package com.ibm.rational.test.lt.models.wscore.transport.http.impl;

import com.ibm.rational.test.lt.models.ws.LoggingUtil;
import com.ibm.rational.test.lt.models.wscore.transport.TransportContext;
import com.ibm.rational.test.lt.models.wscore.utils.util.Base64Util;
import java.io.IOException;
import java.security.AccessControlContext;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.spi.LoginModule;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:coremdl.jar:com/ibm/rational/test/lt/models/wscore/transport/http/impl/KerberosAuth.class */
public class KerberosAuth {
    private String principal;
    private String password;
    private String service;
    private String server;
    private String theTicket;
    private Subject subject;
    private static Object lock = new Object();
    private boolean debug = false;
    private boolean finished = false;
    GSSContext clientContext = null;
    Exception t = null;

    /* loaded from: input_file:coremdl.jar:com/ibm/rational/test/lt/models/wscore/transport/http/impl/KerberosAuth$RPTKerberosCallbackHandler.class */
    private class RPTKerberosCallbackHandler implements CallbackHandler {
        private RPTKerberosCallbackHandler() {
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (int i = 0; i < callbackArr.length; i++) {
                if (callbackArr[i] instanceof NameCallback) {
                    ((NameCallback) callbackArr[i]).setName(KerberosAuth.this.principal);
                } else if (callbackArr[i] instanceof PasswordCallback) {
                    ((PasswordCallback) callbackArr[i]).setPassword(KerberosAuth.this.password.toCharArray());
                }
            }
        }

        /* synthetic */ RPTKerberosCallbackHandler(KerberosAuth kerberosAuth, RPTKerberosCallbackHandler rPTKerberosCallbackHandler) {
            this();
        }
    }

    public String getKerberosSpnegoTicket(String str, String str2, String str3, String str4, String str5, String str6, TransportContext transportContext) throws Exception {
        Class<?> cls;
        this.principal = str;
        this.password = str2;
        this.service = str4;
        this.server = str5;
        if (this.debug) {
            System.setProperty("com.ibm.security.jgss.debug", "all");
            System.setProperty("com.ibm.security.krb5.Krb5Debug", "all");
        }
        log("getKerberosSpnegoTicket:  user=" + str + " pw=" + str2 + " realm=" + str3 + " service=" + this.service + " server=" + this.server);
        log("java.security.krb5.conf=" + System.getProperty("java.security.krb5.conf"));
        System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
        try {
            cls = Class.forName("com.ibm.security.auth.module.Krb5LoginModule");
        } catch (Exception unused) {
            cls = Class.forName("com.sun.security.auth.module.Krb5LoginModule");
        }
        LoginModule loginModule = (LoginModule) cls.getConstructor(new Class[0]).newInstance(new Object[0]);
        HashMap hashMap = new HashMap();
        hashMap.put("principal", String.valueOf(this.principal) + "@" + str3);
        hashMap.put("refreshKrb5Config", "true");
        if (this.subject == null) {
            this.subject = new Subject();
        }
        loginModule.initialize(this.subject, new RPTKerberosCallbackHandler(this, null), (Map) null, hashMap);
        loginModule.login();
        loginModule.commit();
        return getTGS(str6, transportContext);
    }

    private String getTGS(final String str, TransportContext transportContext) throws Exception {
        Subject.doAsPrivileged(this.subject, new PrivilegedAction<Object>() { // from class: com.ibm.rational.test.lt.models.wscore.transport.http.impl.KerberosAuth.1
            /* JADX WARN: Multi-variable type inference failed */
            /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Object] */
            /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable] */
            /* JADX WARN: Type inference failed for: r0v42 */
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    ?? r0 = KerberosAuth.lock;
                    synchronized (r0) {
                        Oid oid = new Oid("1.2.840.113554.1.2.2");
                        Oid oid2 = new Oid("1.3.6.1.5.5.2");
                        GSSManager gSSManager = GSSManager.getInstance();
                        KerberosAuth.this.log("create credential using Kerberos ticket in the subject");
                        KerberosAuth.this.log("javax.security.auth.useSubjectCredsOnly=" + System.getProperty("javax.security.auth.useSubjectCredsOnly"));
                        if (KerberosAuth.this.clientContext == null) {
                            GSSName createName = gSSManager.createName(KerberosAuth.this.principal, GSSName.NT_USER_NAME, oid);
                            GSSCredential createCredential = gSSManager.createCredential(createName.canonicalize(oid), 0, oid, 1);
                            createCredential.add(createName.canonicalize(oid2), Integer.MAX_VALUE, Integer.MAX_VALUE, oid2, 1);
                            KerberosAuth.this.log("Client GSS creds " + createCredential);
                            GSSName createName2 = gSSManager.createName(String.valueOf(KerberosAuth.this.service) + "/" + KerberosAuth.this.server, GSSName.NT_USER_NAME);
                            KerberosAuth.this.log("Target server name " + createName2);
                            KerberosAuth.this.clientContext = gSSManager.createContext(createName2.canonicalize(oid2), oid2, createCredential, 0);
                        }
                        KerberosAuth.this.log("Client context " + KerberosAuth.this.clientContext);
                        byte[] bArr = new byte[0];
                        byte[] bArr2 = new byte[0];
                        if (str != null) {
                            bArr2 = Base64Util.decode(str);
                        }
                        byte[] initSecContext = KerberosAuth.this.clientContext.initSecContext(bArr2, 0, bArr2.length);
                        if (KerberosAuth.this.clientContext.isEstablished()) {
                            KerberosAuth.this.finished = true;
                        } else {
                            KerberosAuth.this.theTicket = Base64Util.encode(initSecContext);
                        }
                        KerberosAuth.this.log("TICKET:" + str);
                        KerberosAuth.this.log("Kerberos service principal: " + KerberosAuth.this.clientContext.getTargName());
                        KerberosAuth.this.log("State of GSS delegation: " + KerberosAuth.this.clientContext.getCredDelegState());
                        r0 = r0;
                        return null;
                    }
                } catch (Exception e) {
                    KerberosAuth.this.t = e;
                    return null;
                }
            }
        }, (AccessControlContext) null);
        if (this.t != null) {
            throw this.t;
        }
        log("RPT Kerberos returning ticket '" + this.theTicket + "'");
        return this.theTicket;
    }

    public void setDebug(boolean z) {
        this.debug = z;
    }

    public void log(String str) {
        if (this.debug) {
            LoggingUtil.INSTANCE.write(str, getClass());
        }
    }

    public boolean hasFinishedNego() {
        return this.finished;
    }

    public void setStartNego() {
        this.finished = false;
    }

    public String getTicket() {
        return this.theTicket;
    }
}
