package org.gephi.com.microsoft.sqlserver.jdbc;

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import org.gephi.java.lang.Object;
import org.gephi.java.lang.String;
import org.gephi.java.lang.invoke.StringConcatFactory;
import org.gephi.java.security.AccessController;
import org.gephi.java.security.PrivilegedActionException;
import org.gephi.java.security.PrivilegedExceptionAction;
import org.gephi.java.text.MessageFormat;
import org.gephi.java.util.logging.Level;
import org.gephi.java.util.logging.Logger;
import org.gephi.javax.security.auth.Subject;
import org.gephi.javax.security.auth.login.Configuration;
import org.gephi.javax.security.auth.login.LoginContext;
import org.gephi.javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/gephi/com/microsoft/sqlserver/jdbc/KerbAuthentication.class */
public final class KerbAuthentication extends SSPIAuthentication {
    private static final Logger authLogger = Logger.getLogger("org.gephi.com.microsoft.sqlserver.jdbc.internals.KerbAuthentication");
    private final SQLServerConnection con;
    private final String spn;
    private final GSSManager manager;
    private LoginContext lc;
    private boolean isUserCreatedCredential;
    private GSSCredential peerCredentials;
    private GSSContext peerContext;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.gephi.com.microsoft.sqlserver.jdbc.KerbAuthentication$1, reason: invalid class name */
    /* loaded from: input_file:org/gephi/com/microsoft/sqlserver/jdbc/KerbAuthentication$1.class */
    public class AnonymousClass1 extends Object implements PrivilegedExceptionAction<GSSCredential> {
        final /* synthetic */ GSSManager val$gssManager;
        final /* synthetic */ Oid val$kerboid;

        AnonymousClass1(GSSManager gSSManager, Oid oid) {
            this.val$gssManager = gSSManager;
            this.val$kerboid = oid;
        }

        /* renamed from: run, reason: merged with bridge method [inline-methods] */
        public GSSCredential m5611run() throws GSSException {
            return this.val$gssManager.createCredential((GSSName) null, 0, this.val$kerboid, 1);
        }
    }

    private void intAuthInit() throws SQLServerException {
        try {
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            GSSName createName = this.manager.createName(this.spn, (Oid) null);
            if (null != this.peerCredentials) {
                this.peerContext = this.manager.createContext(createName, oid, this.peerCredentials, 0);
                this.peerContext.requestCredDeleg(false);
                this.peerContext.requestMutualAuth(true);
                this.peerContext.requestInteg(true);
            } else {
                String property = this.con.activeConnectionProperties.getProperty(SQLServerDriverStringProperty.JAAS_CONFIG_NAME.toString(), SQLServerDriverStringProperty.JAAS_CONFIG_NAME.getDefaultValue());
                KerbCallback kerbCallback = new KerbCallback(this.con);
                try {
                    Subject subject = Subject.getSubject(AccessController.getContext());
                    if (null == subject) {
                        this.lc = new LoginContext(property, kerbCallback);
                        this.lc.login();
                        subject = this.lc.getSubject();
                    }
                    if (authLogger.isLoggable(Level.FINER)) {
                        authLogger.finer((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class), "\u0001 Getting client credentials").dynamicInvoker().invoke(toString()) /* invoke-custom */);
                    }
                    this.peerCredentials = getClientCredential(subject, this.manager, oid);
                    if (authLogger.isLoggable(Level.FINER)) {
                        authLogger.finer((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class), "\u0001 creating security context").dynamicInvoker().invoke(toString()) /* invoke-custom */);
                    }
                    this.peerContext = this.manager.createContext(createName, oid, this.peerCredentials, 0);
                    this.peerContext.requestCredDeleg(true);
                    this.peerContext.requestMutualAuth(true);
                    this.peerContext.requestInteg(true);
                } catch (LoginException e) {
                    if (authLogger.isLoggable(Level.FINE)) {
                        authLogger.fine((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class, String.class, String.class), "\u0001Failed to login using Kerberos due to \u0001:\u0001").dynamicInvoker().invoke(toString(), e.getClass().getName(), e.getMessage()) /* invoke-custom */);
                    }
                    try {
                        this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e);
                    } catch (SQLServerException e2) {
                        String format = MessageFormat.format(SQLServerException.getErrString("R_kerberosLoginFailed"), new Object[]{e2.getMessage(), e.getClass().getName(), e.getMessage()});
                        if (kerbCallback.getUsernameRequested() != null) {
                            format = MessageFormat.format(SQLServerException.getErrString("R_kerberosLoginFailedForUsername"), new Object[]{kerbCallback.getUsernameRequested(), format});
                        }
                        throw new SQLServerException(format, e2.getSQLState(), 18456, e);
                    }
                }
            }
        } catch (PrivilegedActionException e3) {
            if (authLogger.isLoggable(Level.FINER)) {
                authLogger.finer((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class, PrivilegedActionException.class), "\u0001initAuthInit failed privileged exception:-\u0001").dynamicInvoker().invoke(toString(), e3) /* invoke-custom */);
            }
            this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e3);
        } catch (GSSException e4) {
            if (authLogger.isLoggable(Level.FINER)) {
                authLogger.finer((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class, GSSException.class), "\u0001initAuthInit failed GSSException:-\u0001").dynamicInvoker().invoke(toString(), e4) /* invoke-custom */);
            }
            this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e4);
        }
    }

    private static GSSCredential getClientCredential(Subject subject, GSSManager gSSManager, Oid oid) throws PrivilegedActionException {
        return Subject.doAs(subject, new AnonymousClass1(gSSManager, oid));
    }

    private byte[] intAuthHandShake(byte[] bArr, boolean[] zArr) throws SQLServerException {
        try {
            if (authLogger.isLoggable(Level.FINER)) {
                authLogger.finer((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class), "\u0001 Sending token to server over secure context").dynamicInvoker().invoke(toString()) /* invoke-custom */);
            }
            byte[] initSecContext = this.peerContext.initSecContext(bArr, 0, bArr.length);
            if (this.peerContext.isEstablished()) {
                zArr[0] = true;
                if (authLogger.isLoggable(Level.FINER)) {
                    authLogger.finer((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class), "\u0001Authentication done.").dynamicInvoker().invoke(toString()) /* invoke-custom */);
                }
            } else if (null == initSecContext) {
                if (authLogger.isLoggable(Level.INFO)) {
                    authLogger.info((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class), "\u0001byteToken is null in initSecContext.").dynamicInvoker().invoke(toString()) /* invoke-custom */);
                }
                this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"));
            }
            return initSecContext;
        } catch (GSSException e) {
            if (authLogger.isLoggable(Level.FINER)) {
                authLogger.finer((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class, GSSException.class), "\u0001initSecContext Failed :-\u0001").dynamicInvoker().invoke(toString(), e) /* invoke-custom */);
            }
            this.con.terminate(0, SQLServerException.getErrString("R_integratedAuthenticationFailed"), e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerbAuthentication(SQLServerConnection sQLServerConnection, String string, int i) {
        this.manager = GSSManager.getInstance();
        this.lc = null;
        this.isUserCreatedCredential = false;
        this.peerCredentials = null;
        this.peerContext = null;
        this.con = sQLServerConnection;
        this.spn = null != sQLServerConnection ? getSpn(sQLServerConnection) : null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerbAuthentication(SQLServerConnection sQLServerConnection, String string, int i, GSSCredential gSSCredential, boolean z) {
        this(sQLServerConnection, string, i);
        this.peerCredentials = gSSCredential;
        this.isUserCreatedCredential = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.gephi.com.microsoft.sqlserver.jdbc.SSPIAuthentication
    public byte[] generateClientContext(byte[] bArr, boolean[] zArr) throws SQLServerException {
        if (null == this.peerContext) {
            intAuthInit();
        }
        return intAuthHandShake(bArr, zArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.gephi.com.microsoft.sqlserver.jdbc.SSPIAuthentication
    public void releaseClientContext() {
        try {
            if (null != this.peerCredentials && !this.isUserCreatedCredential) {
                this.peerCredentials.dispose();
            } else if (null != this.peerCredentials && this.isUserCreatedCredential) {
                this.peerCredentials = null;
            }
            if (null != this.peerContext) {
                this.peerContext.dispose();
            }
            if (null != this.lc) {
                this.lc.logout();
            }
        } catch (LoginException e) {
            if (authLogger.isLoggable(Level.FINE)) {
                authLogger.fine((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class, LoginException.class), "\u0001 Release of the credentials failed LoginException: \u0001").dynamicInvoker().invoke(toString(), e) /* invoke-custom */);
            }
        } catch (GSSException e2) {
            if (authLogger.isLoggable(Level.FINE)) {
                authLogger.fine((String) StringConcatFactory.makeConcatWithConstants(MethodHandles.lookup(), "makeConcatWithConstants", MethodType.methodType(String.class, String.class, GSSException.class), "\u0001 Release of the credentials failed GSSException: \u0001").dynamicInvoker().invoke(toString(), e2) /* invoke-custom */);
            }
        }
    }

    static {
        Configuration.setConfiguration(new JaasConfiguration(Configuration.getConfiguration()));
    }
}
