package oracle.kv.impl.security.util;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.UndeclaredThrowableException;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import oracle.kv.AuthenticationFailureException;
import oracle.kv.AuthenticationRequiredException;
import oracle.kv.FaultException;
import oracle.kv.KVSecurityConstants;
import oracle.kv.KVStore;
import oracle.kv.KVStoreException;
import oracle.kv.KerberosCredentials;
import oracle.kv.LoginCredentials;
import oracle.kv.PasswordCredentials;
import oracle.kv.ReauthenticateHandler;
import oracle.kv.impl.security.PasswordManager;
import oracle.kv.impl.security.PasswordStore;
import oracle.kv.impl.security.login.AdminLoginManager;
import oracle.kv.impl.security.login.KerberosClientCreds;
import oracle.kv.impl.security.login.RepNodeLoginManager;
import oracle.kv.impl.security.ssl.SSLConfig;
import oracle.kv.impl.util.TopologyLocator;
import oracle.kv.impl.util.registry.ClientSocketFactory;
import oracle.kv.impl.util.registry.RegistryUtils;
import oracle.kv.util.shell.ShellInputReader;

/* loaded from: input_file:oracle/kv/impl/security/util/KVStoreLogin.class */
public class KVStoreLogin {
    public static final String PWD_MANAGER = "oracle.kv.auth.pwdfile.manager";
    private static final String WALLET_MANAGER_CLASS = "oracle.kv.impl.security.wallet.WalletManager";
    private static final String DEFAULT_FILESTORE_MANAGER_CLASS = "oracle.kv.impl.security.filestore.FileStoreManager";
    private static final String KERBEROS_LOGIN_HELPER_CLASS = "oracle.kv.impl.security.kerberos.KerberosLoginHelper";
    private String userName;
    private String securityFilePath;
    private Properties securityProps;
    private ShellInputReader reader;
    private static final Set<String> fileProperties = new HashSet();

    /* loaded from: input_file:oracle/kv/impl/security/util/KVStoreLogin$CredentialsProvider.class */
    public interface CredentialsProvider {
        LoginCredentials getCredentials();
    }

    /* loaded from: input_file:oracle/kv/impl/security/util/KVStoreLogin$PasswordCallbackHandler.class */
    public static class PasswordCallbackHandler implements CallbackHandler {
        private final String name;
        private final ShellInputReader inputReader;

        public PasswordCallbackHandler(String str, ShellInputReader shellInputReader) {
            this.name = str;
            this.inputReader = shellInputReader;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (!(callbackArr[i] instanceof PasswordCallback)) {
                    throw new UnsupportedCallbackException(callbackArr[i], "Unrecognized Callback");
                }
                PasswordCallback passwordCallback = (PasswordCallback) callbackArr[i];
                char[] readPassword = this.inputReader.readPassword(this.name + "'s kerberos password:");
                passwordCallback.setPassword(readPassword);
                SecurityUtils.clearPassword(readPassword);
            }
        }
    }

    /* loaded from: input_file:oracle/kv/impl/security/util/KVStoreLogin$StoreLoginCredentialsProvider.class */
    public static class StoreLoginCredentialsProvider implements CredentialsProvider {
        private final Properties props;

        public StoreLoginCredentialsProvider(Properties properties) {
            this.props = properties;
        }

        @Override // oracle.kv.impl.security.util.KVStoreLogin.CredentialsProvider
        public LoginCredentials getCredentials() {
            return KVStoreLogin.makeLoginCredentials(this.props);
        }
    }

    public KVStoreLogin() {
        this(null, null);
    }

    public KVStoreLogin(String str, String str2) {
        this.securityProps = null;
        this.reader = null;
        this.userName = str;
        this.securityFilePath = str2;
    }

    public String getUserName() {
        return this.userName;
    }

    public void updateLoginInfo(String str, String str2) {
        this.userName = str;
        this.securityFilePath = str2;
        loadSecurityProperties();
    }

    public Properties getSecurityProperties() {
        return this.securityProps;
    }

    public void loadSecurityProperties() {
        if (this.securityFilePath == null) {
            this.securityFilePath = System.getProperty(KVSecurityConstants.SECURITY_FILE_PROPERTY);
        }
        this.securityProps = createSecurityProperties(this.securityFilePath);
        if (this.securityProps != null && this.userName == null) {
            this.userName = this.securityProps.getProperty(KVSecurityConstants.AUTH_USERNAME_PROPERTY);
        }
        if (this.securityFilePath != null && !foundSSLTransport()) {
            throw new IllegalArgumentException("A security file was specified, but the file does not provide the required SSL transport setting, which will cause user logins to fail");
        }
    }

    private boolean loadNoPasswordPromptProperty() {
        if (this.securityProps == null) {
            return false;
        }
        return checkBooleanField(this.securityProps.getProperty(KVSecurityConstants.CMD_PASSWORD_NOPROMPT_PROPERTY), false);
    }

    private ShellInputReader getReader() {
        if (this.reader == null) {
            this.reader = new ShellInputReader(System.in, System.out);
        }
        return this.reader;
    }

    protected void setReader(ShellInputReader shellInputReader) {
        this.reader = shellInputReader;
    }

    public LoginCredentials makeShellLoginCredentials() throws IOException {
        boolean loadNoPasswordPromptProperty = loadNoPasswordPromptProperty();
        if (this.userName == null) {
            if (loadNoPasswordPromptProperty) {
                throw new IllegalArgumentException("Must specify user name when password prompting is disabled");
            }
            this.userName = getReader().readLine("Login as:");
        }
        if (isKerberosMech()) {
            PasswordCallbackHandler passwordCallbackHandler = null;
            if (!loadNoPasswordPromptProperty) {
                passwordCallbackHandler = new PasswordCallbackHandler(this.userName, getReader());
            }
            return buildKerberosCreds(this.userName, this.securityProps, passwordCallbackHandler);
        }
        char[] retrievePassword = retrievePassword(this.userName, this.securityProps);
        if (retrievePassword == null) {
            if (loadNoPasswordPromptProperty) {
                throw new IllegalArgumentException("Failed to retrieve password " + this.userName + " from password store, but password must be present when password prompting is disabled");
            }
            retrievePassword = getReader().readPassword(this.userName + "'s password:");
        }
        return new PasswordCredentials(this.userName, retrievePassword);
    }

    public LoginCredentials getLoginCredentials() {
        return makeLoginCredentials(this.securityProps);
    }

    public String getSecurityFilePath() {
        return this.securityFilePath;
    }

    public boolean foundSSLTransport() {
        String property = this.securityProps == null ? null : this.securityProps.getProperty(KVSecurityConstants.TRANSPORT_PROPERTY);
        return property != null && property.equals(KVSecurityConstants.SSL_TRANSPORT_NAME);
    }

    public boolean hasTransportSettings() {
        return (this.securityProps == null || this.securityProps.getProperty(KVSecurityConstants.TRANSPORT_PROPERTY) == null) ? false : true;
    }

    private boolean isKerberosMech() {
        return isKerberosMech(this.securityProps);
    }

    public static boolean isKerberosMech(Properties properties) {
        String property;
        if (properties == null || (property = properties.getProperty(KVSecurityConstants.AUTH_EXT_MECH_PROPERTY)) == null) {
            return false;
        }
        if (property.equalsIgnoreCase(KVSecurityConstants.KRB_MECH_NAME)) {
            return true;
        }
        throw new IllegalArgumentException("Unsupported external authentication mechanism in the configuration.");
    }

    public void prepareRegistryCSF() {
        if (hasTransportSettings()) {
            ClientSocketFactory.setRMIPolicy(getSecurityProperties());
        }
        RegistryUtils.initRegistryCSF();
    }

    public void prepareRegistryCSF(int i, int i2) {
        if (hasTransportSettings()) {
            ClientSocketFactory.setRMIPolicy(getSecurityProperties());
        }
        RegistryUtils.initRegistryCSF(i, i2);
    }

    public static LoginCredentials makeLoginCredentials(Properties properties) {
        String property;
        if (properties == null || (property = properties.getProperty(KVSecurityConstants.AUTH_USERNAME_PROPERTY)) == null) {
            return null;
        }
        if (isKerberosMech(properties)) {
            return buildKerberosCreds(property, properties, null);
        }
        char[] retrievePassword = retrievePassword(property, properties);
        if (retrievePassword == null) {
            return null;
        }
        return new PasswordCredentials(property, retrievePassword);
    }

    public static Properties createSecurityProperties(String str) {
        if (str == null) {
            return null;
        }
        File file = new File(str);
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(file);
                Properties properties = new Properties();
                properties.load(fileInputStream);
                resolveRelativePaths(properties, file);
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return properties;
            } catch (Exception e2) {
                throw new IllegalStateException(e2.getMessage());
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    throw th;
                }
            }
            throw th;
        }
    }

    private static void resolveRelativePaths(Properties properties, File file) {
        File parentFile = file.getAbsoluteFile().getParentFile();
        for (String str : properties.stringPropertyNames()) {
            if (fileProperties.contains(str)) {
                String property = properties.getProperty(str);
                if (!new File(property).isAbsolute()) {
                    properties.setProperty(str, new File(parentFile, property).getPath());
                }
            }
        }
    }

    private static char[] retrievePassword(String str, Properties properties) {
        if (str == null || properties == null) {
            return null;
        }
        PasswordStore passwordStore = null;
        try {
            try {
                String property = properties.getProperty(KVSecurityConstants.AUTH_WALLET_PROPERTY);
                if (property == null || property.isEmpty()) {
                    String property2 = properties.getProperty(PWD_MANAGER);
                    if (property2 == null || property2.isEmpty()) {
                        property2 = "oracle.kv.impl.security.filestore.FileStoreManager";
                    }
                    String property3 = properties.getProperty(KVSecurityConstants.AUTH_PWDFILE_PROPERTY);
                    if (property3 == null || property3.isEmpty()) {
                        if (0 != 0) {
                            passwordStore.discard();
                        }
                        return null;
                    }
                    passwordStore = PasswordManager.load(property2).getStoreHandle(new File(property3));
                } else {
                    passwordStore = PasswordManager.load("oracle.kv.impl.security.wallet.WalletManager").getStoreHandle(new File(property));
                }
                passwordStore.open(null);
                char[] secret = passwordStore.getSecret(str);
                if (passwordStore != null) {
                    passwordStore.discard();
                }
                return secret;
            } catch (Exception e) {
                throw new IllegalStateException(e);
            }
        } catch (Throwable th) {
            if (passwordStore != null) {
                passwordStore.discard();
            }
            throw th;
        }
    }

    public static KerberosClientCreds buildKerberosCreds(String str, Properties properties, PasswordCallbackHandler passwordCallbackHandler) throws AuthenticationFailureException {
        try {
            try {
                try {
                    return (KerberosClientCreds) Class.forName(KERBEROS_LOGIN_HELPER_CLASS).getMethod("buildKerberosCreds", String.class, Properties.class, PasswordCallbackHandler.class).invoke(null, str, properties, passwordCallbackHandler);
                } catch (InvocationTargetException e) {
                    throw e.getCause();
                }
            } catch (Error e2) {
                throw e2;
            } catch (NoSuchMethodException e3) {
                throw new IllegalStateException("Kerberos login helper implementation does not have method buildKerberosCreds");
            } catch (AuthenticationFailureException e4) {
                throw e4;
            } catch (Exception e5) {
                throw new IllegalStateException("Unexpected exception while building Kerberos credentials", e5);
            } catch (Throwable th) {
                throw new UndeclaredThrowableException(th);
            }
        } catch (ClassNotFoundException e6) {
            throw new IllegalStateException("Kerberos authentication was configured, but it is only supported in EE version");
        }
    }

    public static KerberosClientCreds getKrbClientCredentials(KerberosCredentials kerberosCredentials) {
        return buildKerberosCreds(kerberosCredentials.getUsername(), kerberosCredentials.getKrbProperties(), null);
    }

    public static ReauthenticateHandler makeReauthenticateHandler(final CredentialsProvider credentialsProvider) {
        if (credentialsProvider == null) {
            return null;
        }
        return new ReauthenticateHandler() { // from class: oracle.kv.impl.security.util.KVStoreLogin.1
            @Override // oracle.kv.ReauthenticateHandler
            public void reauthenticate(KVStore kVStore) throws FaultException, AuthenticationFailureException, AuthenticationRequiredException {
                kVStore.login(CredentialsProvider.this.getCredentials());
            }
        };
    }

    public static boolean checkBooleanField(String str, boolean z) {
        if (str == null) {
            return z;
        }
        if (Pattern.compile("true|false", 2).matcher(str).matches()) {
            return Boolean.parseBoolean(str);
        }
        throw new IllegalArgumentException("Invalid input for boolean field: " + str);
    }

    public static AdminLoginManager getAdminLoginMgr(String str, int i, LoginCredentials loginCredentials) throws AuthenticationFailureException {
        return getAdminLoginMgr(new String[]{str + TopologyLocator.HOST_PORT_SEPARATOR + i}, loginCredentials);
    }

    public static AdminLoginManager getAdminLoginMgr(String[] strArr, LoginCredentials loginCredentials) throws AuthenticationFailureException {
        if (loginCredentials == null) {
            return null;
        }
        AdminLoginManager adminLoginManager = new AdminLoginManager(loginCredentials.getUsername(), true);
        if (adminLoginManager.bootstrap(strArr, loginCredentials)) {
            return adminLoginManager;
        }
        return null;
    }

    public static RepNodeLoginManager getRepNodeLoginMgr(String str, int i, LoginCredentials loginCredentials, String str2) throws AuthenticationFailureException {
        return getRepNodeLoginMgr(new String[]{str + TopologyLocator.HOST_PORT_SEPARATOR + i}, loginCredentials, str2);
    }

    public static RepNodeLoginManager getRepNodeLoginMgr(String[] strArr, LoginCredentials loginCredentials, String str) throws AuthenticationFailureException {
        if (loginCredentials == null) {
            return null;
        }
        try {
            RepNodeLoginManager repNodeLoginManager = new RepNodeLoginManager(loginCredentials.getUsername(), true);
            repNodeLoginManager.bootstrap(strArr, loginCredentials, str);
            return repNodeLoginManager;
        } catch (KVStoreException e) {
            return null;
        }
    }

    static {
        fileProperties.add(KVSecurityConstants.SECURITY_FILE_PROPERTY);
        fileProperties.add(KVSecurityConstants.AUTH_WALLET_PROPERTY);
        fileProperties.add(KVSecurityConstants.AUTH_PWDFILE_PROPERTY);
        fileProperties.add(SSLConfig.KEYSTORE_FILE);
        fileProperties.add("oracle.kv.ssl.trustStore");
        fileProperties.add(KVSecurityConstants.AUTH_KRB_KEYTAB_PROPERTY);
        fileProperties.add(KVSecurityConstants.AUTH_KRB_CCACHE_PROPERTY);
    }
}
