package org.codelibs.spnego;

import java.io.IOException;
import java.net.URL;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.servlet.http.HttpServletRequest;
import org.codelibs.spnego.SpnegoHttpFilter;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/codelibs/spnego/SpnegoProvider.class */
public final class SpnegoProvider {
    static final Logger LOGGER = Logger.getLogger(SpnegoHttpFilter.Constants.LOGGER_NAME);
    static final GSSManager MANAGER = GSSManager.getInstance();
    static final Oid SPNEGO_OID = getOid();

    private SpnegoProvider() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SpnegoAuthScheme negotiate(HttpServletRequest httpServletRequest, SpnegoHttpServletResponse spnegoHttpServletResponse, boolean z, boolean z2, String str) throws IOException {
        SpnegoAuthScheme authScheme = getAuthScheme(httpServletRequest.getHeader(SpnegoHttpFilter.Constants.AUTHZ_HEADER));
        if (null == authScheme || authScheme.getToken().length == 0) {
            LOGGER.finer("Header Token was NULL");
            spnegoHttpServletResponse.setHeader(SpnegoHttpFilter.Constants.AUTHN_HEADER, SpnegoHttpFilter.Constants.NEGOTIATE_HEADER);
            if (z) {
                spnegoHttpServletResponse.addHeader(SpnegoHttpFilter.Constants.AUTHN_HEADER, "Basic realm=\"" + str + '\"');
            } else {
                LOGGER.finer("Basic NOT offered: Not Enabled or SSL Required.");
            }
            spnegoHttpServletResponse.setStatus(401, true);
            return null;
        }
        if (!authScheme.isNtlmToken()) {
            return authScheme;
        }
        LOGGER.warning("Downgrade NTLM request to Basic Auth.");
        if (spnegoHttpServletResponse.isStatusSet()) {
            throw new IllegalStateException("HTTP Status already set.");
        }
        if (!z || !z2) {
            throw new UnsupportedOperationException("NTLM specified. Downgraded to Basic Auth (and/or SSL) but downgrade not supported.");
        }
        spnegoHttpServletResponse.setHeader(SpnegoHttpFilter.Constants.AUTHN_HEADER, "Basic realm=\"" + str + '\"');
        spnegoHttpServletResponse.setStatus(401, true);
        return null;
    }

    public static GSSCredential getClientCredential(Subject subject) throws PrivilegedActionException {
        return (GSSCredential) Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() { // from class: org.codelibs.spnego.SpnegoProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public GSSCredential run() throws GSSException {
                return SpnegoProvider.MANAGER.createCredential((GSSName) null, 0, SpnegoProvider.SPNEGO_OID, 1);
            }
        });
    }

    public static GSSContext getGSSContext(GSSCredential gSSCredential, URL url) throws GSSException {
        return MANAGER.createContext(getServerName(url), SPNEGO_OID, gSSCredential, 0);
    }

    public static SpnegoAuthScheme getAuthScheme(String str) {
        if (null == str || str.isEmpty()) {
            LOGGER.finer("authorization header was missing/null");
            return null;
        }
        if (str.startsWith(SpnegoHttpFilter.Constants.NEGOTIATE_HEADER)) {
            return new SpnegoAuthScheme(SpnegoHttpFilter.Constants.NEGOTIATE_HEADER, str.substring(SpnegoHttpFilter.Constants.NEGOTIATE_HEADER.length() + 1));
        }
        if (str.startsWith(SpnegoHttpFilter.Constants.BASIC_HEADER)) {
            return new SpnegoAuthScheme(SpnegoHttpFilter.Constants.BASIC_HEADER, str.substring(SpnegoHttpFilter.Constants.BASIC_HEADER.length() + 1));
        }
        throw new UnsupportedOperationException("Negotiate or Basic Only:" + str);
    }

    private static Oid getOid() {
        Oid oid = null;
        try {
            oid = new Oid("1.3.6.1.5.5.2");
        } catch (GSSException e) {
            LOGGER.log(Level.SEVERE, "Unable to create OID 1.3.6.1.5.5.2 !", e);
        }
        return oid;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GSSCredential getServerCredential(Subject subject) throws PrivilegedActionException {
        return (GSSCredential) Subject.doAs(subject, new PrivilegedExceptionAction<GSSCredential>() { // from class: org.codelibs.spnego.SpnegoProvider.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public GSSCredential run() throws GSSException {
                return SpnegoProvider.MANAGER.createCredential((GSSName) null, Integer.MAX_VALUE, SpnegoProvider.SPNEGO_OID, 2);
            }
        });
    }

    static GSSName getServerName(URL url) throws GSSException {
        return MANAGER.createName("HTTP@" + url.getHost(), GSSName.NT_HOSTBASED_SERVICE, SPNEGO_OID);
    }

    public static CallbackHandler getUsernamePasswordHandler(final String str, final String str2) {
        LOGGER.fine("username=" + str + "; password=" + str2.hashCode());
        return new CallbackHandler() { // from class: org.codelibs.spnego.SpnegoProvider.3
            @Override // javax.security.auth.callback.CallbackHandler
            public void handle(Callback[] callbackArr) {
                for (int i = 0; i < callbackArr.length; i++) {
                    if (callbackArr[i] instanceof NameCallback) {
                        ((NameCallback) callbackArr[i]).setName(str);
                    } else if (callbackArr[i] instanceof PasswordCallback) {
                        ((PasswordCallback) callbackArr[i]).setPassword(str2.toCharArray());
                    } else {
                        SpnegoProvider.LOGGER.warning("Unsupported Callback i=" + i + "; class=" + callbackArr[i].getClass().getName());
                    }
                }
            }
        };
    }
}
