package com.ibm.ws.security.spnego;

import com.ibm.ws.security.util.Base64Coder;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/ibm/ws/security/spnego/DelegatedCredentialExtractor.class */
public class DelegatedCredentialExtractor {
    private static final Oid SPNEGOMECHOID;
    private static final Oid KRB5MECHANISMOID;
    private static String LtpaToken = "LtpaToken";
    private static final String ME = DelegatedCredentialExtractor.class.getName();
    private static final Logger logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);

    private DelegatedCredentialExtractor() {
    }

    public static String getSpnegoAuthorizationToken(HttpSession httpSession, String str, String str2) throws KerberosSSOException, FailoverException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "getSpnegoAuthorizationToken");
        }
        String buildSpnegoAuthorizationString = buildSpnegoAuthorizationString(CredentialManager.getDelegatedCredential(httpSession), str, str2);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "getSpnegoAuthorizationToken", "Delegated credentials returned");
        }
        return buildSpnegoAuthorizationString;
    }

    private static String buildSpnegoAuthorizationString(GSSCredential gSSCredential, String str, String str2) throws KerberosSSOException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "buildSpnegoAuthorizationString");
        }
        if (str == null || str2 == null) {
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "Unable to build SPN with null fields");
            }
            throw new KerberosSSOException("Unable to build SPN with null fields");
        }
        String str3 = "HTTP/" + str + "@" + str2;
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            if (gSSManager == null) {
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "Unable to get Default GSSManager instance");
                }
                throw new KerberosSSOException("Unable to get Default GSSManager instance");
            }
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(str3, GSSName.NT_USER_NAME).canonicalize(SPNEGOMECHOID), SPNEGOMECHOID, gSSCredential, Integer.MAX_VALUE);
            createContext.requestMutualAuth(true);
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "GSSContext " + createContext);
            }
            byte[] initSecContext = createContext.initSecContext((byte[]) null, 0, 0);
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "initSecContext done");
            }
            String str4 = "Negotiate " + new String(Base64Coder.base64Encode(initSecContext));
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "SPNEGO token\n" + str4);
            }
            createContext.dispose();
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(ME, "buildSpnegoAuthorizationString", str4);
            }
            return str4;
        } catch (GSSException e) {
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(ME, "buildSpnegoAuthorizationString - GSSException received " + e.getMessage());
            }
            throw new KerberosSSOException(e.getMessage());
        }
    }

    public static void relogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "relogin");
        }
        String str = null;
        String str2 = null;
        boolean z = false;
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (cookie.getName().equals(LtpaToken) && !z) {
                str = cookie.getPath();
                str2 = cookie.getDomain();
                z = true;
            }
        }
        Cookie cookie2 = new Cookie(LtpaToken, "");
        cookie2.setMaxAge(0);
        cookie2.setDomain(str2);
        cookie2.setPath(str);
        httpServletResponse.addCookie(cookie2);
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (!z) {
            logger.logp(Level.WARNING, ME, "relogin", "security.spnego.no.LtpaToken.found", new Object[]{httpServletRequest.getUserPrincipal()});
            return;
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, ME, "relogin", "Redirect back to this ourselves, the TAI should be engaged now!" + stringBuffer);
        }
        httpServletResponse.sendRedirect(stringBuffer);
    }

    static {
        Oid oid;
        Oid oid2;
        try {
            oid = new Oid("1.2.840.113554.1.2.2");
        } catch (GSSException e) {
            oid = null;
        }
        KRB5MECHANISMOID = oid;
        try {
            oid2 = new Oid("1.3.6.1.5.5.2");
        } catch (GSSException e2) {
            oid2 = null;
        }
        SPNEGOMECHOID = oid2;
    }
}
