package com.ibm.wsspi.security.token;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.utility.SubjectHelper;
import com.ibm.ws.security.token.krb5.Krb5Helper;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.eclipse.persistence.internal.oxm.Constants;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* JADX WARN: Classes with same name are omitted:
  input_file:targets/liberty8557/ibm/com.ibm.websphere.appserver.api.security_1.2.13.jar:com/ibm/wsspi/security/token/SpnegoTokenHelper.class
 */
@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:targets/liberty8557/ibm/com.ibm.websphere.appserver.api.security_1.1.10.jar:com/ibm/wsspi/security/token/SpnegoTokenHelper.class */
public class SpnegoTokenHelper {
    private static Oid KRB5_MECH_OID;
    private static Oid SPNEGO_MECH_OID;
    static final long serialVersionUID = -876298743995782346L;
    private static final TraceComponent tc = Tr.register(SpnegoTokenHelper.class);
    private static String USE_SUBJECT_CREDS_ONLY = "javax.security.auth.useSubjectCredsOnly";

    public static String buildSpnegoAuthorizationFromCallerSubject(final String str, final int i, final boolean z) throws WSSecurityException, GSSException, PrivilegedActionException {
        checkSpn(str);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.1
                static final long serialVersionUID = -6063323207179772536L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws WSSecurityException, GSSException, PrivilegedActionException {
                    Subject callerSubject = WSSubject.getCallerSubject();
                    if (callerSubject == null) {
                        callerSubject = WSSubject.getRunAsSubject();
                    }
                    return SpnegoTokenHelper.buildSpnegoAuthorizationFromSubject(str, callerSubject, i, z);
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "89", (Object) null, new Object[]{str, Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = getGeneralCause(e);
            if (generalCause instanceof WSSecurityException) {
                throw ((WSSecurityException) generalCause);
            }
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    public static String buildSpnegoAuthorizationFromNativeCreds(final String str, final int i, final boolean z) throws GSSException, PrivilegedActionException {
        checkSpn(str);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.2
                static final long serialVersionUID = -7778018494067749183L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                @InjectedFFDC
                @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
                /* renamed from: com.ibm.wsspi.security.token.SpnegoTokenHelper$2$1, reason: invalid class name */
                /* loaded from: input_file:targets/liberty8557/ibm/com.ibm.websphere.appserver.api.security_1.2.13.jar:com/ibm/wsspi/security/token/SpnegoTokenHelper$2$1.class */
                class AnonymousClass1 implements PrivilegedExceptionAction<Object> {
                    static final long serialVersionUID = -3876628782473623535L;
                    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                    AnonymousClass1() {
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws GSSException, Exception {
                        return Krb5Helper.getGSSCred((Subject) null, AnonymousClass2.this.val$upn, SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, 1, Integer.MAX_VALUE, Integer.MAX_VALUE);
                    }
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws PrivilegedActionException, GSSException {
                    String property = System.setProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, "false");
                    try {
                        GSSCredential createCredential = SpnegoTokenHelper.access$100().createCredential((GSSName) null, Integer.MAX_VALUE, SpnegoTokenHelper.KRB5_MECH_OID, 1);
                        createCredential.add((GSSName) null, Integer.MAX_VALUE, Integer.MAX_VALUE, SpnegoTokenHelper.SPNEGO_MECH_OID, 1);
                        String buildSpnegoAuthorization = SpnegoTokenHelper.buildSpnegoAuthorization(createCredential, str, i, z);
                        if (property != null) {
                            System.setProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, property);
                        } else {
                            System.clearProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY);
                        }
                        return buildSpnegoAuthorization;
                    } catch (Throwable th) {
                        if (property != null) {
                            System.setProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, property);
                        } else {
                            System.clearProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY);
                        }
                        throw th;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "152", (Object) null, new Object[]{str, Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = getGeneralCause(e);
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    public static String buildSpnegoAuthorizationFromSubject(final String str, final Subject subject, final int i, final boolean z) throws GSSException, PrivilegedActionException {
        checkSpn(str);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.3
                static final long serialVersionUID = -6934261862380400376L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass3.class);

                @InjectedFFDC
                @TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
                /* renamed from: com.ibm.wsspi.security.token.SpnegoTokenHelper$3$1, reason: invalid class name */
                /* loaded from: input_file:targets/liberty8557/ibm/com.ibm.websphere.appserver.api.security_1.2.13.jar:com/ibm/wsspi/security/token/SpnegoTokenHelper$3$1.class */
                class AnonymousClass1 implements PrivilegedExceptionAction<Object> {
                    static final long serialVersionUID = 2903546241992746685L;
                    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                    AnonymousClass1() {
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws GSSException, Exception {
                        return Krb5Helper.getGSSCred((Subject) null, AnonymousClass3.this.val$userid, SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, 1, Integer.MAX_VALUE, Integer.MAX_VALUE);
                    }
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws LoginException, GSSException, PrivilegedActionException {
                    GSSCredential gSSCredentialFromSubject = SubjectHelper.getGSSCredentialFromSubject(subject);
                    if (gSSCredentialFromSubject != null) {
                        gSSCredentialFromSubject.add(gSSCredentialFromSubject.getName(), i, i, SpnegoTokenHelper.SPNEGO_MECH_OID, 1);
                    }
                    return SpnegoTokenHelper.buildSpnegoAuthorization(gSSCredentialFromSubject, str, i, z);
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "200", (Object) null, new Object[]{str, subject, Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = getGeneralCause(e);
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    public static String buildSpnegoAuthorizationFromUpn(final String str, final String str2, final String str3, final int i, final boolean z) throws GSSException, LoginException, PrivilegedActionException {
        checkSpn(str);
        checkUpn(str2);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.4
                static final long serialVersionUID = -6049386831730527339L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass4.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws LoginException, PrivilegedActionException, GSSException {
                    String property = System.setProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, "false");
                    try {
                        LoginContext loginContext = new LoginContext(str3, new WSCallbackHandlerImpl(str2, null));
                        loginContext.login();
                        Subject subject = loginContext.getSubject();
                        final GSSManager access$100 = SpnegoTokenHelper.access$100();
                        String buildSpnegoAuthorization = SpnegoTokenHelper.buildSpnegoAuthorization((GSSCredential) Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.4.1
                            static final long serialVersionUID = 1672932731472709421L;
                            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws GSSException, Exception {
                                GSSName createName = access$100.createName(str2, GSSName.NT_USER_NAME, SpnegoTokenHelper.KRB5_MECH_OID);
                                GSSCredential createCredential = access$100.createCredential(createName.canonicalize(SpnegoTokenHelper.KRB5_MECH_OID), i, SpnegoTokenHelper.KRB5_MECH_OID, 1);
                                createCredential.add(createName, i, i, SpnegoTokenHelper.SPNEGO_MECH_OID, 1);
                                return createCredential;
                            }
                        }), str, i, z);
                        if (property != null) {
                            System.setProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, property);
                        } else {
                            System.clearProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY);
                        }
                        return buildSpnegoAuthorization;
                    } catch (Throwable th) {
                        if (property != null) {
                            System.setProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY, property);
                        } else {
                            System.clearProperty(SpnegoTokenHelper.USE_SUBJECT_CREDS_ONLY);
                        }
                        throw th;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "281", (Object) null, new Object[]{str, str2, str3, Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = getGeneralCause(e);
            if (generalCause instanceof LoginException) {
                throw ((LoginException) generalCause);
            }
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    public static String buildSpnegoAuthorizationFromUseridPassword(final String str, final String str2, @Sensitive final String str3, final int i, final boolean z) throws GSSException, LoginException, PrivilegedActionException {
        checkSpn(str);
        checkUpn(str2);
        checkPassword(str3);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.5
                static final long serialVersionUID = -7461104122397513610L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass5.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws LoginException, GSSException, PrivilegedActionException {
                    LoginContext loginContext = new LoginContext("JAASClient", new WSCallbackHandlerImpl(str2, str3));
                    loginContext.login();
                    return SpnegoTokenHelper.buildSpnegoAuthorization((GSSCredential) Subject.doAs(loginContext.getSubject(), new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.5.1
                        static final long serialVersionUID = -4894529902949150252L;
                        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws GSSException, Exception {
                            GSSManager access$100 = SpnegoTokenHelper.access$100();
                            GSSName createName = access$100.createName(str2, GSSName.NT_USER_NAME, SpnegoTokenHelper.KRB5_MECH_OID);
                            GSSCredential createCredential = access$100.createCredential(createName.canonicalize(SpnegoTokenHelper.KRB5_MECH_OID), i, SpnegoTokenHelper.KRB5_MECH_OID, 1);
                            createCredential.add(createName, i, i, SpnegoTokenHelper.SPNEGO_MECH_OID, 1);
                            return createCredential;
                        }
                    }), str, i, z);
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "351", (Object) null, new Object[]{str, str2, "<sensitive java.lang.String>", Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = getGeneralCause(e);
            if (generalCause instanceof LoginException) {
                throw ((LoginException) generalCause);
            }
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String buildSpnegoAuthorization(GSSCredential gSSCredential, String str, int i, boolean z) throws GSSException {
        if (gSSCredential == null) {
            throw new GSSException(13);
        }
        checkSpn(str);
        GSSManager gSSManager = getGSSManager();
        GSSContext createContext = gSSManager.createContext(gSSManager.createName(str, GSSName.NT_USER_NAME).canonicalize(SPNEGO_MECH_OID), SPNEGO_MECH_OID, gSSCredential, i);
        createContext.requestMutualAuth(true);
        createContext.requestCredDeleg(z);
        String str2 = "Negotiate " + Base64Coder.encode(createContext.initSecContext((byte[]) null, 0, 0));
        createContext.dispose();
        return str2;
    }

    private static void checkSpn(String str) throws GSSException {
        if (str == null || "".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Empty servicePrincipalName supplied", new Object[0]);
            }
            throw new GSSException(3);
        }
    }

    private static void checkUpn(String str) throws GSSException {
        if (str == null || "".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Empty UserPrincipalName supplied", new Object[0]);
            }
            throw new GSSException(3);
        }
    }

    private static void checkPassword(@Sensitive String str) throws GSSException {
        if (str == null || "".equals(str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Empty password supplied", new Object[0]);
            }
            throw new GSSException(13);
        }
    }

    private static GSSManager getGSSManager() throws GSSException {
        return GSSManager.getInstance();
    }

    private static Throwable getGeneralCause(PrivilegedActionException privilegedActionException) {
        PrivilegedActionException privilegedActionException2 = privilegedActionException;
        if (privilegedActionException != null) {
            PrivilegedActionException cause = privilegedActionException.getCause();
            if (cause != null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Deciphering a PrivilegedActionException [" + cause.getClass().getName() + Constants.XPATH_INDEX_CLOSED, new Object[0]);
                }
                while (cause != null && (cause instanceof PrivilegedActionException)) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unravelling", new Object[0]);
                    }
                    cause = cause.getCause();
                }
                if (cause != null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Unravelled to a " + cause.getClass().getName(), new Object[0]);
                    }
                    privilegedActionException2 = cause;
                } else if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Only PrivilegedActionException in stack.  Returning original exception.", new Object[0]);
                }
            }
        }
        return privilegedActionException2;
    }

    static /* synthetic */ GSSManager access$100() throws GSSException {
        return getGSSManager();
    }

    static {
        try {
            KRB5_MECH_OID = new Oid("1.2.840.113554.1.2.2");
            SPNEGO_MECH_OID = new Oid("1.3.6.1.5.5.2");
        } catch (GSSException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "486", (Object) null, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected GSSExecption: " + e, new Object[0]);
            }
        }
    }
}
