package org.apache.kerby.kerberos.kerb.integration.test.gss;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import org.apache.kerby.kerberos.kerb.integration.test.AppClient;
import org.apache.kerby.kerberos.kerb.integration.test.AppUtil;
import org.apache.kerby.kerberos.kerb.integration.test.Transport;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/integration/test/gss/GssJAASAppClient.class */
public class GssJAASAppClient extends AppClient {
    private String serverPrincipal;
    private GSSManager manager;
    private String contextName;
    private CallbackHandler callbackHandler;

    /* loaded from: input_file:org/apache/kerby/kerberos/kerb/integration/test/gss/GssJAASAppClient$CreateServiceTicketAction.class */
    private static final class CreateServiceTicketAction implements PrivilegedExceptionAction<byte[]> {
        private final GSSContext context;
        private Transport.Connection conn;

        private CreateServiceTicketAction(GSSContext gSSContext, Transport.Connection connection) {
            this.context = gSSContext;
            this.conn = connection;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public byte[] run() throws GSSException {
            byte[] bArr = new byte[0];
            while (!this.context.isEstablished()) {
                bArr = this.context.initSecContext(bArr, 0, bArr.length);
                if (bArr != null) {
                    try {
                        this.conn.sendToken(bArr);
                    } catch (IOException e) {
                        throw new GSSException(11);
                    }
                }
                if (!this.context.isEstablished()) {
                    bArr = this.conn.recvToken();
                }
            }
            return bArr;
        }
    }

    public GssJAASAppClient(String[] strArr, CallbackHandler callbackHandler) throws Exception {
        super(strArr);
        this.serverPrincipal = strArr[2];
        this.contextName = strArr[3];
        this.callbackHandler = callbackHandler;
        this.manager = GSSManager.getInstance();
    }

    @Override // org.apache.kerby.kerberos.kerb.integration.test.AppClient
    protected void withConnection(Transport.Connection connection) throws Exception {
        Oid oid = new Oid(AppUtil.JGSS_KERBEROS_OID);
        GSSName createName = this.manager.createName(this.serverPrincipal, GSSName.NT_USER_NAME);
        LoginContext loginContext = new LoginContext(this.contextName, (Subject) null, this.callbackHandler, (Configuration) null);
        loginContext.login();
        Subject subject = loginContext.getSubject();
        GSSContext createContext = this.manager.createContext(createName, oid, (GSSCredential) null, 0);
        createContext.requestMutualAuth(true);
        createContext.requestConf(true);
        createContext.requestInteg(true);
        byte[] bytes = "Hello There!��".getBytes(StandardCharsets.UTF_8);
        MessageProp messageProp = new MessageProp(0, true);
        connection.sendToken(createContext.wrap(bytes, 0, bytes.length, messageProp));
        byte[] recvToken = connection.recvToken();
        createContext.verifyMIC(recvToken, 0, recvToken.length, bytes, 0, bytes.length, messageProp);
        setTestOK(true);
        createContext.dispose();
        loginContext.logout();
    }
}
