package com.ibm.ws.security.kerberos;

import com.ibm.security.auth.module.Krb5LoginModule;
import com.ibm.security.jgss.ExtendedGSSContext;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.kernel.LibertyProcess;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.kerberos.internal.TraceConstants;
import com.ibm.ws.security.krb5.Krb5Common;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {Krb5HelperJdk.class}, configurationPolicy = ConfigurationPolicy.IGNORE, property = {"service.vendor=IBM", "name=Krb5HelperJdk8"})
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/kerberos/Krb5HelperJdk8.class */
public class Krb5HelperJdk8 implements Krb5HelperJdk {
    private static final TraceComponent tc = Tr.register(Krb5HelperJdk8.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    static final long serialVersionUID = -5714036042776689340L;

    @Reference(policy = ReferencePolicy.STATIC, target = "(&(java.specification.version>=1.8)(java.vendor=ibm corporation))")
    protected void setProcess(LibertyProcess libertyProcess) {
    }

    @Override // com.ibm.ws.security.kerberos.Krb5HelperJdk
    public GSSCredential getDelegateGSSCredUsingS4U2self(final String str, String str2, final Oid oid, final int i, final String str3, Subject subject) throws GSSException {
        final GSSManager gSSManager = GSSManager.getInstance();
        GSSCredential gSSCredential = (GSSCredential) WSSubject.doAs(subject, new PrivilegedAction<Object>() { // from class: com.ibm.ws.security.kerberos.Krb5HelperJdk8.1
            static final long serialVersionUID = 2491311124454158059L;
            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);

            @Override // java.security.PrivilegedAction
            public Object run() {
                GSSCredential gSSCredential2 = null;
                try {
                    gSSCredential2 = gSSManager.createCredential(i).impersonate(gSSManager.createName(str, oid));
                } catch (GSSException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.kerberos.Krb5HelperJdk8$1", "80", this, new Object[0]);
                    Tr.error(Krb5HelperJdk8.tc, "KRB_IMPERSONATE_USER_TO_GET_GSSCRED_FOR_SELF_FAILURE", new Object[]{str, str3, e.getMessage()});
                }
                return gSSCredential2;
            }
        });
        if (gSSCredential == null) {
            throw new GSSException(11, 12, "GSSCredential is null");
        }
        return gSSCredential;
    }

    @Override // com.ibm.ws.security.kerberos.Krb5HelperJdk
    public GSSCredential getDelegateGSSCredUsingS4U2proxy(String str, GSSContext gSSContext, String str2) throws GSSException {
        GSSCredential gSSCredential = null;
        try {
            gSSCredential = ((ExtendedGSSContext) gSSContext).getDelegCred();
        } catch (GSSException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.kerberos.Krb5HelperJdk8", "103", this, new Object[]{str, gSSContext, str2});
            Tr.error(tc, "KRB_IMPERSONATE_USER_TO_GET_GSSCRED_FOR_BACKEND_SERVICE_FAILURE", new Object[]{str, str2, e.getMessage()});
        }
        if (gSSCredential == null) {
            throw new GSSException(11, 13, "GSSCredential is null");
        }
        return gSSCredential;
    }

    @Override // com.ibm.ws.security.kerberos.Krb5HelperJdk
    public Subject doKerberosLogin(String str, String str2, String str3) throws LoginException {
        Subject subject = new Subject();
        Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap.put("credsType", "both");
        hashMap.put("useDefaultCcache", "false");
        hashMap.put("forwardable", "true");
        hashMap.put("principal", str2);
        hashMap.put("useKeytab", str3);
        if (tc.isDebugEnabled()) {
            hashMap.put("debug", "true");
        }
        krb5LoginModule.initialize(subject, (CallbackHandler) null, hashMap2, hashMap);
        Krb5Common.debugKrb5LoginModule(subject, (CallbackHandler) null, hashMap2, hashMap);
        krb5LoginModule.login();
        krb5LoginModule.commit();
        return subject;
    }

    @Activate
    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
    }

    @Modified
    protected void modified(Map<String, Object> map) {
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
    }
}
