package org.apache.kerby.kerberos.tool.kinit;

import java.io.Console;
import java.io.File;
import java.util.Arrays;
import java.util.Scanner;
import org.apache.kerby.KOptionType;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClient;
import org.apache.kerby.kerberos.kerb.client.KrbOption;
import org.apache.kerby.kerberos.kerb.spec.ticket.TgtTicket;
import org.apache.kerby.kerberos.tool.ToolUtil;
import org.apache.kerby.util.OSUtil;
import org.apache.kerby.util.SysUtil;

/* loaded from: input_file:org/apache/kerby/kerberos/tool/kinit/KinitTool.class */
public class KinitTool {
    private static final String USAGE;

    private static void printUsage(String str) {
        System.err.println(str + "\n");
        System.err.println(USAGE);
        System.exit(-1);
    }

    private static String getPassword(String str) {
        Console console = System.console();
        if (console != null) {
            console.printf("Password for " + str + ":", new Object[0]);
            char[] readPassword = console.readPassword();
            String trim = new String(readPassword).trim();
            Arrays.fill(readPassword, ' ');
            return trim;
        }
        System.out.println("Couldn't get Console instance, maybe you're running this from within an IDE. Use scanner to read password.");
        System.out.println("Password for " + str + ":");
        Scanner scanner = new Scanner(System.in, "UTF-8");
        Throwable th = null;
        try {
            try {
                String trim2 = scanner.nextLine().trim();
                if (scanner != null) {
                    if (0 != 0) {
                        try {
                            scanner.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        scanner.close();
                    }
                }
                return trim2;
            } finally {
            }
        } catch (Throwable th3) {
            if (scanner != null) {
                if (th != null) {
                    try {
                        scanner.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    scanner.close();
                }
            }
            throw th3;
        }
    }

    private static void requestTicket(String str, KOptions kOptions) {
        File file;
        kOptions.add(KinitOption.CLIENT_PRINCIPAL, str);
        File file2 = null;
        if (kOptions.contains(KinitOption.CONF_DIR)) {
            file2 = kOptions.getDirOption(KinitOption.CONF_DIR);
        } else {
            printUsage("Can't get the conf dir!");
        }
        if (!kOptions.contains(KinitOption.USE_KEYTAB)) {
            kOptions.add(KinitOption.USE_PASSWD);
            kOptions.add(KinitOption.USER_PASSWD, getPassword(str));
        }
        KrbClient krbClient = null;
        try {
            krbClient = getClient(file2);
        } catch (KrbException e) {
            System.err.println("Create krbClient failed: " + e.getMessage());
            System.exit(1);
        }
        TgtTicket tgtTicket = null;
        try {
            tgtTicket = krbClient.requestTgtWithOptions(ToolUtil.convertOptions(kOptions));
        } catch (KrbException e2) {
            System.err.println("Authentication failed: " + e2.getMessage());
            System.exit(1);
        }
        if (kOptions.contains(KrbOption.KRB5_CACHE)) {
            file = new File(kOptions.getStringOption(KrbOption.KRB5_CACHE));
        } else {
            file = new File(SysUtil.getTempDir(), "krb5_" + str.replaceAll("/", "_") + ".cc");
        }
        try {
            krbClient.storeTicket(tgtTicket, file);
        } catch (KrbException e3) {
            System.err.println("Store ticket failed: " + e3.getMessage());
            System.exit(1);
        }
        System.out.println("Successfully requested and stored ticket in " + file.getAbsolutePath());
    }

    private static KrbClient getClient(File file) throws KrbException {
        KrbClient krbClient = new KrbClient(file);
        krbClient.init();
        return krbClient;
    }

    public static void main(String[] strArr) throws Exception {
        KinitOption kinitOption;
        KOptions kOptions = new KOptions();
        String str = null;
        int i = 0;
        while (true) {
            if (i >= strArr.length) {
                break;
            }
            String str2 = null;
            int i2 = i;
            i++;
            String str3 = strArr[i2];
            if (str3.startsWith("-")) {
                kinitOption = KinitOption.fromName(str3);
                if (kinitOption == KinitOption.NONE) {
                    System.err.println("Invalid option:" + str3);
                    break;
                }
            } else {
                str = str3;
                kinitOption = KinitOption.NONE;
            }
            if (kinitOption.getType() != KOptionType.NOV) {
                String str4 = null;
                if (i < strArr.length) {
                    i++;
                    str4 = strArr[i];
                }
                if (str4 != null) {
                    KOptions.parseSetValue(kinitOption, str4);
                } else {
                    str2 = "Option " + str3 + " require a parameter";
                }
            }
            if (str2 != null) {
                printUsage(str2);
            }
            kOptions.add(kinitOption);
        }
        if (str == null) {
            printUsage("No principal is specified");
        }
        requestTicket(str, kOptions);
        System.exit(0);
    }

    static {
        USAGE = OSUtil.isWindows() ? "Usage: bin/kinit.cmd" : "Usage: sh bin/kinit.sh [-conf conf_dir] [-V] [-l lifetime] [-s start_time]\n\t\t[-r renewable_life] [-f | -F] [-p | -P] -n [-a | -A] [-C] [-E]\n\t\t[-v] [-R] [-k [-i|-t keytab_file]] [-c cachename]\n\t\t[-S service_name] [-T ticket_armor_cache]\n\t\t[-X <attribute>[=<value>]] <principal>\n\n\tDESCRIPTION:\n\t\tkinit obtains and caches an initial ticket-granting ticket for principal.\n\n\tOPTIONS:\n\t\t-V verbose\n\t\t-l lifetime\n\t\t--s start time\n\t\t-r renewable lifetime\n\t\t-f forwardable\n\t\t-F not forwardable\n\t\t-p proxiable\n\t\t-P not proxiable\n\t\t-n anonymous\n\t\t-a include addresses\n\t\t-A do not include addresses\n\t\t-v validate\n\t\t-R renew\n\t\t-C canonicalize\n\t\t-E client is enterprise principal name\n\t\t-k use keytab\n\t\t-i use default client keytab (with -k)\n\t\t-t filename of keytab to use\n\t\t-c Kerberos 5 cache name\n\t\t-S service\n\t\t-T armor credential cache\n\t\t-X <attribute>[=<value>]\n\n";
    }
}
