package com.ibm.ws.transport.iiop.security.config.tss;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.csiv2.Authenticator;
import com.ibm.ws.transport.iiop.security.SASException;
import com.ibm.ws.transport.iiop.security.SASInvalidEvidenceException;
import com.ibm.ws.transport.iiop.security.util.Util;
import javax.security.auth.Subject;
import org.omg.CSI.GSS_NT_ExportedNameHelper;
import org.omg.CSI.IdentityToken;
import org.omg.IOP.Codec;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/transport/iiop/security/config/tss/TSSITTPrincipalNameGSSUP.class */
public class TSSITTPrincipalNameGSSUP extends TSSSASIdentityToken {
    private final String realmName;
    private final String domainName;
    private final transient Authenticator authenticator;
    static final long serialVersionUID = 5788574301719349895L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(TSSITTPrincipalNameGSSUP.class);
    public static final String OID = TSSNULLASMechConfig.NULL_OID.substring(4);

    public TSSITTPrincipalNameGSSUP(Class cls, String str, String str2) throws NoSuchMethodException {
        this.realmName = str;
        this.domainName = str2;
        this.authenticator = null;
    }

    public TSSITTPrincipalNameGSSUP(Authenticator authenticator, String str) {
        this.authenticator = authenticator;
        this.realmName = str;
        this.domainName = str;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    public short getType() {
        return (short) 2;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    public String getOID() {
        return OID;
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    @FFDCIgnore({AuthenticationException.class})
    public Subject check(IdentityToken identityToken, Codec codec) throws SASException {
        try {
            return this.authenticator.authenticate(getPrincipalName(identityToken, codec));
        } catch (AuthenticationException e) {
            throw new SASInvalidEvidenceException(e.getMessage(), 1229079296);
        }
    }

    private String getPrincipalName(IdentityToken identityToken, Codec codec) throws SASException {
        try {
            return Util.extractUserNameFromScopedName(Util.decodeGSSExportedName(GSS_NT_ExportedNameHelper.extract(codec.decode_value(identityToken.principal_name(), GSS_NT_ExportedNameHelper.type()))).getName());
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.transport.iiop.security.config.tss.TSSITTPrincipalNameGSSUP", "89", this, new Object[]{identityToken, codec});
            throw new SASException(1, e);
        }
    }

    @Override // com.ibm.ws.transport.iiop.security.config.tss.TSSSASIdentityToken
    @Trivial
    public void toString(String str, StringBuilder sb) {
        String str2 = str + "  ";
        sb.append(str).append("TSSITTPrincipalNameGSSUP: [\n");
        sb.append(str2).append("domain: ").append(this.domainName).append("\n");
        sb.append(str2).append("realm: ").append(this.realmName).append("\n");
        sb.append(str).append("]\n");
    }
}
