package org.gluu.oxauth.spnego.impl;

import java.io.IOException;
import java.security.PrivilegedExceptionAction;
import java.util.Base64;
import javax.security.auth.Subject;
import org.gluu.oxauth.spnego.SpnegoAuthError;
import org.gluu.oxauth.spnego.SpnegoAuthenticator;
import org.gluu.oxauth.spnego.SpnegoConfigProvider;
import org.gluu.oxauth.spnego.SpnegoConstants;
import org.gluu.oxauth.spnego.SpnegoPrincipal;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/oxauth/spnego/impl/SunJdkSpnegoAuthenticator.class */
public class SunJdkSpnegoAuthenticator implements SpnegoAuthenticator {
    private static final Logger logger = LoggerFactory.getLogger(SunJdkSpnegoAuthenticator.class);
    private KerberosServerSubjectAuthenticator serverSubjectAuthenticator;
    private String spnegoCredentials;
    private String responseToken = null;

    /* loaded from: input_file:org/gluu/oxauth/spnego/impl/SunJdkSpnegoAuthenticator$AcceptSecContext.class */
    private class AcceptSecContext implements PrivilegedExceptionAction<SpnegoPrincipal> {
        private AcceptSecContext() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public SpnegoPrincipal run() throws Exception {
            GSSContext gSSContext = null;
            try {
                SunJdkSpnegoAuthenticator.logger.trace("Establishing SPNEGO security context");
                gSSContext = SunJdkSpnegoAuthenticator.this.establishSpnegoContext();
                SunJdkSpnegoAuthenticator.this.logAuthDetails(gSSContext);
                if (!gSSContext.isEstablished()) {
                    if (gSSContext != null) {
                        gSSContext.dispose();
                    }
                    return null;
                }
                if (gSSContext.getSrcName() == null) {
                    if (gSSContext != null) {
                        gSSContext.dispose();
                    }
                    return null;
                }
                GSSCredential gSSCredential = null;
                String gSSName = gSSContext.getSrcName().toString();
                if (gSSContext.getCredDelegState()) {
                    gSSCredential = gSSContext.getDelegCred();
                }
                SpnegoPrincipal spnegoPrincipal = new SpnegoPrincipal(gSSName, gSSCredential);
                if (gSSContext != null) {
                    gSSContext.dispose();
                }
                return spnegoPrincipal;
            } catch (Throwable th) {
                if (gSSContext != null) {
                    gSSContext.dispose();
                }
                throw th;
            }
        }
    }

    public SunJdkSpnegoAuthenticator(String str, SpnegoConfigProvider spnegoConfigProvider) {
        this.spnegoCredentials = null;
        this.serverSubjectAuthenticator = new KerberosServerSubjectAuthenticator(spnegoConfigProvider);
        this.spnegoCredentials = str;
    }

    @Override // org.gluu.oxauth.spnego.SpnegoAuthenticator
    public final String getResponseToken() {
        return this.responseToken;
    }

    @Override // org.gluu.oxauth.spnego.SpnegoAuthenticator
    public SpnegoPrincipal authenticate() {
        if (logger.isTraceEnabled()) {
            logger.trace("SPNEGO Authenticate with credentials: " + this.spnegoCredentials);
        }
        try {
            try {
                SpnegoPrincipal spnegoPrincipal = (SpnegoPrincipal) Subject.doAs(this.serverSubjectAuthenticator.authenticateServerSubject(), new AcceptSecContext());
                this.serverSubjectAuthenticator.logoutServerSubject();
                return spnegoPrincipal;
            } catch (Exception e) {
                logger.debug("SPNEGO Authentication failed", e);
                throw new SpnegoAuthError("SPNEGO Authentication failed", e);
            }
        } catch (Throwable th) {
            this.serverSubjectAuthenticator.logoutServerSubject();
            throw th;
        }
    }

    protected GSSContext establishSpnegoContext() throws GSSException, IOException {
        GSSManager gSSManager = GSSManager.getInstance();
        GSSContext createContext = gSSManager.createContext(gSSManager.createCredential((GSSName) null, Integer.MAX_VALUE, getSupportedMechanisms(), 2));
        byte[] decode = Base64.getDecoder().decode(this.spnegoCredentials);
        this.responseToken = Base64.getEncoder().encodeToString(createContext.acceptSecContext(decode, 0, decode.length));
        return createContext;
    }

    protected Oid[] getSupportedMechanisms() {
        return new Oid[]{SpnegoConstants.SPNEGO_OID, SpnegoConstants.KRB5_OID};
    }

    protected final void logAuthDetails(GSSContext gSSContext) throws GSSException {
        if (logger.isDebugEnabled()) {
            logger.debug(("SPNEGO Security context accepted with token: " + this.responseToken) + ", established: " + gSSContext.isEstablished() + ", credDelegState: " + gSSContext.getCredDelegState() + ", mutualAuthState: " + gSSContext.getMutualAuthState() + ", lifetime: " + gSSContext.getLifetime() + ", confState: " + gSSContext.getConfState() + ", integState: " + gSSContext.getIntegState() + ", srcName: " + gSSContext.getSrcName() + ", targName: " + gSSContext.getTargName());
        }
    }
}
