package org.pentaho.di.core.auth.kerberos;

import com.sun.security.auth.module.Krb5LoginModule;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:WEB-INF/lib/kettle-engine-6.1.0.1-196.jar:org/pentaho/di/core/auth/kerberos/KerberosUtil.class */
public class KerberosUtil {
    public static final String KERBEROS_APP_NAME = "pentaho";
    public static final String PENTAHO_JAAS_DEBUG = "PENTAHO_JAAS_DEBUG";
    public static final Map<String, String> LOGIN_CONFIG_BASE = createLoginConfigBaseMap();
    private static final Map<String, String> LOGIN_CONFIG_OPTS_KERBEROS_USER = getLoginConfigOptsKerberosUser();
    private static final Map<String, String> LOGIN_CONFIG_OPTS_KERBEROS_USER_NOPASS = getLoginConfigOptsKerberosNoPassword();
    public static final Map<String, String> LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB = createLoginConfigOptsKerberosKeytabMap();

    /* loaded from: input_file:WEB-INF/lib/kettle-engine-6.1.0.1-196.jar:org/pentaho/di/core/auth/kerberos/KerberosUtil$PentahoLoginConfiguration.class */
    public static class PentahoLoginConfiguration extends Configuration {
        private AppConfigurationEntry[] entries;

        public PentahoLoginConfiguration(AppConfigurationEntry[] appConfigurationEntryArr) {
            if (appConfigurationEntryArr == null) {
                throw new NullPointerException("AppConfigurationEntry[] is required");
            }
            this.entries = appConfigurationEntryArr;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            return this.entries;
        }
    }

    private static Map<String, String> createLoginConfigBaseMap() {
        HashMap hashMap = new HashMap();
        if (Boolean.parseBoolean(System.getenv(PENTAHO_JAAS_DEBUG))) {
            hashMap.put("debug", Boolean.TRUE.toString());
        }
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, String> getLoginConfigOptsKerberosUser() {
        HashMap hashMap = new HashMap(LOGIN_CONFIG_BASE);
        hashMap.put("useTicketCache", Boolean.FALSE.toString());
        hashMap.put("renewTGT", Boolean.FALSE.toString());
        return Collections.unmodifiableMap(hashMap);
    }

    private static Map<String, String> getLoginConfigOptsKerberosNoPassword() {
        HashMap hashMap = new HashMap(LOGIN_CONFIG_OPTS_KERBEROS_USER);
        hashMap.put("useTicketCache", Boolean.TRUE.toString());
        hashMap.put("renewTGT", Boolean.TRUE.toString());
        hashMap.put("doNotPrompt", Boolean.TRUE.toString());
        return hashMap;
    }

    private static Map<String, String> createLoginConfigOptsKerberosKeytabMap() {
        HashMap hashMap = new HashMap(LOGIN_CONFIG_BASE);
        hashMap.put("doNotPrompt", Boolean.TRUE.toString());
        hashMap.put("useKeyTab", Boolean.TRUE.toString());
        hashMap.put("storeKey", Boolean.TRUE.toString());
        hashMap.put("refreshKrb5Config", Boolean.TRUE.toString());
        return Collections.unmodifiableMap(hashMap);
    }

    public LoginContext getLoginContextFromKeytab(String str, String str2) throws LoginException {
        HashMap hashMap = new HashMap(LOGIN_CONFIG_OPTS_KERBEROS_KEYTAB);
        hashMap.put("keyTab", str2);
        hashMap.put("principal", str);
        return new LoginContext("pentaho", new Subject(), (CallbackHandler) null, new PentahoLoginConfiguration(new AppConfigurationEntry[]{new AppConfigurationEntry(Krb5LoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)}));
    }

    public LoginContext getLoginContextFromUsernamePassword(final String str, final String str2) throws LoginException {
        HashMap hashMap = new HashMap(LOGIN_CONFIG_OPTS_KERBEROS_USER);
        hashMap.put("principal", str);
        return new LoginContext("pentaho", new Subject(), new CallbackHandler() { // from class: org.pentaho.di.core.auth.kerberos.KerberosUtil.1
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                for (Callback callback : callbackArr) {
                    if (callback instanceof NameCallback) {
                        ((NameCallback) callback).setName(str);
                    } else {
                        if (!(callback instanceof PasswordCallback)) {
                            throw new UnsupportedCallbackException(callback);
                        }
                        ((PasswordCallback) callback).setPassword(str2.toCharArray());
                    }
                }
            }
        }, new PentahoLoginConfiguration(new AppConfigurationEntry[]{new AppConfigurationEntry(Krb5LoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)}));
    }

    public LoginContext getLoginContextFromKerberosCache(String str) throws LoginException {
        HashMap hashMap = new HashMap(LOGIN_CONFIG_OPTS_KERBEROS_USER_NOPASS);
        hashMap.put("principal", str);
        return new LoginContext("pentaho", new Subject(), (CallbackHandler) null, new PentahoLoginConfiguration(new AppConfigurationEntry[]{new AppConfigurationEntry(Krb5LoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)}));
    }
}
