package com.microsoft.sqlserver.jdbc;

import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:addressbookconnector-2.11.17-jar-with-dependencies.jar:com/microsoft/sqlserver/jdbc/KerbAuthentication.class
 */
/* loaded from: input_file:res/a1393725-6522-484b-a808-5a4396d6cacf.jar:com/microsoft/sqlserver/jdbc/KerbAuthentication.class */
public final class KerbAuthentication extends SSPIAuthentication {
    private static final String CONFIGNAME = "SQLJDBCDriver";
    private static final Logger authLogger = Logger.getLogger("com.microsoft.sqlserver.jdbc.internals.KerbAuthentication");
    private final SQLServerConnection con;
    private final String spn;
    private final GSSManager manager = GSSManager.getInstance();
    private LoginContext lc = null;
    private GSSCredential peerCredentials = null;
    private GSSContext peerContext = null;

    private void intAuthInit() throws SQLServerException {
        try {
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            Subject subject = null;
            try {
                subject = Subject.getSubject(AccessController.getContext());
                if (null == subject) {
                    this.lc = new LoginContext(CONFIGNAME);
                    this.lc.login();
                    subject = this.lc.getSubject();
                }
            } catch (LoginException e) {
                this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e);
            }
            GSSName createName = this.manager.createName(this.spn, (Oid) null);
            if (authLogger.isLoggable(Level.FINER)) {
                authLogger.finer(toString() + " Getting client credentials");
            }
            this.peerCredentials = getClientCredential(subject, this.manager, oid);
            if (authLogger.isLoggable(Level.FINER)) {
                authLogger.finer(toString() + " creating security context");
            }
            this.peerContext = this.manager.createContext(createName, oid, this.peerCredentials, 0);
            this.peerContext.requestCredDeleg(true);
            this.peerContext.requestMutualAuth(true);
            this.peerContext.requestInteg(true);
        } catch (PrivilegedActionException e2) {
            authLogger.finer(toString() + "initAuthInit failed privileged exception:-" + e2);
            this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e2);
        } catch (GSSException e3) {
            authLogger.finer(toString() + "initAuthInit failed GSSException:-" + e3);
            this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e3);
        }
    }

    private static GSSCredential getClientCredential(Subject subject, final GSSManager gSSManager, final Oid oid) throws PrivilegedActionException {
        return (GSSCredential) Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() { // from class: com.microsoft.sqlserver.jdbc.KerbAuthentication.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public GSSCredential run() throws GSSException {
                return gSSManager.createCredential((GSSName) null, 0, oid, 1);
            }
        });
    }

    private byte[] intAuthHandShake(byte[] bArr, boolean[] zArr) throws SQLServerException {
        try {
            if (authLogger.isLoggable(Level.FINER)) {
                authLogger.finer(toString() + " Sending token to server over secure context");
            }
            byte[] initSecContext = this.peerContext.initSecContext(bArr, 0, bArr.length);
            if (this.peerContext.isEstablished()) {
                zArr[0] = true;
                if (authLogger.isLoggable(Level.FINER)) {
                    authLogger.finer(toString() + "Authentication done.");
                }
            } else if (null == initSecContext) {
                authLogger.info(toString() + "byteToken is null in initSecContext.");
                this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"));
            }
            return initSecContext;
        } catch (GSSException e) {
            authLogger.finer(toString() + "initSecContext Failed :-" + e);
            this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e);
            return null;
        }
    }

    private String makeSpn(String str, int i) throws SQLServerException {
        if (authLogger.isLoggable(Level.FINER)) {
            authLogger.finer(toString() + " Server: " + str + " port: " + i);
        }
        String str2 = "MSSQLSvc/" + str + ":" + i;
        if (authLogger.isLoggable(Level.FINER)) {
            authLogger.finer(toString() + " SPN: " + str2);
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerbAuthentication(SQLServerConnection sQLServerConnection, String str, int i) throws SQLServerException {
        this.con = sQLServerConnection;
        this.spn = makeSpn(str, i);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.sqlserver.jdbc.SSPIAuthentication
    public byte[] GenerateClientContext(byte[] bArr, boolean[] zArr) throws SQLServerException {
        if (null == this.peerContext) {
            intAuthInit();
        }
        return intAuthHandShake(bArr, zArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.sqlserver.jdbc.SSPIAuthentication
    public int ReleaseClientContext() throws SQLServerException {
        try {
            if (null != this.peerCredentials) {
                this.peerCredentials.dispose();
            }
            if (null != this.peerContext) {
                this.peerContext.dispose();
            }
            if (null != this.lc) {
                this.lc.logout();
            }
            return 0;
        } catch (LoginException e) {
            authLogger.fine(toString() + " Release of the credentials failed LoginException: " + e);
            return 0;
        } catch (GSSException e2) {
            authLogger.fine(toString() + " Release of the credentials failed GSSException: " + e2);
            return 0;
        }
    }

    static {
        new Configuration() { // from class: com.microsoft.sqlserver.jdbc.KerbAuthentication.1SQLJDBCDriverConfig
            Configuration current;
            AppConfigurationEntry[] driverConf;

            {
                AppConfigurationEntry appConfigurationEntry;
                this.current = null;
                try {
                    this.current = Configuration.getConfiguration();
                } catch (SecurityException e) {
                    KerbAuthentication.authLogger.finer(toString() + " No configurations provided, setting driver default");
                }
                if (null == (null != this.current ? this.current.getAppConfigurationEntry(KerbAuthentication.CONFIGNAME) : null)) {
                    if (KerbAuthentication.authLogger.isLoggable(Level.FINER)) {
                        KerbAuthentication.authLogger.finer(toString() + " SQLJDBCDriver configuration entry is not provided, setting driver default");
                    }
                    if (Util.isIBM()) {
                        HashMap hashMap = new HashMap();
                        hashMap.put("useDefaultCcache", "true");
                        hashMap.put("moduleBanner", "false");
                        appConfigurationEntry = new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
                        if (KerbAuthentication.authLogger.isLoggable(Level.FINER)) {
                            KerbAuthentication.authLogger.finer(toString() + " Setting IBM Krb5LoginModule");
                        }
                    } else {
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("useTicketCache", "true");
                        hashMap2.put("doNotPrompt", "true");
                        appConfigurationEntry = new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap2);
                        if (KerbAuthentication.authLogger.isLoggable(Level.FINER)) {
                            KerbAuthentication.authLogger.finer(toString() + " Setting Sun Krb5LoginModule");
                        }
                    }
                    this.driverConf = new AppConfigurationEntry[1];
                    this.driverConf[0] = appConfigurationEntry;
                    Configuration.setConfiguration(this);
                }
            }

            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                if (str.equals(KerbAuthentication.CONFIGNAME)) {
                    return this.driverConf;
                }
                if (null != this.current) {
                    return this.current.getAppConfigurationEntry(str);
                }
                return null;
            }

            public void refresh() {
                if (null != this.current) {
                    this.current.refresh();
                }
            }
        };
    }
}
