package org.apache.cxf.ws.security.kerberos;

import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.Bus;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.Configurable;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.message.token.KerberosSecurity;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.ietf.jgss.GSSCredential;

/* loaded from: input_file:WEB-INF/lib/cxf-bundle-2.7.18.jar:org/apache/cxf/ws/security/kerberos/KerberosClient.class */
public class KerberosClient implements Configurable {
    private static final Logger LOG = LogUtils.getL7dLogger(KerberosClient.class);
    private String serviceName;
    private CallbackHandler callbackHandler;
    private String contextName;
    private boolean requestCredentialDelegation;
    private boolean isUsernameServiceNameForm;
    private boolean useDelegatedCredential;
    String name = "default.kerberos-client";
    private WSSConfig wssConfig = WSSConfig.getNewInstance();

    @Deprecated
    public KerberosClient(Bus bus) {
    }

    public KerberosClient() {
    }

    @Override // org.apache.cxf.configuration.Configurable
    public String getBeanName() {
        return this.name;
    }

    public String getContextName() {
        return this.contextName;
    }

    public void setContextName(String str) {
        this.contextName = str;
    }

    public String getJaasLoginModuleName() {
        return this.contextName;
    }

    public void setJaasLoginModuleName(String str) {
        this.contextName = str;
    }

    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    public void setServiceName(String str) {
        this.serviceName = str;
    }

    public String getServiceName() {
        return this.serviceName;
    }

    public SecurityToken requestSecurityToken() throws Exception {
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        GSSCredential gSSCredential = null;
        if (currentMessage != null && this.useDelegatedCredential) {
            Object contextualProperty = currentMessage.getContextualProperty(SecurityConstants.DELEGATED_CREDENTIAL);
            if (contextualProperty instanceof GSSCredential) {
                gSSCredential = (GSSCredential) contextualProperty;
            }
        }
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("Requesting Kerberos ticket for " + this.serviceName + " using JAAS Login Module: " + getContextName());
        }
        KerberosSecurity kerberosSecurity = new KerberosSecurity(DOMUtils.createDocument());
        kerberosSecurity.retrieveServiceTicket(getContextName(), this.callbackHandler, this.serviceName, this.isUsernameServiceNameForm, this.requestCredentialDelegation, gSSCredential);
        kerberosSecurity.addWSUNamespace();
        kerberosSecurity.setID(this.wssConfig.getIdAllocator().createSecureId("BST-", kerberosSecurity));
        SecurityToken securityToken = new SecurityToken(kerberosSecurity.getID());
        securityToken.setToken(kerberosSecurity.getElement());
        securityToken.setWsuId(kerberosSecurity.getID());
        SecretKey secretKey = kerberosSecurity.getSecretKey();
        if (secretKey != null) {
            securityToken.setSecret(secretKey.getEncoded());
        }
        securityToken.setSHA1(Base64.encode(WSSecurityUtil.generateDigest(kerberosSecurity.getToken())));
        securityToken.setTokenType(kerberosSecurity.getValueType());
        return securityToken;
    }

    public boolean isUsernameServiceNameForm() {
        return this.isUsernameServiceNameForm;
    }

    public void setUsernameServiceNameForm(boolean z) {
        this.isUsernameServiceNameForm = z;
    }

    public boolean isRequestCredentialDelegation() {
        return this.requestCredentialDelegation;
    }

    public void setRequestCredentialDelegation(boolean z) {
        this.requestCredentialDelegation = z;
    }

    public boolean isUseDelegatedCredential() {
        return this.useDelegatedCredential;
    }

    public void setUseDelegatedCredential(boolean z) {
        this.useDelegatedCredential = z;
    }
}
