package org.apache.wss4j.common.kerberos;

import java.lang.reflect.InvocationTargetException;
import java.security.Key;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.codehaus.groovy.control.CompilerConfiguration;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-177.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-common-2.0.3.jar:org/apache/wss4j/common/kerberos/KerberosServiceExceptionAction.class */
public class KerberosServiceExceptionAction implements PrivilegedExceptionAction<KerberosServiceContext> {
    private static final String javaVersion = System.getProperty("java.version");
    private static final boolean isJava5Or6;
    private static final boolean isOracleJavaVendor;
    private static final boolean isIBMJavaVendor;
    private static final String SUN_JGSS_INQUIRE_TYPE_CLASS = "com.sun.security.jgss.InquireType";
    private static final String SUN_JGSS_EXT_GSSCTX_CLASS = "com.sun.security.jgss.ExtendedGSSContext";
    private static final String IBM_JGSS_INQUIRE_TYPE_CLASS = "com.ibm.security.jgss.InquireType";
    private static final String IBM_JGSS_EXT_GSSCTX_CLASS = "com.ibm.security.jgss.ExtendedGSSContext";
    private static final String EXTENDED_JGSS_CONTEXT_INQUIRE_SEC_CONTEXT_METHOD_NAME = "inquireSecContext";
    private static final String EXTENDED_JGSS_CONTEXT_INQUIRE_TYPE_KRB5_GET_SESSION_KEY = "KRB5_GET_SESSION_KEY";
    private static final String JGSS_KERBEROS_TICKET_OID = "1.2.840.113554.1.2.2";
    private static final String JGSS_SPNEGO_TICKET_OID = "1.3.6.1.5.5.2";
    private static final String KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID = "kerberosTicketValidationError";
    private byte[] ticket;
    private String serviceName;
    private boolean isUsernameServiceNameForm;
    private boolean spnego;

    public KerberosServiceExceptionAction(byte[] bArr, String str, boolean z, boolean z2) {
        this.ticket = bArr;
        this.serviceName = str;
        this.isUsernameServiceNameForm = z;
        this.spnego = z2;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.security.PrivilegedExceptionAction
    public KerberosServiceContext run() throws GSSException, WSSecurityException {
        GSSManager gSSManager = GSSManager.getInstance();
        GSSName createName = gSSManager.createName(this.serviceName, this.isUsernameServiceNameForm ? GSSName.NT_USER_NAME : GSSName.NT_HOSTBASED_SERVICE);
        GSSContext createContext = this.spnego ? gSSManager.createContext(createName, new Oid(JGSS_SPNEGO_TICKET_OID), (GSSCredential) null, 0) : gSSManager.createContext(gSSManager.createCredential(createName, 0, new Oid("1.2.840.113554.1.2.2"), 2));
        try {
            byte[] acceptSecContext = createContext.acceptSecContext(this.ticket, 0, this.ticket.length);
            KerberosServiceContext kerberosServiceContext = new KerberosServiceContext();
            if (createContext.getCredDelegState()) {
                kerberosServiceContext.setDelegationCredential(createContext.getDelegCred());
            }
            kerberosServiceContext.setPrincipal(new KerberosPrincipal(createContext.getSrcName().toString()));
            kerberosServiceContext.setGssContext(createContext);
            kerberosServiceContext.setKerberosToken(acceptSecContext);
            if (!isJava5Or6 && (isOracleJavaVendor || isIBMJavaVendor)) {
                try {
                    try {
                        try {
                            try {
                                Class<?> cls = Class.forName(isOracleJavaVendor ? SUN_JGSS_INQUIRE_TYPE_CLASS : IBM_JGSS_INQUIRE_TYPE_CLASS);
                                kerberosServiceContext.setSessionKey((Key) Class.forName(isOracleJavaVendor ? SUN_JGSS_EXT_GSSCTX_CLASS : IBM_JGSS_EXT_GSSCTX_CLASS).getMethod(EXTENDED_JGSS_CONTEXT_INQUIRE_SEC_CONTEXT_METHOD_NAME, cls).invoke(createContext, Enum.valueOf(cls, EXTENDED_JGSS_CONTEXT_INQUIRE_TYPE_KRB5_GET_SESSION_KEY)));
                            } catch (NoSuchMethodException e) {
                                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[0], e);
                            }
                        } catch (ClassNotFoundException e2) {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[0], e2);
                        }
                    } catch (InvocationTargetException e3) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[0], e3.getCause());
                    }
                } catch (IllegalAccessException e4) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, KERBEROS_TICKET_VALIDATION_ERROR_MSG_ID, new Object[0], e4);
                }
            }
            if (null != createContext && !this.spnego) {
                createContext.dispose();
            }
            return kerberosServiceContext;
        } catch (Throwable th) {
            if (null != createContext && !this.spnego) {
                createContext.dispose();
            }
            throw th;
        }
    }

    static {
        isJava5Or6 = javaVersion.startsWith("1.5") || javaVersion.startsWith(CompilerConfiguration.JDK6);
        isOracleJavaVendor = System.getProperty("java.vendor").startsWith("Oracle");
        isIBMJavaVendor = System.getProperty("java.vendor").startsWith("IBM");
    }
}
