package com.ibm.ws.security.spnego;

import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.wsspi.management.agent.AdminSubsystemExtensionHandler;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:WEB-INF/lib/admin-8.5.0.jar:com/ibm/ws/security/spnego/ServerCredential.class */
public class ServerCredential {
    private static final Oid KRB5MECHANISMOID;
    private static final Oid SPNEGOMECHOID;
    private GSSManager gssManager;
    private GSSName gssName;
    private GSSCredential gssCred;
    private static final String ME = ServerCredential.class.getName();
    private static final Logger logger = Logger.getLogger(ME, Constants.MSGS_BUNDLE);

    public ServerCredential(ServerConfig serverConfig) throws GSSException, TAIConfigurationException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "<constructor>");
        }
        initialize(serverConfig);
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(ME, "<constructor>");
        }
    }

    private void initialize(ServerConfig serverConfig) throws GSSException, TAIConfigurationException {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, AdminSubsystemExtensionHandler.INITIALIZE);
        }
        if (serverConfig == null) {
            logger.logp(Level.SEVERE, ME, AdminSubsystemExtensionHandler.INITIALIZE, "security.spnego.config.error", "Service Provider Name is null.");
            throw new TAIConfigurationException("Service Provider Name is null.");
        }
        try {
            this.gssManager = ServerCredentialsFactory.getMgr();
            String serverName = serverConfig.getServerName();
            if (serverConfig.getGssNameType() == GSSName.NT_USER_NAME) {
                this.gssName = this.gssManager.createName(serverName, GSSName.NT_USER_NAME, KRB5MECHANISMOID);
            } else {
                logger.logp(Level.WARNING, ME, AdminSubsystemExtensionHandler.INITIALIZE, "security.spnego.warn.hostbased", serverName);
                this.gssName = this.gssManager.createName(serverName, GSSName.NT_HOSTBASED_SERVICE);
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, AdminSubsystemExtensionHandler.INITIALIZE, "Created GSSName for " + serverName);
            }
            int gssCredType = serverConfig.getGssCredType();
            int gssCredDuration = serverConfig.getGssCredDuration();
            this.gssCred = this.gssManager.createCredential(this.gssName, gssCredDuration, SPNEGOMECHOID, gssCredType);
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, AdminSubsystemExtensionHandler.INITIALIZE, "Created GSSCredential " + (this.gssName == null ? "default" : this.gssName.toString()) + " with lifetime of " + gssCredDuration + " seconds.");
            }
            this.gssCred.add(this.gssName, gssCredDuration, gssCredDuration, KRB5MECHANISMOID, gssCredType);
            int remainingLifetime = this.gssCred.getRemainingLifetime();
            Oid[] mechs = this.gssCred.getMechs();
            int remainingAcceptLifetime = this.gssCred.getRemainingAcceptLifetime(mechs[0]);
            if (logger.isLoggable(Level.FINER)) {
                logger.logp(Level.FINER, ME, AdminSubsystemExtensionHandler.INITIALIZE, "Lifetime remaining on credential: " + remainingLifetime + " secs");
                logger.logp(Level.FINER, ME, AdminSubsystemExtensionHandler.INITIALIZE, "Accept lifetime remaining on credential for mechanism " + mechs[0] + ": " + remainingAcceptLifetime + " secs");
            }
            if (logger.isLoggable(Level.FINER)) {
                logger.exiting(ME, AdminSubsystemExtensionHandler.INITIALIZE, this.gssCred.toString());
            }
        } catch (GSSException e) {
            FFDCFilter.processException((Throwable) e, "com.ibm.ws.security.spnego.ServerCredential.initialize", "173", (Object) this);
            logger.logp(Level.SEVERE, ME, AdminSubsystemExtensionHandler.INITIALIZE, "security.spnego.kerberos.init.failed", new Object[]{e});
            throw e;
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.security.spnego.ServerCredential.initialize", "178", this);
            logger.logp(Level.SEVERE, ME, AdminSubsystemExtensionHandler.INITIALIZE, "security.spnego.kerberos.init.error", new Object[]{th});
            throw new IllegalStateException("ServerCredential.initialize - unexpected exception: " + th);
        }
    }

    public final GSSCredential getGssCred() {
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(ME, "getGssCred");
            logger.exiting(ME, "getGssCred", this.gssCred);
        }
        return this.gssCred;
    }

    static {
        Oid oid;
        Oid oid2;
        try {
            oid = new Oid(Constants.OID_KRB5_MECH);
        } catch (GSSException e) {
            oid = null;
        }
        KRB5MECHANISMOID = oid;
        try {
            oid2 = new Oid(Constants.OID_SPNEGO_MECH);
        } catch (GSSException e2) {
            oid2 = null;
        }
        SPNEGOMECHOID = oid2;
    }
}
