession.setAttribute(Krb5AuthenticatorConstants.USER_TICKET_CACHE, "/tmp/" + uuid);
            }
            return login;
        } catch (IOException e) {
            log.warn(e.getMessage());
            e.printStackTrace();
            throw new AuthenticationException(e.getMessage());
        } catch (InterruptedException e2) {
            e2.printStackTrace();
            throw new AuthenticationException(e2.getMessage());
        }
    }

    public String getAuthenticatorName() {
        return AUTHENTICATOR_NAME;
    }

    public int getPriority() {
        return DEFAULT_PRIORITY_LEVEL;
    }

    public boolean loginWithoutRememberMeOption(String str, String str2, String str3) throws AuthenticationException {
        return loginWithKrb5(str, str2, str3);
    }

    public void logout() throws AuthenticationException {
        Date time = Calendar.getInstance().getTime();
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("'['yyyy-MM-dd HH:mm:ss,SSSS']'");
        HttpSession httpSession = getHttpSession();
        if (httpSession != null) {
            String str = (String) httpSession.getAttribute("wso2carbon.admin.logged.in");
            String str2 = nameToUuidMap.get(str);
            String str3 = (String) httpSession.getAttribute("DELEGATED_BY");
            if (str3 == null && str != null) {
                log.info("'" + str + "' logged out at " + simpleDateFormat.format(time));
            } else if (str != null) {
                log.info("'" + str + "' logged out at " + simpleDateFormat.format(time) + " delegated by " + str3);
            }
            httpSession.invalidate();
            new File("/tmp/" + str2).delete();
            nameToUuidMap.remove(str);
        }
    }

    public boolean isAuthenticated(MessageContext messageContext) {
        return ((String) ((HttpServletRequest) messageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession().getAttribute("wso2carbon.admin.logged.in")) != null;
    }

    public String getTicketCache() {
        return "/tmp/" + nameToUuidMap.get((String) getHttpSession().getAttribute("wso2carbon.admin.logged.in"));
    }

    public boolean isHandle(MessageContext messageContext) {
        return true;
    }

    public boolean authenticateWithRememberMe(MessageContext messageContext) {
        return false;
    }

    public boolean isDisabled() {
        AuthenticatorsConfiguration.AuthenticatorConfig authenticatorConfig = AuthenticatorsConfiguration.getInstance().getAuthenticatorConfig(AUTHENTICATOR_NAME);
        if (authenticatorConfig != null) {
            return authenticatorConfig.isDisabled();
        }
        return false;
    }

    protected HttpSession getHttpSession() {
        MessageContext currentMessageContext = MessageContext.getCurrentMessageContext();
        HttpSession httpSession = null;
        if (currentMessageContext != null) {
            httpSession = ((HttpServletRequest) currentMessageContext.getProperty(HTTPConstants.MC_HTTP_SERVLETREQUEST)).getSession();
        }
        return httpSession;
    }
}
