package org.yamcs.security;

import java.io.IOException;
import java.util.HashMap;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yamcs.InitException;
import org.yamcs.Spec;
import org.yamcs.YConfiguration;

/* loaded from: input_file:org/yamcs/security/KerberosAuthModule.class */
public class KerberosAuthModule implements AuthModule {
    private static final Logger log = LoggerFactory.getLogger(KerberosAuthModule.class);
    private static final String JAAS_ENTRY_NAME = "Yamcs";
    private static final String JAAS_KRB5 = "com.sun.security.auth.module.Krb5LoginModule";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/yamcs/security/KerberosAuthModule$UserPassCallbackHandler.class */
    public static class UserPassCallbackHandler implements CallbackHandler {
        private char[] password;
        private String username;

        public UserPassCallbackHandler(String str, char[] cArr) {
            this.username = str;
            this.password = cArr;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if ((callback instanceof NameCallback) && this.username != null) {
                    ((NameCallback) callback).setName(this.username);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.password);
                } else {
                    KerberosAuthModule.log.warn("Unrecognized callback " + callback);
                }
            }
        }
    }

    @Override // org.yamcs.security.AuthModule
    public Spec getSpec() {
        return new Spec();
    }

    @Override // org.yamcs.security.AuthModule
    public void init(YConfiguration yConfiguration) throws InitException {
        HashMap hashMap = new HashMap();
        hashMap.put("useKeyTab", "false");
        hashMap.put("useTicketCache", "false");
        hashMap.put("debug", "false");
        JaasConfiguration.addEntry(JAAS_ENTRY_NAME, new AppConfigurationEntry(JAAS_KRB5, AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap));
    }

    @Override // org.yamcs.security.AuthModule
    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        if (authenticationToken instanceof UsernamePasswordToken) {
            return authenticateByPassword((UsernamePasswordToken) authenticationToken);
        }
        return null;
    }

    private AuthenticationInfo authenticateByPassword(UsernamePasswordToken usernamePasswordToken) throws AuthenticationException {
        String principal = usernamePasswordToken.getPrincipal();
        try {
            LoginContext loginContext = new LoginContext(JAAS_ENTRY_NAME, new UserPassCallbackHandler(principal, usernamePasswordToken.getPassword()));
            loginContext.login();
            AuthenticationInfo authenticationInfo = new AuthenticationInfo(this, principal);
            authenticationInfo.addExternalIdentity(getClass().getName(), loginContext.getSubject().getPrincipals().iterator().next().getName());
            return authenticationInfo;
        } catch (AccountNotFoundException e) {
            return null;
        } catch (LoginException e2) {
            throw new AuthenticationException(e2);
        }
    }

    @Override // org.yamcs.security.AuthModule
    public boolean verifyValidity(AuthenticationInfo authenticationInfo) {
        return true;
    }

    @Override // org.yamcs.security.AuthModule
    public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) {
        return new AuthorizationInfo();
    }
}
