package org.apache.dubbo.mw.sgp.security.kerb5;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.dubbo.common.URL;
import org.apache.dubbo.common.logger.Logger;
import org.apache.dubbo.common.logger.LoggerFactory;
import org.apache.dubbo.dap.sgp.common.CommonConstants;
import org.apache.dubbo.dap.sgp.common.CommonUtils;
import org.apache.dubbo.mw.sgp.protocol.restful.RESTfulConstants;
import org.apache.dubbo.mw.sgp.protocol.restful.RESTfulUtils;
import org.apache.dubbo.mw.sgp.security.MemJaasConfig;
import org.apache.dubbo.rpc.RpcException;
import org.ietf.jgss.GSSContext;

/* loaded from: input_file:org/apache/dubbo/mw/sgp/security/kerb5/Kerb5AuthHelper.class */
public class Kerb5AuthHelper {
    private static Kerb5AuthProviderInFilter providerInFilter;
    private static volatile List<Object> jaxRsListWithKerb5;
    private static ScheduledExecutorService clearCacheService;
    protected static long providerAuthValueCacheLifeTimeMs = 172800000;
    protected static long clearProviderCacheServiceRunPeriod = 7200000;
    protected static long defaultConsumerTGTLifeTimeMs = 86400000;
    protected static boolean isTest = false;
    private static final Logger LOGGER = LoggerFactory.getLogger(Kerb5AuthHelper.class);
    private static Map<String, Kerb5AuthConsumerOutInterceptor> consumerOutInterceptorMap = new HashMap();
    private static Object jaxRsListWithKerb5LockObj = new Object();
    private static Kerb5AuthConsumerInInterceptor kerb5AuthConsumerInInterceptor = new Kerb5AuthConsumerInInterceptor();

    public static Kerb5AuthConsumerInInterceptor getKerb5AuthConsumerInInterceptor() {
        return kerb5AuthConsumerInInterceptor;
    }

    public static Kerb5AuthConsumerOutInterceptor getKerb5AuthConsumerOutInterceptor(URL url) {
        String parameter = url.getParameter("jaasprincipal");
        if (parameter == null) {
            String str = "provider need auth. but consumer missing jaas config in <dubbo:reference>, [provider url:" + url + "]";
            LOGGER.error(str);
            throw new IllegalStateException(str);
        }
        Kerb5AuthConsumerOutInterceptor kerb5AuthConsumerOutInterceptor = consumerOutInterceptorMap.get(parameter);
        if (kerb5AuthConsumerOutInterceptor == null) {
            synchronized (consumerOutInterceptorMap) {
                kerb5AuthConsumerOutInterceptor = consumerOutInterceptorMap.get(parameter);
                if (kerb5AuthConsumerOutInterceptor == null) {
                    kerb5AuthConsumerOutInterceptor = initKerb5AuthConsumerOutInterceptor(url);
                    consumerOutInterceptorMap.put(parameter, kerb5AuthConsumerOutInterceptor);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("New Kerb5AuthConsumerOutInterceptor[" + kerb5AuthConsumerOutInterceptor.getClass().getName() + '@' + Integer.toHexString(kerb5AuthConsumerOutInterceptor.hashCode()) + "] for " + parameter);
                    }
                }
            }
        }
        return kerb5AuthConsumerOutInterceptor;
    }

    private static Kerb5AuthConsumerOutInterceptor initKerb5AuthConsumerOutInterceptor(URL url) {
        Kerb5AuthConsumerOutInterceptor kerb5AuthConsumerOutInterceptor = new Kerb5AuthConsumerOutInterceptor("setup");
        AuthorizationPolicy authorizationPolicy = new AuthorizationPolicy();
        authorizationPolicy.setAuthorizationType("Negotiate");
        authorizationPolicy.setAuthorization(RESTfulConstants.JAAS_KERB5_CONSUMER_ENTRYNAME);
        kerb5AuthConsumerOutInterceptor.setPolicy(authorizationPolicy);
        kerb5AuthConsumerOutInterceptor.setServicePrincipalName(RESTfulConstants.SERVICEPROVIDER_PRINCIPALNAME);
        kerb5AuthConsumerOutInterceptor.setLoginConfig(initConsumerJaasConfiguration(url, kerb5AuthConsumerOutInterceptor));
        return kerb5AuthConsumerOutInterceptor;
    }

    private static Configuration initConsumerJaasConfiguration(URL url, Kerb5AuthConsumerOutInterceptor kerb5AuthConsumerOutInterceptor) {
        String parameter = url.getParameter("jaasprincipal");
        String parameter2 = url.getParameter("jaaskeytab");
        String parameter3 = url.getParameter("jaaskrbconf");
        if (parameter2 == null || parameter3 == null) {
            String str = "missing keytab or krb5.conf config in <dubbo:jaas> which used by this consusmer, reference url:" + url;
            LOGGER.error(str);
            throw new IllegalStateException(str);
        }
        String absolutePath = RESTfulUtils.getAbsolutePath(parameter3);
        String absolutePath2 = RESTfulUtils.getAbsolutePath(parameter2);
        kerb5AuthConsumerOutInterceptor.setKrb5ConfPath(absolutePath);
        kerb5AuthConsumerOutInterceptor.setAuthUserName(parameter);
        return KrbConfCache.getConfiguration(absolutePath, absolutePath2, parameter, RESTfulConstants.SERVICEPROVIDER_PRINCIPALNAME, true);
    }

    public static List<Object> getKerb5AuthProviderObj(List<Object> list, URL url) {
        if (jaxRsListWithKerb5 == null) {
            synchronized (jaxRsListWithKerb5LockObj) {
                if (jaxRsListWithKerb5 == null) {
                    jaxRsListWithKerb5 = initKerb5AuthProviderObj(list, url);
                }
            }
        }
        return jaxRsListWithKerb5;
    }

    private static List<Object> initKerb5AuthProviderObj(List<Object> list, URL url) {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(list);
        providerInFilter = new Kerb5AuthProviderInFilter();
        providerInFilter.setLoginContextName(RESTfulConstants.JAAS_KERB5_PROVIDER_ENTRYNAME);
        providerInFilter.setLoginConfig(initProviderJaasConfiguration(url));
        arrayList.add(providerInFilter);
        arrayList.add(new Kerb5AuthProviderOutFilter());
        clearCacheService = Executors.newSingleThreadScheduledExecutor();
        clearCacheService.scheduleAtFixedRate(new Runnable() { // from class: org.apache.dubbo.mw.sgp.security.kerb5.Kerb5AuthHelper.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    Kerb5AuthHelper.providerInFilter.sweep(new Date(new Date().getTime() - Kerb5AuthHelper.providerAuthValueCacheLifeTimeMs));
                } catch (Throwable th) {
                    Kerb5AuthHelper.LOGGER.error("clean consumerAuthValueCache error in Kerb5AuthProviderInFilter", th);
                }
            }
        }, 0L, clearProviderCacheServiceRunPeriod, TimeUnit.MILLISECONDS);
        return arrayList;
    }

    private static Configuration initProviderJaasConfiguration(URL url) {
        MemJaasConfig memJaasConfig = new MemJaasConfig();
        Map<String, String> initKerb5BasisOptions = initKerb5BasisOptions(url);
        String containerProp = CommonUtils.getContainerProp(CommonConstants.DEFAULT_USER_KEYTAB, (String) null);
        String containerProp2 = CommonUtils.getContainerProp(CommonConstants.DEFAULT_USER_KRB5CONF, (String) null);
        initKerb5BasisOptions.put(RESTfulConstants.JAAS_KERB5_KEYTABPATH_KEY, RESTfulUtils.getAbsolutePath(containerProp));
        initKerb5BasisOptions.put(RESTfulConstants.JAAS_KERB5_CONFPATH_KEY, RESTfulUtils.getAbsolutePath(containerProp2));
        initKerb5BasisOptions.put(RESTfulConstants.JAAS_KERB5_PRINCIPAL_KEY, RESTfulConstants.SERVICEPROVIDER_PRINCIPALNAME);
        initKerb5BasisOptions.put(RESTfulConstants.JAAS_KERB5_CREDSTYPE_KEY, RESTfulConstants.JAAS_KERB5_CREDSVALUE_PROVIDER);
        memJaasConfig.putAppConfigurationEntry(RESTfulConstants.JAAS_KERB5_PROVIDER_ENTRYNAME, RESTfulConstants.JAAS_KERB5_LOGINMODULE, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, initKerb5BasisOptions);
        return memJaasConfig;
    }

    private static Map<String, String> initKerb5BasisOptions(URL url) {
        HashMap hashMap = new HashMap();
        if (!RESTfulConstants.IS_IBMJDK) {
            hashMap.put("useKeyTab", "true");
            hashMap.put("storeKey", "true");
        }
        hashMap.put("refreshKrb5Config", "true");
        hashMap.put("debug", url.getParameter("jaasdebug", "false"));
        return hashMap;
    }

    public static GSSContext tryToGetTestGSSContext(GSSContext gSSContext) {
        if (isTest) {
            try {
                gSSContext = (GSSContext) Class.forName(RESTfulConstants.testGSSContext).newInstance();
            } catch (Exception e) {
                throw new RpcException(e);
            }
        }
        return gSSContext;
    }

    public static long getEndTime(Subject subject) {
        if (subject == null) {
            throw new RpcException("subject is null, maybe auth fail.");
        }
        LOGGER.info("can't get endtime from subject. subject[" + subject.toString() + "]");
        return new Date().getTime() + defaultConsumerTGTLifeTimeMs;
    }

    public static void cleanAuthValueCacheInProvider() {
        if (providerInFilter != null) {
            providerInFilter.cleanAuthValueCache();
        }
        jaxRsListWithKerb5 = null;
    }

    public static void cleanAuthValueCacheInConsumer() {
        Iterator<Kerb5AuthConsumerOutInterceptor> it = consumerOutInterceptorMap.values().iterator();
        while (it.hasNext()) {
            it.next().cleanAuthValueCache();
        }
    }

    public static Map<String, Kerb5AuthConsumerOutInterceptor> getConsumerOutInterceptorMap() {
        return consumerOutInterceptorMap;
    }

    public static Kerb5AuthProviderInFilter getProviderInFilter() {
        return providerInFilter;
    }

    public static String getHash(String str) {
        String str2;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes());
            str2 = byte2hex(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            str2 = "Can't init MessageDigest";
            LOGGER.info("Can't init MessageDigest", e);
        }
        return str2;
    }

    public static String byte2hex(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length);
        for (byte b : bArr) {
            String hexString = Integer.toHexString(b & 255);
            sb = hexString.length() == 1 ? sb.append("0").append(hexString) : sb.append(hexString);
        }
        return sb.toString();
    }

    public static void destory() {
        if (clearCacheService != null) {
            try {
                clearCacheService.shutdownNow();
            } catch (Exception e) {
                LOGGER.warn(e);
            }
        }
    }

    public static String getConfKey(Configuration configuration) {
        if (null == configuration) {
            return null;
        }
        AppConfigurationEntry[] appConfigurationEntry = configuration.getAppConfigurationEntry((String) null);
        String str = null;
        String str2 = null;
        String str3 = null;
        if (0 < appConfigurationEntry.length) {
            AppConfigurationEntry appConfigurationEntry2 = appConfigurationEntry[0];
            if (appConfigurationEntry2.getOptions().get("defaultKDC") != null) {
                str = (String) appConfigurationEntry2.getOptions().get("defaultKDC");
            }
            if (appConfigurationEntry2.getOptions().get("defaultRealm") != null) {
                str2 = (String) appConfigurationEntry2.getOptions().get("defaultRealm");
            }
            if (appConfigurationEntry2.getOptions().get("krb5ConfFileName") != null) {
                str3 = (String) appConfigurationEntry2.getOptions().get("krb5ConfFileName");
            }
        }
        return ((String) StringUtils.defaultIfEmpty(str, "<NULL>")) + "|" + ((String) StringUtils.defaultIfEmpty(str2, "<NULL>")) + "|" + ((String) StringUtils.defaultIfEmpty(str3, "<NULL>"));
    }
}
