package org.tmatesoft.svn.core.internal.io.dav.http;

import java.io.IOException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.tmatesoft.svn.core.SVNErrorCode;
import org.tmatesoft.svn.core.SVNErrorMessage;
import org.tmatesoft.svn.core.SVNException;
import org.tmatesoft.svn.core.internal.util.SVNBase64;
import org.tmatesoft.svn.core.internal.util.SVNHashMap;
import org.tmatesoft.svn.core.internal.wc.SVNErrorManager;
import org.tmatesoft.svn.core.internal.wc17.db.ISVNWCDb;
import org.tmatesoft.svn.util.SVNDebugLog;
import org.tmatesoft.svn.util.SVNLogType;

/* loaded from: input_file:WEB-INF/lib/svnkit-1.7.4-rc2.jar:org/tmatesoft/svn/core/internal/io/dav/http/DefaultHTTPNegotiateAuthentication.class */
public class DefaultHTTPNegotiateAuthentication extends HTTPNegotiateAuthentication {
    private static final String NEGOTIATE_TYPE_PROPERTY = "svnkit.negotiate.type";
    private static final String NEGOTIATE_TYPE_SPNEGO = "spnego";
    private static final String NEGOTIATE_TYPE_KERBEROS = "krb";
    private static Map ourOids = new SVNHashMap();
    private static volatile Boolean ourIsNegotiateSupported;
    private GSSManager myGSSManager;
    private GSSContext myGSSContext;
    private Oid mySpnegoOid;
    private Subject mySubject;
    private byte[] myToken;
    private int myTokenLength;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/svnkit-1.7.4-rc2.jar:org/tmatesoft/svn/core/internal/io/dav/http/DefaultHTTPNegotiateAuthentication$SVNKitCallbackHandler.class */
    public class SVNKitCallbackHandler implements CallbackHandler {
        private SVNKitCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(DefaultHTTPNegotiateAuthentication.this.getUserName());
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    ((PasswordCallback) callbackArr[i]).setPassword(DefaultHTTPNegotiateAuthentication.this.getPassword() == null ? null : DefaultHTTPNegotiateAuthentication.this.getPassword().toCharArray());
                }
            }
        }
    }

    private static Oid getDefaultOID() {
        String property = System.getProperty(NEGOTIATE_TYPE_PROPERTY, NEGOTIATE_TYPE_KERBEROS);
        if (property == null || ISVNWCDb.PRISTINE_TEMPDIR_RELPATH.equals(property)) {
            property = NEGOTIATE_TYPE_KERBEROS;
        }
        Oid oid = (Oid) ourOids.get(property);
        return oid != null ? oid : (Oid) ourOids.get(NEGOTIATE_TYPE_KERBEROS);
    }

    public DefaultHTTPNegotiateAuthentication(DefaultHTTPNegotiateAuthentication defaultHTTPNegotiateAuthentication) {
        this.myGSSManager = GSSManager.getInstance();
        if (defaultHTTPNegotiateAuthentication != null) {
            this.mySubject = defaultHTTPNegotiateAuthentication.mySubject;
        }
    }

    public DefaultHTTPNegotiateAuthentication() {
        this(null);
    }

    public static synchronized boolean isSupported() {
        if (ourIsNegotiateSupported == null) {
            Oid defaultOID = getDefaultOID();
            for (Oid oid : GSSManager.getInstance().getMechs()) {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: supported OID: " + oid);
            }
            ourIsNegotiateSupported = Boolean.valueOf(Arrays.asList(GSSManager.getInstance().getMechs()).contains(defaultOID));
        }
        return ourIsNegotiateSupported.booleanValue();
    }

    @Override // org.tmatesoft.svn.core.internal.io.dav.http.HTTPNegotiateAuthentication
    public void respondTo(String str) {
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: respond to, challenge: " + str);
        if (str == null) {
            this.myToken = new byte[0];
            this.myTokenLength = 0;
        } else {
            this.myToken = new byte[((str.length() * 3) + 3) / 4];
            this.myTokenLength = SVNBase64.base64ToByteArray(new StringBuffer(str), this.myToken);
        }
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: respond to, token length: " + this.myTokenLength);
    }

    private void initializeSubject() {
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: initialize subject");
        if (this.mySubject != null) {
            return;
        }
        try {
            LoginContext loginContext = new LoginContext("com.sun.security.jgss.krb5.initiate", new SVNKitCallbackHandler());
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: initialize subject, login context: " + loginContext);
            loginContext.login();
            this.mySubject = loginContext.getSubject();
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: initialize subject, subject: " + this.mySubject);
        } catch (LoginException e) {
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initializeContext() throws GSSException {
        if (this.mySpnegoOid == null) {
            this.mySpnegoOid = getDefaultOID();
        }
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: initialize context, OID: " + this.mySpnegoOid);
        GSSCredential createCredential = this.myGSSManager.createCredential(1);
        GSSName createName = this.myGSSManager.createName(getServerPrincipalName(), GSSName.NT_HOSTBASED_SERVICE);
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: initialize context, server name: " + createName);
        this.myGSSContext = this.myGSSManager.createContext(createName, this.mySpnegoOid, createCredential, 0);
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: initialize context, GSS Context: " + this.myGSSContext);
    }

    @Override // org.tmatesoft.svn.core.internal.io.dav.http.HTTPAuthentication
    public String authenticate() throws SVNException {
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate: isStarted:" + isStarted());
        if (!isStarted()) {
            initializeSubject();
        }
        PrivilegedExceptionAction privilegedExceptionAction = new PrivilegedExceptionAction() { // from class: org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.1
            @Override // java.security.PrivilegedExceptionAction
            public Object run() throws SVNException {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate action: isStarted: " + DefaultHTTPNegotiateAuthentication.this.isStarted());
                if (!DefaultHTTPNegotiateAuthentication.this.isStarted()) {
                    try {
                        DefaultHTTPNegotiateAuthentication.this.initializeContext();
                        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate action: context initializaed");
                    } catch (GSSException e) {
                        SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, "Negotiate authentication failed: ''{0}''", e.getMajorString()), SVNLogType.NETWORK);
                        return null;
                    }
                }
                try {
                    DefaultHTTPNegotiateAuthentication.this.myGSSContext.requestCredDeleg(true);
                    byte[] initSecContext = DefaultHTTPNegotiateAuthentication.this.myGSSContext.initSecContext(DefaultHTTPNegotiateAuthentication.this.myToken, 0, DefaultHTTPNegotiateAuthentication.this.myTokenLength);
                    SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate action: out token: " + initSecContext);
                    if (initSecContext != null) {
                        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate action: out token: " + SVNBase64.byteArrayToBase64(initSecContext));
                    }
                    if (DefaultHTTPNegotiateAuthentication.this.myToken != null) {
                        return "Negotiate " + SVNBase64.byteArrayToBase64(initSecContext);
                    }
                    SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate action: myToken is null");
                    return null;
                } catch (GSSException e2) {
                    SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.RA_DAV_REQUEST_FAILED, "Negotiate authentication failed: ''{0}''", e2.getMajorString()), SVNLogType.NETWORK);
                    return null;
                }
            }
        };
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate: subject:" + this.mySubject);
        if (this.mySubject != null) {
            try {
                String str = (String) Subject.doAs(this.mySubject, privilegedExceptionAction);
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate: result:" + str);
                return str;
            } catch (PrivilegedActionException e) {
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, e);
                Throwable cause = e.getCause();
                SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, cause);
                if (cause instanceof SVNException) {
                    throw ((SVNException) cause);
                }
                SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, e), SVNLogType.NETWORK);
            }
        }
        try {
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: authenticate: result (2):" + ((String) privilegedExceptionAction.run()));
            return (String) privilegedExceptionAction.run();
        } catch (Exception e2) {
            if (e2 instanceof SVNException) {
                throw ((SVNException) e2);
            }
            SVNErrorManager.error(SVNErrorMessage.create(SVNErrorCode.IO_ERROR, e2), SVNLogType.NETWORK);
            return null;
        }
    }

    @Override // org.tmatesoft.svn.core.internal.io.dav.http.HTTPNegotiateAuthentication
    public boolean isStarted() {
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: isStarted: " + this.myGSSContext);
        return this.myGSSContext != null;
    }

    @Override // org.tmatesoft.svn.core.internal.io.dav.http.HTTPNegotiateAuthentication
    public boolean needsLogin() {
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: needsLogin");
        initializeSubject();
        SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, "NEGOTIATE: needsLogin, mySubject: " + this.mySubject);
        return this.mySubject == null;
    }

    static {
        try {
            ourOids.put(NEGOTIATE_TYPE_KERBEROS, new Oid("1.2.840.113554.1.2.2"));
        } catch (GSSException e) {
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, e);
        }
        try {
            ourOids.put(NEGOTIATE_TYPE_SPNEGO, new Oid("1.3.6.1.5.5.2"));
        } catch (GSSException e2) {
            SVNDebugLog.getDefaultLog().logFine(SVNLogType.NETWORK, e2);
        }
    }
}
