package com.ibm.ws.security.spnego.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.s4u2proxy.KerberosExtService;
import com.ibm.ws.security.token.krb5.Krb5Helper;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;

@InjectedFFDC
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {SpnegoHelperProxy.class}, name = "SpnegoHelperProxy", configurationPid = {"com.ibm.ws.security.spnego.internal.SpnegoHelperProxy"}, immediate = true, configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"service.vendor=IBM"})
/* loaded from: input_file:wlp/lib/com.ibm.ws.security.spnego_1.0.16.jar:com/ibm/ws/security/spnego/internal/SpnegoHelperProxy.class */
public class SpnegoHelperProxy {
    private static final int MAX_CACHE = 10;
    static final String KEY_KERBEROS_EXT_SERVICE = "KerberosExtService";
    static final long serialVersionUID = 4864469341094406319L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(SpnegoHelperProxy.class);
    private static Map<String, Object> delegateSubjectCache = null;
    static boolean ibmJDK = false;
    protected static final AtomicServiceReference<KerberosExtService> kerberosExtServiceRef = new AtomicServiceReference<>("KerberosExtService");

    public static GSSCredential getDelegateGSSCredUsingS4U2proxy(String str, GSSContext gSSContext, String str2) throws GSSException {
        Krb5Helper.checkUpn(str);
        return getKerberosExtService().getDelegateGSSCredUsingS4U2proxy(str, gSSContext, str2);
    }

    public static Subject doKerberosLogin(String str, String str2) throws LoginException, GSSException {
        return getKerberosExtService().doKerberosLogin(str, str2);
    }

    public static boolean isS4U2proxyEnabled() {
        KerberosExtService service = kerberosExtServiceRef.getService();
        if (service != null) {
            return service.isS4U2proxyEnable();
        }
        return false;
    }

    private static KerberosExtService getKerberosExtService() throws GSSException {
        if (delegateSubjectCache == null) {
            delegateSubjectCache = new HashMap(10);
        }
        KerberosExtService service = kerberosExtServiceRef.getService();
        if (service == null) {
            Krb5Helper.serviceNotAvailableException();
        }
        Krb5Helper.checkSupportJDKVendor(ibmJDK);
        return service;
    }

    @Reference(service = KerberosExtService.class, name = "KerberosExtService", cardinality = ReferenceCardinality.OPTIONAL, policy = ReferencePolicy.STATIC)
    protected void setKerberosExtService(ServiceReference<KerberosExtService> serviceReference) {
        kerberosExtServiceRef.setReference(serviceReference);
    }

    protected void unsetKerberosExtService(ServiceReference<KerberosExtService> serviceReference) {
        kerberosExtServiceRef.unsetReference(serviceReference);
    }

    @Activate
    protected void activate(ComponentContext componentContext) {
        ibmJDK = Krb5Helper.isIBMJDK();
        if (ibmJDK) {
            kerberosExtServiceRef.activate(componentContext);
        }
    }

    @Modified
    protected void modified(Map<String, Object> map) {
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        kerberosExtServiceRef.deactivate(componentContext);
        ibmJDK = false;
    }
}
