package com.ibm.ws.wssecurity.util;

import com.ibm.ws.wssecurity.token.KRBCredentialsFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/util/KRBContext.class */
public final class KRBContext {
    private GSSCredential gssCred;
    private GSSContext gssContext;
    private static TraceComponent tc;

    public KRBContext(GSSCredential gSSCredential) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "KRBContext");
        }
        this.gssCred = gSSCredential;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "KRBContext");
        }
    }

    public byte[] begin(byte[] bArr) throws GSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "begin");
        }
        this.gssContext = KRBCredentialsFactory.getMgr().createContext(this.gssCred);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "begin: before acceptSecContext context");
        }
        byte[] acceptSecContext = this.gssContext.acceptSecContext(bArr, 0, bArr.length);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "begin: after acceptSecContext context");
        }
        if (!this.gssContext.isEstablished()) {
            Tr.error(tc, "kerberos.bad.token", new Object[]{acceptSecContext != null ? KRB5Util.showHex(acceptSecContext) : "null"});
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "gssContext.getLifetime" + this.gssContext.getLifetime());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "begin");
        }
        return acceptSecContext;
    }

    public boolean isEstablshed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isEstablshed");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isEstablshed");
        }
        if (this.gssContext == null) {
            return false;
        }
        return this.gssContext.isEstablished();
    }

    public void dispose() throws GSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dispose");
        }
        this.gssContext.dispose();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dispose");
        }
    }

    public final String getPrincipalName() throws GSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrincipalName");
        }
        GSSName srcName = this.gssContext.getSrcName();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrincipalName");
        }
        return srcName.toString();
    }

    public GSSCredential getDelegateCred() throws GSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDelegateCred");
        }
        GSSCredential gSSCredential = null;
        if (this.gssContext != null && this.gssContext.getCredDelegState()) {
            gSSCredential = this.gssContext.getDelegCred();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Getting Delegate Credential, done.");
            }
        } else if (tc.isEntryEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "unable to get Delegate Credential - gssContext " + this.gssContext);
            }
            if (this.gssContext != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "state:" + this.gssContext.getCredDelegState());
                Tr.debug(tc, "cred:" + this.gssContext.getDelegCred());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDelegateCred");
        }
        return gSSCredential;
    }
}
