package org.ametys.plugins.core.impl.checker;

import java.io.IOException;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.ametys.plugins.core.impl.authentication.KerberosCredentialProvider;
import org.ametys.runtime.parameter.ParameterChecker;
import org.ametys.runtime.parameter.ParameterCheckerTestFailureException;
import org.ametys.runtime.plugin.component.AbstractLogEnabled;
import org.apache.avalon.framework.context.Context;
import org.apache.avalon.framework.context.ContextException;
import org.apache.avalon.framework.context.Contextualizable;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:org/ametys/plugins/core/impl/checker/KerberosChecker.class */
public class KerberosChecker extends AbstractLogEnabled implements ParameterChecker, Contextualizable {
    protected Context _context;

    public void contextualize(Context context) throws ContextException {
        this._context = context;
    }

    @Override // org.ametys.runtime.parameter.ParameterChecker
    public void check(List<String> list) throws ParameterCheckerTestFailureException {
        try {
            LoginContext createLoginContext = KerberosCredentialProvider.createLoginContext(list.get(0), list.get(1), list.get(2), list.get(3), this._context);
            Subject subject = createLoginContext.getSubject();
            final GSSManager gSSManager = GSSManager.getInstance();
            final GSSContext createContext = GSSManager.getInstance().createContext((GSSCredential) Subject.doAs(createLoginContext.getSubject(), new PrivilegedExceptionAction<GSSCredential>() { // from class: org.ametys.plugins.core.impl.checker.KerberosChecker.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public GSSCredential run() throws GSSException {
                    return gSSManager.createCredential((GSSName) null, Integer.MAX_VALUE, new Oid("1.3.6.1.5.5.2"), 1);
                }
            }));
            System.out.println((byte[]) Subject.doAs(subject, new PrivilegedAction<byte[]>() { // from class: org.ametys.plugins.core.impl.checker.KerberosChecker.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public byte[] run() {
                    try {
                        byte[] bArr = new byte[0];
                        createContext.requestMutualAuth(false);
                        createContext.requestCredDeleg(false);
                        return createContext.initSecContext(bArr, 0, bArr.length);
                    } catch (GSSException e) {
                        throw new ParameterCheckerTestFailureException("aaa (" + e.getMessage() + ")", e);
                    }
                }
            }));
        } catch (IOException | LoginException | ContextException | GSSException | PrivilegedActionException e) {
            throw new ParameterCheckerTestFailureException("Unable to connect to the KDC (" + e.getMessage() + ")", e);
        }
    }
}
