package org.openejb.corba.security.config.tss;

import java.io.UnsupportedEncodingException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.geronimo.security.ContextManager;
import org.apache.geronimo.security.jaas.UsernamePasswordCallback;
import org.omg.CORBA.ORB;
import org.omg.CSI.EstablishContext;
import org.omg.CSIIOP.AS_ContextSec;
import org.omg.GSSUP.GSSUPMechOID;
import org.omg.GSSUP.InitialContextToken;
import org.omg.IOP.Codec;
import org.openejb.corba.security.SASException;
import org.openejb.corba.util.Util;

/* loaded from: input_file:repository/openejb/jars/openejb-core-2.0-G1M4.jar:org/openejb/corba/security/config/tss/TSSGSSUPMechConfig.class */
public class TSSGSSUPMechConfig extends TSSASMechConfig {
    private String targetName;
    private boolean required;

    public TSSGSSUPMechConfig() {
    }

    public TSSGSSUPMechConfig(AS_ContextSec aS_ContextSec) {
        this.targetName = Util.decodeGSSExportName(aS_ContextSec.target_name);
        this.required = aS_ContextSec.target_requires == 64;
    }

    public String getTargetName() {
        return this.targetName;
    }

    public void setTargetName(String str) {
        this.targetName = str;
    }

    public boolean isRequired() {
        return this.required;
    }

    public void setRequired(boolean z) {
        this.required = z;
    }

    @Override // org.openejb.corba.security.config.tss.TSSASMechConfig
    public short getSupports() {
        return (short) 64;
    }

    @Override // org.openejb.corba.security.config.tss.TSSASMechConfig
    public short getRequires() {
        return this.required ? (short) 64 : (short) 0;
    }

    @Override // org.openejb.corba.security.config.tss.TSSASMechConfig
    public AS_ContextSec encodeIOR(ORB orb, Codec codec) throws Exception {
        AS_ContextSec aS_ContextSec = new AS_ContextSec();
        aS_ContextSec.target_supports = (short) 64;
        aS_ContextSec.target_requires = this.required ? (short) 64 : (short) 0;
        aS_ContextSec.client_authentication_mech = Util.encodeOID(GSSUPMechOID.value);
        aS_ContextSec.target_name = Util.encodeGSSExportName(GSSUPMechOID.value, this.targetName);
        return aS_ContextSec;
    }

    @Override // org.openejb.corba.security.config.tss.TSSASMechConfig
    public Subject check(EstablishContext establishContext) throws SASException {
        Subject subject = null;
        try {
            if (establishContext.client_authentication_token != null && establishContext.client_authentication_token.length > 0) {
                InitialContextToken initialContextToken = new InitialContextToken();
                if (!Util.decodeGSSUPToken(Util.getCodec(), establishContext.client_authentication_token, initialContextToken)) {
                    throw new SASException(2);
                }
                if (initialContextToken.target_name == null) {
                    return null;
                }
                String str = initialContextToken.target_name == null ? this.targetName : new String(initialContextToken.target_name, "UTF8");
                if (!this.targetName.equals(str)) {
                    throw new SASException(2);
                }
                LoginContext loginContext = new LoginContext(str, new UsernamePasswordCallback(new String(initialContextToken.username, "UTF8"), new String(initialContextToken.password, "UTF8").toCharArray()));
                loginContext.login();
                subject = ContextManager.getServerSideSubject(loginContext.getSubject());
            }
            return subject;
        } catch (UnsupportedEncodingException e) {
            throw new SASException(1, e);
        } catch (LoginException e2) {
            throw new SASException(1, e2);
        }
    }
}
