package org.mariadb.jdbc.internal.packet.send.gssapi;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOError;
import java.io.IOException;
import java.io.PrintStream;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.mariadb.jdbc.internal.packet.read.ReadPacketFetcher;
import org.mariadb.jdbc.internal.stream.PacketOutputStream;
import org.mariadb.jdbc.internal.util.buffer.Buffer;
import org.mariadb.jdbc.internal.util.dao.QueryException;

/* loaded from: input_file:org/mariadb/jdbc/internal/packet/send/gssapi/StandardGssapiAuthentication.class */
public class StandardGssapiAuthentication extends GssapiAuth {
    public StandardGssapiAuthentication(ReadPacketFetcher readPacketFetcher, int i) {
        super(readPacketFetcher, i);
    }

    @Override // org.mariadb.jdbc.internal.packet.send.gssapi.GssapiAuth
    public void authenticate(final PacketOutputStream packetOutputStream, final String str, String str2) throws QueryException, IOException {
        if ("".equals(str)) {
            throw new QueryException("No principal name defined on server. Please set server variable \"gssapi-principal-name\"", 0, "28000");
        }
        if (System.getProperty("java.security.auth.login.config") == null) {
            try {
                File createTempFile = File.createTempFile("jaas.conf", null);
                PrintStream printStream = new PrintStream(new FileOutputStream(createTempFile));
                printStream.print(String.format("Krb5ConnectorContext {\ncom.sun.security.auth.module.Krb5LoginModule required useTicketCache=true debug=true renewTGT=true doNotPrompt=true; };", new Object[0]));
                printStream.close();
                createTempFile.deleteOnExit();
                System.setProperty("java.security.auth.login.config", createTempFile.getCanonicalPath());
            } catch (IOException e) {
                throw new IOError(e);
            }
        }
        try {
            LoginContext loginContext = new LoginContext("Krb5ConnectorContext");
            loginContext.login();
            Subject subject = loginContext.getSubject();
            if (subject.getPrincipals().isEmpty()) {
                throw new QueryException("GSS-API authentication exception : no credential cache not found.", 0, "28000");
            }
            try {
                Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { // from class: org.mariadb.jdbc.internal.packet.send.gssapi.StandardGssapiAuthentication.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Void run() throws Exception {
                        try {
                            Oid oid = new Oid("1.2.840.113554.1.2.2");
                            GSSManager gSSManager = GSSManager.getInstance();
                            GSSContext createContext = gSSManager.createContext(gSSManager.createName(str, GSSName.NT_USER_NAME), oid, (GSSCredential) null, 0);
                            createContext.requestMutualAuth(true);
                            byte[] bArr = new byte[0];
                            while (!createContext.isEstablished()) {
                                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                                if (initSecContext != null) {
                                    packetOutputStream.startPacket(StandardGssapiAuthentication.this.packSeq);
                                    packetOutputStream.write(initSecContext);
                                    packetOutputStream.finishPacketWithoutRelease(false);
                                    packetOutputStream.releaseBuffer();
                                }
                                if (!createContext.isEstablished()) {
                                    Buffer reusableBuffer = StandardGssapiAuthentication.this.packetFetcher.getReusableBuffer();
                                    StandardGssapiAuthentication.this.packSeq = StandardGssapiAuthentication.this.packetFetcher.getLastPacketSeq() + 1;
                                    bArr = reusableBuffer.readRawBytes(reusableBuffer.remaining());
                                }
                            }
                            return null;
                        } catch (GSSException e2) {
                            throw new QueryException("GSS-API authentication exception", 1045, "28000", (Throwable) e2);
                        }
                    }
                });
            } catch (PrivilegedActionException e2) {
                throw new QueryException("GSS-API authentication exception", 1045, "28000", e2);
            }
        } catch (LoginException e3) {
            throw new QueryException("GSS-API authentication exception", 1045, "28000", e3);
        }
    }
}
