package com.zimbra.cs.account.krb5;

import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.cs.service.admin.DeployZimlet;
import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/zimbra/cs/account/krb5/Krb5Login.class */
public class Krb5Login {
    private static String S_CONFIG_NAME = "krb5";

    /* loaded from: input_file:com/zimbra/cs/account/krb5/Krb5Login$DummyAction.class */
    static class DummyAction implements PrivilegedExceptionAction {
        String mArg;

        DummyAction(String str) {
            this.mArg = str;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            System.out.println("arg is " + this.mArg);
            throw new Exception("exception thrown from run");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/krb5/Krb5Login$DynamicConfiguration.class */
    public static class DynamicConfiguration extends Configuration {
        private String mName;
        private AppConfigurationEntry[] mEntry;

        DynamicConfiguration(String str, AppConfigurationEntry[] appConfigurationEntryArr) {
            this.mName = str;
            this.mEntry = appConfigurationEntryArr;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (str.equals(this.mName)) {
                return this.mEntry;
            }
            return null;
        }

        public void refresh() {
        }
    }

    /* loaded from: input_file:com/zimbra/cs/account/krb5/Krb5Login$Krb5Config.class */
    public static class Krb5Config extends AppConfigurationEntry {
        private Map<String, String> mOptions;
        public static final AppConfigurationEntry.LoginModuleControlFlag DEFAULT_CONTROL_FLAG = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
        private static final String DEFAULT_LOGIN_MODULE_NAME = "com.sun.security.auth.module.Krb5LoginModule";

        private Krb5Config(String str, AppConfigurationEntry.LoginModuleControlFlag loginModuleControlFlag, Map<String, ?> map) {
            super(str, loginModuleControlFlag, map);
        }

        public static Krb5Config getInstance() {
            HashMap hashMap = new HashMap();
            Krb5Config krb5Config = new Krb5Config(DEFAULT_LOGIN_MODULE_NAME, DEFAULT_CONTROL_FLAG, hashMap);
            krb5Config.mOptions = hashMap;
            return krb5Config;
        }

        public Krb5Config setDebug(boolean z) {
            this.mOptions.put("debug", z ? "true" : "false");
            return this;
        }

        public Krb5Config setDoNotPrompt(boolean z) {
            this.mOptions.put("doNotPrompt", z ? "true" : "false");
            return this;
        }

        public Krb5Config setKeyTab(String str) {
            this.mOptions.put("keyTab", str);
            setUseKeyTab(true);
            return this;
        }

        public Krb5Config setPrincipal(String str) {
            this.mOptions.put(DavElements.P_PRINCIPAL, str);
            return this;
        }

        public Krb5Config setStoreKey(boolean z) {
            this.mOptions.put("storeKey", z ? "true" : "false");
            return this;
        }

        public Krb5Config setTicketCache(String str) {
            this.mOptions.put("ticketCache", str);
            setUseTicketCache(true);
            return this;
        }

        public Krb5Config setUseKeyTab(boolean z) {
            this.mOptions.put("useKeyTab", z ? "true" : "false");
            return this;
        }

        public Krb5Config setUseTicketCache(boolean z) {
            this.mOptions.put("useTicketCache", z ? "true" : "false");
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/zimbra/cs/account/krb5/Krb5Login$SearchAction.class */
    public static class SearchAction implements PrivilegedExceptionAction {
        SearchAction() {
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() {
            Hashtable hashtable = new Hashtable(11);
            hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
            hashtable.put("java.naming.provider.url", "ldap://localhost:389/");
            hashtable.put("java.naming.security.authentication", "GSSAPI");
            hashtable.put("javax.security.sasl.qop", "auth-conf");
            DirContext dirContext = null;
            try {
                try {
                    dirContext = new InitialDirContext(hashtable);
                    SearchControls searchControls = new SearchControls();
                    searchControls.setReturningAttributes(new String[]{"displayName", "mail", DavElements.P_DESCRIPTION});
                    NamingEnumeration search = dirContext.search("", "(cn=*)", searchControls);
                    if (dirContext != null) {
                        try {
                            dirContext.close();
                        } catch (Exception e) {
                            System.err.println("error closing Context - " + e.getMessage());
                        }
                    }
                    return search;
                } catch (Exception e2) {
                    e2.printStackTrace();
                    if (dirContext == null) {
                        return null;
                    }
                    try {
                        dirContext.close();
                        return null;
                    } catch (Exception e3) {
                        System.err.println("error closing Context - " + e3.getMessage());
                        return null;
                    }
                }
            } catch (Throwable th) {
                if (dirContext != null) {
                    try {
                        dirContext.close();
                    } catch (Exception e4) {
                        System.err.println("error closing Context - " + e4.getMessage());
                    }
                }
                throw th;
            }
        }
    }

    public static void verifyPassword(String str, String str2) throws LoginException {
        LoginContext loginContext = null;
        try {
            loginContext = withPassword(str, str2);
            loginContext.login();
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e) {
                    ZimbraLog.account.warn("krb5 logout failed", e);
                }
            }
        } catch (Throwable th) {
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e2) {
                    ZimbraLog.account.warn("krb5 logout failed", e2);
                }
            }
            throw th;
        }
    }

    public static void performAs(String str, String str2, PrivilegedExceptionAction privilegedExceptionAction) throws PrivilegedActionException, LoginException {
        LoginContext loginContext = null;
        try {
            loginContext = withKeyTab(str, str2);
            loginContext.login();
            Subject.doAs(loginContext.getSubject(), privilegedExceptionAction);
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e) {
                    ZimbraLog.account.warn("krb5 logout failed", e);
                }
            }
        } catch (Throwable th) {
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e2) {
                    ZimbraLog.account.warn("krb5 logout failed", e2);
                }
            }
            throw th;
        }
    }

    private Krb5Login() {
    }

    public static LoginContext withKeyTab(String str, String str2) throws LoginException {
        Krb5Config krb5Config = Krb5Config.getInstance();
        krb5Config.setPrincipal(str);
        krb5Config.setKeyTab(str2);
        krb5Config.setStoreKey(true);
        krb5Config.setDoNotPrompt(true);
        krb5Config.setUseTicketCache(true);
        return new LoginContext(S_CONFIG_NAME, (Subject) null, (CallbackHandler) null, new DynamicConfiguration(S_CONFIG_NAME, new AppConfigurationEntry[]{krb5Config}));
    }

    public static LoginContext withTicketCache(String str) throws LoginException {
        Krb5Config krb5Config = Krb5Config.getInstance();
        if (str != null) {
            krb5Config.setTicketCache(str);
        } else {
            krb5Config.setUseTicketCache(true);
        }
        return new LoginContext(S_CONFIG_NAME, (Subject) null, (CallbackHandler) null, new DynamicConfiguration(S_CONFIG_NAME, new AppConfigurationEntry[]{krb5Config}));
    }

    public static LoginContext withPassword(String str, final String str2) throws LoginException {
        Krb5Config krb5Config = Krb5Config.getInstance();
        krb5Config.setPrincipal(str);
        krb5Config.setUseTicketCache(false);
        krb5Config.setStoreKey(false);
        return new LoginContext(S_CONFIG_NAME, (Subject) null, new CallbackHandler() { // from class: com.zimbra.cs.account.krb5.Krb5Login.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                for (Callback callback : callbackArr) {
                    if (callback instanceof PasswordCallback) {
                        ((PasswordCallback) callback).setPassword(str2.toCharArray());
                    }
                }
            }
        }, new DynamicConfiguration(S_CONFIG_NAME, new AppConfigurationEntry[]{krb5Config}));
    }

    private static void testPerformAs() {
        try {
            performAs("ldap/phoebe.local@PHOEBE.LOCAL", "/etc/krb5.keytab", new SearchAction());
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            System.out.println("exception msg is: " + exception.getMessage());
            exception.printStackTrace();
        } catch (LoginException e2) {
            e2.printStackTrace();
        }
    }

    public static void main(String[] strArr) throws LoginException {
        testPerformAs();
        System.out.println(DeployZimlet.sSUCCEEDED);
    }
}
