package com.tibco.palette.bw6.sharepoint.ws.auth.kerberos;

import com.tibco.palette.bw6.sharepoint.log.LogUtil;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PrivilegedActionException;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.auth.AuthChallengeParser;
import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.commons.httpclient.auth.InvalidCredentialsException;
import org.apache.commons.httpclient.auth.MalformedChallengeException;
import org.apache.commons.httpclient.util.EncodingUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:payload/common/assembly_tibco_com_tibco_bw_sharedresource_sharepoint_model_feature_6.2.100.014.zip:source/plugins/com.tibco.bw.sharedresource.sharepoint.model_6.2.100.012.jar:com/tibco/palette/bw6/sharepoint/ws/auth/kerberos/KerberosScheme.class */
public class KerberosScheme implements AuthScheme {
    private String Kerberoschallenge;
    private static final int UNINITIATED = 0;
    private static final int INITIATED = 1;
    private static final int TYPE2_MSG_RECEIVED = 3;
    private static final int TYPE3_MSG_GENERATED = 4;
    private static final int FAILED = Integer.MAX_VALUE;
    private transient GSSCredential credential;
    private LoginContext loginContext;
    private int state;
    private static final Log LOG = LogFactory.getLog(KerberosScheme.class);
    private static final Lock LOCK = new ReentrantLock();
    private static final byte[] EMPTY_BYTE = new byte[0];

    /* loaded from: input_file:payload/common/assembly_tibco_com_tibco_bw_sharedresource_sharepoint_model_feature_6.2.100.014.zip:source/plugins/com.tibco.bw.sharedresource.sharepoint.model_6.2.100.012.jar:com/tibco/palette/bw6/sharepoint/ws/auth/kerberos/KerberosScheme$KeberosAuthFailedException.class */
    public class KeberosAuthFailedException extends RuntimeException {
        private static final long serialVersionUID = -1602118086210446353L;

        public KeberosAuthFailedException(String str) {
            super(str, new RuntimeException(str));
        }
    }

    public KerberosScheme() throws LoginException {
        this.Kerberoschallenge = null;
        this.loginContext = null;
        this.state = 0;
    }

    public KerberosScheme(String str) throws MalformedChallengeException {
        this.Kerberoschallenge = null;
        this.loginContext = null;
        processChallenge(str);
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public void processChallenge(String str) throws MalformedChallengeException {
        if (!AuthChallengeParser.extractScheme(str).equalsIgnoreCase(getSchemeName())) {
            throw new MalformedChallengeException("Invalid Kerberos challenge: " + str);
        }
        int indexOf = str.indexOf(32);
        if (indexOf != -1) {
            this.Kerberoschallenge = str.substring(indexOf, str.length()).trim();
            this.state = 3;
            return;
        }
        this.Kerberoschallenge = "";
        if (this.state == 0) {
            this.state = 1;
        } else {
            this.state = Integer.MAX_VALUE;
        }
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public boolean isComplete() {
        return this.state == 4 || this.state == Integer.MAX_VALUE;
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public String getSchemeName() {
        return "Negotiate";
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public String getRealm() {
        return null;
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public String getID() {
        throw new UnsupportedOperationException();
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public String getParameter(String str) {
        if (str == null) {
            throw new IllegalArgumentException("Parameter name may not be null");
        }
        return null;
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public boolean isConnectionBased() {
        return true;
    }

    public static String authenticate(NTCredentials nTCredentials, String str) throws AuthenticationException {
        throw new UnsupportedOperationException();
    }

    public static String authenticate(NTCredentials nTCredentials, String str, String str2) throws AuthenticationException {
        throw new UnsupportedOperationException();
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public String authenticate(Credentials credentials, String str, String str2) throws AuthenticationException {
        throw new UnsupportedOperationException();
    }

    public GSSContext getGSSContext(URL url) throws GSSException, PrivilegedActionException {
        if (this.credential == null) {
            if (this.loginContext == null) {
                throw new IllegalStateException("GSSCredential AND LoginContext NOT initialized");
            }
            this.credential = KerberosProvider.getClientCredential(this.loginContext.getSubject());
        }
        return KerberosProvider.getGSSContext(this.credential, url);
    }

    @Override // org.apache.commons.httpclient.auth.AuthScheme
    public String authenticate(Credentials credentials, HttpMethod httpMethod) throws AuthenticationException {
        LOG.trace("enter KerberosScheme.authenticate(Credentials, HttpMethod)");
        if (this.state == 0) {
            throw new IllegalStateException("Kerberos authentication process has not been initiated");
        }
        try {
            KeberosNTCredentials keberosNTCredentials = (KeberosNTCredentials) credentials;
            byte[] bArr = null;
            if (this.state == 1) {
                LOCK.lock();
                try {
                    try {
                        try {
                            try {
                                this.loginContext = new LoginContext("com.sun.security.jgss.login", KerberosProvider.getUsernamePasswordHandler(keberosNTCredentials.getUserName(), keberosNTCredentials.getPassword()));
                                this.loginContext.login();
                                this.credential = null;
                                try {
                                    Thread.sleep(31L);
                                } catch (InterruptedException unused) {
                                }
                                GSSContext gSSContext = getGSSContext(new URL(keberosNTCredentials.getSharepointURL()));
                                gSSContext.requestMutualAuth(true);
                                gSSContext.requestConf(true);
                                gSSContext.requestInteg(true);
                                gSSContext.requestReplayDet(true);
                                gSSContext.requestSequenceDet(true);
                                gSSContext.requestCredDeleg(false);
                                bArr = gSSContext.initSecContext(EMPTY_BYTE, 0, 0);
                            } catch (GSSException e) {
                                e.printStackTrace();
                                LOCK.unlock();
                            }
                        } catch (PrivilegedActionException e2) {
                            e2.printStackTrace();
                            LOCK.unlock();
                        }
                    } catch (MalformedURLException e3) {
                        e3.printStackTrace();
                        LOCK.unlock();
                    } catch (LoginException e4) {
                        e4.printStackTrace();
                        LOCK.unlock();
                    }
                } finally {
                    LOCK.unlock();
                }
            } else if (this.state == Integer.MAX_VALUE) {
                throw new KeberosAuthFailedException("Failed to authenticate,please confirm your username,password and permission!");
            }
            String asciiString = EncodingUtil.getAsciiString(Base64.encodeBase64(bArr));
            LogUtil.getLogger().debug(new StringBuffer("The Negotiate BaseCode64 bytes was:").append(asciiString).toString());
            return "Negotiate " + asciiString;
        } catch (ClassCastException unused2) {
            throw new InvalidCredentialsException("Credentials cannot be used for Kerberos authentication: " + credentials.getClass().getName());
        }
    }
}
