package org.alfresco.web.site.servlet;

import java.security.PrivilegedAction;
import org.alfresco.jlan.server.auth.kerberos.KerberosDetails;
import org.alfresco.jlan.server.auth.spnego.OID;
import org.alfresco.util.Pair;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.springframework.extensions.surf.util.Base64;

/* loaded from: input_file:WEB-INF/lib/alfresco-share-4.2.a.jar:org/alfresco/web/site/servlet/KerberosSessionSetupPrivilegedAction.class */
public class KerberosSessionSetupPrivilegedAction implements PrivilegedAction<Pair<KerberosDetails, String>> {
    private static final Log logger = LogFactory.getLog(KerberosSessionSetupPrivilegedAction.class);
    private byte[] m_secBlob;
    private int m_secOffset = 0;
    private int m_secLen;
    private String m_accountName;
    private String endpointSPN;

    public KerberosSessionSetupPrivilegedAction(String str, byte[] bArr, String str2) {
        this.m_accountName = str;
        this.m_secBlob = bArr;
        this.m_secLen = bArr.length;
        this.endpointSPN = str2;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.security.PrivilegedAction
    public Pair<KerberosDetails, String> run() {
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createCredential(gSSManager.createName(this.m_accountName, GSSName.NT_USER_NAME), Integer.MAX_VALUE, OID.KERBEROS5, 2));
            KerberosDetails kerberosDetails = new KerberosDetails(createContext.getSrcName(), createContext.getTargName(), createContext.acceptSecContext(this.m_secBlob, this.m_secOffset, this.m_secLen));
            byte[] bArr = new byte[0];
            if (!createContext.getCredDelegState()) {
                logger.warn("credentials can not be delegated!");
                return null;
            }
            GSSCredential delegCred = createContext.getDelegCred();
            GSSName createName = gSSManager.createName(this.endpointSPN, GSSName.NT_USER_NAME);
            Oid oid = OID.KERBEROS5;
            GSSContext createContext2 = gSSManager.createContext(createName.canonicalize(oid), oid, delegCred, 0);
            createContext2.requestCredDeleg(true);
            return new Pair<>(kerberosDetails, Base64.encodeBytes(createContext2.initSecContext(bArr, 0, bArr.length), 8));
        } catch (GSSException e) {
            logger.warn("Caught GSS Error", e);
            return null;
        }
    }
}
