package edu.internet2.middleware.grouper.ws.security;

import edu.internet2.middleware.grouper.cache.GrouperCache;
import edu.internet2.middleware.grouper.j2ee.Authentication;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouper.ws.GrouperWsConfig;
import edu.internet2.middleware.grouper.ws.util.GrouperServiceUtils;
import edu.internet2.middleware.morphString.Morph;
import java.io.File;
import java.util.LinkedHashMap;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:edu/internet2/middleware/grouper/ws/security/WsGrouperKerberosAuthentication.class */
public class WsGrouperKerberosAuthentication implements WsCustomAuthentication {
    private static final Log LOG = LogFactory.getLog(WsGrouperKerberosAuthentication.class);
    private static GrouperCache<String, String> loginCache = new GrouperCache<>(WsGrouperKerberosAuthentication.class.getName() + ".userCache", 10000, false, 60, 60, false);

    public static void main(String[] strArr) throws Exception {
        GrouperUtil.waitForInput();
        for (int i = 0; i < 2; i++) {
            for (int i2 = 0; i2 < 100; i2++) {
                if (!authenticateKerberos("penngroups/medley.isc-seo.upenn.edu", Morph.decryptIfFile("R:/home/appadmin/pass/pennGroups/pennGroupsMedley.pass"))) {
                    throw new RuntimeException("Problem!");
                }
                System.gc();
                System.out.println(i2 + ":" + i + ", " + ((Runtime.getRuntime().totalMemory() - Runtime.getRuntime().freeMemory()) / 1048576.0d) + " megs used");
                Thread.sleep(100L);
            }
            GrouperUtil.waitForInput();
        }
    }

    @Override // edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication
    public String retrieveLoggedInSubjectId(HttpServletRequest httpServletRequest) throws RuntimeException {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isBlank(header)) {
            LOG.error("No authorization header in HTTP");
            return null;
        }
        String encryptSha = GrouperUtil.encryptSha(header);
        String str = (String) loginCache.get(encryptSha);
        if (!StringUtils.isBlank(str)) {
            LOG.debug("Retrieved cached login");
            return str;
        }
        LOG.debug("Login not in cache");
        String retrieveUsername = Authentication.retrieveUsername(header);
        if (authenticateKerberos(retrieveUsername, Authentication.retrievePassword(header))) {
            loginCache.put(encryptSha, retrieveUsername);
            return retrieveUsername;
        }
        LOG.error("Error authenticating user: " + retrieveUsername);
        return null;
    }

    private static String timeMillis(long j) {
        return ((System.nanoTime() - j) / 1000000) + "ms";
    }

    public static boolean authenticateKerberos(String str, String str2) {
        File fileFromResourceName;
        LinkedHashMap linkedHashMap = LOG.isDebugEnabled() ? new LinkedHashMap() : null;
        long nanoTime = System.nanoTime();
        try {
            try {
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("method", "authenticateKerberos()");
                }
                File fileFromResourceName2 = GrouperServiceUtils.fileFromResourceName("jaas.conf");
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("jaasConfFound", Boolean.valueOf(fileFromResourceName2 != null));
                    linkedHashMap.put("jaasConfLocation", fileFromResourceName2 == null ? null : fileFromResourceName2.getAbsolutePath());
                }
                if (fileFromResourceName2 == null) {
                    throw new RuntimeException("Cant find jaas.conf!");
                }
                String propertyValueString = GrouperWsConfig.retrieveConfig().propertyValueString("kerberos.krb5.conf.location");
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("krb5Location", propertyValueString);
                }
                if (StringUtils.isBlank(propertyValueString)) {
                    fileFromResourceName = GrouperUtil.fileFromResourceName("krb5.conf");
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("krb5confFile", fileFromResourceName == null ? null : fileFromResourceName.getAbsolutePath());
                        linkedHashMap.put("krb5confFileFound", Boolean.valueOf(fileFromResourceName.exists() || fileFromResourceName.isFile()));
                    }
                } else {
                    fileFromResourceName = new File(propertyValueString);
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("krb5confFile", fileFromResourceName.getAbsolutePath());
                        linkedHashMap.put("krb5confFileFound", Boolean.valueOf(fileFromResourceName.exists() || fileFromResourceName.isFile()));
                    }
                    if (!fileFromResourceName.exists() || !fileFromResourceName.isFile()) {
                        throw new RuntimeException("krb5 conf file in " + propertyValueString + " does not exist or is not a file");
                    }
                }
                if (fileFromResourceName == null) {
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("krb5confFileNotFoundFound", true);
                        linkedHashMap.put("kerberos.realm", GrouperWsConfig.retrieveConfig().propertyValueString("kerberos.realm"));
                        linkedHashMap.put("kerberos.kdc.address", GrouperWsConfig.retrieveConfig().propertyValueString("kerberos.kdc.address"));
                    }
                    System.setProperty("java.security.krb5.realm", GrouperWsConfig.retrieveConfig().propertyValueStringRequired("kerberos.realm"));
                    System.setProperty("java.security.krb5.kdc", GrouperWsConfig.retrieveConfig().propertyValueStringRequired("kerberos.kdc.address"));
                } else {
                    System.setProperty("java.security.krb5.conf", fileFromResourceName.getAbsolutePath());
                }
                System.setProperty("java.security.auth.login.config", fileFromResourceName2.getAbsolutePath());
                if (GrouperWsConfig.retrieveConfig().propertyValueBoolean("kerberos.debug", false)) {
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("kerberos.debug", true);
                    }
                    System.setProperty("sun.security.krb5.debug", "true");
                }
                try {
                    LoginContext loginContext = new LoginContext("JaasSample", new GrouperWsKerberosHandler(str, str2));
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("loginContextCreated", "true " + timeMillis(nanoTime));
                    }
                    try {
                        loginContext.login();
                        if (LOG.isDebugEnabled()) {
                            linkedHashMap.put("loggedIn", "true " + timeMillis(nanoTime));
                        }
                        try {
                            loginContext.logout();
                            if (LOG.isDebugEnabled()) {
                                linkedHashMap.put("loggedOut", "true " + timeMillis(nanoTime));
                            }
                        } catch (Exception e) {
                            LOG.warn(e);
                        }
                        if (LOG.isDebugEnabled()) {
                            linkedHashMap.put("took", timeMillis(nanoTime));
                            LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                        }
                        return true;
                    } catch (LoginException e2) {
                        if (LOG.isDebugEnabled()) {
                            linkedHashMap.put("loginException", "true " + timeMillis(nanoTime));
                        }
                        LOG.warn(e2);
                        if (!LOG.isDebugEnabled()) {
                            return false;
                        }
                        linkedHashMap.put("took", timeMillis(nanoTime));
                        LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                        return false;
                    }
                } catch (SecurityException e3) {
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("errorCreatingLoginContext", "true " + timeMillis(nanoTime));
                    }
                    LOG.error("Cannot create LoginContext. ", e3);
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("took", timeMillis(nanoTime));
                        LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                    }
                    return false;
                } catch (LoginException e4) {
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("errorCreatingLoginContext", "true " + timeMillis(nanoTime));
                    }
                    LOG.error("Cannot create LoginContext. ", e4);
                    if (LOG.isDebugEnabled()) {
                        linkedHashMap.put("took", timeMillis(nanoTime));
                        LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                    }
                    return false;
                }
            } catch (RuntimeException e5) {
                if (LOG.isDebugEnabled()) {
                    linkedHashMap.put("took", timeMillis(nanoTime));
                }
                if (!LOG.isDebugEnabled()) {
                    return false;
                }
                linkedHashMap.put("took", timeMillis(nanoTime));
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
                return false;
            }
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                linkedHashMap.put("took", timeMillis(nanoTime));
                LOG.debug(GrouperUtil.mapToString(linkedHashMap));
            }
            throw th;
        }
    }
}
