package org.codelibs.spnego;

import jakarta.servlet.FilterConfig;
import java.io.File;
import java.io.FileNotFoundException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.codelibs.spnego.SpnegoHttpFilter;

/* loaded from: input_file:org/codelibs/spnego/SpnegoFilterConfig.class */
public class SpnegoFilterConfig {
    private static final Logger LOGGER;
    private static final String MISSING_PROPERTY = "Servlet Filter init param(s) in web.xml missing: ";
    private static SpnegoFilterConfig instance;
    private boolean allowBasic;
    private boolean allowDelegation;
    private boolean allowLocalhost;
    private boolean allowUnsecure;
    private boolean canUseKeyTab;
    private String clientLoginModule;
    private String excludeDirs;
    private String password;
    private boolean promptNtlm;
    private String serverLoginModule;
    private String username;
    static final /* synthetic */ boolean $assertionsDisabled;

    private SpnegoFilterConfig() {
        this.allowBasic = false;
        this.allowDelegation = false;
        this.allowLocalhost = true;
        this.allowUnsecure = true;
        this.canUseKeyTab = false;
        this.clientLoginModule = null;
        this.excludeDirs = null;
        this.password = null;
        this.promptNtlm = false;
        this.serverLoginModule = null;
        this.username = null;
    }

    private SpnegoFilterConfig(FilterConfig filterConfig) throws FileNotFoundException, URISyntaxException {
        this.allowBasic = false;
        this.allowDelegation = false;
        this.allowLocalhost = true;
        this.allowUnsecure = true;
        this.canUseKeyTab = false;
        this.clientLoginModule = null;
        this.excludeDirs = null;
        this.password = null;
        this.promptNtlm = false;
        this.serverLoginModule = null;
        this.username = null;
        setLogLevel(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.LOGGER_LEVEL));
        if (!$assertionsDisabled && !loginConfExists(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.LOGIN_CONF))) {
            throw new AssertionError();
        }
        if (!hasInitParameter(filterConfig, SpnegoHttpFilter.Constants.KRB5_CONF)) {
            throw new IllegalArgumentException("Servlet Filter init param(s) in web.xml missing: spnego.krb5.conf");
        }
        System.setProperty("java.security.krb5.conf", filterConfig.getInitParameter(SpnegoHttpFilter.Constants.KRB5_CONF));
        if (!hasInitParameter(filterConfig, SpnegoHttpFilter.Constants.LOGIN_CONF)) {
            throw new IllegalArgumentException("Servlet Filter init param(s) in web.xml missing: spnego.login.conf");
        }
        System.setProperty("java.security.auth.login.config", filterConfig.getInitParameter(SpnegoHttpFilter.Constants.LOGIN_CONF));
        doClientModule(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.CLIENT_MODULE));
        doServerModule(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.SERVER_MODULE));
        setUsernamePassword(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.PREAUTH_USERNAME), filterConfig.getInitParameter(SpnegoHttpFilter.Constants.PREAUTH_PASSWORD));
        setBasicSupport(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.ALLOW_BASIC), filterConfig.getInitParameter(SpnegoHttpFilter.Constants.ALLOW_UNSEC_BASIC));
        setNtlmSupport(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.PROMPT_NTLM));
        if (hasInitParameter(filterConfig, SpnegoHttpFilter.Constants.ALLOW_LOCALHOST)) {
            this.allowLocalhost = Boolean.parseBoolean(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.ALLOW_LOCALHOST));
        }
        if (hasInitParameter(filterConfig, SpnegoHttpFilter.Constants.ALLOW_DELEGATION)) {
            this.allowDelegation = Boolean.parseBoolean(filterConfig.getInitParameter(SpnegoHttpFilter.Constants.ALLOW_DELEGATION));
        }
        this.excludeDirs = filterConfig.getInitParameter(SpnegoHttpFilter.Constants.EXCLUDE_DIRS);
    }

    private boolean hasInitParameter(FilterConfig filterConfig, String str) {
        return (null == filterConfig.getInitParameter(str) || filterConfig.getInitParameter(str).isEmpty()) ? false : true;
    }

    private void doClientModule(String str) {
        if (!$assertionsDisabled && !moduleExists("client", str)) {
            throw new AssertionError();
        }
        this.clientLoginModule = str;
        Map options = Configuration.getConfiguration().getAppConfigurationEntry(str)[0].getOptions();
        if (options.isEmpty()) {
            return;
        }
        Iterator it = options.entrySet().iterator();
        while (it.hasNext()) {
            if (!((String) ((Map.Entry) it.next()).getKey()).startsWith("jboss")) {
                throw new UnsupportedOperationException("Login Module for client must not specify any options: " + options.size() + "; moduleName=" + str + "; options=" + options.toString());
            }
        }
    }

    private void doServerModule(String str) {
        if (!$assertionsDisabled && !moduleExists("server", str)) {
            throw new AssertionError();
        }
        this.serverLoginModule = str;
        Map options = Configuration.getConfiguration().getAppConfigurationEntry(str)[0].getOptions();
        if (!options.containsKey("storeKey")) {
            throw new UnsupportedOperationException("Login Module for server does not have the storeKey option defined in login file.");
        }
        Object obj = options.get("storeKey");
        if (null == obj || !Boolean.parseBoolean((String) obj)) {
            throw new UnsupportedOperationException("Login Module for server must have storeKey option in login file set to true.");
        }
        if (options.containsKey("useKeyTab") && options.containsKey("principal") && options.containsKey("keyTab")) {
            this.canUseKeyTab = true;
        } else {
            this.canUseKeyTab = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean downgradeNtlm() {
        return this.promptNtlm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getClientLoginModule() {
        return this.clientLoginModule;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<String> getExcludeDirs() {
        return (null == this.excludeDirs || this.excludeDirs.isEmpty()) ? Collections.emptyList() : split(this.excludeDirs);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPreauthPassword() {
        return this.password;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPreauthUsername() {
        return this.username;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getServerLoginModule() {
        return this.serverLoginModule;
    }

    public static SpnegoFilterConfig getInstance(FilterConfig filterConfig) throws FileNotFoundException, URISyntaxException {
        synchronized (SpnegoFilterConfig.class) {
            if (null == instance) {
                instance = new SpnegoFilterConfig(filterConfig);
            }
        }
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isBasicAllowed() {
        return this.allowBasic;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isDelegationAllowed() {
        return this.allowDelegation;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isLocalhostAllowed() {
        return this.allowLocalhost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isUnsecureAllowed() {
        return this.allowUnsecure;
    }

    private boolean loginConfExists(String str) throws FileNotFoundException, URISyntaxException {
        if (null == str || str.isEmpty()) {
            throw new FileNotFoundException("Must provide a login.conf file.");
        }
        if (new File(new URI(str)).exists()) {
            return true;
        }
        throw new FileNotFoundException(str);
    }

    private boolean moduleExists(String str, String str2) {
        AppConfigurationEntry[] appConfigurationEntry = Configuration.getConfiguration().getAppConfigurationEntry(str2);
        if (null == appConfigurationEntry) {
            throw new IllegalArgumentException("The " + str + " module name was not found in the login file: " + str2);
        }
        if (0 == appConfigurationEntry.length) {
            throw new IllegalArgumentException("The " + str + " module name exists but login module class not defined: " + str2);
        }
        if (appConfigurationEntry.length > 1) {
            throw new IllegalArgumentException("Only one login module class is supported for the " + str + " module: " + appConfigurationEntry.length);
        }
        if (!appConfigurationEntry[0].getLoginModuleName().equals("com.sun.security.auth.module.Krb5LoginModule")) {
            throw new UnsupportedOperationException("Login module class not supported: " + appConfigurationEntry[0].getLoginModuleName());
        }
        if (appConfigurationEntry[0].getControlFlag().equals(AppConfigurationEntry.LoginModuleControlFlag.REQUIRED)) {
            return true;
        }
        throw new UnsupportedOperationException("Control Flag must have a value of REQUIRED: " + appConfigurationEntry[0].getControlFlag());
    }

    private void setBasicSupport(String str, String str2) {
        if (null == str) {
            throw new IllegalArgumentException("Servlet Filter init param(s) in web.xml missing: spnego.allow.basic");
        }
        if (null == str2) {
            throw new IllegalArgumentException("Servlet Filter init param(s) in web.xml missing: spnego.allow.unsecure.basic");
        }
        this.allowBasic = Boolean.parseBoolean(str);
        this.allowUnsecure = Boolean.parseBoolean(str2);
    }

    private void setLogLevel(String str) {
        if (null != str) {
            switch (Integer.parseInt(str)) {
                case 1:
                    LOGGER.setLevel(Level.FINEST);
                    return;
                case 2:
                    LOGGER.setLevel(Level.FINER);
                    return;
                case 3:
                    LOGGER.setLevel(Level.FINE);
                    return;
                case 4:
                    LOGGER.setLevel(Level.CONFIG);
                    return;
                case 5:
                default:
                    LOGGER.setLevel(Level.INFO);
                    return;
                case 6:
                    LOGGER.setLevel(Level.WARNING);
                    return;
                case 7:
                    LOGGER.setLevel(Level.SEVERE);
                    return;
            }
        }
    }

    private void setNtlmSupport(String str) {
        if (null == str) {
            throw new IllegalArgumentException("Servlet Filter init param(s) in web.xml missing: spnego.prompt.ntlm");
        }
        boolean parseBoolean = Boolean.parseBoolean(str);
        if (!this.allowBasic && parseBoolean) {
            throw new IllegalArgumentException("If prompt ntlm is true, then allow basic auth must also be true.");
        }
        this.promptNtlm = parseBoolean;
    }

    private void setUsernamePassword(String str, String str2) {
        boolean z = false;
        if (null == str) {
            this.username = "";
        } else {
            this.username = str;
        }
        if (null == str2) {
            this.password = "";
        } else {
            this.password = str2;
        }
        if (this.username.isEmpty() || this.password.isEmpty()) {
            z = true;
        }
        if (z && !this.canUseKeyTab) {
            throw new IllegalArgumentException("Must specify a username and password or a keyTab.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean useKeyTab() {
        return this.canUseKeyTab && this.username.isEmpty() && this.password.isEmpty();
    }

    private static String clean(String str) {
        if (str.length() < 2 || str.contains("*")) {
            throw new IllegalArgumentException("Invalid exclude.dirs pattern or char(s): " + str);
        }
        String str2 = str.endsWith("/") ? str : str + "/";
        return str2.substring(0, str2.lastIndexOf(47) + 1);
    }

    private static List<String> split(String str) {
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            arrayList.add(clean(str2.trim()));
        }
        return arrayList;
    }

    public String toString() {
        StringBuilder sb = new StringBuilder(100);
        sb.append("allowBasic=" + this.allowBasic + "; allowUnsecure=" + this.allowUnsecure + "; allowDelegation=" + this.allowDelegation + "; allowLocalhost=" + this.allowLocalhost + "; canUseKeyTab=" + this.canUseKeyTab + "; excludeDirs=" + this.excludeDirs + "; username=" + this.username + "; clientLoginModule=" + this.clientLoginModule + "; serverLoginModule=" + this.serverLoginModule);
        return sb.toString();
    }

    static {
        $assertionsDisabled = !SpnegoFilterConfig.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(SpnegoHttpFilter.Constants.LOGGER_NAME);
        instance = null;
    }
}
