package org.apache.hadoop.security.authentication.util;

import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.nio.charset.IllegalCharsetNameException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KeyTab;
import org.apache.curator.utils.ZKPaths;
import org.apache.hadoop.util.PlatformName;
import org.apache.kerby.kerberos.kerb.keytab.Keytab;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import org.objectweb.asm.Opcodes;

/* loaded from: input_file:WEB-INF/lib/hadoop-auth-3.1.1.7.1.3.9-1.jar:org/apache/hadoop/security/authentication/util/KerberosUtil.class */
public class KerberosUtil {
    public static final Oid GSS_SPNEGO_MECH_OID = getNumericOidInstance("1.3.6.1.5.5.2");
    public static final Oid GSS_KRB5_MECH_OID = getNumericOidInstance("1.2.840.113554.1.2.2");
    public static final Oid NT_GSS_KRB5_PRINCIPAL_OID = getNumericOidInstance("1.2.840.113554.1.2.2.1");

    /* loaded from: input_file:WEB-INF/lib/hadoop-auth-3.1.1.7.1.3.9-1.jar:org/apache/hadoop/security/authentication/util/KerberosUtil$DER.class */
    private static class DER implements Iterator<DER> {
        static final DER SPNEGO_MECH_OID = getDER(KerberosUtil.GSS_SPNEGO_MECH_OID);
        static final DER KRB5_MECH_OID = getDER(KerberosUtil.GSS_KRB5_MECH_OID);
        private final int tag;
        private final ByteBuffer bb;

        private static DER getDER(Oid oid) {
            try {
                return new DER(oid.getDER());
            } catch (GSSException e) {
                throw new IllegalArgumentException((Throwable) e);
            }
        }

        DER(byte[] bArr) {
            this(ByteBuffer.wrap(bArr));
        }

        DER(ByteBuffer byteBuffer) {
            this.tag = byteBuffer.get() & 255;
            int readLength = readLength(byteBuffer);
            this.bb = byteBuffer.slice();
            this.bb.limit(readLength);
            byteBuffer.position(byteBuffer.position() + readLength);
        }

        int getTag() {
            return this.tag;
        }

        /* JADX WARN: Multi-variable type inference failed */
        private static int readLength(ByteBuffer byteBuffer) {
            byte b = byteBuffer.get();
            if ((b & Byte.MIN_VALUE) != 0) {
                int i = b & Byte.MAX_VALUE;
                b = 0;
                for (int i2 = 0; i2 < i; i2++) {
                    b = ((b << 8) | (byteBuffer.get() & 255)) == true ? 1 : 0;
                }
            }
            return b;
        }

        DER choose(int i) {
            while (hasNext()) {
                DER next = next();
                if (next.getTag() == i) {
                    return next;
                }
            }
            return null;
        }

        DER get(int... iArr) {
            DER der = this;
            for (int i = 0; i < iArr.length; i++) {
                int i2 = iArr[i];
                if (der.getTag() != i2) {
                    der = der.hasNext() ? der.choose(i2) : null;
                }
                if (der == null) {
                    StringBuilder sb = new StringBuilder("Tag not found:");
                    for (int i3 = 0; i3 <= i; i3++) {
                        sb.append(" 0x").append(Integer.toHexString(iArr[i3]));
                    }
                    throw new IllegalStateException(sb.toString());
                }
            }
            return der;
        }

        String getAsString() {
            try {
                return new String(this.bb.array(), this.bb.arrayOffset() + this.bb.position(), this.bb.remaining(), "UTF-8");
            } catch (UnsupportedEncodingException e) {
                throw new IllegalCharsetNameException("UTF-8");
            }
        }

        public int hashCode() {
            return (31 * this.tag) + this.bb.hashCode();
        }

        public boolean equals(Object obj) {
            return (obj instanceof DER) && this.tag == ((DER) obj).tag && this.bb.equals(((DER) obj).bb);
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            return ((this.tag & 48) != 0 || this.tag == 4) && this.bb.hasRemaining();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Iterator
        public DER next() {
            if (hasNext()) {
                return new DER(this.bb);
            }
            throw new NoSuchElementException();
        }

        public String toString() {
            return "[tag=0x" + Integer.toHexString(this.tag) + " bb=" + this.bb + "]";
        }
    }

    public static String getKrb5LoginModuleName() {
        return PlatformName.IBM_JAVA ? "com.ibm.security.auth.module.Krb5LoginModule" : "com.sun.security.auth.module.Krb5LoginModule";
    }

    private static Oid getNumericOidInstance(String str) {
        try {
            return new Oid(str);
        } catch (GSSException e) {
            throw new IllegalArgumentException((Throwable) e);
        }
    }

    public static Oid getOidInstance(String str) throws ClassNotFoundException, GSSException, NoSuchFieldException, IllegalAccessException {
        Class<?> cls;
        if (!PlatformName.IBM_JAVA) {
            cls = Class.forName("sun.security.jgss.GSSUtil");
        } else {
            if ("NT_GSS_KRB5_PRINCIPAL".equals(str)) {
                return new Oid("1.2.840.113554.1.2.2.1");
            }
            cls = Class.forName("com.ibm.security.jgss.GSSUtil");
        }
        return (Oid) cls.getDeclaredField(str).get(cls);
    }

    public static String getDefaultRealm() throws ClassNotFoundException, NoSuchMethodException, IllegalArgumentException, IllegalAccessException, InvocationTargetException {
        return new KerberosPrincipal("tmp", 1).getRealm();
    }

    public static String getDefaultRealmProtected() {
        try {
            return getDefaultRealm();
        } catch (Exception e) {
            return null;
        }
    }

    public static String getDomainRealm(String str) {
        String str2 = null;
        try {
            Class<?> cls = PlatformName.IBM_JAVA ? Class.forName("com.ibm.security.krb5.PrincipalName") : Class.forName("sun.security.krb5.PrincipalName");
            str2 = (String) cls.getMethod("getRealmString", new Class[0]).invoke(cls.getConstructor(String.class, Integer.TYPE).newInstance(str, Integer.valueOf(cls.getField("KRB_NT_SRV_HST").getInt(null))), new Object[0]);
        } catch (RuntimeException e) {
        } catch (Exception e2) {
        }
        return (null == str2 || str2.equals("")) ? getDefaultRealmProtected() : str2;
    }

    static String getLocalHostName() throws UnknownHostException {
        return InetAddress.getLocalHost().getCanonicalHostName();
    }

    public static final String getServicePrincipal(String str, String str2) throws UnknownHostException {
        String str3 = str2;
        if (null == str3 || str3.equals("") || str3.equals("0.0.0.0")) {
            str3 = getLocalHostName();
        }
        String str4 = str + ZKPaths.PATH_SEPARATOR + str3.toLowerCase(Locale.US);
        String domainRealm = getDomainRealm(str4);
        return (null == domainRealm || domainRealm.equals("")) ? str4 : str4 + "@" + domainRealm;
    }

    static final String[] getPrincipalNames(String str) throws IOException {
        Keytab loadKeytab = Keytab.loadKeytab(new File(str));
        HashSet hashSet = new HashSet();
        Iterator<PrincipalName> it = loadKeytab.getPrincipals().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName().replace("\\", ZKPaths.PATH_SEPARATOR));
        }
        return (String[]) hashSet.toArray(new String[0]);
    }

    public static final String[] getPrincipalNames(String str, Pattern pattern) throws IOException {
        String[] principalNames = getPrincipalNames(str);
        if (principalNames.length != 0) {
            ArrayList arrayList = new ArrayList();
            for (String str2 : principalNames) {
                if (pattern.matcher(str2).matches()) {
                    arrayList.add(str2);
                }
            }
            principalNames = (String[]) arrayList.toArray(new String[0]);
        }
        return principalNames;
    }

    public static boolean hasKerberosKeyTab(Subject subject) {
        return !subject.getPrivateCredentials(KeyTab.class).isEmpty();
    }

    public static boolean hasKerberosTicket(Subject subject) {
        return !subject.getPrivateCredentials(KerberosTicket.class).isEmpty();
    }

    public static String getTokenServerName(byte[] bArr) {
        DER der = new DER(bArr);
        DER next = der.next();
        if (next.equals(DER.SPNEGO_MECH_OID)) {
            der = der.next().get(160, 48, Opcodes.IF_ICMPGE, 4).next();
            next = der.next();
        }
        if (!next.equals(DER.KRB5_MECH_OID)) {
            throw new IllegalArgumentException("Malformed gss token");
        }
        if (der.next().getTag() != 1) {
            throw new IllegalArgumentException("Not an AP-REQ token");
        }
        DER der2 = der.next().get(Opcodes.FDIV, 48, Opcodes.IF_ICMPGT, 97, 48);
        String asString = der2.get(Opcodes.IF_ICMPLT, 27).getAsString();
        DER der3 = der2.get(Opcodes.IF_ICMPGE, 48, Opcodes.IF_ICMPLT, 48);
        StringBuilder sb = new StringBuilder();
        while (der3.hasNext()) {
            if (sb.length() > 0) {
                sb.append('/');
            }
            sb.append(der3.next().getAsString());
        }
        return sb.append('@').append(asString).toString();
    }
}
