package edu.umich.auth.cosign.pool;

import com.sun.security.auth.callback.TextCallbackHandler;
import com.sun.security.auth.module.Krb5LoginModule;
import edu.umich.auth.cosign.CosignConfig;
import edu.umich.auth.cosign.CosignPrincipal;
import edu.umich.auth.cosign.util.ProxyCookie;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
import java.security.Principal;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.net.ssl.SSLSocket;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/umich/auth/cosign/pool/CosignConnection.class */
public class CosignConnection {
    public static final int COSIGN_CODE_UNKNOWN = -1;
    public static final int COSIGN_USER_AUTHENTICATED = 2;
    public static final int COSIGN_USER_NOT_AUTHENTICATED = 4;
    public static final int COSIGN_SERVER_RETRY = 5;
    private static final int COSIGN_CODE_START = 2;
    private static final int COSIGN_CODE_STOP = 5;
    private final String cosignConId;
    private final String hostAddr;
    private final int port;
    private BufferedReader in;
    private PrintWriter out;
    private SSLSocket ss;
    private BufferedReader sin;
    private PrintWriter sout;
    private float protVersion;
    private Log log;
    static Class class$edu$umich$auth$cosign$pool$CosignConnection;

    public CosignConnection(String str, String str2, int i) throws IOException {
        Class cls;
        if (class$edu$umich$auth$cosign$pool$CosignConnection == null) {
            cls = class$("edu.umich.auth.cosign.pool.CosignConnection");
            class$edu$umich$auth$cosign$pool$CosignConnection = cls;
        } else {
            cls = class$edu$umich$auth$cosign$pool$CosignConnection;
        }
        this.log = LogFactory.getLog(cls);
        this.cosignConId = new StringBuffer().append(str).append(":").append(str2).append(":").append(i).toString();
        this.hostAddr = str2;
        this.port = i;
        init();
    }

    public String getCosignConId() {
        return this.cosignConId;
    }

    public float getProtVersion() {
        return this.protVersion;
    }

    public String getHostAddress() {
        return this.hostAddr;
    }

    public static int convertResponseToCode(String str) {
        if (str == null) {
            return -1;
        }
        try {
            int parseInt = Integer.parseInt(str.substring(0, 1));
            if (parseInt < 2 || parseInt > 5) {
                return -1;
            }
            return parseInt;
        } catch (Exception e) {
            return -1;
        }
    }

    public String checkCookie(String str, String str2) {
        try {
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] CHECK ").append(str).append("=").append(str2).toString());
            }
            this.sout.println(new StringBuffer().append("CHECK ").append(str).append("=").append(str2).toString());
            this.sout.flush();
            String readLine = this.sin.readLine();
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] result CHECK: ").append(readLine).toString());
            }
            return readLine;
        } catch (Exception e) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] failed while validating cookie with cosign server").toString(), e);
            return null;
        }
    }

    public String retrieveTGT(String str, String str2, Subject subject, CosignPrincipal cosignPrincipal) {
        KerberosPrincipal kerberosPrincipal = null;
        try {
            Iterator<Principal> it = subject.getPrincipals().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal next = it.next();
                if (next instanceof KerberosPrincipal) {
                    kerberosPrincipal = (KerberosPrincipal) next;
                    break;
                }
            }
            if (kerberosPrincipal != null) {
                return "240 Kerb creds set";
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(this.ss.getInputStream());
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] RETR ").append(str).append("=").append(str2).append(" tgt").toString());
            }
            this.sout.println(new StringBuffer().append("RETR ").append(str).append("=").append(str2).append(" tgt").toString());
            this.sout.flush();
            byte[] bArr = new byte[1024];
            ArrayList arrayList = new ArrayList();
            int read = bufferedInputStream.read(bArr);
            int i = 0;
            String str3 = new String(bArr, 0, read - 2);
            if (!str3.equalsIgnoreCase("240 retrieving file")) {
                return str3;
            }
            while (read != -1 && read != 0 && read != 3) {
                byte[] bArr2 = new byte[read];
                System.arraycopy(bArr, 0, bArr2, 0, read);
                int i2 = i;
                i++;
                arrayList.add(i2, bArr2);
                bArr = new byte[1024];
                read = bufferedInputStream.read(bArr);
            }
            this.log.info("Retrieved kerberos bytes - next write out tgt");
            File createTempFile = File.createTempFile("temp", ".tmp", new File((String) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.KERBEROS_TICKET_CACHE_DIRECTORY)));
            this.log.info(new StringBuffer().append("Opening file: ").append(createTempFile.getAbsolutePath()).append(" - write out tgt").toString());
            FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
            fileOutputStream.write((byte[]) arrayList.get(2));
            fileOutputStream.flush();
            fileOutputStream.close();
            this.log.info(new StringBuffer().append("closing file : ").append(createTempFile.getAbsolutePath()).append(" - write out tgt").toString());
            System.setProperty("java.security.krb5.conf", (String) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.KERBEROS_KERB5_CONF));
            String stringBuffer = new StringBuffer().append(cosignPrincipal.getName()).append("@").append(cosignPrincipal.getRealm()).toString();
            HashMap hashMap = new HashMap();
            hashMap.put("principal", stringBuffer);
            hashMap.put("useTicketCache", "true");
            hashMap.put("client", "true");
            hashMap.put("debug", ((Boolean) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.KERBEROS_KERB5_DEBUG)).booleanValue() ? "true" : "false");
            hashMap.put("doNotPrompt", "true");
            hashMap.put("ticketCache", createTempFile.getAbsolutePath());
            System.setProperty("useSubjectCredsOnly", "true");
            System.setProperty("sun.security.krb5.debug", ((Boolean) CosignConfig.INSTANCE.getPropertyValue(CosignConfig.KERBEROS_KERB5_DEBUG)).booleanValue() ? "true" : "false");
            this.log.info("Instantiating login module");
            Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
            krb5LoginModule.initialize(subject, new TextCallbackHandler(), new HashMap(), hashMap);
            if (krb5LoginModule.login()) {
                this.log.info("kerberos login ok");
                krb5LoginModule.commit();
                Iterator<Principal> it2 = subject.getPrincipals().iterator();
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    KerberosPrincipal next2 = it2.next();
                    if (next2 instanceof KerberosPrincipal) {
                        kerberosPrincipal = next2;
                        break;
                    }
                }
                if (kerberosPrincipal != null) {
                    return "240 Kerb creds set";
                }
            } else {
                str3 = "449 Bad Ticket";
            }
            if (!createTempFile.delete()) {
            }
            return str3;
        } catch (Exception e) {
            this.log.info(new StringBuffer().append("Exception in kerberos intance: ").append(e.getMessage()).toString());
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] failed while validating cookie with cosign server").toString(), e);
            return null;
        }
    }

    public String retrieveProxyCookies(String str, String str2, Subject subject, CosignPrincipal cosignPrincipal) {
        CosignPrincipal cosignPrincipal2 = null;
        try {
            Iterator<Principal> it = subject.getPrincipals().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Principal next = it.next();
                if (next instanceof CosignPrincipal) {
                    cosignPrincipal2 = (CosignPrincipal) next;
                    break;
                }
            }
            if (cosignPrincipal2 != null) {
                cosignPrincipal2.clearProxyCookies();
            } else {
                cosignPrincipal2 = cosignPrincipal;
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(this.ss.getInputStream());
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] RETR ").append(str).append("=").append(str2).append(" cookies").toString());
            }
            this.sout.println(new StringBuffer().append("RETR ").append(str).append("=").append(str2).append(" cookies").toString());
            this.sout.flush();
            byte[] bArr = new byte[1024];
            ArrayList arrayList = new ArrayList();
            String str3 = new String(bArr, 0, bufferedInputStream.read(bArr) - 2);
            if (!str3.startsWith("241")) {
                return str3;
            }
            while (str3.indexOf("Cookies registered") == -1) {
                arrayList.add(str3);
                cosignPrincipal2.addProxyCookie(new ProxyCookie(str3, str));
                str3 = new String(bArr, 0, bufferedInputStream.read(bArr) - 2);
            }
            return null;
        } catch (Exception e) {
            if (!this.log.isDebugEnabled()) {
                return null;
            }
            this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] failed while validating cookie with cosign server").toString(), e);
            return null;
        }
    }

    public boolean isConnectionValid() {
        try {
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] NOOP").toString());
            }
            this.sout.println("NOOP");
            this.sout.flush();
            String readLine = this.sin.readLine();
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] result NOOP: ").append(readLine).toString());
            }
            return null != readLine;
        } catch (Exception e) {
            if (!this.log.isDebugEnabled()) {
                return false;
            }
            this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("] failed while checking connection to cosign server").toString(), e);
            return false;
        }
    }

    public void close() {
        if (this.log.isDebugEnabled()) {
            this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: hard closing cosign connection").toString());
        }
        try {
            if (null != this.sout) {
                this.sout.close();
            }
            if (null != this.in) {
                this.sin.close();
            }
            if (null != this.out) {
                this.out.close();
            }
            if (null != this.in) {
                this.in.close();
            }
            if (null != this.ss) {
                this.ss.close();
            }
        } catch (Exception e) {
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: failed to close CosignConnection!").toString(), e);
            }
        }
        this.sout = null;
        this.sin = null;
        this.out = null;
        this.in = null;
        this.ss = null;
        this.protVersion = 0.0f;
    }

    private void init() throws IOException {
        try {
            Socket socket = new Socket(this.hostAddr, this.port);
            socket.setSoTimeout(10000);
            socket.setSoLinger(true, 10);
            this.in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
            this.out = new PrintWriter(socket.getOutputStream());
            String readLine = this.in.readLine();
            StringTokenizer stringTokenizer = new StringTokenizer(readLine);
            if (stringTokenizer.hasMoreElements()) {
                try {
                    this.protVersion = new Float((String) stringTokenizer.nextElement()).floatValue();
                } catch (NumberFormatException e) {
                    this.protVersion = 1.0f;
                }
            }
            if (this.protVersion >= 2.0d) {
                CosignConfig.INSTANCE.setServerVersion("2");
            } else {
                CosignConfig.INSTANCE.setServerVersion("1");
            }
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: initializing ...").toString());
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: reading banner!").toString());
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: result: ").append(readLine).toString());
            }
            if (this.protVersion >= 2.0f) {
                this.out.println("STARTTLS 2");
            } else {
                this.out.println("STARTTLS");
            }
            this.out.flush();
            String readLine2 = this.in.readLine();
            if (this.log.isDebugEnabled()) {
                this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: result STARTTLS: ").append(readLine2).toString());
            }
            SSLSocket createSSLSocket = CosignSSLSocketFactory.INSTANCE.createSSLSocket(socket, this.hostAddr, this.port, true);
            if (this.log.isDebugEnabled()) {
                for (String str : createSSLSocket.getEnabledCipherSuites()) {
                    this.log.info(new StringBuffer().append("[").append(this.cosignConId).append("]: enabled Ciper Suite: ").append(str).toString());
                }
            }
            createSSLSocket.startHandshake();
            this.ss = createSSLSocket;
            this.sin = new BufferedReader(new InputStreamReader(createSSLSocket.getInputStream()));
            this.sout = new PrintWriter(createSSLSocket.getOutputStream());
            if (this.protVersion >= 2.0f) {
                String readLine3 = this.sin.readLine();
                if (this.log.isDebugEnabled()) {
                    this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: result 2.0 or greater SSLCONNECT ").append(readLine3).toString());
                }
            }
        } catch (IOException e2) {
            this.log.debug(new StringBuffer().append("[").append(this.cosignConId).append("]: failed to init CosignConnection").toString(), e2);
            throw new IOException("Failed in CosignConnection init()!");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
