package com.sun.xml.ws.security.impl.kerberos;

import com.sun.security.auth.callback.TextCallbackHandler;
import com.sun.xml.ws.security.jgss.XWSSProvider;
import com.sun.xml.ws.security.trust.WSTrustSOAPFaultException;
import com.sun.xml.wss.XWSSecurityException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/sun/xml/ws/security/impl/kerberos/KerberosLogin.class */
public class KerberosLogin {

    /* loaded from: input_file:com/sun/xml/ws/security/impl/kerberos/KerberosLogin$KerberosClientSetupAction.class */
    class KerberosClientSetupAction implements PrivilegedExceptionAction {
        String server;
        boolean credentialDelegation;

        public KerberosClientSetupAction(String str, boolean z) {
            this.credentialDelegation = false;
            this.server = str;
            this.credentialDelegation = z;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                Oid oid = new Oid("1.2.840.113554.1.2.2");
                GSSManager gSSManager = GSSManager.getInstance();
                GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.server, (Oid) null), oid, (GSSCredential) null, 0);
                createContext.requestMutualAuth(false);
                createContext.requestConf(false);
                createContext.requestInteg(true);
                createContext.requestCredDeleg(this.credentialDelegation);
                byte[] bArr = new byte[0];
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                Subject subject = Subject.getSubject(AccessController.getContext());
                subject.getPublicCredentials().add(createContext);
                subject.getPublicCredentials().add(initSecContext);
                return null;
            } catch (Exception e) {
                throw new PrivilegedActionException(e);
            }
        }
    }

    /* loaded from: input_file:com/sun/xml/ws/security/impl/kerberos/KerberosLogin$KerberosServerSetupAction.class */
    class KerberosServerSetupAction implements PrivilegedExceptionAction {
        byte[] token;

        public KerberosServerSetupAction(byte[] bArr) {
            this.token = bArr;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                final GSSManager gSSManager = GSSManager.getInstance();
                final Oid oid = new Oid("1.2.840.113554.1.2.2");
                AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.xml.ws.security.impl.kerberos.KerberosLogin.KerberosServerSetupAction.1
                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        try {
                            gSSManager.addProviderAtFront(new XWSSProvider(), oid);
                            return null;
                        } catch (GSSException e) {
                            e.printStackTrace();
                            return null;
                        }
                    }
                });
                GSSContext createContext = gSSManager.createContext((GSSCredential) null);
                byte[] acceptSecContext = createContext.acceptSecContext(this.token, 0, this.token.length);
                if (acceptSecContext == null || acceptSecContext.length != 0) {
                }
                Subject subject = Subject.getSubject(AccessController.getContext());
                subject.getPublicCredentials().add(createContext);
                subject.getPublicCredentials().add(this.token);
                return null;
            } catch (Exception e) {
                throw new PrivilegedActionException(e);
            }
        }
    }

    public KerberosContext login(String str, String str2, boolean z) throws XWSSecurityException {
        KerberosContext kerberosContext = new KerberosContext();
        try {
            LoginContext loginContext = new LoginContext(str, new TextCallbackHandler());
            try {
                loginContext.login();
                try {
                    Subject subject = loginContext.getSubject();
                    Subject.doAsPrivileged(subject, new KerberosClientSetupAction(str2, z), (AccessControlContext) null);
                    GSSContext gSSContext = null;
                    for (Object obj : subject.getPublicCredentials()) {
                        if (obj instanceof byte[]) {
                            kerberosContext.setKerberosToken((byte[]) obj);
                        } else if (obj instanceof GSSContext) {
                            gSSContext = (GSSContext) obj;
                            kerberosContext.setGSSContext(gSSContext);
                        }
                    }
                    for (Object obj2 : subject.getPrivateCredentials()) {
                        if (obj2 instanceof KerberosTicket) {
                            KerberosTicket kerberosTicket = (KerberosTicket) obj2;
                            try {
                                if (kerberosTicket.getServer().getName().equals(gSSContext.getTargName().toString())) {
                                    kerberosContext.setSecretKey(kerberosTicket.getSessionKey().getEncoded());
                                    break;
                                }
                            } catch (GSSException e) {
                                e.printStackTrace();
                            }
                        }
                    }
                    kerberosContext.setOnce(true);
                    return kerberosContext;
                } catch (PrivilegedActionException e2) {
                    throw new XWSSecurityException(e2);
                }
            } catch (Exception e3) {
                throw new XWSSecurityException("Unexpected Exception in Kerberos login - unable to continue", e3);
            } catch (AccountExpiredException e4) {
                throw new XWSSecurityException("Your Kerberos account has expired.", e4);
            } catch (FailedLoginException e5) {
                throw new XWSSecurityException(WSTrustSOAPFaultException.WS_TRUST_FAILED_AUTHENTICATION_FAULTSTRING, e5);
            } catch (CredentialExpiredException e6) {
                throw new XWSSecurityException("Your credentials have expired.", e6);
            }
        } catch (SecurityException e7) {
            throw new XWSSecurityException("Cannot create LoginContext. ", e7);
        } catch (LoginException e8) {
            throw new XWSSecurityException("Cannot create LoginContext. ", e8);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:29:0x0112, code lost:
    
        r0.setSecretKey(((sun.security.krb5.EncryptionKey) r0).getBytes());
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public com.sun.xml.ws.security.impl.kerberos.KerberosContext login(java.lang.String r7, byte[] r8) throws com.sun.xml.wss.XWSSecurityException {
        /*
            Method dump skipped, instructions count: 322
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.xml.ws.security.impl.kerberos.KerberosLogin.login(java.lang.String, byte[]):com.sun.xml.ws.security.impl.kerberos.KerberosContext");
    }
}
