package org.apache.knox.gateway.service.config.remote.zk;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.service.config.remote.RemoteConfigurationMessages;
import org.apache.knox.gateway.service.config.remote.RemoteConfigurationRegistryConfig;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.AliasServiceException;

/* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/RemoteConfigurationRegistryJAASConfig.class */
class RemoteConfigurationRegistryJAASConfig extends Configuration {
    static final Map<String, String> digestLoginModules = new HashMap();
    private static final RemoteConfigurationMessages log;
    private AliasService aliasService;
    private Configuration delegate = Configuration.getConfiguration();
    private Map<String, AppConfigurationEntry[]> contextEntries = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/knox/gateway/service/config/remote/zk/RemoteConfigurationRegistryJAASConfig$SASLMechanism.class */
    public enum SASLMechanism {
        Unsupported,
        Kerberos,
        Digest
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RemoteConfigurationRegistryJAASConfig configure(List<RemoteConfigurationRegistryConfig> list, AliasService aliasService) {
        return new RemoteConfigurationRegistryJAASConfig(list, aliasService);
    }

    private RemoteConfigurationRegistryJAASConfig(List<RemoteConfigurationRegistryConfig> list, AliasService aliasService) {
        this.aliasService = aliasService;
        new ArrayList();
        for (RemoteConfigurationRegistryConfig remoteConfigurationRegistryConfig : list) {
            if (remoteConfigurationRegistryConfig.isSecureRegistry()) {
                this.contextEntries.put(remoteConfigurationRegistryConfig.getName(), createEntries(remoteConfigurationRegistryConfig));
            }
        }
        if (this.contextEntries.isEmpty()) {
            return;
        }
        Configuration.setConfiguration(this);
    }

    public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
        AppConfigurationEntry[] appConfigurationEntry = this.delegate.getAppConfigurationEntry(str);
        if (appConfigurationEntry == null || appConfigurationEntry.length < 1) {
            appConfigurationEntry = this.contextEntries.get(str);
        }
        return appConfigurationEntry;
    }

    private AppConfigurationEntry[] createEntries(RemoteConfigurationRegistryConfig remoteConfigurationRegistryConfig) {
        return createEntry(remoteConfigurationRegistryConfig) != null ? new AppConfigurationEntry[]{createEntry(remoteConfigurationRegistryConfig)} : new AppConfigurationEntry[0];
    }

    private AppConfigurationEntry createEntry(RemoteConfigurationRegistryConfig remoteConfigurationRegistryConfig) {
        AppConfigurationEntry appConfigurationEntry = null;
        HashMap hashMap = new HashMap();
        SASLMechanism sASLMechanism = getSASLMechanism(remoteConfigurationRegistryConfig.getAuthType());
        switch (sASLMechanism) {
            case Digest:
                hashMap.put("username", remoteConfigurationRegistryConfig.getPrincipal());
                char[] cArr = null;
                if (this.aliasService == null) {
                    throw new IllegalArgumentException("The AliasService is required to resolve credential aliases.");
                }
                try {
                    cArr = this.aliasService.getPasswordFromAliasForGateway(remoteConfigurationRegistryConfig.getCredentialAlias());
                } catch (AliasServiceException e) {
                    log.unresolvedCredentialAlias(remoteConfigurationRegistryConfig.getCredentialAlias());
                }
                if (cArr != null) {
                    hashMap.put("password", new String(cArr));
                    break;
                }
                break;
            case Kerberos:
                hashMap.put("isUseTicketCache", String.valueOf(remoteConfigurationRegistryConfig.isUseTicketCache()));
                hashMap.put("isUseKeyTab", String.valueOf(remoteConfigurationRegistryConfig.isUseKeyTab()));
                hashMap.put("keyTab", remoteConfigurationRegistryConfig.getKeytab());
                hashMap.put("principal", remoteConfigurationRegistryConfig.getPrincipal());
                break;
        }
        if (!hashMap.isEmpty()) {
            appConfigurationEntry = new AppConfigurationEntry(getLoginModuleName(remoteConfigurationRegistryConfig.getRegistryType(), sASLMechanism), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap);
        }
        return appConfigurationEntry;
    }

    private static String getLoginModuleName(String str, SASLMechanism sASLMechanism) {
        String str2 = null;
        switch (sASLMechanism) {
            case Digest:
                str2 = digestLoginModules.get(str.toUpperCase());
                break;
            case Kerberos:
                if (!System.getProperty("java.vendor").contains("IBM")) {
                    str2 = "com.sun.security.auth.module.Krb5LoginModule";
                    break;
                } else {
                    str2 = "com.ibm.security.auth.module.Krb5LoginModule";
                    break;
                }
        }
        return str2;
    }

    private static SASLMechanism getSASLMechanism(String str) {
        SASLMechanism sASLMechanism = SASLMechanism.Unsupported;
        SASLMechanism[] values = SASLMechanism.values();
        int length = values.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            SASLMechanism sASLMechanism2 = values[i];
            if (sASLMechanism2.name().equalsIgnoreCase(str)) {
                sASLMechanism = sASLMechanism2;
                break;
            }
            i++;
        }
        return sASLMechanism;
    }

    static {
        digestLoginModules.put("ZOOKEEPER", "org.apache.zookeeper.server.auth.DigestLoginModule");
        log = (RemoteConfigurationMessages) MessagesFactory.get(RemoteConfigurationMessages.class);
    }
}
