package org.apache.cxf.ws.security.kerberos;

import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.Configurable;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.xml.security.utils.XMLUtils;
import org.ietf.jgss.GSSCredential;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.4.8.jar:org/apache/cxf/ws/security/kerberos/KerberosClient.class */
public class KerberosClient implements Configurable {
    private static final Logger LOG = LogUtils.getL7dLogger(KerberosClient.class);
    private String serviceName;
    private CallbackHandler callbackHandler;
    private String contextName;
    private boolean requestCredentialDelegation;
    private boolean isUsernameServiceNameForm;
    private boolean useDelegatedCredential;
    String name = "default.kerberos-client";
    private WSSConfig wssConfig = WSSConfig.getNewInstance();

    @Override // org.apache.cxf.configuration.Configurable
    public String getBeanName() {
        return this.name;
    }

    public String getContextName() {
        return this.contextName;
    }

    public void setContextName(String str) {
        this.contextName = str;
    }

    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    public SecurityToken requestSecurityToken() throws Exception {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        GSSCredential gSSCredential = null;
        if (currentMessage != null && this.useDelegatedCredential) {
            Object contextualProperty = currentMessage.getContextualProperty(SecurityConstants.DELEGATED_CREDENTIAL);
            if (contextualProperty instanceof GSSCredential) {
                gSSCredential = (GSSCredential) contextualProperty;
            }
        }
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("Requesting Kerberos ticket for " + this.serviceName + " using JAAS Login Module: " + getContextName());
        }
        KerberosSecurity createKerberosSecurity = createKerberosSecurity();
        createKerberosSecurity.retrieveServiceTicket(getContextName(), this.callbackHandler, this.serviceName, this.isUsernameServiceNameForm, this.requestCredentialDelegation, gSSCredential);
        createKerberosSecurity.addWSUNamespace();
        createKerberosSecurity.setID(this.wssConfig.getIdAllocator().createSecureId("BST-", createKerberosSecurity));
        createKerberosSecurity.addWSUNamespace();
        SecurityToken securityToken = new SecurityToken(createKerberosSecurity.getID());
        securityToken.setToken(createKerberosSecurity.getElement());
        securityToken.setWsuId(createKerberosSecurity.getID());
        SecretKey secretKey = createKerberosSecurity.getSecretKey();
        if (secretKey != null) {
            securityToken.setKey(secretKey);
            securityToken.setSecret(secretKey.getEncoded());
        }
        securityToken.setSHA1(XMLUtils.encodeToString(KeyUtils.generateDigest(createKerberosSecurity.getToken())));
        securityToken.setTokenType(createKerberosSecurity.getValueType());
        return securityToken;
    }

    protected KerberosSecurity createKerberosSecurity() {
        return new KerberosSecurity(DOMUtils.getEmptyDocument());
    }

    public boolean isUsernameServiceNameForm() {
        return this.isUsernameServiceNameForm;
    }

    public void setUsernameServiceNameForm(boolean z) {
        this.isUsernameServiceNameForm = z;
    }

    public boolean isRequestCredentialDelegation() {
        return this.requestCredentialDelegation;
    }

    public void setRequestCredentialDelegation(boolean z) {
        this.requestCredentialDelegation = z;
    }

    public boolean isUseDelegatedCredential() {
        return this.useDelegatedCredential;
    }

    public void setUseDelegatedCredential(boolean z) {
        this.useDelegatedCredential = z;
    }
}
