package org.jboss.security.negotiation;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:org/jboss/security/negotiation/KerberosLoginModule.class */
public class KerberosLoginModule implements LoginModule {
    public static final String ADD_GSS_CREDENTIAL = "addGSSCredential";
    public static final String CREDENTIAL_LIFETIME = "credentialLifetime";
    private static final String SUN_MODULE = "com.sun.security.auth.module.Krb5LoginModule";
    private static final String IBM_MODULE = "com.ibm.security.auth.module.Krb5LoginModule";
    private static Class<LoginModule> WRAPPED_CLASS;
    private boolean addGssCredential;
    private int credentialLifetime = 0;
    private LoginModule wrapped;
    private Subject subject;
    private GSSCredential credential;

    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        this.wrapped = SecurityActions.newInstance(WRAPPED_CLASS);
        if (this.wrapped == null) {
            throw new IllegalStateException("Unable to instantiate Krb5LoginModule to wrap!");
        }
        HashMap hashMap = new HashMap(map2);
        hashMap.remove(ADD_GSS_CREDENTIAL);
        hashMap.remove(CREDENTIAL_LIFETIME);
        this.wrapped.initialize(subject, callbackHandler, map, hashMap);
        this.subject = subject;
        this.addGssCredential = Boolean.parseBoolean((String) map2.get(ADD_GSS_CREDENTIAL));
        if (map2.containsKey(CREDENTIAL_LIFETIME)) {
            if (!this.addGssCredential) {
                throw new IllegalStateException(String.format("Option '%s' has been specified within enabling '%s'", CREDENTIAL_LIFETIME, ADD_GSS_CREDENTIAL));
            }
            this.credentialLifetime = Integer.parseInt((String) map2.get(CREDENTIAL_LIFETIME));
            if (this.credentialLifetime < 0) {
                this.credentialLifetime = Integer.MAX_VALUE;
            }
        }
    }

    public boolean login() throws LoginException {
        return this.wrapped.login();
    }

    public boolean commit() throws LoginException {
        boolean commit = this.wrapped.commit();
        if (commit && this.addGssCredential) {
            final GSSManager gSSManager = GSSManager.getInstance();
            try {
                GSSCredential gSSCredential = (GSSCredential) Subject.doAs(this.subject, new PrivilegedExceptionAction<GSSCredential>() { // from class: org.jboss.security.negotiation.KerberosLoginModule.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public GSSCredential run() throws Exception {
                        Set principals = KerberosLoginModule.this.subject.getPrincipals(KerberosPrincipal.class);
                        if (principals.size() < 1) {
                            throw new LoginException("No KerberosPrincipal Found");
                        }
                        if (principals.size() > 1) {
                            throw new LoginException("Too Many KerberosPrincipals Found");
                        }
                        return gSSManager.createCredential(gSSManager.createName(((KerberosPrincipal) principals.iterator().next()).getName(), GSSName.NT_USER_NAME, Constants.KERBEROS_V5), KerberosLoginModule.this.credentialLifetime, Constants.KERBEROS_V5, 1);
                    }
                });
                SecurityActions.addPrivateCredential(this.subject, gSSCredential);
                this.credential = gSSCredential;
            } catch (PrivilegedActionException e) {
                Exception exception = e.getException();
                if (exception instanceof LoginException) {
                    throw ((LoginException) exception);
                }
                throw new LoginException("Unable to create GSSCredential");
            }
        }
        return commit;
    }

    public boolean abort() throws LoginException {
        try {
            boolean abort = this.wrapped.abort();
            cleanUp();
            return abort;
        } catch (Throwable th) {
            cleanUp();
            throw th;
        }
    }

    public boolean logout() throws LoginException {
        try {
            if (this.credential != null) {
                SecurityActions.removePrivateCredential(this.subject, this.credential);
            }
            boolean abort = this.wrapped.abort();
            cleanUp();
            return abort;
        } catch (Throwable th) {
            cleanUp();
            throw th;
        }
    }

    private void cleanUp() {
        this.wrapped = null;
        this.subject = null;
        if (this.credential != null) {
            try {
                this.credential.dispose();
            } catch (GSSException e) {
            }
            this.credential = null;
        }
    }

    static {
        Class<LoginModule> loadLoginModuleClass = SecurityActions.loadLoginModuleClass(SUN_MODULE);
        if (loadLoginModuleClass == null) {
            loadLoginModuleClass = SecurityActions.loadLoginModuleClass(IBM_MODULE);
        }
        if (loadLoginModuleClass == null) {
            throw new IllegalStateException("Unable to locate any Krb5LoginModule");
        }
        WRAPPED_CLASS = loadLoginModuleClass;
    }
}
