package net.sf.michaelo.tomcat.realm;

import com.sun.security.jgss.AuthorizationDataEntry;
import com.sun.security.jgss.ExtendedGSSContext;
import com.sun.security.jgss.InquireType;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.Principal;
import java.time.Instant;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.Base64;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:net/sf/michaelo/tomcat/realm/Krb5AuthzDataDumpingActiveDirectoryRealm.class */
public class Krb5AuthzDataDumpingActiveDirectoryRealm extends ActiveDirectoryRealm {
    private static final DateTimeFormatter TS_FORMAT = DateTimeFormatter.ofPattern("yyyyMMdd'T'HHmmss.SSS").withZone(ZoneId.systemDefault());

    protected Principal getPrincipal(GSSName gSSName, GSSCredential gSSCredential, GSSContext gSSContext) {
        if (gSSContext instanceof ExtendedGSSContext) {
            AuthorizationDataEntry[] authorizationDataEntryArr = null;
            try {
                authorizationDataEntryArr = (AuthorizationDataEntry[]) ((ExtendedGSSContext) gSSContext).inquireSecContext(InquireType.KRB5_GET_AUTHZ_DATA);
            } catch (GSSException e) {
                this.logger.warn(this.sm.getString("krb5AuthzDataRealmBase.inquireSecurityContextFailed"), e);
            }
            if (authorizationDataEntryArr == null) {
                if (!this.logger.isDebugEnabled()) {
                    return null;
                }
                this.logger.debug(this.sm.getString("krb5AuthzDataRealmBase.noDataProvided", new Object[]{gSSName}));
                return null;
            }
            try {
                PrintWriter printWriter = new PrintWriter(Files.newBufferedWriter(createDumpFile(getServer().getCatalinaBase().toPath().resolve("work").resolve("KRB5_AUTHZ_DATA").resolve(gSSName.toString()), Instant.now()), new OpenOption[0]));
                try {
                    for (AuthorizationDataEntry authorizationDataEntry : authorizationDataEntryArr) {
                        printWriter.printf("%d %s%n", Integer.valueOf(authorizationDataEntry.getType()), Base64.getEncoder().encodeToString(authorizationDataEntry.getData()));
                    }
                    printWriter.close();
                } finally {
                }
            } catch (IOException e2) {
                this.logger.warn(this.sm.getString("krb5AuthzDataDumpingActiveDirectoryRealm.dumpingKrb5AuthzDataFailed", new Object[]{gSSName}), e2);
            }
        } else {
            this.logger.error(this.sm.getString("krb5AuthzDataRealmBase.incompatibleSecurityContextType"));
        }
        return getPrincipal(gSSName, gSSCredential);
    }

    private Path createDumpFile(Path path, Instant instant) throws IOException {
        Files.createDirectories(path, new FileAttribute[0]);
        String format = TS_FORMAT.format(instant);
        Path resolve = path.resolve(format);
        int i = 2;
        while (Files.exists(resolve, new LinkOption[0])) {
            int i2 = i;
            i++;
            resolve = path.resolve(format + "#" + i2);
        }
        if (FileSystems.getDefault().supportedFileAttributeViews().contains("posix")) {
            Files.createFile(resolve, PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rw-------")));
        }
        return resolve;
    }
}
