package com.ibm.ws.security.spnego;

import com.ibm.ws.security.util.Base64Coder;
import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/security/spnego/DelegatedCredentialExtractor.class */
public class DelegatedCredentialExtractor {
    private static final Oid SPNEGOMECHOID;
    private static final Oid KRB5MECHANISMOID;
    private static String LtpaToken = "LtpaToken";
    private static final String ME;
    private static final Logger logger;
    static Class class$com$ibm$ws$security$spnego$DelegatedCredentialExtractor;

    private DelegatedCredentialExtractor() {
    }

    public static String getSpnegoAuthorizationToken(HttpSession httpSession, String str, String str2) throws KerberosSSOException, FailoverException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "getSpnegoAuthorizationToken");
        }
        String buildSpnegoAuthorizationString = buildSpnegoAuthorizationString(CredentialManager.getDelegatedCredential(httpSession), str, str2);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "getSpnegoAuthorizationToken", "Delegated credentials returned");
        }
        return buildSpnegoAuthorizationString;
    }

    private static String buildSpnegoAuthorizationString(GSSCredential gSSCredential, String str, String str2) throws KerberosSSOException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "buildSpnegoAuthorizationString");
        }
        if (str == null || str2 == null) {
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "Unable to build SPN with null fields");
            }
            throw new KerberosSSOException("Unable to build SPN with null fields");
        }
        String stringBuffer = new StringBuffer().append("HTTP/").append(str).append("@").append(str2).toString();
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            if (gSSManager == null) {
                if (logger.isLoggable(Level.FINER)) {
                    logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "Unable to get Default GSSManager instance");
                }
                throw new KerberosSSOException("Unable to get Default GSSManager instance");
            }
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(stringBuffer, GSSName.NT_USER_NAME).canonicalize(SPNEGOMECHOID), SPNEGOMECHOID, gSSCredential, Integer.MAX_VALUE);
            createContext.requestMutualAuth(true);
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", new StringBuffer().append("GSSContext ").append(createContext).toString());
            }
            byte[] initSecContext = createContext.initSecContext(null, 0, 0);
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", "initSecContext done");
            }
            String stringBuffer2 = new StringBuffer().append("Negotiate ").append(new String(Base64Coder.base64Encode(initSecContext))).toString();
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, "buildSpnegoAuthorizationString", new StringBuffer().append("SPNEGO token\n").append(stringBuffer2).toString());
            }
            createContext.dispose();
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(ME, "buildSpnegoAuthorizationString", stringBuffer2);
            }
            return stringBuffer2;
        } catch (GSSException e) {
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(ME, new StringBuffer().append("buildSpnegoAuthorizationString - GSSException received ").append(e.getMessage()).toString());
            }
            throw new KerberosSSOException(e.getMessage());
        }
    }

    public static void relogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "relogin");
        }
        String str = null;
        String str2 = null;
        boolean z = false;
        for (Cookie cookie : httpServletRequest.getCookies()) {
            if (cookie.getName().equals(LtpaToken) && !z) {
                str = cookie.getPath();
                str2 = cookie.getDomain();
                z = true;
            }
        }
        Cookie cookie2 = new Cookie(LtpaToken, "");
        cookie2.setMaxAge(0);
        cookie2.setDomain(str2);
        cookie2.setPath(str);
        httpServletResponse.addCookie(cookie2);
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (!z) {
            logger.logp(Level.WARNING, ME, "relogin", "security.spnego.no.LtpaToken.found", new Object[]{httpServletRequest.getUserPrincipal()});
            return;
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.logp(Level.FINER, ME, "relogin", new StringBuffer().append("Redirect back to this ourselves, the TAI should be engaged now!").append(stringBuffer).toString());
        }
        httpServletResponse.sendRedirect(stringBuffer);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Oid oid;
        Oid oid2;
        if (class$com$ibm$ws$security$spnego$DelegatedCredentialExtractor == null) {
            cls = class$("com.ibm.ws.security.spnego.DelegatedCredentialExtractor");
            class$com$ibm$ws$security$spnego$DelegatedCredentialExtractor = cls;
        } else {
            cls = class$com$ibm$ws$security$spnego$DelegatedCredentialExtractor;
        }
        ME = cls.getName();
        logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);
        try {
            oid = new Oid(Constants.OID_KRB5_MECH);
        } catch (GSSException e) {
            oid = null;
        }
        KRB5MECHANISMOID = oid;
        try {
            oid2 = new Oid(Constants.OID_SPNEGO_MECH);
        } catch (GSSException e2) {
            oid2 = null;
        }
        SPNEGOMECHOID = oid2;
    }
}
