package com.ibm.iaccess.base;

import com.ibm.iaccess.Copyright;
import com.ibm.iaccess.base.natives.AcsRegistrySnapshot;
import com.ibm.iaccess.baselite.AcsBoolean;
import com.ibm.iaccess.baselite.AcsConstants;
import com.ibm.iaccess.baselite.AcsFile;
import com.ibm.iaccess.baselite.AcsFileUtils;
import com.ibm.iaccess.baselite.AcsInetAddress;
import com.ibm.iaccess.baselite.AcsStringUtil;
import com.ibm.iaccess.launch.AcsLaunchPad;
import com.ibm.iaccess.launch.AcsProperties;
import java.awt.Component;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;

@Copyright("Licensed Materials - Property of IBM\n5733-XJ1\n(C) Copyright IBM Corp. 2012, 2014.\nAll Rights Reserved.\nUS Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.\n")
/* loaded from: input_file:lib/acsbase.jar:com/ibm/iaccess/base/AcsKerberosUtils.class */
public final class AcsKerberosUtils implements AcsConstants {
    private static volatile boolean m_isPrepared = false;
    private static String m_winGssName = null;
    private static AcsBoolean m_isAutoSetup = AcsBoolean.MAYBE;

    private AcsKerberosUtils() {
    }

    public static synchronized void prepareForKerberos() throws IOException {
        if (m_isPrepared) {
            return;
        }
        System.setProperty(AcsConstants.JXSA_USESUBJCREDSONLY, "false");
        System.setProperty("sun.security.jgss.native", "true");
        if (null != System.getProperty(AcsConstants.JSA_LOGIN_CONFIG)) {
            return;
        }
        URL sunKerbLoginConfFile = AcsJarAccessor.getSunKerbLoginConfFile();
        if (null == sunKerbLoginConfFile) {
            throw new FileNotFoundException("krb.conf");
        }
        AcsFile createTempFile = AcsFile.createTempFile("acs_krblogin", ".conf");
        AcsFileUtils.copyFile(sunKerbLoginConfFile, createTempFile);
        System.setProperty(AcsConstants.JSA_LOGIN_CONFIG, createTempFile.getAbsolutePath());
        if (isKerberosAutoSetupNeeded()) {
            try {
                System.setProperty("java.security.krb5.realm", getWindowsAutoDecidedGSSName().replaceAll(".*@", ""));
                System.setProperty("java.security.krb5.kdc", getWindowsKDC());
                System.setProperty("sun.security.krb5.principal", getWindowsAutoDecidedGSSName());
            } catch (Exception e) {
                AcsLogUtil.logWarning(e);
            }
        }
        m_isPrepared = true;
    }

    public static boolean isKerberosAutoSetupNeeded() {
        if (m_isAutoSetup != AcsBoolean.MAYBE) {
            return m_isAutoSetup.toBool();
        }
        if (!AcsUtilities.isWindows()) {
            AcsLogUtil.logFine("Not doing auto Kerberos setup. Reason: not Windows");
            AcsBoolean valueOf = AcsBoolean.valueOf(false);
            m_isAutoSetup = valueOf;
            return valueOf.toBool();
        }
        if (!AcsProperties.getProperties().isKerberosWindowsJGSSMode()) {
            AcsLogUtil.logFine("Not doing auto Kerberos setup. Reason: not running JGSS mode");
            AcsBoolean valueOf2 = AcsBoolean.valueOf(false);
            m_isAutoSetup = valueOf2;
            return valueOf2.toBool();
        }
        if (!AcsProperties.getProperties().isKerberosAutoConfig()) {
            AcsLogUtil.logFine("Not doing auto Kerberos setup. Reason: disabled by property");
            AcsBoolean valueOf3 = AcsBoolean.valueOf(false);
            m_isAutoSetup = valueOf3;
            return valueOf3.toBool();
        }
        if (null != System.getProperty("java.security.krb5.realm")) {
            AcsLogUtil.logFine("Not doing auto Kerberos setup. Reason: 'java.security.krb5.realm' already set");
            AcsBoolean valueOf4 = AcsBoolean.valueOf(false);
            m_isAutoSetup = valueOf4;
            return valueOf4.toBool();
        }
        if (null != System.getProperty("java.security.krb5.kdc")) {
            AcsLogUtil.logFine("Not doing auto Kerberos setup. Reason: 'java.security.krb5.kdc' already set");
            AcsBoolean valueOf5 = AcsBoolean.valueOf(false);
            m_isAutoSetup = valueOf5;
            return valueOf5.toBool();
        }
        if (null != System.getProperty("java.security.krb5.conf")) {
            AcsLogUtil.logFine("Not doing auto Kerberos setup. Reason: 'java.security.krb5.conf' already set");
            AcsBoolean valueOf6 = AcsBoolean.valueOf(false);
            m_isAutoSetup = valueOf6;
            return valueOf6.toBool();
        }
        String str = System.getenv("SystemRoot");
        if (!AcsStringUtil.isValidNonEmptyString(str)) {
            str = "C:\\WINDOWS";
        }
        if (new AcsFile(str + "\\krb5.ini").canRead()) {
            AcsLogUtil.logFine("Not doing auto Kerberos setup. Reason: krb5.ini exists in %SystemRoot%");
            AcsBoolean valueOf7 = AcsBoolean.valueOf(false);
            m_isAutoSetup = valueOf7;
            return valueOf7.toBool();
        }
        AcsLogUtil.logFine("Doing auto Kerberos setup!");
        AcsBoolean valueOf8 = AcsBoolean.valueOf(true);
        m_isAutoSetup = valueOf8;
        return valueOf8.toBool();
    }

    private static String getWindowsKDC() throws IOException, NullPointerException {
        String replaceFirst = System.getenv("LOGONSERVER").replaceFirst("^\\\\\\\\", "");
        AcsLogUtil.logFine("KDC determined to be " + replaceFirst);
        return replaceFirst;
    }

    public static synchronized void prepareForKerberosOrDie() {
        try {
            prepareForKerberos();
        } catch (Exception e) {
            AcsMsgUtil.msg((Component) null, e);
            AcsLogUtil.logSevere(e);
            System.exit(-87);
        }
    }

    public static synchronized void prepareForKerberosOrDoNothingOnFailure() {
        try {
            prepareForKerberos();
        } catch (Exception e) {
            AcsLogUtil.logSevere(e);
        }
    }

    public static synchronized String getWindowsAutoDecidedGSSName() {
        String property = System.getProperty(AcsConstants.GSSNAME_PROP_STR);
        if (AcsStringUtil.isValidNonEmptyString(property)) {
            return property;
        }
        if (!AcsUtilities.isWindows()) {
            return null;
        }
        if (null != m_winGssName) {
            if (m_winGssName.isEmpty()) {
                return null;
            }
            return m_winGssName;
        }
        try {
            m_winGssName = System.getProperty(AcsConstants.USER_NAME) + "@" + getWindowsRealm();
            AcsLogUtil.logFine("GSS name determined to be " + m_winGssName);
            return m_winGssName;
        } catch (Exception e) {
            AcsLogUtil.logWarning(e);
            m_winGssName = "";
            return null;
        }
    }

    private static String getWindowsRealm() throws IOException {
        String str = System.getenv("USERDOMAIN");
        AcsLogUtil.logFine("User domain determined to be " + str);
        try {
            Object value = new AcsRegistrySnapshot("HKLM\\SOFTWARE\\MICROSOFT\\Windows NT\\CurrentVersion\\Winlogon\\DomainCache").getValue("HKLM\\SOFTWARE\\MICROSOFT\\Windows NT\\CurrentVersion\\Winlogon\\DomainCache", str);
            if (null != value) {
                String trim = value.toString().toUpperCase(LOC_US).trim();
                if (AcsStringUtil.isValidNonEmptyString(trim)) {
                    AcsLogUtil.logFine("Windows realm determined to be " + trim);
                    return trim;
                }
            }
        } catch (Exception e) {
            AcsLogUtil.logFine(e);
        }
        if (str.contains(".")) {
            AcsLogUtil.logFine("Windows realm determined to be " + str.toUpperCase(LOC_US));
            return str.toUpperCase(LOC_US);
        }
        String str2 = System.getenv("USERDNSDOMAIN");
        if (AcsStringUtil.isValidNonEmptyString(str2)) {
            String upperCase = str2.toUpperCase(LOC_US);
            AcsLogUtil.logFine("Windows realm determined to be " + upperCase);
            return upperCase;
        }
        String upperCase2 = (str + "." + AcsInetAddress.getMyDomain()).toUpperCase(LOC_US);
        AcsLogUtil.logFine("Windows realm determined to be " + upperCase2);
        return upperCase2;
    }

    public static void main(String[] strArr) {
        AcsLaunchPad.initAcsEnvironmentForTesting(strArr);
        getWindowsAutoDecidedGSSName();
        getWindowsAutoDecidedGSSName();
        getWindowsAutoDecidedGSSName();
        prepareForKerberosOrDie();
    }
}
