package com.mindbright.ssh2;

import com.mindbright.terminal.TerminalXTerm;
import com.mindbright.util.Log;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Hashtable;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/mindbright/ssh2/SSH2AuthGSS.class */
public class SSH2AuthGSS implements SSH2AuthModule, PrivilegedAction {
    public static final String STANDARD_NAME = "gssapi-with-mic";
    private static Oid OID_KRBv5 = null;
    private String realm;
    private String kdc;
    private String host;
    private boolean isinit;
    private byte[] token;
    private String username;
    private SSH2UserAuth userauth;
    private SSH2FatalException saved_exc;
    private GSSContext gssctx;
    private LoginContext loginctx;
    private boolean dodispose;
    private String dnsfail;
    private Log log;
    static Class class$com$mindbright$ssh2$SSH2AuthGSS;

    public SSH2AuthGSS() {
        this(null, null);
    }

    public SSH2AuthGSS(String str, String str2) {
        this.isinit = false;
        this.token = null;
        this.dodispose = false;
        try {
            OID_KRBv5 = new Oid("1.2.840.113554.1.2.2");
        } catch (Throwable th) {
            th.printStackTrace();
        }
        this.realm = str;
        this.kdc = str2;
    }

    private static String getHostPortFromAttr(Attributes attributes) throws NamingException {
        String[] arrayFromList;
        if (attributes == null) {
            return null;
        }
        NamingEnumeration all = attributes.getAll();
        while (all.hasMore()) {
            NamingEnumeration all2 = ((Attribute) all.next()).getAll();
            while (all2.hasMore()) {
                Object next = all2.next();
                if ((next instanceof String) && (arrayFromList = SSH2ListUtil.arrayFromList((String) next, " ")) != null && arrayFromList.length == 4) {
                    return new StringBuffer().append(arrayFromList[3]).append(":").append(arrayFromList[2]).toString();
                }
            }
        }
        return null;
    }

    private static String lookupsrv(String str) throws NamingException, UnknownHostException {
        Hashtable hashtable = new Hashtable();
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory");
        hashtable.put("java.naming.authoritative", "true");
        return getHostPortFromAttr(new InitialDirContext(hashtable).getAttributes(str, new String[]{"SRV"}));
    }

    private String getRemoteName() {
        String remoteHostName = this.userauth.getTransport().getRemoteHostName();
        if (-1 != remoteHostName.indexOf(46)) {
            return remoteHostName;
        }
        try {
            return InetAddress.getByAddress(this.userauth.getTransport().getRemoteAddress()).getHostName();
        } catch (Exception e) {
            return this.userauth.getTransport().getRemoteHostName();
        }
    }

    private void init() {
        Class cls;
        int indexOf;
        if (this.isinit) {
            return;
        }
        this.isinit = true;
        this.log = this.userauth.getTransport().getLog();
        if (this.realm == null) {
            this.realm = System.getProperty("java.security.krb5.realm");
        }
        this.host = getRemoteName();
        if (this.realm == null && (indexOf = this.host.indexOf(46)) != -1) {
            this.realm = this.host.substring(indexOf + 1);
        }
        if (this.realm != null && this.kdc == null) {
            String stringBuffer = new StringBuffer().append("_kerberos._udp.").append(this.realm).toString();
            try {
                this.kdc = lookupsrv(stringBuffer);
            } catch (Throwable th) {
                this.dnsfail = stringBuffer;
                th.printStackTrace();
            }
        }
        if (this.realm != null && this.kdc != null) {
            try {
                System.setProperty("java.security.krb5.realm", this.realm.toUpperCase());
                System.setProperty("java.security.krb5.kdc", this.kdc.toUpperCase());
            } catch (Throwable th2) {
                th2.printStackTrace();
            }
        }
        try {
            if (class$com$mindbright$ssh2$SSH2AuthGSS == null) {
                cls = class$("com.mindbright.ssh2.SSH2AuthGSS");
                class$com$mindbright$ssh2$SSH2AuthGSS = cls;
            } else {
                cls = class$com$mindbright$ssh2$SSH2AuthGSS;
            }
            System.setProperty("java.security.auth.login.config", cls.getClassLoader().getResource("defaults/jaas.conf").toExternalForm());
        } catch (Throwable th3) {
            th3.printStackTrace();
        }
    }

    @Override // com.mindbright.ssh2.SSH2AuthModule
    public String getStandardName() {
        return STANDARD_NAME;
    }

    @Override // java.security.PrivilegedAction
    public Object run() {
        String str;
        SSH2TransportPDU createOutgoingPacket;
        try {
            if (this.dodispose) {
                this.gssctx.dispose();
                this.dodispose = false;
                return null;
            }
            if (this.gssctx == null) {
                GSSManager gSSManager = GSSManager.getInstance();
                String property = System.getProperty("java.security.krb5.realm");
                if (property != null && !property.equals("")) {
                    property = new StringBuffer().append("@").append(property.toUpperCase()).toString();
                }
                GSSName createName = gSSManager.createName(new StringBuffer().append(this.userauth.user).append(property != null ? property : "").toString(), (Oid) null);
                GSSName createName2 = gSSManager.createName(new StringBuffer().append("host/").append(this.host).append(property != null ? property : "").toString(), (Oid) null);
                this.log.debug2("SSH2AuthGSS", "run", new StringBuffer().append("  userName: ").append(createName).toString());
                this.log.debug2("SSH2AuthGSS", "run", new StringBuffer().append("serverName: ").append(createName2).toString());
                this.gssctx = gSSManager.createContext(createName2, OID_KRBv5, gSSManager.createCredential(createName, 0, OID_KRBv5, 1), 0);
                this.gssctx.requestInteg(true);
                this.gssctx.requestCredDeleg(true);
                this.gssctx.requestMutualAuth(true);
                this.gssctx.requestReplayDet(false);
                this.gssctx.requestSequenceDet(false);
            }
            if (!this.gssctx.isEstablished()) {
                if (this.token == null) {
                    this.token = new byte[0];
                }
                this.token = this.gssctx.initSecContext(this.token, 0, this.token.length);
                if (this.token != null) {
                    SSH2TransportPDU createOutgoingPacket2 = SSH2TransportPDU.createOutgoingPacket(61);
                    createOutgoingPacket2.writeString(this.token);
                    if (!this.gssctx.isEstablished()) {
                        return createOutgoingPacket2;
                    }
                    this.userauth.getTransport().transmit(createOutgoingPacket2);
                } else if (!this.gssctx.isEstablished()) {
                    this.gssctx.dispose();
                    this.gssctx = null;
                    this.loginctx = null;
                    this.saved_exc = new SSH2FatalException("GSS API authentication - failed to initialize token");
                    return null;
                }
            }
            if (this.gssctx.getIntegState()) {
                SSH2DataBuffer sSH2DataBuffer = new SSH2DataBuffer(128);
                sSH2DataBuffer.writeRaw(this.userauth.getTransport().getSessionId());
                sSH2DataBuffer.writeByte(50);
                sSH2DataBuffer.writeString(this.userauth.user);
                sSH2DataBuffer.writeString("ssh-connection");
                sSH2DataBuffer.writeString(STANDARD_NAME);
                createOutgoingPacket = SSH2TransportPDU.createOutgoingPacket(66);
                createOutgoingPacket.writeString(this.gssctx.getMIC(sSH2DataBuffer.getData(), 0, sSH2DataBuffer.getWPos(), new MessageProp(0, true)));
            } else {
                createOutgoingPacket = SSH2TransportPDU.createOutgoingPacket(63);
            }
            this.gssctx.dispose();
            this.gssctx = null;
            this.loginctx = null;
            return createOutgoingPacket;
        } catch (GSSException e) {
            e.printStackTrace();
            str = "failed to initialize GSS context";
            this.saved_exc = new SSH2FatalException(this.dnsfail != null ? new StringBuffer().append(str).append("\nThis could be because DNS lookup failed for ").append(this.dnsfail).toString() : "failed to initialize GSS context");
            if (this.gssctx != null) {
                try {
                    this.gssctx.dispose();
                } catch (Throwable th) {
                }
            }
            this.gssctx = null;
            this.loginctx = null;
            return null;
        }
    }

    @Override // com.mindbright.ssh2.SSH2AuthModule
    public SSH2TransportPDU processMethodMessage(SSH2UserAuth sSH2UserAuth, SSH2TransportPDU sSH2TransportPDU) throws SSH2Exception {
        this.saved_exc = null;
        this.log.debug2("SSH2AuthGSS", "processMethodMessage", new StringBuffer().append("processing ").append(sSH2TransportPDU.getType()).toString());
        switch (sSH2TransportPDU.getType()) {
            case 60:
                try {
                    byte[] readString = sSH2TransportPDU.readString();
                    if (readString != null && Arrays.equals(readString, OID_KRBv5.getDER())) {
                        try {
                            this.loginctx = new LoginContext(SSH2.PKG_NAME);
                            this.loginctx.login();
                        } catch (Exception e) {
                            e.printStackTrace();
                        }
                        this.userauth = sSH2UserAuth;
                        sSH2TransportPDU = (SSH2TransportPDU) Subject.doAs(this.loginctx.getSubject(), this);
                        break;
                    } else {
                        throw new SSH2FatalException("GSS API authentication - received unexpected OID");
                    }
                } catch (SSH2FatalException e2) {
                    this.loginctx = null;
                    this.gssctx = null;
                    this.saved_exc = e2;
                    break;
                } catch (Throwable th) {
                    this.loginctx = null;
                    this.gssctx = null;
                    th.printStackTrace();
                    throw new SSH2FatalException("GSS API authentication - failed to initialize GSS context");
                }
            case 61:
            case 65:
                this.token = sSH2TransportPDU.readString();
                this.userauth = sSH2UserAuth;
                sSH2TransportPDU = (SSH2TransportPDU) Subject.doAs(this.loginctx.getSubject(), this);
                break;
            case TerminalXTerm.CASE_LS1R /* 62 */:
            case 63:
            default:
                this.log.warning("SSH2AuthGSS", new StringBuffer().append("received unexpected packet of type: ").append(sSH2TransportPDU.getType()).toString());
                SSH2TransportPDU sSH2TransportPDU2 = null;
                throw new SSH2FatalException(new StringBuffer().append("SSH2AuthGSS: got unexpected packet of type: ").append(sSH2TransportPDU2.getType()).toString());
            case 64:
                this.dodispose = true;
                Subject.doAs(this.loginctx.getSubject(), this);
                this.gssctx = null;
                this.loginctx = null;
                throw new SSH2FatalException("GSS API authentication failed");
        }
        if (this.saved_exc != null) {
            throw this.saved_exc;
        }
        return sSH2TransportPDU;
    }

    @Override // com.mindbright.ssh2.SSH2AuthModule
    public SSH2TransportPDU startAuthentication(SSH2UserAuth sSH2UserAuth) throws SSH2Exception {
        try {
            this.userauth = sSH2UserAuth;
            init();
            this.log.debug("SSH2AuthGSS", "Starting Kerberos authentication");
            this.log.debug("SSH2AuthGSS", new StringBuffer().append("  realm: ").append(this.realm).toString());
            this.log.debug("SSH2AuthGSS", new StringBuffer().append("    kdc: ").append(this.kdc).toString());
            return createRequest(sSH2UserAuth);
        } catch (Throwable th) {
            th.printStackTrace();
            throw new SSH2FatalException(new StringBuffer().append("SSH2AuthGSS: got exception: ").append(th).toString());
        }
    }

    private SSH2TransportPDU createRequest(SSH2UserAuth sSH2UserAuth) throws IOException, GSSException {
        SSH2TransportPDU createUserAuthRequest = sSH2UserAuth.createUserAuthRequest(STANDARD_NAME);
        createUserAuthRequest.writeInt(1);
        createUserAuthRequest.writeString(OID_KRBv5.getDER());
        return createUserAuthRequest;
    }

    @Override // com.mindbright.ssh2.SSH2AuthModule
    public void clearSensitiveData() {
        this.gssctx = null;
        this.loginctx = null;
        this.username = null;
    }

    @Override // com.mindbright.ssh2.SSH2AuthModule
    public boolean retryPointless() {
        return true;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
