package org.springframework.security.kerberos.authentication.sun;

import java.io.IOException;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.kerberos.authentication.KerberosClient;

/* loaded from: input_file:BOOT-INF/lib/spring-security-kerberos-core-1.0.1.RELEASE.jar:org/springframework/security/kerberos/authentication/sun/SunJaasKerberosClient.class */
public class SunJaasKerberosClient implements KerberosClient {
    private boolean debug = false;
    private static final Log LOG = LogFactory.getLog((Class<?>) SunJaasKerberosClient.class);

    /* loaded from: input_file:BOOT-INF/lib/spring-security-kerberos-core-1.0.1.RELEASE.jar:org/springframework/security/kerberos/authentication/sun/SunJaasKerberosClient$KerberosClientCallbackHandler.class */
    private static class KerberosClientCallbackHandler implements CallbackHandler {
        private String username;
        private String password;

        public KerberosClientCallbackHandler(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.username);
                } else {
                    if (!(callback instanceof PasswordCallback)) {
                        throw new UnsupportedCallbackException(callback, "We got a " + callback.getClass().getCanonicalName() + ", but only NameCallback and PasswordCallback is supported");
                    }
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                }
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-kerberos-core-1.0.1.RELEASE.jar:org/springframework/security/kerberos/authentication/sun/SunJaasKerberosClient$LoginConfig.class */
    private static class LoginConfig extends Configuration {
        private boolean debug;

        public LoginConfig(boolean z) {
            this.debug = z;
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            HashMap hashMap = new HashMap();
            hashMap.put("storeKey", "true");
            if (this.debug) {
                hashMap.put("debug", "true");
            }
            return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }
    }

    @Override // org.springframework.security.kerberos.authentication.KerberosClient
    public String login(String str, String str2) {
        LOG.debug("Trying to authenticate " + str + " with Kerberos");
        try {
            LoginContext loginContext = new LoginContext("", (Subject) null, new KerberosClientCallbackHandler(str, str2), new LoginConfig(this.debug));
            loginContext.login();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Kerberos authenticated user: " + loginContext.getSubject());
            }
            String principal = loginContext.getSubject().getPrincipals().iterator().next().toString();
            loginContext.logout();
            return principal;
        } catch (LoginException e) {
            throw new BadCredentialsException("Kerberos authentication failed", e);
        }
    }

    public void setDebug(boolean z) {
        this.debug = z;
    }
}
