package edu.umich.auth.cosign;

import edu.umich.auth.cosign.pool.CosignConnection;
import edu.umich.auth.cosign.pool.CosignConnectionList;
import edu.umich.auth.cosign.pool.CosignConnectionPool;
import edu.umich.auth.cosign.util.FactorInputCallBack;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/umich/auth/cosign/CosignLoginModule.class */
public class CosignLoginModule implements LoginModule {
    public static final String COSIGN_CONFIG_FILE_OPTION = "cosignConfigFile";
    public static final String COSIGN_FINE_CONFIG_FILE_OPTION = "cosignFineConfigFile";
    public static final String COOKIE_NAME_IN_CODE = "CosignGetCookieName";
    public static final String COOKIE_VALUE_IN_CODE = "CosignGetCookieValue";
    public static final String IP_ADDR_IN_CODE = "CosignGetIpAddr";
    public static final String PROXY_IN_CODE = "CosignGetProxy";
    private Subject subject;
    private Log log;
    static Class class$edu$umich$auth$cosign$CosignLoginModule;
    private boolean initError = false;
    private boolean cosignServerCheckSkipped = false;
    private CallbackHandler callbackHandler = null;
    private CosignPrincipal userPrincipal = null;
    private CosignPrincipal serverPrincipal = null;
    private int cosignCode = -1;
    private TextInputCallback cookieNameIn = new TextInputCallback(COOKIE_NAME_IN_CODE);
    private TextInputCallback cookieValueIn = new TextInputCallback(COOKIE_VALUE_IN_CODE);
    private TextInputCallback ipAddrIn = new TextInputCallback(IP_ADDR_IN_CODE);
    private TextInputCallback proxyValueIn = new TextInputCallback(PROXY_IN_CODE);
    private FactorInputCallBack factorsCb = new FactorInputCallBack();

    public CosignLoginModule() {
        Class cls;
        if (class$edu$umich$auth$cosign$CosignLoginModule == null) {
            cls = class$("edu.umich.auth.cosign.CosignLoginModule");
            class$edu$umich$auth$cosign$CosignLoginModule = cls;
        } else {
            cls = class$edu$umich$auth$cosign$CosignLoginModule;
        }
        this.log = LogFactory.getLog(cls);
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map map, Map map2) {
        if (callbackHandler != null) {
            this.callbackHandler = callbackHandler;
            this.initError = false;
        } else {
            this.initError = true;
        }
        this.subject = subject;
    }

    public boolean login() throws LoginException {
        if (!CosignConfig.INSTANCE.isConfigValid()) {
            throw new LoginException("Initialization Error: Invalid configuration state.");
        }
        if (this.initError) {
            throw new LoginException("Initialization Error: CallbackHandler required.");
        }
        try {
            this.callbackHandler.handle(new Callback[]{this.cookieNameIn, this.cookieValueIn, this.ipAddrIn, this.proxyValueIn, this.factorsCb});
            String text = this.cookieNameIn.getText();
            String text2 = this.cookieValueIn.getText();
            String text3 = this.ipAddrIn.getText();
            String text4 = this.proxyValueIn.getText();
            CosignCookie parseCosignCookie = CosignCookie.parseCosignCookie(text2);
            if (parseCosignCookie == null) {
                throw new FailedLoginException("The client's service cookie does not exist or is not valid.");
            }
            if (System.currentTimeMillis() - parseCosignCookie.getTimestamp() >= ((Integer) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.COOKIE_EXPIRE_SECS)).intValue() * 1000) {
                throw new FailedLoginException("The client's service cookie has expired.");
            }
            Iterator<Principal> it = this.subject.getPrincipals().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal next = it.next();
                if (next instanceof CosignPrincipal) {
                    this.userPrincipal = (CosignPrincipal) next;
                    break;
                }
            }
            boolean booleanValue = ((Boolean) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.CHECK_CLIENT_IP)).booleanValue();
            if (this.userPrincipal != null) {
                if (booleanValue && !text3.equals(this.userPrincipal.getAddress())) {
                    throw new FailedLoginException("The client's IP address has changed.");
                }
                if (System.currentTimeMillis() - this.userPrincipal.getTimestamp() < ((Integer) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.COOKIE_CACHE_EXPIRE_SECS)).intValue() * 1000) {
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("The client's cookie is still cached ... not performing validation.");
                    }
                    this.cosignServerCheckSkipped = true;
                    return true;
                }
            }
            try {
                CosignConnectionList borrowCosignConnectionList = CosignConnectionPool.INSTANCE.borrowCosignConnectionList();
                String checkCookie = borrowCosignConnectionList.checkCookie(text, parseCosignCookie.getNonce());
                this.cosignCode = CosignConnection.convertResponseToCode(checkCookie);
                try {
                    CosignConnectionPool.INSTANCE.returnCosignConnectionList(borrowCosignConnectionList);
                } catch (Exception e) {
                    this.log.error("Failed to return cosign connections to pool.");
                }
                if (checkCookie == null) {
                    throw new LoginException("No cosignd servers available for authentication.");
                }
                if (this.cosignCode != 2) {
                    throw new FailedLoginException("User not authenticated to Cosign.");
                }
                try {
                    this.serverPrincipal = new CosignPrincipal(checkCookie);
                    if (this.factorsCb.getFactors() != null && !checkServiceFactors(this.factorsCb.getFactors(), this.serverPrincipal)) {
                        throw new FailedLoginException("All factors for service have not been satisfied");
                    }
                    if (this.userPrincipal != null) {
                        if (booleanValue && !this.serverPrincipal.getAddress().equals(this.userPrincipal.getAddress())) {
                            throw new FailedLoginException("Server and client disagree about client's IP address");
                        }
                        if (!this.serverPrincipal.getName().equals(this.userPrincipal.getName())) {
                            throw new FailedLoginException("Server and client disagree about client's name");
                        }
                        if (!this.serverPrincipal.getRealm().equals(this.userPrincipal.getRealm())) {
                            this.log.info("Server and client disagree about client's realm");
                        }
                    }
                    if (((Boolean) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.KERBEROS_GET_TICKETS)).booleanValue()) {
                        try {
                            if (getKerbTgtTicket(text, parseCosignCookie)) {
                            }
                        } catch (Exception e2) {
                        }
                    }
                    if (!text4.equalsIgnoreCase("true")) {
                        return true;
                    }
                    try {
                        getCosignProxyTickets(text, parseCosignCookie);
                        return true;
                    } catch (Exception e3) {
                        return true;
                    }
                } catch (Exception e4) {
                    throw new FailedLoginException("Cosignd server returned invalid response.");
                }
            } catch (Exception e5) {
                throw new LoginException("Failed to borrow cosign connections from pool.");
            }
        } catch (Exception e6) {
            throw new LoginException("Callback handler does not have the proper information, or could not be accessed.");
        }
    }

    public boolean commit() throws LoginException {
        if (this.cosignServerCheckSkipped) {
            return true;
        }
        if (this.cosignCode != 2 || this.serverPrincipal == null) {
            throw new IllegalStateException();
        }
        if (this.userPrincipal == null) {
            this.userPrincipal = new CosignPrincipal();
            this.subject.getPrincipals().add(this.userPrincipal);
        }
        this.userPrincipal.setAddress(this.serverPrincipal.getAddress());
        this.userPrincipal.setName(this.serverPrincipal.getName());
        this.userPrincipal.setRealm(this.serverPrincipal.getRealm());
        this.userPrincipal.setTimestamp(this.serverPrincipal.getTimestamp());
        this.userPrincipal.setFactors(this.serverPrincipal.getFactors());
        return true;
    }

    public boolean abort() throws LoginException {
        this.userPrincipal = null;
        this.serverPrincipal = null;
        this.cosignCode = -1;
        this.cosignServerCheckSkipped = false;
        return true;
    }

    public boolean logout() throws LoginException {
        throw new LoginException("Method not supported.");
    }

    public boolean checkServiceFactors(Vector vector, CosignPrincipal cosignPrincipal) {
        String str = (String) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.COSIGN_FACTOR_SUFFIX_IGNORE);
        String str2 = (String) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.COSIGN_FACTOR_SUFFIX);
        Boolean bool = new Boolean(str);
        if (vector.size() <= 0) {
            return true;
        }
        Enumeration elements = vector.elements();
        while (elements.hasMoreElements()) {
            String str3 = (String) elements.nextElement();
            Enumeration elements2 = cosignPrincipal.getFactors().elements();
            boolean z = false;
            while (elements2.hasMoreElements()) {
                if (str3.equalsIgnoreCase(stripIgnoreFactor((String) elements2.nextElement(), bool.booleanValue(), str2))) {
                    z = true;
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    private String stripIgnoreFactor(String str, boolean z, String str2) {
        if (z && str2 != null && str.endsWith(str2)) {
            return str.substring(0, str.indexOf(str2));
        }
        return str;
    }

    private boolean getKerbTgtTicket(String str, CosignCookie cosignCookie) throws Exception {
        KerberosPrincipal kerberosPrincipal = null;
        try {
            int i = 0;
            Iterator<Principal> it = this.subject.getPrincipals().iterator();
            this.log.info("going into iterator");
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                i++;
                KerberosPrincipal next = it.next();
                this.log.info(new StringBuffer().append("object connical name is: ").append(next.getClass().getName()).toString());
                if (next instanceof KerberosPrincipal) {
                    kerberosPrincipal = next;
                    this.log.info("kerb principle found");
                    break;
                }
            }
            this.log.info(new StringBuffer().append("Kerberos iterator count: ").append(i).toString());
            if (kerberosPrincipal != null) {
                return true;
            }
            try {
                CosignConnectionList borrowCosignConnectionList = CosignConnectionPool.INSTANCE.borrowCosignConnectionList();
                try {
                    String retreiveTGT = borrowCosignConnectionList.retreiveTGT(str, cosignCookie.getNonce(), this.subject, this.serverPrincipal);
                    try {
                        CosignConnectionPool.INSTANCE.returnCosignConnectionList(borrowCosignConnectionList);
                    } catch (Exception e) {
                        this.log.error("Failed to return cosign connections to pool.");
                    }
                    this.cosignCode = CosignConnection.convertResponseToCode(retreiveTGT);
                    if (retreiveTGT == null) {
                        throw new LoginException("No cosignd servers available for authentication.");
                    }
                    if (this.cosignCode != 2) {
                        throw new FailedLoginException("User not authenticated to Cosign.");
                    }
                    return true;
                } catch (Exception e2) {
                    throw new FailedLoginException("Cosignd server failed kerberos tgt.");
                }
            } catch (Exception e3) {
                throw new LoginException("Failed to borrow cosign connections from pool.");
            }
        } catch (Exception e4) {
            throw new LoginException(new StringBuffer().append("Failed to collect kerberos credentials. ").append(e4.getMessage()).toString());
        }
    }

    private boolean getCosignProxyTickets(String str, CosignCookie cosignCookie) throws Exception {
        try {
            CosignConnectionList borrowCosignConnectionList = CosignConnectionPool.INSTANCE.borrowCosignConnectionList();
            try {
                String retreiveProxyCookie = borrowCosignConnectionList.retreiveProxyCookie(str, cosignCookie.getNonce(), this.subject, this.serverPrincipal);
                try {
                    CosignConnectionPool.INSTANCE.returnCosignConnectionList(borrowCosignConnectionList);
                } catch (Exception e) {
                    this.log.error("Failed to return cosign connections to pool.");
                }
                this.cosignCode = CosignConnection.convertResponseToCode(retreiveProxyCookie);
                if (retreiveProxyCookie == null) {
                    throw new LoginException("No cosignd servers available for authentication.");
                }
                if (this.cosignCode != 2) {
                    throw new FailedLoginException("User not authenticated to Cosign.");
                }
                return true;
            } catch (Exception e2) {
                throw new FailedLoginException("Cosignd server failed cookie proxies.");
            }
        } catch (Exception e3) {
            throw new LoginException("Failed to borrow cosign connections from pool.");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
