package lia.gsi.ssh;

import com.sshtools.j2ssh.authentication.AuthenticationProtocolClient;
import com.sshtools.j2ssh.authentication.SshAuthenticationClient;
import com.sshtools.j2ssh.authentication.SshMsgUserAuthRequest;
import com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiError;
import com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiErrtok;
import com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiExchangeComplete;
import com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiResponse;
import com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiToken;
import com.sshtools.j2ssh.authentication.TerminatedStateException;
import com.sshtools.j2ssh.io.ByteArrayReader;
import com.sshtools.j2ssh.io.ByteArrayWriter;
import com.sshtools.j2ssh.io.UnsignedInteger32;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.globus.common.CoGProperties;
import org.globus.gsi.GSIConstants;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.globus.gsi.gssapi.GSSConstants;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.gsi.gssapi.GlobusGSSManagerImpl;
import org.globus.gsi.gssapi.auth.HostAuthorization;
import org.gridforum.jgss.ExtendedGSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* loaded from: input_file:lia/gsi/ssh/GSIAuthenticationClient.class */
public class GSIAuthenticationClient extends SshAuthenticationClient {
    private static Logger logger = Logger.getLogger(GSIAuthenticationClient.class.getName());
    GSSCredential gsscredential;

    public GSIAuthenticationClient() throws GSSException, IOException {
        if (System.getProperty("X509_CERT_DIR") == null) {
            String str = System.getenv("X509_CERT_DIR");
            System.setProperty("X509_CERT_DIR", str == null ? "/etc/grid-security/certificates" : str);
        }
        String property = System.getProperty("X509_USER_PROXY");
        if (property == null) {
            property = System.getenv("X509_USER_PROXY");
            if (property != null) {
                System.setProperty("X509_USER_PROXY", property);
            }
        }
        property = property == null ? CoGProperties.getDefault().getProxyFile() : property;
        if (!new File(property).isFile()) {
            throw new IOException("User proxy certificate not found in environment");
        }
        logger.info("Using proxy certificate:" + property);
        try {
            this.gsscredential = createUserCredential(property);
            if (this.gsscredential == null) {
                throw new IOException("User credential not initialized !Could not load user proxy certificate. Check your environmen if you have X509_USER_CERT proxy set up");
            }
        } catch (GlobusCredentialException e) {
            throw new IOException("Could not load user proxy certificate from:" + property);
        }
    }

    public final String getMethodName() {
        return "gssapi";
    }

    public void reset() {
    }

    public void authenticate(AuthenticationProtocolClient authenticationProtocolClient, String str) throws IOException, TerminatedStateException {
        try {
            logger.finest("Registering gss-ssh return messages.");
            authenticationProtocolClient.registerMessage(SshMsgUserauthGssapiResponse.class, 60);
            authenticationProtocolClient.registerMessage(SshMsgUserauthGssapiToken.class, 61);
            authenticationProtocolClient.registerMessage(SshMsgUserauthGssapiError.class, 64);
            authenticationProtocolClient.registerMessage(SshMsgUserauthGssapiErrtok.class, 65);
            logger.finest("Sending gssapi user auth request.");
            ByteArrayWriter byteArrayWriter = new ByteArrayWriter();
            byteArrayWriter.writeUINT32(new UnsignedInteger32(1L));
            byteArrayWriter.writeBinaryString(GSSConstants.MECH_OID.getDER());
            logger.finest("Username:" + getUsername());
            authenticationProtocolClient.sendMessage(new SshMsgUserAuthRequest(getUsername(), str, "gssapi", byteArrayWriter.toByteArray()));
            logger.finest("Receiving user auth response:");
            byte[] readBinaryString = new ByteArrayReader(authenticationProtocolClient.readMessage(60).getRequestData()).readBinaryString();
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "Mechanism requested: " + GSSConstants.MECH_OID);
                logger.log(Level.FINEST, "Mechanism selected: " + new Oid(readBinaryString));
                logger.log(Level.FINEST, "Verify that selected mechanism is GSSAPI.");
            }
            if (!GSSConstants.MECH_OID.equals(new Oid(readBinaryString))) {
                logger.warning("Mechanism do not match!");
                throw new IOException("Mechanism do not match!");
            }
            logger.finest("Creating GSS context base on grid credentials.");
            ExtendedGSSContext createContext = new GlobusGSSManagerImpl().createContext(new HostAuthorization((String) null).getExpectedName((GSSCredential) null, this.hostname), new Oid(readBinaryString), this.gsscredential, 2147483646);
            createContext.requestCredDeleg(true);
            createContext.requestMutualAuth(true);
            createContext.requestReplayDet(true);
            createContext.requestSequenceDet(true);
            createContext.requestConf(true);
            Integer num = GSIConstants.DELEGATION_TYPE_LIMITED;
            createContext.requestCredDeleg(false);
            createContext.setOption(GSSConstants.DELEGATION_TYPE, num);
            logger.finest("Starting GSS token exchange.");
            byte[] bArr = new byte[0];
            while (!createContext.isEstablished()) {
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                if (initSecContext != null) {
                    ByteArrayWriter byteArrayWriter2 = new ByteArrayWriter();
                    byteArrayWriter2.writeBinaryString(initSecContext);
                    authenticationProtocolClient.sendMessage(new SshMsgUserauthGssapiToken(byteArrayWriter2.toByteArray()));
                }
                if (!createContext.isEstablished()) {
                    bArr = new ByteArrayReader(authenticationProtocolClient.readMessage(61).getRequestData()).readBinaryString();
                }
            }
            logger.log(Level.FINEST, "Sending gssapi exchange complete.");
            authenticationProtocolClient.sendMessage(new SshMsgUserauthGssapiExchangeComplete());
            if (logger.isLoggable(Level.FINEST)) {
                logger.log(Level.FINEST, "Context established.\nInitiator : " + createContext.getSrcName() + "\nAcceptor  : " + createContext.getTargName() + "\nLifetime  : " + createContext.getLifetime() + "\nIntegrity   : " + createContext.getIntegState() + "\nConfidentiality   : " + createContext.getConfState() + "\nAnonymity : " + createContext.getAnonymityState());
            }
        } catch (Throwable th) {
            logger.log(Level.WARNING, "Got Exception: ", th);
            throw new TerminatedStateException(2);
        }
    }

    public static GSSCredential createUserCredential(String str) throws GlobusCredentialException, GSSException {
        return str != null ? new GlobusGSSCredentialImpl(new GlobusCredential(str), 1) : new GlobusGSSCredentialImpl(GlobusCredential.getDefaultCredential(), 1);
    }

    public Properties getPersistableProperties() {
        return new Properties();
    }

    public void setPersistableProperties(Properties properties) {
    }

    public boolean canAuthenticate() {
        return true;
    }
}
