package org.mule.module.dynamicscrm.connection;

import com.google.common.base.Strings;
import com.microsoft.schemas.xrm._2011.contracts.OrganizationService;
import com.microsoft.schemas.xrm._2011.contracts.services.IOrganizationService;
import java.io.File;
import java.io.FileNotFoundException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.regex.Matcher;
import javax.net.ssl.SSLHandshakeException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import javax.xml.ws.WebServiceException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.ws.security.WSSecurityException;
import org.mule.api.ConnectionException;
import org.mule.api.ConnectionExceptionCode;
import org.mule.api.MuleContext;
import org.mule.module.dynamicscrm.connection.utils.DynamicsCrmConnectionUtils;
import org.mule.module.dynamicscrm.security.onpremise.CrmDefaultLoginConfiguration;
import org.mule.module.dynamicscrm.security.onpremise.UsernamePasswordCallbackHandler;
import org.mule.module.dynamicscrm.security.onpremise.XrmSpnegoClientAction;
import org.mule.module.dynamicscrm.utils.DynamicsCrmUtils;
import org.mule.module.dynamicscrm.utils.ExceptionUtils;
import org.mule.module.dynamicscrm.utils.StringUtils;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
import sun.security.krb5.Config;
import sun.security.krb5.KrbException;

/* loaded from: input_file:org/mule/module/dynamicscrm/connection/KerberosConnectionStrategy.class */
public class KerberosConnectionStrategy extends BaseCrmConnectionStrategy {
    private static final Log log = LogFactory.getLog(KerberosConnectionStrategy.class);
    private String spn;
    private String realm;
    private String kdc;
    private Boolean enableConnectionDebug;
    private String loginPropertiesFilePath;
    private String kerberosPropertiesFilePath;

    public KerberosConnectionStrategy() {
        setEnableConnectionDebug(false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mule.module.dynamicscrm.connection.BaseCrmConnectionStrategy
    public IOrganizationService createOrganizationServiceClient(String str, String str2, String str3) throws ConnectionException {
        validateKerberosParams();
        configureConnectionDebug();
        return createServiceForKerberos(StringUtils.getUsernameWithoutDomain(str), str2, str3, getSpn(), getRealm(), getKdc(), getLoginPropertiesFilePath(), getKerberosPropertiesFilePath(), getMuleContext(), getEnableConnectionDebug().booleanValue());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mule.module.dynamicscrm.connection.BaseCrmConnectionStrategy
    public void testClientConnectivity(IOrganizationService iOrganizationService, String str) throws ConnectionException {
    }

    public String getLoginPropertiesFilePath() {
        return this.loginPropertiesFilePath;
    }

    public void setLoginPropertiesFilePath(String str) {
        this.loginPropertiesFilePath = str;
    }

    public String getKerberosPropertiesFilePath() {
        return this.kerberosPropertiesFilePath;
    }

    public void setKerberosPropertiesFilePath(String str) {
        this.kerberosPropertiesFilePath = str;
    }

    public String getSpn() {
        return this.spn;
    }

    public void setSpn(String str) {
        this.spn = str;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public String getKdc() {
        return this.kdc;
    }

    public void setKdc(String str) {
        this.kdc = str;
    }

    public Boolean getEnableConnectionDebug() {
        return this.enableConnectionDebug;
    }

    public void setEnableConnectionDebug(Boolean bool) {
        this.enableConnectionDebug = bool;
    }

    private void validateKerberosParams() throws ConnectionException {
        if (Strings.isNullOrEmpty(getRealm()) && Strings.isNullOrEmpty(getKdc()) && Strings.isNullOrEmpty(getKerberosPropertiesFilePath())) {
            try {
                Config.getInstance().getDefaultRealm();
            } catch (KrbException e) {
                throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERB_INV_PARAMS", "Unable to automatically detect Kerberos configuration settings. Enter both the 'Realm' and the 'KDC'.", e);
            }
        } else if (Strings.isNullOrEmpty(getKerberosPropertiesFilePath())) {
            if (Strings.isNullOrEmpty(getRealm()) || Strings.isNullOrEmpty(getKdc())) {
                throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERB_INV_PARAMS", "Both the 'Realm' and the 'KDC' have to be entered. For advanced scenarios, kerberos con be configured specifying the 'Kerberos properties file path' created as described at http://web.mit.edu/kerberos/krb5-devel/doc/admin/conf_files/krb5_conf.html.");
            }
        } else if (!Strings.isNullOrEmpty(getRealm()) || !Strings.isNullOrEmpty(getKdc())) {
            throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERB_INV_PARAMS", "When specifying the 'Kerberos properties file path', 'Realm' and 'KDC' must be left blank.");
        }
    }

    private void configureConnectionDebug() {
        if (getEnableConnectionDebug().booleanValue()) {
            System.setProperty("sun.security.krb5.debug", "true");
        } else {
            System.setProperty("sun.security.krb5.debug", "false");
        }
    }

    private IOrganizationService createServiceForKerberos(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, MuleContext muleContext, boolean z) throws ConnectionException {
        try {
            URL url = new URL(str3 + "?wsdl");
            System.clearProperty("java.security.auth.login.config");
            if (Strings.isNullOrEmpty(str7)) {
                Configuration.setConfiguration(new CrmDefaultLoginConfiguration(z));
            } else {
                try {
                    String replaceClasspathInStringForCurrentPath = DynamicsCrmUtils.replaceClasspathInStringForCurrentPath(str7, DynamicsCrmConnectionUtils.class, muleContext);
                    if (!checkFileExists(replaceClasspathInStringForCurrentPath)) {
                        throw new FileNotFoundException("Unable to find the file: '" + replaceClasspathInStringForCurrentPath + "'");
                    }
                    System.setProperty("java.security.auth.login.config", replaceClasspathInStringForCurrentPath);
                } catch (FileNotFoundException e) {
                    throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "", "The loginPropertiesFilePath can not be found", e);
                }
            }
            System.clearProperty("java.security.krb5.realm");
            System.clearProperty("java.security.krb5.kdc");
            System.clearProperty("java.security.krb5.conf");
            if (Strings.isNullOrEmpty(str8)) {
                if (!Strings.isNullOrEmpty(str5)) {
                    System.setProperty("java.security.krb5.realm", str5);
                }
                if (!Strings.isNullOrEmpty(str6)) {
                    System.setProperty("java.security.krb5.kdc", str6);
                }
            } else {
                try {
                    String replaceClasspathInStringForCurrentPath2 = DynamicsCrmUtils.replaceClasspathInStringForCurrentPath(str8, DynamicsCrmConnectionUtils.class, muleContext);
                    if (!checkFileExists(replaceClasspathInStringForCurrentPath2)) {
                        throw new FileNotFoundException("Unable to find the file: '" + replaceClasspathInStringForCurrentPath2 + "'");
                    }
                    System.setProperty("java.security.krb5.conf", replaceClasspathInStringForCurrentPath2);
                } catch (FileNotFoundException e2) {
                    throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "", "The kerberosPropertiesFilePath can not be found", e2);
                }
            }
            Document organizationServiceWsdl = getOrganizationServiceWsdl(url);
            ArrayList arrayList = new ArrayList();
            try {
                try {
                    if (Strings.isNullOrEmpty(str4)) {
                        NodeList elementsByTagName = organizationServiceWsdl.getElementsByTagName("Spn");
                        str4 = elementsByTagName.getLength() > 0 ? elementsByTagName.item(0).getTextContent() : null;
                    }
                    if (Strings.isNullOrEmpty(str4)) {
                        String host = url.getHost();
                        log.info("Can't discover SPN from wsdl: '" + url.toString() + "'");
                        arrayList.add("host/" + host);
                        arrayList.add("http/" + host);
                        log.info("Inferring possible SPNs from hostname: " + org.apache.commons.lang.StringUtils.join(arrayList, ", "));
                    }
                } catch (Exception e3) {
                    log.debug(e3);
                    if (Strings.isNullOrEmpty(str4)) {
                        String host2 = url.getHost();
                        log.info("Can't discover SPN from wsdl: '" + url.toString() + "'");
                        arrayList.add("host/" + host2);
                        arrayList.add("http/" + host2);
                        log.info("Inferring possible SPNs from hostname: " + org.apache.commons.lang.StringUtils.join(arrayList, ", "));
                    }
                }
                try {
                    IOrganizationService customBindingIOrganizationService = new OrganizationService(url).getCustomBindingIOrganizationService();
                    Client client = ClientProxy.getClient(customBindingIOrganizationService);
                    Bus bus = client.getEndpoint().getBus();
                    DynamicsCrmConnectionUtils.configurePolicies(bus);
                    bus.getProperties().put("soap.no.validate.parts", true);
                    client.getRequestContext().put("set-jaxb-validation-event-handler", "false");
                    client.getRequestContext().put("ws-security.spnego.client.action", new XrmSpnegoClientAction());
                    client.getRequestContext().put("ws-security.callback-handler", new UsernamePasswordCallbackHandler(str, str2));
                    if (Strings.isNullOrEmpty(str4)) {
                        for (int i = 0; i < arrayList.size(); i++) {
                            try {
                                return testConnectionForSpnAndReturnClient(str3, customBindingIOrganizationService, client, (String) arrayList.get(i));
                            } catch (ConnectionException e4) {
                                if (!e4.getThirdPartyCode().equalsIgnoreCase("KERBEROS_CHECK_SPN")) {
                                    throw e4;
                                }
                                if (i >= arrayList.size() - 1) {
                                    throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_CHECK_SPN", "Unable auto discover SPN. Enter SPN manually. Tried with inferred SPNs: " + org.apache.commons.lang.StringUtils.join(arrayList, ", ") + ".", e4);
                                }
                            }
                        }
                    }
                    return testConnectionForSpnAndReturnClient(str3, customBindingIOrganizationService, client, str4);
                } catch (WebServiceException e5) {
                    throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, e5.getMessage(), "Unable to build the service client from: " + url.toString(), e5);
                }
            } catch (Throwable th) {
                if (Strings.isNullOrEmpty(str4)) {
                    String host3 = url.getHost();
                    log.info("Can't discover SPN from wsdl: '" + url.toString() + "'");
                    arrayList.add("host/" + host3);
                    arrayList.add("http/" + host3);
                    log.info("Inferring possible SPNs from hostname: " + org.apache.commons.lang.StringUtils.join(arrayList, ", "));
                }
                throw th;
            }
        } catch (MalformedURLException e6) {
            throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, e6.getMessage(), "Malformed organization service url: " + str3, e6);
        }
    }

    private IOrganizationService testConnectionForSpnAndReturnClient(String str, IOrganizationService iOrganizationService, Client client, String str2) throws ConnectionException {
        client.getRequestContext().put("ws-security.kerberos.spn", str2);
        client.getRequestContext().put("ws-security.kerberos.jaas.context", "Kerberos");
        try {
            callSimpleQueryToTestConnection(iOrganizationService);
            return iOrganizationService;
        } catch (Exception e) {
            log.error(e.toString());
            LoginException loginException = (LoginException) ExceptionUtils.getDeepestOccurenceOfType(e, LoginException.class);
            if (loginException != null) {
                if (loginException.getCause() == null || !(loginException.getCause() instanceof KrbException)) {
                    if (loginException.getMessage().equalsIgnoreCase("WrongKdc")) {
                        throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_WRONG_KDC", "Invalid KDC (usually the Domain Controller). ".concat(loginException.getMessage()), e);
                    }
                    if (loginException.getCause() instanceof UnknownHostException) {
                        throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_WRONG_KDC", "Unable to reach KDC: ".concat(loginException.getMessage()), e);
                    }
                    throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_LOGIN", "Login Error. ".concat(loginException.getMessage()), e);
                }
                KrbException cause = loginException.getCause();
                if (cause.returnCode() == 6) {
                    throw new ConnectionException(ConnectionExceptionCode.INCORRECT_CREDENTIALS, "KERBEROS_INV_CRED", "Invalid usermame. ".concat(cause.getMessage()), e);
                }
                if (cause.returnCode() == 24) {
                    throw new ConnectionException(ConnectionExceptionCode.INCORRECT_CREDENTIALS, "KERBEROS_INV_CRED", "Invalid password. ".concat(cause.getMessage()), e);
                }
                if (cause.returnCode() == 68) {
                    throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_WRONG_REALM", "Invalid Realm (Domain Name). ".concat(cause.getMessage()), e);
                }
            }
            KrbException krbException = (KrbException) ExceptionUtils.getDeepestOccurenceOfType(e, KrbException.class);
            if (krbException != null) {
                if (krbException.returnCode() == 41) {
                    throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_WRONG_REALM_CAPITALIZATION", "Verify that the Realm (Domain Name) is capitalized correctly because it is case-sensitive. ".concat(krbException.getMessage()), e);
                }
                throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_UNKNOWN", "Failed to authenticate service. Domain Controller returned the following message: ".concat(krbException.getMessage()), e);
            }
            SSLHandshakeException sSLHandshakeException = (SSLHandshakeException) ExceptionUtils.getFirstOccurenceOfType(e, SSLHandshakeException.class);
            if (sSLHandshakeException != null) {
                String message = sSLHandshakeException.getMessage();
                String str3 = str;
                Matcher matcher = urlPattern.matcher(message);
                while (matcher.find()) {
                    str3 = message.substring(matcher.start(1), matcher.end() - 1);
                }
                throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, e.getMessage(), "SSL certificate error when connecting to: " + str3, e);
            }
            if (((WSSecurityException) ExceptionUtils.getDeepestOccurenceOfType(e, WSSecurityException.class)) != null) {
                throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_CHECK_SPN", "Unable to query the service: " + str + ". Check that the SPN: '" + str2 + "' is correct.", e);
            }
            SoapFault soapFault = (SoapFault) ExceptionUtils.getDeepestOccurenceOfType(e, SoapFault.class);
            if (soapFault == null || !soapFault.getSubCode().getLocalPart().equalsIgnoreCase("FailedAuthentication")) {
                throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, e.getMessage(), "Unable to query the service: " + str, e);
            }
            throw new ConnectionException(ConnectionExceptionCode.UNKNOWN, "KERBEROS_CHECK_SPN", "Unable to query the service: " + str + ". Check that the SPN: '" + str2 + "' is correct.", e);
        }
    }

    private static boolean checkFileExists(String str) {
        File file = new File(str);
        return file.exists() && file.isFile();
    }
}
