package com.ibm.ws.security.token;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WebSphereRuntimePermission;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.security.auth.kerberos.Krb5WSCredentialUtils;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.wsspi.security.token.AttributeNameConstants;
import com.ibm.wsspi.security.token.KerberosToken;
import java.util.Enumeration;
import java.util.Hashtable;
import org.ietf.jgss.GSSCredential;

/* loaded from: input_file:wasJars/securityimpl.jar:com/ibm/ws/security/token/KerberosTokenImpl.class */
public class KerberosTokenImpl extends AbstractTokenImpl implements KerberosToken {
    private byte[] tokenBytes = null;
    private GSSCredential gssCredential = null;
    private Hashtable kerberosData = null;
    private String KERBEROS_MECH = "1.2.840.113554.1.2.2";
    private String KERBEROS_OID = "oid:" + this.KERBEROS_MECH;
    private ContextManager contextManager = null;
    private String tokenName = AttributeNameConstants.WSKERBEROSTOKEN_NAME;
    private boolean forwardable = false;
    private boolean isReadOnly = false;
    private short version = 1;
    private static final WebSphereRuntimePermission UPDATE_TOKEN = new WebSphereRuntimePermission("updateToken");
    private static final TraceComponent tc = Tr.register(KerberosTokenImpl.class, (String) null, "com.ibm.ejs.resources.security");

    public void initializeToken(byte[] bArr) throws WSLoginFailedException {
        if (bArr == null) {
            WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("KerberosTokenImpl: Invalid authentication data");
            this.contextManager.setRootException(wSLoginFailedException);
            throw wSLoginFailedException;
        }
        try {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Using byte[] to create token for OID: " + this.KERBEROS_OID);
            }
            this.gssCredential = Krb5WSCredentialUtils.validateToken(bArr);
            this.kerberosData = new Hashtable();
            if (this.gssCredential != null && tc.isDebugEnabled()) {
                Tr.debug(tc, "GSSCredential initialized");
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, AttributeNameConstants.WSKERBEROSTOKEN_NAME, "81", this);
            Tr.debug(tc, "Exception validating token.", new Object[]{e});
            this.contextManager.setRootException(e);
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    public void initializeToken(GSSCredential gSSCredential) throws WSLoginFailedException {
        try {
            this.gssCredential = gSSCredential;
            this.kerberosData = new Hashtable();
            if (this.gssCredential == null) {
                WSLoginFailedException wSLoginFailedException = new WSLoginFailedException("KerberosTokenImpl: no gssCredential in Subject");
                this.contextManager.setRootException(wSLoginFailedException);
                throw wSLoginFailedException;
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, AttributeNameConstants.WSKERBEROSTOKEN_NAME, "107", this);
            this.contextManager.setRootException(e);
            throw new WSLoginFailedException(e.getMessage(), e);
        }
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public boolean isValid() {
        int i = 0;
        try {
            i = this.gssCredential.getRemainingLifetime();
        } catch (Exception e) {
            Tr.debug(tc, "Exception getting expiraion from GSSCredential.", new Object[]{e});
        }
        return i > 0;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public long getExpiration() {
        try {
            return (this.gssCredential.getRemainingLifetime() * 1000) + System.currentTimeMillis();
        } catch (Exception e) {
            Tr.debug(tc, "Exception getting expiraion from GSSCredential.", new Object[]{e});
            return -1L;
        }
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public boolean isForwardable() {
        return false;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String getPrincipal() {
        if (this.gssCredential == null) {
            Tr.debug(tc, "GSSCredential is null, cannot get principal.");
            return null;
        }
        String str = null;
        try {
            str = this.gssCredential.getName().toString();
        } catch (Exception e) {
            Tr.debug(tc, "Exception getting principal name from GSSCredential.", new Object[]{e});
        }
        return str;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String getUniqueID() {
        return getPrincipal();
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public byte[] getBytes() {
        return null;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String getName() {
        return this.tokenName;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public short getVersion() {
        return this.version;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.AuthenticationToken
    public boolean isBasicAuth() {
        return false;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public void setReadOnly() {
        this.isReadOnly = true;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String[] getAttributes(String str) {
        String str2 = (String) this.kerberosData.get(str);
        if (str2 != null) {
            return new String[]{str2};
        }
        return null;
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public String[] addAttribute(String str, String str2) {
        SecurityManager securityManager;
        String str3;
        if ((str.startsWith("com.ibm.wsspi.security") || str.startsWith("com.ibm.websphere.security")) && (securityManager = System.getSecurityManager()) != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + UPDATE_TOKEN.toString());
            }
            securityManager.checkPermission(UPDATE_TOKEN);
        }
        if (this.isReadOnly || (str3 = (String) this.kerberosData.put(str, str2)) == null) {
            return null;
        }
        return new String[]{str3};
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public Enumeration getAttributeNames() {
        return this.kerberosData.keys();
    }

    @Override // com.ibm.ws.security.token.AbstractTokenImpl, com.ibm.wsspi.security.token.Token
    public Object clone() {
        return null;
    }

    @Override // com.ibm.wsspi.security.token.KerberosToken
    public GSSCredential getGSSCredential() {
        return this.gssCredential;
    }
}
