package net.sf.michaelo.tomcat.authenticator;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:net/sf/michaelo/tomcat/authenticator/CurrentWindowsIdentityAuthenticator.class */
public class CurrentWindowsIdentityAuthenticator extends GssAwareAuthenticatorBase {
    protected static final String CURRENT_WINDOWS_IDENTITY_METHOD = "CURRENT_WINDOWS_IDENTITY";

    public String getInfo() {
        return "net.sf.michaelo.tomcat.authenticator.CurrentWindowsIdentityAuthenticator/0.9";
    }

    protected boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(String.format("Already authenticated '%s'", userPrincipal));
            }
            String str = (String) request.getNote("org.apache.catalina.request.SSOID");
            if (str == null) {
                return true;
            }
            associate(str, request.getSessionInternal(true));
            return true;
        }
        LoginContext loginContext = null;
        try {
            try {
                loginContext = new LoginContext(getLoginEntryName());
                loginContext.login();
                final GSSManager gSSManager = GSSManager.getInstance();
                try {
                    GSSCredential gSSCredential = (GSSCredential) Subject.doAs(loginContext.getSubject(), new PrivilegedExceptionAction<GSSCredential>() { // from class: net.sf.michaelo.tomcat.authenticator.CurrentWindowsIdentityAuthenticator.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.security.PrivilegedExceptionAction
                        public GSSCredential run() throws GSSException {
                            return gSSManager.createCredential((GSSName) null, 0, new Oid("1.2.840.113554.1.2.2"), 1);
                        }
                    });
                    try {
                        try {
                            Principal authenticate = this.context.getRealm().authenticate(gSSCredential.getName(), new Oid("1.2.840.113554.1.2.2"), gSSCredential);
                            if (loginContext != null) {
                                try {
                                    loginContext.logout();
                                } catch (LoginException e) {
                                }
                            }
                            if (authenticate != null) {
                                register(request, response, authenticate, CURRENT_WINDOWS_IDENTITY_METHOD, authenticate.getName(), null);
                                return true;
                            }
                            response.sendError(401);
                            return false;
                        } catch (GSSException e2) {
                            this.logger.warn("Failed to retrive GSSName form GSSCredential of the user", e2);
                            sendException(request, response, new AuthenticationException("Failed to retrive GSSName form GSSCredential of the user", e2));
                            if (loginContext != null) {
                                try {
                                    loginContext.logout();
                                } catch (LoginException e3) {
                                }
                            }
                            return false;
                        }
                    } catch (RuntimeException e4) {
                        sendException(request, response, new AuthenticationException("Unable to perform user principal search", e4));
                        if (loginContext != null) {
                            try {
                                loginContext.logout();
                            } catch (LoginException e5) {
                            }
                        }
                        return false;
                    }
                } catch (PrivilegedActionException e6) {
                    this.logger.error("Unable to obtain the user credential", e6.getException());
                    sendException(request, response, new AuthenticationException("Unable to obtain the user credential", e6.getException()));
                    if (loginContext != null) {
                        try {
                            loginContext.logout();
                        } catch (LoginException e7) {
                        }
                    }
                    return false;
                }
            } catch (LoginException e8) {
                this.logger.error("Unable to login as the user principal", e8);
                sendException(request, response, new AuthenticationException("Unable to login as the user principal", e8));
                if (loginContext != null) {
                    try {
                        loginContext.logout();
                    } catch (LoginException e9) {
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e10) {
                }
            }
            throw th;
        }
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GssAwareAuthenticatorBase
    public /* bridge */ /* synthetic */ String getLoginEntryName() {
        return super.getLoginEntryName();
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GssAwareAuthenticatorBase
    public /* bridge */ /* synthetic */ void setLoginEntryName(String str) {
        super.setLoginEntryName(str);
    }
}
