package org.apache.ranger.authentication.unix.jaas;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Map;
import java.util.Properties;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

/* loaded from: input_file:org/apache/ranger/authentication/unix/jaas/RemoteUnixLoginModule.class */
public class RemoteUnixLoginModule implements LoginModule {
    private static final String DEBUG_PARAM = "ranger.unixauth.debug";
    private static final String REMOTE_LOGIN_HOST_PARAM = "ranger.unixauth.service.hostname";
    private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "ranger.unixauth.service.port";
    private static final String SSL_KEYSTORE_PATH_PARAM = "ranger.unixauth.keystore";
    private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "ranger.unixauth.keystore.password";
    private static final String SSL_TRUSTSTORE_PATH_PARAM = "ranger.unixauth.truststore";
    private static final String SSL_TRUSTSTORE_PATH_PASSWORD_PARAM = "ranger.unixauth.truststore.password";
    private static final String SSL_ENABLED_PARAM = "ranger.unixauth.ssl.enabled";
    private static final String SERVER_CERT_VALIDATION_PARAM = "ranger.unixauth.server.cert.validation";
    private static final String JAAS_ENABLED_PARAM = "ranger.unixauth.remote.login.enabled";
    private static final String SSL_ALGORITHM = "TLS";
    private String userName;
    private char[] password;
    private Subject subject;
    private CallbackHandler callbackHandler;
    private String remoteHostName;
    private int remoteHostAuthServicePort;
    private String keyStorePath;
    private String keyStorePathPassword;
    private String trustStorePath;
    private String trustStorePathPassword;
    private boolean debug = true;
    private boolean loginSuccessful = false;
    private String loginGroups = null;
    private boolean SSLEnabled = false;
    private boolean serverCertValidation = true;
    private boolean remoteLoginEnabled = true;

    public RemoteUnixLoginModule() {
        log("Created RemoteUnixLoginModule");
    }

    public boolean abort() throws LoginException {
        log("RemoteUnixLoginModule::abort() has been called.");
        this.loginSuccessful = false;
        return true;
    }

    public boolean commit() throws LoginException {
        log("RemoteUnixLoginModule::commit() has been called. -> isLoginSuccess [" + this.loginSuccessful + "]");
        if (this.loginSuccessful) {
            if (this.subject != null) {
                this.subject.getPrincipals().add(new UnixUserPrincipal(this.userName.trim()));
                if (this.loginGroups != null) {
                    this.loginGroups = this.loginGroups.trim();
                    for (String str : this.loginGroups.split(",")) {
                        this.subject.getPrincipals().add(new UnixGroupPrincipal(str.trim()));
                    }
                }
            }
        } else if (this.subject != null) {
            this.subject.getPrincipals().clear();
        }
        return this.loginSuccessful;
    }

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        log("RemoteUnixLoginModule::initialize() has been called with callbackhandler: " + this.callbackHandler);
        if (this.callbackHandler == null) {
            this.callbackHandler = new ConsolePromptCallbackHandler();
        }
        Properties properties = new Properties();
        properties.putAll(map2);
        initParams(properties);
    }

    public void initParams(Properties properties) {
        String str = (String) properties.get(JAAS_ENABLED_PARAM);
        if (str != null) {
            this.remoteLoginEnabled = str.trim().equalsIgnoreCase("true");
            if (!this.remoteLoginEnabled) {
                log("Skipping RemoteLogin - [ranger.unixauth.remote.login.enabled] => [" + str + "]");
                return;
            }
        } else {
            this.remoteLoginEnabled = true;
        }
        String str2 = (String) properties.get(DEBUG_PARAM);
        if (str2 == null || str2.equalsIgnoreCase("false")) {
            this.debug = false;
        } else {
            this.debug = true;
        }
        this.remoteHostName = (String) properties.get(REMOTE_LOGIN_HOST_PARAM);
        log("RemoteHostName:" + this.remoteHostName);
        String str3 = (String) properties.get(REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM);
        if (str3 != null) {
            this.remoteHostAuthServicePort = Integer.parseInt(str3.trim());
        }
        log("remoteHostAuthServicePort:" + this.remoteHostAuthServicePort);
        String str4 = (String) properties.get(SSL_ENABLED_PARAM);
        this.SSLEnabled = str4 != null && str4.trim().equalsIgnoreCase("true");
        log("SSLEnabled:" + this.SSLEnabled);
        if (this.SSLEnabled) {
            this.trustStorePath = (String) properties.get(SSL_TRUSTSTORE_PATH_PARAM);
            log("trustStorePath:" + this.trustStorePath);
            if (this.trustStorePath != null) {
                this.trustStorePathPassword = (String) properties.get(SSL_TRUSTSTORE_PATH_PASSWORD_PARAM);
                if (this.trustStorePathPassword == null) {
                    this.trustStorePathPassword = "";
                }
                log("trustStorePathPassword:*****");
            }
            this.keyStorePath = (String) properties.get(SSL_KEYSTORE_PATH_PARAM);
            log("keyStorePath:" + this.keyStorePath);
            if (this.keyStorePath != null) {
                this.keyStorePathPassword = (String) properties.get(SSL_KEYSTORE_PATH_PASSWORD_PARAM);
                if (this.keyStorePathPassword == null) {
                    this.keyStorePathPassword = "";
                }
                log("keyStorePathPassword:*****");
            }
            String str5 = (String) properties.get(SERVER_CERT_VALIDATION_PARAM);
            this.serverCertValidation = str5 == null || !"false".equalsIgnoreCase(str5.trim());
            log("Server Cert Validation : " + this.serverCertValidation);
        }
    }

    public boolean login() throws LoginException {
        int indexOf;
        if (this.remoteLoginEnabled && this.callbackHandler != null) {
            Callback nameCallback = new NameCallback("UserName:");
            PasswordCallback passwordCallback = new PasswordCallback("Password:", false);
            try {
                this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
                this.userName = nameCallback.getName();
                String str = this.userName;
                if (this.userName != null && (indexOf = this.userName.indexOf("@")) > -1) {
                    str = this.userName.substring(0, indexOf);
                }
                this.password = passwordCallback.getPassword();
                log("userName:" + this.userName);
                log("modified UserName:" + str);
                char[] copyOf = this.password != null ? Arrays.copyOf(this.password, this.password.length) : new char[0];
                doLogin(str, copyOf);
                Arrays.fill(this.password, ' ');
                Arrays.fill(copyOf, ' ');
                this.loginSuccessful = true;
            } catch (IOException e) {
                throw new LoginException("Unable to get username/password due to exception: " + e);
            } catch (UnsupportedCallbackException e2) {
                throw new LoginException("Unable to get username/password due to exception: " + e2);
            }
        }
        return this.loginSuccessful;
    }

    public boolean logout() throws LoginException {
        if (this.subject == null) {
            return true;
        }
        this.subject.getPrincipals().clear();
        return true;
    }

    public void doLogin(String str, char[] cArr) throws LoginException {
        String loginReplyFromAuthService = getLoginReplyFromAuthService(str, cArr);
        if (loginReplyFromAuthService == null) {
            throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " + this.remoteHostName + ":" + this.remoteHostAuthServicePort);
        }
        if (!loginReplyFromAuthService.startsWith("OK:")) {
            if (!loginReplyFromAuthService.startsWith("FAILED:")) {
                throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " + this.remoteHostName + ":" + this.remoteHostAuthServicePort + ", msg:" + loginReplyFromAuthService);
            }
            this.loginSuccessful = false;
            throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " + this.remoteHostName + ":" + this.remoteHostAuthServicePort);
        }
        this.loginSuccessful = true;
        if (loginReplyFromAuthService.length() > 3) {
            this.loginGroups = loginReplyFromAuthService.substring(3);
        }
    }

    private String getLoginReplyFromAuthService(String str, char[] cArr) throws LoginException {
        Socket socket;
        InputStream fileInputStream;
        Socket socket2 = null;
        char[] charArray = new String("LOGIN:" + str + " ").toCharArray();
        char[] charArray2 = new String("\n").toCharArray();
        char[] cArr2 = new char[charArray.length + cArr.length + charArray2.length];
        System.arraycopy(charArray, 0, cArr2, 0, charArray.length);
        System.arraycopy(cArr, 0, cArr2, charArray.length, cArr.length);
        System.arraycopy(charArray2, 0, cArr2, charArray.length + cArr.length, charArray2.length);
        try {
            try {
                try {
                    if (this.SSLEnabled) {
                        SSLContext sSLContext = SSLContext.getInstance(SSL_ALGORITHM);
                        KeyManager[] keyManagerArr = null;
                        if (this.keyStorePath != null) {
                            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                            fileInputStream = getFileInputStream(this.keyStorePath);
                            try {
                                keyStore.load(fileInputStream, this.keyStorePathPassword.toCharArray());
                                if (fileInputStream != null) {
                                    fileInputStream.close();
                                }
                                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                                keyManagerFactory.init(keyStore, this.keyStorePathPassword.toCharArray());
                                keyManagerArr = keyManagerFactory.getKeyManagers();
                            } finally {
                            }
                        }
                        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                        TrustManager[] trustManagerArr = null;
                        if (!this.serverCertValidation) {
                            trustManagerArr = new TrustManager[]{new X509TrustManager() { // from class: org.apache.ranger.authentication.unix.jaas.RemoteUnixLoginModule.1
                                @Override // javax.net.ssl.X509TrustManager
                                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                                }

                                @Override // javax.net.ssl.X509TrustManager
                                public X509Certificate[] getAcceptedIssuers() {
                                    return new X509Certificate[0];
                                }

                                @Override // javax.net.ssl.X509TrustManager
                                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str2) throws CertificateException {
                                }
                            }};
                        } else if (this.trustStorePath != null) {
                            KeyStore keyStore2 = KeyStore.getInstance(KeyStore.getDefaultType());
                            fileInputStream = getFileInputStream(this.trustStorePath);
                            try {
                                keyStore2.load(fileInputStream, this.trustStorePathPassword.toCharArray());
                                trustManagerFactory.init(keyStore2);
                                trustManagerArr = trustManagerFactory.getTrustManagers();
                                if (fileInputStream != null) {
                                    fileInputStream.close();
                                }
                            } finally {
                            }
                        }
                        sSLContext.init(keyManagerArr, trustManagerArr, SecureRandom.getInstance("SHA1PRNG"));
                        socket = sSLContext.getSocketFactory().createSocket(this.remoteHostName, this.remoteHostAuthServicePort);
                    } else {
                        socket = new Socket(this.remoteHostName, this.remoteHostAuthServicePort);
                    }
                    OutputStreamWriter outputStreamWriter = new OutputStreamWriter(socket.getOutputStream());
                    outputStreamWriter.write(cArr2);
                    outputStreamWriter.flush();
                    BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
                    String readLine = bufferedReader.readLine();
                    bufferedReader.close();
                    outputStreamWriter.close();
                    if (socket != null) {
                        socket.close();
                    }
                    log("Login of user String: {" + str + "}, return from AuthServer: {" + readLine + "}");
                    Arrays.fill(cArr2, ' ');
                    Arrays.fill(cArr, ' ');
                    return readLine;
                } catch (Throwable th) {
                    throw new LoginException("FAILED: unable to authenticate to AuthenticationService: " + this.remoteHostName + ":" + this.remoteHostAuthServicePort + ", Exception: [" + th + "]");
                }
            } catch (Throwable th2) {
                if (0 != 0) {
                    socket2.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            log("Login of user String: {" + str + "}, return from AuthServer: {" + ((String) null) + "}");
            Arrays.fill(cArr2, ' ');
            Arrays.fill(cArr, ' ');
            throw th3;
        }
    }

    private InputStream getFileInputStream(String str) throws FileNotFoundException {
        InputStream resourceAsStream;
        File file = new File(str);
        if (file.exists()) {
            resourceAsStream = new FileInputStream(file);
        } else {
            resourceAsStream = getClass().getResourceAsStream(str);
            if (resourceAsStream == null && !str.startsWith("/")) {
                resourceAsStream = getClass().getResourceAsStream("/" + str);
            }
            if (resourceAsStream == null) {
                resourceAsStream = ClassLoader.getSystemClassLoader().getResourceAsStream(str);
                if (resourceAsStream == null && !str.startsWith("/")) {
                    resourceAsStream = ClassLoader.getSystemResourceAsStream("/" + str);
                }
            }
        }
        return resourceAsStream;
    }

    private void log(String str) {
        if (this.debug) {
            System.err.println("RemoteUnixLoginModule: " + str);
        }
    }
}
