package org.frankframework.filesystem.smb;

import com.hierynomus.smbj.auth.GSSAuthenticationContext;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.frankframework.filesystem.FileSystemException;
import org.frankframework.util.CredentialFactory;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/frankframework/filesystem/smb/SambaFileSystemUtils.class */
public class SambaFileSystemUtils {
    private static final String SPNEGO_OID = "1.3.6.1.5.5.2";
    private static final String KERBEROS5_OID = "1.2.840.113554.1.2.2";

    public static GSSAuthenticationContext createGSSAuthenticationContext(CredentialFactory credentialFactory) throws FileSystemException {
        try {
            Subject krb5Login = krb5Login(credentialFactory);
            KerberosPrincipal kerberosPrincipal = (KerberosPrincipal) krb5Login.getPrincipals(KerberosPrincipal.class).iterator().next();
            final GSSManager gSSManager = GSSManager.getInstance();
            final GSSName createName = gSSManager.createName(kerberosPrincipal.getName(), GSSName.NT_USER_NAME);
            final Oid oidMechanismForName = getOidMechanismForName(gSSManager, createName);
            return new GSSAuthenticationContext(kerberosPrincipal.getName(), kerberosPrincipal.getRealm(), krb5Login, (GSSCredential) Subject.doAs(krb5Login, new PrivilegedExceptionAction<GSSCredential>() { // from class: org.frankframework.filesystem.smb.SambaFileSystemUtils.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public GSSCredential run() throws GSSException {
                    return gSSManager.createCredential(createName, 0, oidMechanismForName, 1);
                }
            }));
        } catch (GSSException e) {
            throw new FileSystemException("unable to convert kerberos principal to GSS name using oid [" + GSSName.NT_USER_NAME + "]", (Throwable) e);
        } catch (PrivilegedActionException e2) {
            throw new FileSystemException("unable to get GSS credentials", e2);
        }
    }

    private static Oid getOidMechanismForName(GSSManager gSSManager, GSSName gSSName) throws FileSystemException {
        try {
            Oid oid = new Oid(SPNEGO_OID);
            Oid oid2 = new Oid(KERBEROS5_OID);
            HashSet hashSet = new HashSet(Arrays.asList(gSSManager.getMechsForName(gSSName.getStringNameType())));
            if (hashSet.contains(oid2)) {
                return oid2;
            }
            if (hashSet.contains(oid)) {
                return oid;
            }
            throw new FileSystemException("no (valid) authentication mechanism found");
        } catch (GSSException e) {
            throw new FileSystemException("invalid Object Identifier", (Throwable) e);
        }
    }

    private static Subject krb5Login(CredentialFactory credentialFactory) throws FileSystemException {
        HashMap hashMap = new HashMap();
        hashMap.put("principal", credentialFactory.getUsername());
        try {
            LoginContext loginContext = new LoginContext(credentialFactory.getUsername(), (Subject) null, new UsernameAndPasswordCallbackHandler(credentialFactory.getUsername(), credentialFactory.getPassword()), new KerberosLoginConfiguration(hashMap));
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            throw new FileSystemException("unable to authenticate user", e);
        }
    }
}
