package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.security.krb5.wss.KerberosTokenConfig;
import com.ibm.ws.wssecurity.token.CacheableToken;
import com.ibm.ws.wssecurity.util.io.ObjectOutputInputUtil;
import java.io.IOException;
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;

/* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/TGTAuthToken.class */
public class TGTAuthToken implements CacheableToken {
    private static final long serialVersionUID = 1;
    private static final String VERSION_NUMBER = "1.0";
    protected String identifier;
    protected KerberosTicket tgt;
    public static final String TGT_PREFIX = "krbtgt";

    public TGTAuthToken() {
        this.identifier = null;
        this.tgt = null;
    }

    public TGTAuthToken(HashMap hashMap, String str) {
        this.identifier = null;
        this.tgt = null;
        this.tgt = extractTgt(hashMap, str);
    }

    public KerberosTicket getTGT() {
        return this.tgt;
    }

    @Override // com.ibm.ws.wssecurity.token.CacheableToken
    public String getIdentifier() {
        return this.identifier;
    }

    public void setIdentifier(String str) {
        this.identifier = str;
    }

    @Override // java.io.Externalizable
    public void readExternal(ObjectInput objectInput) throws IOException, ClassNotFoundException {
        if ("1.0".equals(ObjectOutputInputUtil.readUTF(objectInput, "TGTToken.version"))) {
            this.identifier = ObjectOutputInputUtil.readUTF(objectInput, "TGTToken.identifier");
            Object readObject = ObjectOutputInputUtil.readObject(objectInput, "TGTToken.tgt");
            if (readObject != null) {
                this.tgt = (KerberosTicket) readObject;
            }
        }
    }

    @Override // java.io.Externalizable
    public void writeExternal(ObjectOutput objectOutput) throws IOException {
        ObjectOutputInputUtil.writeUTF(objectOutput, "1.0", "TGTToken.version");
        ObjectOutputInputUtil.writeUTF(objectOutput, this.identifier, "TGTToken.identifier");
        ObjectOutputInputUtil.writeObject(objectOutput, this.tgt, "TGTToken.tgt");
    }

    private static KerberosTicket extractTgt(HashMap hashMap, String str) {
        final Subject subject = (Subject) hashMap.get(KerberosTokenConfig.CONTEXT_SUBJECT);
        KerberosTicket kerberosTicket = null;
        if (subject != null) {
            kerberosTicket = (KerberosTicket) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.TGTAuthToken.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    for (KerberosTicket kerberosTicket2 : subject.getPrivateCredentials(KerberosTicket.class)) {
                        if (kerberosTicket2.getServer().getName().startsWith("krbtgt")) {
                            return kerberosTicket2;
                        }
                    }
                    return null;
                }
            });
        }
        return kerberosTicket;
    }
}
