package org.apache.kerby.kerberos.kerb.server;

import java.security.Principal;
import java.security.PrivilegedExceptionAction;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/server/GssInteropTest.class */
public class GssInteropTest extends LoginTestBase {

    /* loaded from: input_file:org/apache/kerby/kerberos/kerb/server/GssInteropTest$KerberosClientExceptionAction.class */
    private class KerberosClientExceptionAction implements PrivilegedExceptionAction<byte[]> {
        private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
        private Principal clientPrincipal;
        private String serviceName;

        public KerberosClientExceptionAction(Principal principal, String str) {
            this.clientPrincipal = principal;
            this.serviceName = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public byte[] run() throws GSSException {
            GSSManager gSSManager = GSSManager.getInstance();
            GSSName createName = gSSManager.createName(this.serviceName, GSSName.NT_USER_NAME);
            Oid oid = new Oid(JGSS_KERBEROS_TICKET_OID);
            GSSContext createContext = gSSManager.createContext(createName, oid, gSSManager.createCredential(gSSManager.createName(this.clientPrincipal.getName(), GSSName.NT_USER_NAME), 0, oid, 1), 0);
            createContext.requestMutualAuth(false);
            createContext.requestCredDeleg(false);
            try {
                byte[] bArr = new byte[0];
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                createContext.dispose();
                return initSecContext;
            } catch (Throwable th) {
                createContext.dispose();
                throw th;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/kerby/kerberos/kerb/server/GssInteropTest$KerberosServiceExceptionAction.class */
    public static class KerberosServiceExceptionAction implements PrivilegedExceptionAction<byte[]> {
        private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
        private byte[] ticket;
        private String serviceName;

        public KerberosServiceExceptionAction(byte[] bArr, String str) {
            this.ticket = bArr;
            this.serviceName = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.security.PrivilegedExceptionAction
        public byte[] run() throws GSSException {
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createCredential(gSSManager.createName(this.serviceName, GSSName.NT_USER_NAME), 0, new Oid(JGSS_KERBEROS_TICKET_OID), 2));
            try {
                byte[] acceptSecContext = createContext.acceptSecContext(this.ticket, 0, this.ticket.length);
                if (null != createContext) {
                    createContext.dispose();
                }
                return acceptSecContext;
            } catch (Throwable th) {
                if (null != createContext) {
                    createContext.dispose();
                }
                throw th;
            }
        }
    }

    @Test
    public void testGss() throws Exception {
        Subject loginClientUsingTicketCache = loginClientUsingTicketCache();
        Set<Principal> principals = loginClientUsingTicketCache.getPrincipals();
        Assert.assertFalse(principals.isEmpty());
        Set privateCredentials = loginClientUsingTicketCache.getPrivateCredentials(KerberosTicket.class);
        Assert.assertFalse(privateCredentials.isEmpty());
        Assert.assertNotNull((KerberosTicket) privateCredentials.iterator().next());
        byte[] bArr = (byte[]) Subject.doAs(loginClientUsingTicketCache, new KerberosClientExceptionAction(principals.iterator().next(), getServerPrincipal()));
        Assert.assertNotNull(bArr);
        validateServiceTicket(bArr);
    }

    private void validateServiceTicket(byte[] bArr) throws Exception {
        Subject loginServiceUsingKeytab = loginServiceUsingKeytab();
        Assert.assertFalse(loginServiceUsingKeytab.getPrincipals().isEmpty());
        Subject.doAs(loginServiceUsingKeytab, new KerberosServiceExceptionAction(bArr, getServerPrincipal()));
    }
}
