package org.jacorb.security.sas;

import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.jacorb.config.Configuration;
import org.jacorb.config.ConfigurationException;
import org.omg.CORBA.ORB;
import org.omg.CSIIOP.CompoundSecMechList;
import org.omg.IOP.Codec;
import org.slf4j.Logger;

/* loaded from: input_file:org/jacorb/security/sas/KerberosContext.class */
public class KerberosContext implements ISASContext {
    private Logger logger;
    private GSSContext validatedContext = null;
    private GSSCredential targetCreds = null;
    private GSSCredential clientCreds = null;

    @Override // org.jacorb.security.sas.ISASContext
    public void configure(Configuration configuration) throws ConfigurationException {
        this.logger = configuration.getLogger("org.jacorb.security.sas.Kerberos.log.verbosity");
    }

    @Override // org.jacorb.security.sas.ISASContext
    public void initClient() {
        try {
            this.clientCreds = GSSManager.getInstance().createCredential((GSSName) null, Integer.MAX_VALUE, new Oid("oid:1.2.840.113554.1.2.2".substring(4)), 1);
        } catch (Exception e) {
            this.logger.warn("Error getting created principal: " + e);
        }
    }

    @Override // org.jacorb.security.sas.ISASContext
    public String getMechOID() {
        return "oid:1.2.840.113554.1.2.2".substring(4);
    }

    @Override // org.jacorb.security.sas.ISASContext
    public byte[] createClientContext(ORB orb, Codec codec, CompoundSecMechList compoundSecMechList) {
        byte[] bArr = new byte[0];
        if (compoundSecMechList != null) {
            try {
                byte[] bArr2 = compoundSecMechList.mechanism_list[0].as_context_mech.target_name;
                Oid oid = new Oid("oid:1.2.840.113554.1.2.2".substring(4));
                GSSManager gSSManager = GSSManager.getInstance();
                GSSName createName = gSSManager.createName(bArr2, (Oid) null, oid);
                if (this.clientCreds == null) {
                    this.clientCreds = gSSManager.createCredential((GSSName) null, Integer.MAX_VALUE, oid, 1);
                }
                bArr = gSSManager.createContext(createName, oid, this.clientCreds, Integer.MAX_VALUE).initSecContext(bArr, 0, bArr.length);
            } catch (Exception e) {
                this.logger.error("Error creating Kerberos context: " + e);
            }
        }
        return bArr;
    }

    @Override // org.jacorb.security.sas.ISASContext
    public String getClientPrincipal() {
        String str = "";
        try {
            Oid oid = new Oid("oid:1.2.840.113554.1.2.2".substring(4));
            GSSManager gSSManager = GSSManager.getInstance();
            if (this.clientCreds == null) {
                this.clientCreds = gSSManager.createCredential((GSSName) null, Integer.MAX_VALUE, oid, 1);
            }
            str = this.clientCreds.getName().toString();
        } catch (Exception e) {
            this.logger.error("Error getting created principal: " + e);
        }
        return str;
    }

    @Override // org.jacorb.security.sas.ISASContext
    public void initTarget() {
        try {
            Oid oid = new Oid("oid:1.2.840.113554.1.2.2".substring(4));
            GSSManager gSSManager = GSSManager.getInstance();
            if (this.targetCreds == null) {
                this.targetCreds = gSSManager.createCredential((GSSName) null, Integer.MAX_VALUE, oid, 2);
            }
        } catch (GSSException e) {
            this.logger.warn("Error accepting Kerberos context: " + e);
        }
    }

    @Override // org.jacorb.security.sas.ISASContext
    public boolean validateContext(ORB orb, Codec codec, byte[] bArr) {
        byte[] bArr2 = null;
        try {
            Oid oid = new Oid("oid:1.2.840.113554.1.2.2".substring(4));
            GSSManager gSSManager = GSSManager.getInstance();
            if (this.targetCreds == null) {
                this.targetCreds = gSSManager.createCredential((GSSName) null, Integer.MAX_VALUE, oid, 2);
            }
            this.validatedContext = gSSManager.createContext(this.targetCreds);
            bArr2 = this.validatedContext.acceptSecContext(bArr, 0, bArr.length);
        } catch (GSSException e) {
            this.logger.error("Error accepting Kerberos context: " + e);
        }
        if (bArr2 != null) {
            return true;
        }
        this.logger.warn("Could not accept token");
        return false;
    }

    @Override // org.jacorb.security.sas.ISASContext
    public String getValidatedPrincipal() {
        if (this.validatedContext == null) {
            return null;
        }
        try {
            return this.validatedContext.getSrcName().toString();
        } catch (GSSException e) {
            this.logger.error("Error getting name: " + e);
            return null;
        }
    }
}
