package com.ibm.ws.security.spnego;

import com.ibm.ws.security.auth.SubjectHelper;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/ibm/ws/security/spnego/Context.class */
public final class Context {
    private KerberosTicket krbTicket;
    private long lifetime = 0;
    private GSSCredential gssCred;
    private GSSContext gssContext;
    private static final String ME = Context.class.getName();
    private static final Logger logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);
    private static final Oid SPNEGOMECHOID;

    public Context(GSSCredential gSSCredential) {
        this.gssCred = gSSCredential;
    }

    public byte[] begin(final byte[] bArr) throws GSSException, PrivilegedActionException, Exception {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "begin", Util.showHex(bArr));
        }
        this.gssContext = ServerCredentialsFactory.getMgr().createContext(this.gssCred);
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.security.spnego.Context.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                System.setProperty(Constants.KEY_JGSS_USE_SUBJ_CREDS, "true");
                return null;
            }
        });
        Subject subject = new Subject();
        try {
            final GSSContext gSSContext = this.gssContext;
            try {
                byte[] bArr2 = (byte[]) Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { // from class: com.ibm.ws.security.spnego.Context.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return gSSContext.acceptSecContext(bArr, 0, bArr.length);
                    }
                }, AccessController.getContext());
                this.lifetime = 0L;
                this.krbTicket = null;
                if (subject != null) {
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "begin", "_subject: " + subject);
                    }
                    this.krbTicket = SubjectHelper.getKerberosTicketFromSubject(subject);
                    if (logger.isLoggable(Level.FINER)) {
                        logger.logp(Level.FINER, ME, "begin", "Kerberos ticket: " + this.krbTicket);
                    }
                } else if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "begin", "subject is null.");
                }
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "begin", "GSSContext accepted:" + this.gssContext.toString());
                }
                if (this.gssContext.isEstablished()) {
                    this.lifetime = this.gssContext.getLifetime();
                } else {
                    logger.logp(Level.SEVERE, ME, "begin", "security.spnego.bad.token", new Object[]{bArr2 != null ? Util.showHex(bArr2) : "null"});
                }
                if (logger.isLoggable(Level.FINER)) {
                    logger.exiting(ME, "begin", Util.showHex(bArr2));
                }
                return bArr2;
            } catch (PrivilegedActionException e) {
                e.printStackTrace();
                throw e.getException();
            }
        } catch (GSSException e2) {
            e2.printStackTrace();
            throw e2;
        } catch (Exception e3) {
            e3.printStackTrace();
            throw e3;
        }
    }

    public boolean isEstablished() {
        boolean isEstablished = this.gssContext == null ? false : this.gssContext.isEstablished();
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "isEstablished");
            logger.exiting(ME, "isEstablished", Boolean.toString(isEstablished));
        }
        return isEstablished;
    }

    public void dispose() throws GSSException {
        this.gssContext.dispose();
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "dispose");
            logger.exiting(ME, "dispose");
        }
    }

    public final String getPrincipalName() throws GSSException {
        String obj = this.gssContext.getSrcName().toString();
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "getPrincipalName");
            logger.exiting(ME, "getPrincipalName", obj);
        }
        return obj;
    }

    public GSSCredential getDelegateCred() throws GSSException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "getDelegateCred");
        }
        GSSCredential gSSCredential = null;
        if (this.gssContext != null && this.gssContext.getCredDelegState()) {
            gSSCredential = this.gssContext.getDelegCred();
            GSSName createName = GSSManager.getInstance().createName(gSSCredential.getName().toString(), GSSName.NT_USER_NAME, SPNEGOMECHOID);
            int usage = gSSCredential.getUsage();
            int remainingLifetime = gSSCredential.getRemainingLifetime();
            gSSCredential.add(createName, remainingLifetime, remainingLifetime, SPNEGOMECHOID, usage);
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "getDelegateCred", createName + " has been added.");
            }
        } else if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, ME, "getDelegateCred", "Unable to get delegated GSSCredential, GSSContext=" + this.gssContext.toString() + ", GSSCredential=" + this.gssCred);
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "getDelegateCred", gSSCredential);
        }
        return gSSCredential;
    }

    public KerberosTicket getKrbTicket() {
        return this.krbTicket;
    }

    public long getLifetime() {
        return this.lifetime;
    }

    static {
        Oid oid;
        try {
            oid = new Oid("1.3.6.1.5.5.2");
        } catch (GSSException e) {
            oid = null;
        }
        SPNEGOMECHOID = oid;
    }
}
