package org.sakaiproject.component.kerberos.user;

import java.io.File;
import java.io.IOException;
import java.security.MessageDigest;
import java.util.Collection;
import java.util.Hashtable;
import java.util.Iterator;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.ConfirmationCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.component.cover.ServerConfigurationService;
import org.sakaiproject.user.api.UserDirectoryProvider;
import org.sakaiproject.user.api.UserEdit;
import org.sakaiproject.util.StringUtil;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:org/sakaiproject/component/kerberos/user/KerberosUserDirectoryProvider.class */
public class KerberosUserDirectoryProvider implements UserDirectoryProvider {
    private static Log M_log = LogFactory.getLog(KerberosUserDirectoryProvider.class);
    protected String m_domain = "domain.tld";
    protected String m_logincontext = "KerberosAuthentication";
    protected boolean m_requirelocalaccount = true;
    protected String m_knownusermsg = "Integrity check on decrypted field failed";
    protected int m_cachettl = 300000;
    private Hashtable users = new Hashtable();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/sakaiproject/component/kerberos/user/KerberosUserDirectoryProvider$SakaiCallbackHandler.class */
    public class SakaiCallbackHandler implements CallbackHandler {
        private String m_id = new String("");
        private String m_pw = new String("");

        public SakaiCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof TextOutputCallback) {
                    if (KerberosUserDirectoryProvider.M_log.isDebugEnabled()) {
                        KerberosUserDirectoryProvider.M_log.debug("SakaiCallbackHandler: TextOutputCallback");
                    }
                } else if (callbackArr[i] instanceof NameCallback) {
                    NameCallback nameCallback = (NameCallback) callbackArr[i];
                    String id = getId();
                    if (id.equals("")) {
                        id = nameCallback.getDefaultName();
                    }
                    nameCallback.setName(id);
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    ((PasswordCallback) callbackArr[i]).setPassword(getPw());
                } else {
                    if (!(callbackArr[i] instanceof ConfirmationCallback)) {
                        throw new UnsupportedCallbackException(callbackArr[i], "SakaiCallbackHandler: Unrecognized Callback");
                    }
                    if (KerberosUserDirectoryProvider.M_log.isDebugEnabled()) {
                        KerberosUserDirectoryProvider.M_log.debug("SakaiCallbackHandler: ConfirmationCallback");
                    }
                }
            }
        }

        void setId(String str) {
            this.m_id = str;
        }

        private String getId() {
            return this.m_id;
        }

        void setPw(String str) {
            this.m_pw = str;
        }

        private char[] getPw() {
            return this.m_pw.toCharArray();
        }
    }

    /* loaded from: input_file:org/sakaiproject/component/kerberos/user/KerberosUserDirectoryProvider$UserData.class */
    class UserData {
        String id;
        String hpw;
        long timeStamp;

        UserData() {
        }

        public String getId() {
            return this.id;
        }

        public void setId(String str) {
            this.id = str;
        }

        public void setHpw(String str) {
            this.hpw = str;
        }

        public String getHpw() {
            return this.hpw;
        }

        public long getTimeStamp() {
            return this.timeStamp;
        }

        public void setTimeStamp(long j) {
            this.timeStamp = j;
        }
    }

    public void setDomain(String str) {
        this.m_domain = str;
    }

    public void setLoginContext(String str) {
        this.m_logincontext = str;
    }

    public void setRequireLocalAccount(Boolean bool) {
        this.m_requirelocalaccount = bool.booleanValue();
    }

    public void setKnownUserMsg(String str) {
        this.m_knownusermsg = str;
    }

    public void setCachettl(int i) {
        this.m_cachettl = i;
    }

    public void init() {
        try {
            String string = ServerConfigurationService.getString("provider.kerberos.krb5.conf", (String) null);
            String string2 = ServerConfigurationService.getString("provider.kerberos.auth.login.config", (String) null);
            boolean z = ServerConfigurationService.getBoolean("provider.kerberos.showconfig", false);
            String property = System.getProperty("sakai.home");
            if (string != null) {
                if (new File(string).canRead()) {
                    System.setProperty("java.security.krb5.conf", string);
                } else if (new File(property + string).canRead()) {
                    System.setProperty("java.security.krb5.conf", property + string);
                } else {
                    M_log.warn(this + ".init(): Cannot set krb5conf location");
                    string = null;
                }
            }
            if (string2 != null) {
                if (new File(string2).canRead()) {
                    System.setProperty("java.security.auth.login.config", string2);
                } else if (new File(property + string2).canRead()) {
                    System.setProperty("java.security.auth.login.config", property + string2);
                } else {
                    M_log.warn(this + ".init(): Cannot set kerberosauthloginconfig location");
                    string2 = null;
                }
            }
            M_log.info(this + ".init() Domain=" + this.m_domain + " LoginContext=" + this.m_logincontext + " RequireLocalAccount=" + this.m_requirelocalaccount + " KnownUserMsg=" + this.m_knownusermsg + " CacheTTL=" + this.m_cachettl);
            if (z) {
                M_log.info(this + ".init() SakaiHome=" + property + " SakaiPropertyKrb5Conf=" + string + " SakaiPropertyAuthLoginConfig=" + string2 + " SystemPropertyKrb5Conf=" + System.getProperty("java.security.krb5.conf") + " SystemPropertyAuthLoginConfig=" + System.getProperty("java.security.auth.login.config"));
            }
        } catch (Throwable th) {
            M_log.warn(this + ".init(): ", th);
        }
    }

    public void destroy() {
        M_log.info(this + ".destroy()");
    }

    public boolean userExists(String str) {
        if (this.m_requirelocalaccount) {
            return false;
        }
        boolean userKnownToKerberos = userKnownToKerberos(str);
        M_log.info("userExists: " + str + " Kerberos: " + userKnownToKerberos);
        return userKnownToKerberos;
    }

    public boolean getUser(UserEdit userEdit) {
        if (!userExists(userEdit.getEid())) {
            return false;
        }
        userEdit.setEmail(userEdit.getEid() + "@" + this.m_domain);
        userEdit.setType("kerberos");
        return true;
    }

    public void getUsers(Collection collection) {
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            if (!getUser((UserEdit) it.next())) {
                it.remove();
            }
        }
    }

    public boolean findUserByEmail(UserEdit userEdit, String str) {
        String trim = str.toLowerCase().trim();
        if (!trim.endsWith(this.m_domain)) {
            return false;
        }
        userEdit.setEid(StringUtil.splitFirst(trim, "@")[0]);
        return getUser(userEdit);
    }

    public boolean authenticateUser(String str, UserEdit userEdit, String str2) {
        boolean z;
        try {
            UserData userData = (UserData) this.users.get(str);
            String encodeSHA = encodeSHA(str2);
            if (userData == null || System.currentTimeMillis() - userData.getTimeStamp() > this.m_cachettl || !userData.getHpw().equals(encodeSHA)) {
                if (M_log.isDebugEnabled()) {
                    M_log.debug("authenticateUser(): user " + str + " not in table, querying Kerberos");
                }
                boolean authenticateKerberos = authenticateKerberos(str, str2);
                if (authenticateKerberos) {
                    if (M_log.isDebugEnabled()) {
                        M_log.debug("authenticateUser(): putting authenticated user (" + str + ") in table for caching");
                    }
                    UserData userData2 = new UserData();
                    userData2.setId(str);
                    userData2.setHpw(encodeSHA);
                    userData2.setTimeStamp(System.currentTimeMillis());
                    this.users.put(str, userData2);
                } else {
                    this.users.remove(str);
                }
                z = authenticateKerberos;
            } else {
                if (M_log.isDebugEnabled()) {
                    M_log.debug("authenticateUser(): found authenticated user (" + userData.getId() + ") in table");
                }
                z = true;
            }
            return z;
        } catch (Exception e) {
            if (!M_log.isDebugEnabled()) {
                return false;
            }
            M_log.debug("authenticateUser(): exception: " + e);
            return false;
        }
    }

    public void destroyAuthentication() {
    }

    public boolean updateUserAfterAuthentication() {
        return false;
    }

    protected boolean authenticateKerberos(String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            return false;
        }
        try {
            SakaiCallbackHandler sakaiCallbackHandler = new SakaiCallbackHandler();
            sakaiCallbackHandler.setId(str);
            sakaiCallbackHandler.setPw(str2);
            LoginContext loginContext = new LoginContext(this.m_logincontext, sakaiCallbackHandler);
            try {
                loginContext.login();
                loginContext.logout();
                if (!M_log.isDebugEnabled()) {
                    return true;
                }
                M_log.debug("authenticateKerberos(" + str + ", pw): Kerberos auth success");
                return true;
            } catch (LoginException e) {
                if (!M_log.isDebugEnabled()) {
                    return false;
                }
                M_log.debug("authenticateKerberos(" + str + ", pw): Kerberos auth failed: " + e.toString());
                return false;
            }
        } catch (SecurityException e2) {
            if (!M_log.isDebugEnabled()) {
                return false;
            }
            M_log.debug("authenticateKerberos(): " + e2.toString());
            return false;
        } catch (LoginException e3) {
            if (!M_log.isDebugEnabled()) {
                return false;
            }
            M_log.debug("authenticateKerberos(): " + e3.toString());
            return false;
        }
    }

    private boolean userKnownToKerberos(String str) {
        try {
            SakaiCallbackHandler sakaiCallbackHandler = new SakaiCallbackHandler();
            sakaiCallbackHandler.setId(str);
            sakaiCallbackHandler.setPw("dummy");
            LoginContext loginContext = new LoginContext(this.m_logincontext, sakaiCallbackHandler);
            try {
                loginContext.login();
                loginContext.logout();
                if (!M_log.isDebugEnabled()) {
                    return true;
                }
                M_log.debug("useKnownToKerberos(" + str + "): Kerberos auth success");
                return true;
            } catch (LoginException e) {
                if (e.getMessage().startsWith(this.m_knownusermsg)) {
                    if (!M_log.isDebugEnabled()) {
                        return true;
                    }
                    M_log.debug("userKnownToKerberos(" + str + "): Kerberos user known (bad pw)");
                    return true;
                }
                if (!M_log.isDebugEnabled()) {
                    return false;
                }
                M_log.debug("userKnownToKerberos(" + str + "): Kerberos user unknown or invalid");
                return false;
            }
        } catch (SecurityException e2) {
            if (!M_log.isDebugEnabled()) {
                return false;
            }
            M_log.debug("useKnownToKerberos(): " + e2.toString());
            return false;
        } catch (LoginException e3) {
            if (!M_log.isDebugEnabled()) {
                return false;
            }
            M_log.debug("useKnownToKerberos(): " + e3.toString());
            return false;
        }
    }

    public boolean authenticateWithProviderFirst(String str) {
        return false;
    }

    public boolean createUserRecord(String str) {
        return false;
    }

    private synchronized String encodeSHA(String str) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(str.getBytes("UTF-8"));
            return new BASE64Encoder().encode(messageDigest.digest());
        } catch (Exception e) {
            M_log.warn("encodeSHA(): exception: " + e);
            return null;
        }
    }
}
