package com.ibm.wsspi.security.token;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.utility.JaasLoginConfigConstants;
import com.ibm.ws.security.token.internal.TraceConstants;
import com.ibm.ws.security.token.krb5.Krb5Helper;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* JADX WARN: Classes with same name are omitted:
  input_file:wlp/dev/api/ibm/com.ibm.websphere.appserver.api.security_1.2.13.jar:com/ibm/wsspi/security/token/SpnegoTokenHelper.class
 */
@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.token_1.0.13.jar:com/ibm/wsspi/security/token/SpnegoTokenHelper.class */
public class SpnegoTokenHelper {
    private static final TraceComponent tc = Tr.register((Class<?>) SpnegoTokenHelper.class, "Token", TraceConstants.MESSAGE_BUNDLE);
    private static Oid SPNEGO_MECH_OID;
    static final long serialVersionUID = 6653793280107778576L;

    public static String buildSpnegoAuthorizationFromCallerSubject(String str, int i, boolean z) throws WSSecurityException, GSSException, PrivilegedActionException {
        Subject callerSubject = WSSubject.getCallerSubject();
        if (callerSubject == null) {
            callerSubject = WSSubject.getRunAsSubject();
        }
        return buildSpnegoAuthorizationFromSubject(str, callerSubject, i, z);
    }

    public static String buildSpnegoAuthorizationFromSubject(String str, Subject subject, int i, boolean z) throws GSSException, PrivilegedActionException {
        Krb5Helper.checkSpn(str);
        return Krb5Helper.buildSpnegoAuthorizationFromSubjectCommon(str, subject, i, z);
    }

    public static String buildSpnegoAuthorizationFromNativeCreds(final String str, final int i, final boolean z) throws GSSException, PrivilegedActionException {
        Krb5Helper.checkSpn(str);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.1
                static final long serialVersionUID = -6063323207179772536L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws PrivilegedActionException, GSSException {
                    String propertyAsNeeded = Krb5Helper.setPropertyAsNeeded(Krb5Helper.USE_SUBJECT_CREDS_ONLY, "false");
                    try {
                        String buildSpnegoAuthorization = Krb5Helper.buildSpnegoAuthorization(Krb5Helper.getGSSCred(null, null, SpnegoTokenHelper.SPNEGO_MECH_OID, 1, Integer.MAX_VALUE, Integer.MAX_VALUE), str, i, z);
                        Krb5Helper.restorePropertyAsNeeded(Krb5Helper.USE_SUBJECT_CREDS_ONLY, propertyAsNeeded, "false");
                        return buildSpnegoAuthorization;
                    } catch (Throwable th) {
                        Krb5Helper.restorePropertyAsNeeded(Krb5Helper.USE_SUBJECT_CREDS_ONLY, propertyAsNeeded, "false");
                        throw th;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "129", null, new Object[]{str, Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = Krb5Helper.getGeneralCause(e);
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    public static String buildSpnegoAuthorizationFromUpn(final String str, final String str2, final String str3, final int i, final boolean z) throws GSSException, LoginException, PrivilegedActionException {
        Krb5Helper.checkSpn(str);
        Krb5Helper.checkUpn(str2);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.2
                static final long serialVersionUID = -8771378281528230433L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass2.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws LoginException, PrivilegedActionException, GSSException {
                    String propertyAsNeeded = Krb5Helper.setPropertyAsNeeded(Krb5Helper.USE_SUBJECT_CREDS_ONLY, "false");
                    try {
                        String buildSpnegoAuthorization = Krb5Helper.buildSpnegoAuthorization((GSSCredential) Subject.doAs(SpnegoTokenHelper.doKerberosLogin(str3, str2, null), new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.2.1
                            static final long serialVersionUID = -3876628782473623535L;
                            private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                            @Override // java.security.PrivilegedExceptionAction
                            public Object run() throws GSSException, Exception {
                                return Krb5Helper.getGSSCred(null, str2, SpnegoTokenHelper.SPNEGO_MECH_OID, 1, Integer.MAX_VALUE, Integer.MAX_VALUE);
                            }
                        }), str, i, z);
                        Krb5Helper.restorePropertyAsNeeded(Krb5Helper.USE_SUBJECT_CREDS_ONLY, propertyAsNeeded, "false");
                        return buildSpnegoAuthorization;
                    } catch (Throwable th) {
                        Krb5Helper.restorePropertyAsNeeded(Krb5Helper.USE_SUBJECT_CREDS_ONLY, propertyAsNeeded, "false");
                        throw th;
                    }
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "195", null, new Object[]{str, str2, str3, Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = Krb5Helper.getGeneralCause(e);
            if (generalCause instanceof LoginException) {
                throw ((LoginException) generalCause);
            }
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    public static String buildSpnegoAuthorizationFromUseridPassword(String str, String str2, @Sensitive String str3, int i, boolean z) throws GSSException, LoginException, PrivilegedActionException {
        return buildSpnegoAuthorizationFromUseridPassword(str, str2, str3, JaasLoginConfigConstants.JAASClient, i, z);
    }

    public static String buildSpnegoAuthorizationFromUseridPassword(final String str, final String str2, @Sensitive final String str3, final String str4, final int i, final boolean z) throws GSSException, LoginException, PrivilegedActionException {
        Krb5Helper.checkSpn(str);
        Krb5Helper.checkUpn(str2);
        Krb5Helper.checkPassword(str3);
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.3
                static final long serialVersionUID = 5246391761545194704L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass3.class);

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws LoginException, GSSException, PrivilegedActionException {
                    return Krb5Helper.buildSpnegoAuthorization((GSSCredential) Subject.doAs(SpnegoTokenHelper.doKerberosLogin(str4, str2, str3), new PrivilegedExceptionAction<Object>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.3.1
                        static final long serialVersionUID = 2903546241992746685L;
                        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass1.class);

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws GSSException, Exception {
                            return Krb5Helper.getGSSCred(null, str2, SpnegoTokenHelper.SPNEGO_MECH_OID, 1, Integer.MAX_VALUE, Integer.MAX_VALUE);
                        }
                    }), str, i, z);
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "279", null, new Object[]{str, str2, "<sensitive java.lang.String>", str4, Integer.valueOf(i), Boolean.valueOf(z)});
            GSSException generalCause = Krb5Helper.getGeneralCause(e);
            if (generalCause instanceof LoginException) {
                throw ((LoginException) generalCause);
            }
            if (generalCause instanceof GSSException) {
                throw generalCause;
            }
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Subject doKerberosLogin(String str, final String str2, @Sensitive final String str3) throws LoginException {
        Subject subject = null;
        if (str == null) {
            str = JaasLoginConfigConstants.JAASClient;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "jaasLoginContextEntry: " + str, new Object[0]);
            }
        }
        final String str4 = str;
        try {
            subject = (Subject) AccessController.doPrivileged(new PrivilegedExceptionAction<Subject>() { // from class: com.ibm.wsspi.security.token.SpnegoTokenHelper.4
                static final long serialVersionUID = 5228473330192668780L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(AnonymousClass4.class);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public Subject run() throws LoginException {
                    LoginContext loginContext = new LoginContext(str4, new WSCallbackHandlerImpl(str2, str3));
                    loginContext.login();
                    return loginContext.getSubject();
                }
            });
        } catch (PrivilegedActionException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "320", null, new Object[]{str, str2, "<sensitive java.lang.String>"});
            Throwable generalCause = Krb5Helper.getGeneralCause(e);
            if (generalCause instanceof LoginException) {
                throw ((LoginException) generalCause);
            }
        }
        return subject;
    }

    static {
        try {
            SPNEGO_MECH_OID = new Oid("1.3.6.1.5.5.2");
        } catch (GSSException e) {
            FFDCFilter.processException(e, "com.ibm.wsspi.security.token.SpnegoTokenHelper", "333", null, new Object[0]);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected GSSExecption: " + e, new Object[0]);
            }
        }
    }
}
