/*

 * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

/*

 *

 *  (C) Copyright IBM Corp. 1999 All Rights Reserved.

 *  Copyright 1997 The Open Group Research Institute.  All rights reserved.

 */

package sun.security.krb5;

import java.io.*;

import java.nio.file.DirectoryStream;

import java.nio.file.Files;

import java.nio.file.Paths;

import java.nio.file.Path;

import java.security.PrivilegedAction;

import java.util.*;

import java.net.InetAddress;

import java.net.UnknownHostException;

import java.security.AccessController;

import java.security.PrivilegedExceptionAction;

import java.util.regex.Matcher;

import java.util.regex.Pattern;

import sun.net.dns.ResolverConfiguration;

import sun.security.krb5.internal.crypto.EType;

import sun.security.krb5.internal.Krb5;

/**

 * This class maintains key-value pairs of Kerberos configurable constants

 * from configuration file or from user specified system properties.

 */

public class Config {

    /*

     * Only allow a single instance of Config.

     */

    private static Config singleton = null;

    /*

     * Hashtable used to store configuration information.

     */

    private Hashtable<String,Object> stanzaTable = new Hashtable<>();

    private static boolean DEBUG = sun.security.krb5.internal.Krb5.DEBUG;

    // these are used for hexdecimal calculation.

    private static final int BASE16_0 = 1;

    private static final int BASE16_1 = 16;

    private static final int BASE16_2 = 16 * 16;

    private static final int BASE16_3 = 16 * 16 * 16;

    /**

     * Specified by system properties. Must be both null or non-null.

     */

    private final String defaultRealm;

    private final String defaultKDC;

    // used for native interface

    private static native String getWindowsDirectory(boolean isSystem);

    /**

     * Gets an instance of Config class. One and only one instance (the

     * singleton) is returned.

     *

     * @exception KrbException if error occurs when constructing a Config

     * instance. Possible causes would be either of java.security.krb5.realm or

     * java.security.krb5.kdc not specified, error reading configuration file.

     */

    public static synchronized Config getInstance() throws KrbException {

        if (singleton == null) {

            singleton = new Config();

        }

        return singleton;

    }

    /**

     * Refresh and reload the Configuration. This could involve,

     * for example reading the Configuration file again or getting

     * the java.security.krb5.* system properties again. This method

     * also tries its best to update static fields in other classes

     * that depend on the configuration.

     *

     * @exception KrbException if error occurs when constructing a Config

     * instance. Possible causes would be either of java.security.krb5.realm or

     * java.security.krb5.kdc not specified, error reading configuration file.

     */

    public static void refresh() throws KrbException {

        synchronized (Config.class) {

            singleton = new Config();

        }

        KdcComm.initStatic();

        EType.initStatic();

        Checksum.initStatic();

    }

    private static boolean isMacosLionOrBetter() {

        // split the "10.x.y" version number

        String osname = getProperty("os.name");

        if (!osname.contains("OS X")) {

            return false;

        }

        String osVersion = getProperty("os.version");

        String[] fragments = osVersion.split("\\.");

        // sanity check the "10." part of the version

        if (!fragments[0].equals("10")) return false;

        if (fragments.length < 2) return false;

        // check if Mac OS X 10.7(.y)

        try {

            int minorVers = Integer.parseInt(fragments[1]);

            if (minorVers >= 7) return true;

        } catch (NumberFormatException e) {

            // was not an integer

        }

        return false;

    }

    /**

     * Private constructor - can not be instantiated externally.

     */

    private Config() throws KrbException {

        /*

         * If either one system property is specified, we throw exception.

         */

        String tmp = getProperty("java.security.krb5.kdc");

        if (tmp != null) {

            // The user can specify a list of kdc hosts separated by ":"

            defaultKDC = tmp.replace(':', ' ');

        } else {

            defaultKDC = null;

        }

        defaultRealm = getProperty("java.security.krb5.realm");

        if ((defaultKDC == null && defaultRealm != null) ||

            (defaultRealm == null && defaultKDC != null)) {

            throw new KrbException

                ("System property java.security.krb5.kdc and " +

                 "java.security.krb5.realm both must be set or " +

                 "neither must be set.");

        }

        // Always read the Kerberos configuration file

        try {

            List<String> configFile;

            String fileName = getJavaFileName();

            if (fileName != null) {

                configFile = loadConfigFile(fileName);

                stanzaTable = parseStanzaTable(configFile);

                if (DEBUG) {

                    System.out.println("Loaded from Java config");

                }

            } else {

                boolean found = false;

                if (isMacosLionOrBetter()) {

                    try {

                        stanzaTable = SCDynamicStoreConfig.getConfig();

                        if (DEBUG) {

                            System.out.println("Loaded from SCDynamicStoreConfig");

                        }

                        found = true;

                    } catch (IOException ioe) {

                        // OK. Will go on with file

                    }

                }

                if (!found) {

                    fileName = getNativeFileName();

                    configFile = loadConfigFile(fileName);

                    stanzaTable = parseStanzaTable(configFile);

                    if (DEBUG) {

                        System.out.println("Loaded from native config");

                    }

                }

            }

        } catch (IOException ioe) {

            if (DEBUG) {

                System.out.println("Exception thrown in loading config:");

                ioe.printStackTrace(System.out);

            }

            throw new KrbException("krb5.conf loading failed");

        }

    }

    /**

     * Gets the last-defined string value for the specified keys.

     * @param keys the keys, as an array from section name, sub-section names

     * (if any), to value name.

     * @return the value. When there are multiple values for the same key,

     * returns the first one. {@code null} is returned if not all the keys are

     * defined. For example, {@code get("libdefaults", "forwardable")} will

     * return null if "forwardable" is not defined in [libdefaults], and

     * {@code get("realms", "R", "kdc")} will return null if "R" is not

     * defined in [realms] or "kdc" is not defined for "R".

     * @throws IllegalArgumentException if any of the keys is illegal, either

     * because a key not the last one is not a (sub)section name or the last

     * key is still a section name. For example, {@code get("libdefaults")}

     * throws this exception because [libdefaults] is a section name instead of

     * a value name, and {@code get("libdefaults", "forwardable", "tail")}

     * also throws this exception because "forwardable" is already a value name

     * and has no sub-key at all (given "forwardable" is defined, otherwise,

     * this method has no knowledge if it's a value name or a section name),

     */

    public String get(String... keys) {

        Vector<String> v = getString0(keys);

        if (v == null) return null;

        return v.firstElement();

    }

    /**

     * Gets the boolean value for the specified keys. Returns TRUE if the

     * string value is "yes", or "true", FALSE if "no", or "false", or null

     * if otherwise or not defined. The comparision is case-insensitive.

     *

     * @param keys the keys, see {@link #get(String...)}

     * @return the boolean value, or null if there is no value defined or the

     * value does not look like a boolean value.

     * @throws IllegalArgumentException see {@link #get(String...)}

     */

    public Boolean getBooleanObject(String... keys) {

        String s = get(keys);

        if (s == null) {

            return null;

        }

        switch (s.toLowerCase(Locale.US)) {

            case "yes": case "true":

                return Boolean.TRUE;

            case "no": case "false":

                return Boolean.FALSE;

            default:

                return null;

        }

    }

    /**

     * Gets all values (at least one) for the specified keys separated by

     * a whitespace, or null if there is no such keys.

     * The values can either be provided on a single line, or on multiple lines

     * using the same key. When provided on a single line, the value can be

     * comma or space separated.

     * @throws IllegalArgumentException if any of the keys is illegal

     *         (See {@link #get})

     */

    public String getAll(String... keys) {

        Vector<String> v = getString0(keys);

        if (v == null) return null;

        StringBuilder sb = new StringBuilder();

        boolean first = true;

        for (String s: v) {

            s = s.replaceAll("[\\s,]+", " ");

            if (first) {

                sb.append(s);

                first = false;

            } else {

                sb.append(' ').append(s);

            }

        }

        return sb.toString();

    }

    /**

     * Returns true if keys exists, can be final string(s) or a sub-section

     * @throws IllegalArgumentException if any of the keys is illegal

     *         (See {@link #get})

     */

    public boolean exists(String... keys) {

        return get0(keys) != null;

    }

    // Returns final string value(s) for given keys.

    @SuppressWarnings("unchecked")

    private Vector<String> getString0(String... keys) {

        try {

            return (Vector<String>)get0(keys);

        } catch (ClassCastException cce) {

            throw new IllegalArgumentException(cce);

        }

    }

    // Internal method. Returns the value for keys, which can be a sub-section

    // (as a Hashtable) or final string value(s) (as a Vector). This is the

    // only method (except for toString) that reads stanzaTable directly.

    @SuppressWarnings("unchecked")

    private Object get0(String... keys) {

        Object current = stanzaTable;

        try {

            for (String key: keys) {

                current = ((Hashtable<String,Object>)current).get(key);

                if (current == null) return null;

            }

            return current;

        } catch (ClassCastException cce) {

            throw new IllegalArgumentException(cce);

        }

    }

    /**

     * Translates a duration value into seconds.

     *

     * The format can be one of "h:m[:s]", "NdNhNmNs", and "N". See

     * http://web.mit.edu/kerberos/krb5-devel/doc/basic/date_format.html#duration

     * for definitions.

     *

     * @param s the string duration

     * @return time in seconds

     * @throws KrbException if format is illegal

     */

    public static int duration(String s) throws KrbException {

        if (s.isEmpty()) {

            throw new KrbException("Duration cannot be empty");

        }

        // N

        if (s.matches("\\d+")) {

            return Integer.parseInt(s);

        }

        // h:m[:s]

        Matcher m = Pattern.compile("(\\d+):(\\d+)(:(\\d+))?").matcher(s);

        if (m.matches()) {

            int hr = Integer.parseInt(m.group(1));

            int min = Integer.parseInt(m.group(2));

            if (min >= 60) {

                throw new KrbException("Illegal duration format " + s);

            }

            int result = hr * 3600 + min * 60;

            if (m.group(4) != null) {

                int sec = Integer.parseInt(m.group(4));

                if (sec >= 60) {

                    throw new KrbException("Illegal duration format " + s);

                }

                result += sec;

            }

            return result;

        }

        // NdNhNmNs

        // 120m allowed. Maybe 1h120m is not good, but still allowed

        m = Pattern.compile(

                    "((\\d+)d)?\\s*((\\d+)h)?\\s*((\\d+)m)?\\s*((\\d+)s)?",

                Pattern.CASE_INSENSITIVE).matcher(s);

        if (m.matches()) {

            int result = 0;

            if (m.group(2) != null) {

                result += 86400 * Integer.parseInt(m.group(2));

            }

            if (m.group(4) != null) {

                result += 3600 * Integer.parseInt(m.group(4));

            }

            if (m.group(6) != null) {

                result += 60 * Integer.parseInt(m.group(6));

            }

            if (m.group(8) != null) {

                result += Integer.parseInt(m.group(8));

            }

            return result;

        }

        throw new KrbException("Illegal duration format " + s);

    }

    /**

     * Gets the int value for the specified keys.

     * @param keys the keys

     * @return the int value, Integer.MIN_VALUE is returned if it cannot be

     * found or the value is not a legal integer.

     * @throws IllegalArgumentException if any of the keys is illegal

     * @see #get(java.lang.String[])

     */

    public int getIntValue(String... keys) {

        String result = get(keys);

        int value = Integer.MIN_VALUE;

        if (result != null) {

            try {

                value = parseIntValue(result);

            } catch (NumberFormatException e) {

                if (DEBUG) {

                    System.out.println("Exception in getting value of " +

                                       Arrays.toString(keys) + " " +

                                       e.getMessage());

                    System.out.println("Setting " + Arrays.toString(keys) +

                                       " to minimum value");

                }

                value = Integer.MIN_VALUE;

            }

        }

        return value;

    }

    /**

     * Parses a string to an integer. The convertible strings include the

     * string representations of positive integers, negative integers, and

     * hex decimal integers.  Valid inputs are, e.g., -1234, +1234,

     * 0x40000.

     *

     * @param input the String to be converted to an Integer.

     * @return an numeric value represented by the string

     * @exception NumberFormatException if the String does not contain a

     * parsable integer.

     */

    private int parseIntValue(String input) throws NumberFormatException {

        int value = 0;

        if (input.startsWith("+")) {

            String temp = input.substring(1);

            return Integer.parseInt(temp);

        } else if (input.startsWith("0x")) {

            String temp = input.substring(2);

            char[] chars = temp.toCharArray();

            if (chars.length > 8) {

                throw new NumberFormatException();

            } else {

                for (int i = 0; i < chars.length; i++) {

                    int index = chars.length - i - 1;

                    switch (chars[i]) {

                    case '0':

                        value += 0;

                        break;

                    case '1':

                        value += 1 * getBase(index);

                        break;

                    case '2':

                        value += 2 * getBase(index);

                        break;

                    case '3':

                        value += 3 * getBase(index);

                        break;

                    case '4':

                        value += 4 * getBase(index);

                        break;

                    case '5':

                        value += 5 * getBase(index);

                        break;

                    case '6':

                        value += 6 * getBase(index);

                        break;

                    case '7':

                        value += 7 * getBase(index);

                        break;

                    case '8':

                        value += 8 * getBase(index);

                        break;

                    case '9':

                        value += 9 * getBase(index);

                        break;

                    case 'a':

                    case 'A':

                        value += 10 * getBase(index);

                        break;

                    case 'b':

                    case 'B':

                        value += 11 * getBase(index);

                        break;

                    case 'c':

                    case 'C':

                        value += 12 * getBase(index);

                        break;

                    case 'd':

                    case 'D':

                        value += 13 * getBase(index);

                        break;

                    case 'e':

                    case 'E':

                        value += 14 * getBase(index);

                        break;

                    case 'f':

                    case 'F':

                        value += 15 * getBase(index);

                        break;

                    default:

                        throw new NumberFormatException("Invalid numerical format");

                    }

                }

            }

            if (value < 0) {