package net.sf.michaelo.tomcat.authenticator;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.connector.Request;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:net/sf/michaelo/tomcat/authenticator/CurrentWindowsIdentityAuthenticator.class */
public class CurrentWindowsIdentityAuthenticator extends GSSAuthenticatorBase {
    protected static final String CURRENT_WINDOWS_IDENTITY_METHOD = "CURRENT_WINDOWS_IDENTITY";
    protected static final String CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME = "CWI";

    protected boolean doAuthenticate(Request request, HttpServletResponse httpServletResponse) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, true)) {
            return true;
        }
        LoginContext loginContext = null;
        try {
            try {
                loginContext = new LoginContext(getLoginEntryName());
                loginContext.login();
                GSSManager gSSManager = GSSManager.getInstance();
                try {
                    GSSCredential gSSCredential = (GSSCredential) Subject.doAs(loginContext.getSubject(), () -> {
                        return gSSManager.createCredential((GSSName) null, Integer.MAX_VALUE, KRB5_MECHANISM, 1);
                    });
                    try {
                        Realm realm = this.context.getRealm();
                        GSSName name = gSSCredential.getName();
                        Principal authenticate = realm.authenticate(name, isStoreDelegatedCredential() ? gSSCredential : null);
                        if (authenticate != null) {
                            register(request, httpServletResponse, authenticate, getAuthMethod(), authenticate.getName(), null);
                            if (loginContext != null) {
                                try {
                                    loginContext.logout();
                                } catch (LoginException e) {
                                }
                            }
                            return true;
                        }
                        sendUnauthorized(request, httpServletResponse, CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME, "gssAuthenticatorBase.userNotFound", name);
                        if (loginContext != null) {
                            try {
                                loginContext.logout();
                            } catch (LoginException e2) {
                            }
                        }
                        return false;
                    } catch (GSSException e3) {
                        this.logger.error(this.sm.getString("gssAuthenticatorBase.inquireNameFailed"), e3);
                        sendInternalServerError(request, httpServletResponse, "gssAuthenticatorBase.inquireNameFailed", new Object[0]);
                        if (loginContext != null) {
                            try {
                                loginContext.logout();
                            } catch (LoginException e4) {
                            }
                        }
                        return false;
                    }
                } catch (PrivilegedActionException e5) {
                    this.logger.error(this.sm.getString("cwiAuthenticator.obtainFailed"), e5.getException());
                    sendUnauthorized(request, httpServletResponse, CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME, "cwiAuthenticator.obtainFailed", new Object[0]);
                    if (loginContext != null) {
                        try {
                            loginContext.logout();
                        } catch (LoginException e6) {
                        }
                    }
                    return false;
                }
            } catch (LoginException e7) {
                this.logger.error(this.sm.getString("cwiAuthenticator.obtainFailed"), e7);
                sendUnauthorized(request, httpServletResponse, CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME, "cwiAuthenticator.obtainFailed", new Object[0]);
                if (loginContext != null) {
                    try {
                        loginContext.logout();
                    } catch (LoginException e8) {
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (loginContext != null) {
                try {
                    loginContext.logout();
                } catch (LoginException e9) {
                }
            }
            throw th;
        }
    }

    protected String getAuthMethod() {
        return CURRENT_WINDOWS_IDENTITY_METHOD;
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ void setStoreDelegatedCredential(boolean z) {
        super.setStoreDelegatedCredential(z);
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ boolean isStoreDelegatedCredential() {
        return super.isStoreDelegatedCredential();
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ void setErrorMessagesAsHeaders(boolean z) {
        super.setErrorMessagesAsHeaders(z);
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ boolean isErrorMessagesAsHeaders() {
        return super.isErrorMessagesAsHeaders();
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ void setOmitErrorMessages(boolean z) {
        super.setOmitErrorMessages(z);
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ boolean isOmitErrorMessages() {
        return super.isOmitErrorMessages();
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ String getLoginEntryName() {
        return super.getLoginEntryName();
    }

    @Override // net.sf.michaelo.tomcat.authenticator.GSSAuthenticatorBase
    public /* bridge */ /* synthetic */ void setLoginEntryName(String str) {
        super.setLoginEntryName(str);
    }
}
