package com.sun.xml.ws.security.impl.kerberos;

import com.sun.security.auth.callback.TextCallbackHandler;
import com.sun.xml.ws.security.trust.WSTrustSOAPFaultException;
import com.sun.xml.wss.XWSSecurityException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;

/* loaded from: input_file:BOOT-INF/lib/webservices-rt-2.4.3.jar:com/sun/xml/ws/security/impl/kerberos/KerberosLogin.class */
public class KerberosLogin {
    private static Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");

    /* loaded from: input_file:BOOT-INF/lib/webservices-rt-2.4.3.jar:com/sun/xml/ws/security/impl/kerberos/KerberosLogin$KerberosClientSetupAction.class */
    class KerberosClientSetupAction implements PrivilegedExceptionAction {
        String server;
        boolean credentialDelegation;

        public KerberosClientSetupAction(String str, boolean z) {
            this.credentialDelegation = false;
            this.server = str;
            this.credentialDelegation = z;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                Oid oid = new Oid("1.2.840.113554.1.2.2");
                GSSManager gSSManager = GSSManager.getInstance();
                GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.server, (Oid) null), oid, (GSSCredential) null, 0);
                createContext.requestMutualAuth(false);
                createContext.requestConf(false);
                createContext.requestInteg(true);
                createContext.requestCredDeleg(this.credentialDelegation);
                byte[] bArr = new byte[0];
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                Subject subject = Subject.getSubject(AccessController.getContext());
                subject.getPublicCredentials().add(createContext);
                subject.getPublicCredentials().add(initSecContext);
                return null;
            } catch (Exception e) {
                throw new PrivilegedActionException(e);
            }
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/webservices-rt-2.4.3.jar:com/sun/xml/ws/security/impl/kerberos/KerberosLogin$KerberosServerSetupAction.class */
    class KerberosServerSetupAction implements PrivilegedExceptionAction {
        byte[] token;

        public KerberosServerSetupAction(byte[] bArr) {
            this.token = bArr;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                GSSContext createContext = GSSManager.getInstance().createContext((GSSCredential) null);
                byte[] acceptSecContext = createContext.acceptSecContext(this.token, 0, this.token.length);
                if (acceptSecContext == null || acceptSecContext.length != 0) {
                }
                Subject subject = Subject.getSubject(AccessController.getContext());
                subject.getPublicCredentials().add(createContext);
                subject.getPublicCredentials().add(this.token);
                return null;
            } catch (Exception e) {
                throw new PrivilegedActionException(e);
            }
        }
    }

    public KerberosContext login(String str, String str2, boolean z) throws XWSSecurityException {
        KerberosContext kerberosContext = new KerberosContext();
        try {
            LoginContext loginContext = new LoginContext(str, new TextCallbackHandler());
            try {
                loginContext.login();
                try {
                    Subject subject = loginContext.getSubject();
                    Subject.doAsPrivileged(subject, new KerberosClientSetupAction(str2, z), (AccessControlContext) null);
                    GSSContext gSSContext = null;
                    for (Object obj : subject.getPublicCredentials()) {
                        if (obj instanceof byte[]) {
                            kerberosContext.setKerberosToken((byte[]) obj);
                        } else if (obj instanceof GSSContext) {
                            gSSContext = (GSSContext) obj;
                            kerberosContext.setGSSContext(gSSContext);
                        }
                    }
                    if (gSSContext == null || !gSSContext.isEstablished()) {
                        throw new XWSSecurityException("GSSContext was null in the Login Subject");
                    }
                    try {
                        Class<?> cls = Class.forName("com.sun.security.jgss.InquireType");
                        kerberosContext.setSecretKey(((Key) Class.forName("com.sun.security.jgss.ExtendedGSSContext").getMethod("inquireSecContext", cls).invoke(gSSContext, Enum.valueOf(cls, "KRB5_GET_SESSION_KEY"))).getEncoded());
                        kerberosContext.setOnce(true);
                        return kerberosContext;
                    } catch (IllegalArgumentException | ReflectiveOperationException | SecurityException e) {
                        log.log(Level.SEVERE, (String) null, e);
                        throw new XWSSecurityException(e);
                    }
                } catch (PrivilegedActionException e2) {
                    throw new XWSSecurityException(e2);
                }
            } catch (Exception e3) {
                throw new XWSSecurityException("Unexpected Exception in Kerberos login - unable to continue", e3);
            } catch (AccountExpiredException e4) {
                throw new XWSSecurityException("Your Kerberos account has expired.", e4);
            } catch (FailedLoginException e5) {
                throw new XWSSecurityException(WSTrustSOAPFaultException.WS_TRUST_FAILED_AUTHENTICATION_FAULTSTRING, e5);
            } catch (CredentialExpiredException e6) {
                throw new XWSSecurityException("Your credentials have expired.", e6);
            }
        } catch (SecurityException e7) {
            throw new XWSSecurityException("Cannot create LoginContext. ", e7);
        } catch (LoginException e8) {
            throw new XWSSecurityException("Cannot create LoginContext. ", e8);
        }
    }

    public KerberosContext login(String str, byte[] bArr) throws XWSSecurityException {
        KerberosContext kerberosContext = new KerberosContext();
        try {
            LoginContext loginContext = new LoginContext(str, new TextCallbackHandler());
            try {
                loginContext.login();
                try {
                    Subject subject = loginContext.getSubject();
                    Subject.doAsPrivileged(subject, new KerberosServerSetupAction(bArr), (AccessControlContext) null);
                    GSSContext gSSContext = null;
                    for (Object obj : subject.getPublicCredentials()) {
                        if (obj instanceof byte[]) {
                            kerberosContext.setKerberosToken((byte[]) obj);
                        } else if (obj instanceof GSSContext) {
                            gSSContext = (GSSContext) obj;
                            kerberosContext.setGSSContext(gSSContext);
                        }
                    }
                    if (gSSContext == null || !gSSContext.isEstablished()) {
                        throw new XWSSecurityException("GSSContext was null in the Login Subject");
                    }
                    try {
                        Class<?> cls = Class.forName("com.sun.security.jgss.InquireType");
                        kerberosContext.setSecretKey(((Key) Class.forName("com.sun.security.jgss.ExtendedGSSContext").getMethod("inquireSecContext", cls).invoke(gSSContext, Enum.valueOf(cls, "KRB5_GET_SESSION_KEY"))).getEncoded());
                        kerberosContext.setOnce(false);
                        return kerberosContext;
                    } catch (IllegalArgumentException | ReflectiveOperationException | SecurityException e) {
                        log.log(Level.SEVERE, (String) null, e);
                        throw new XWSSecurityException(e);
                    }
                } catch (PrivilegedActionException e2) {
                    throw new XWSSecurityException(e2);
                }
            } catch (AccountExpiredException e3) {
                throw new XWSSecurityException("Your Kerberos account has expired.", e3);
            } catch (Exception e4) {
                throw new XWSSecurityException("Unexpected Exception in Kerberos login - unable to continue", e4);
            } catch (FailedLoginException e5) {
                throw new XWSSecurityException(WSTrustSOAPFaultException.WS_TRUST_FAILED_AUTHENTICATION_FAULTSTRING, e5);
            } catch (CredentialExpiredException e6) {
                throw new XWSSecurityException("Your credentials have expired.", e6);
            }
        } catch (SecurityException e7) {
            throw new XWSSecurityException("Cannot create LoginContext. ", e7);
        } catch (LoginException e8) {
            throw new XWSSecurityException("Cannot create LoginContext. ", e8);
        }
    }
}
