package com.ibm.ISecurityLocalObjectTokenBaseImpl;

import com.ibm.CSIv2Security.LTPAMechOID;
import com.ibm.ISecurityL13SupportImpl.SecurityMessages;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.GSSFactory;
import com.ibm.ISecurityLocalObjectCSIv2UtilityImpl.OID;
import com.ibm.ISecurityLocalObjectGSSUPImpl.WSSecurityContextImpl;
import com.ibm.ISecurityUtilityImpl.RealmSecurityName;
import com.ibm.ISecurityUtilityImpl.StateofCurrObj;
import com.ibm.ISecurityUtilityImpl.WSSecurityContextFactory;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ffdc.Manager;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.auth.CredentialDestroyedException;
import com.ibm.websphere.security.auth.WSLoginFailedException;
import com.ibm.websphere.security.auth.WSSecurityContext;
import com.ibm.websphere.security.auth.WSSecurityContextException;
import com.ibm.websphere.security.auth.WSSecurityContextResult;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.management.util.SecurityHelper;
import com.ibm.ws.security.auth.SubjectHelper;
import com.ibm.ws.security.config.CSIv2Config;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.core.ContextManager;
import com.ibm.ws.security.core.ContextManagerFactory;
import java.net.InetAddress;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.CredentialExpiredException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tools.mail.MailMessage;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.omg.GSSUP.GSSUPMechOID;

/* loaded from: input_file:wasJars/sas.jar:com/ibm/ISecurityLocalObjectTokenBaseImpl/Krb5WSSecurityContextImpl.class */
public class Krb5WSSecurityContextImpl implements WSSecurityContext {
    private static final String KRB5_OID = "1.2.840.113554.1.2.2";
    private boolean _isDisposed = false;
    private boolean _initCalled = false;
    private static final TraceComponent tc = Tr.register(Krb5WSSecurityContextImpl.class, "SASRas", Krb5NLS.MSG_FILE);
    private static Oid _krb5MechOid = null;
    private static String _defaultRealm = null;
    private static final GSSManager _manager = GSSManager.getInstance();

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(WSCredential wSCredential, String str, String str2) throws WSSecurityContextException {
        Subject createSubjectFromWSCredential = SubjectHelper.createSubjectFromWSCredential(wSCredential);
        String str3 = null;
        try {
            str3 = wSCredential.getOID();
        } catch (Exception e) {
        }
        return initSecContext(createSubjectFromWSCredential, str, str2, str3);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, String str2) throws WSSecurityContextException {
        String str3 = null;
        WSCredential wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(subject);
        if (wSCredentialFromSubject != null) {
            try {
                str3 = wSCredentialFromSubject.getOID();
            } catch (Exception e) {
            }
        }
        return initSecContext(subject, str, str2, str3);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public byte[] initSecContext(Subject subject, String str, final String str2, String str3) throws WSSecurityContextException {
        byte[] bArr;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initSecContext(subject, host, realm, authMechOid) " + str + " " + str2 + " " + str3);
        }
        GSSCredential gSSCredential = null;
        KerberosTicket kerberosTicket = null;
        try {
            if (OID.compareOIDs(str3, GSSUPMechOID.value)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Encountered GSSUP credential. Calling GSSUP.initSecContext()");
                }
                byte[] initSecContext = new WSSecurityContextImpl().initSecContext(subject, str, str2, str3);
                if (tc.isEntryEnabled()) {
                    if (initSecContext == null) {
                        Tr.exit(tc, "initSecContext()", "returns null byte[]");
                    } else {
                        Tr.exit(tc, "initSecContext()", "returns byte[] of length " + initSecContext.length);
                    }
                }
                return initSecContext;
            }
            if (subject != null) {
                try {
                    gSSCredential = SubjectHelper.getGSSCredentialFromSubject(subject);
                    if (gSSCredential == null) {
                        kerberosTicket = SubjectHelper.getKerberosTicketFromSubject(subject);
                        if (kerberosTicket == null) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "initSecContext: private creds Set in Subject has no KerberosTicket");
                            }
                        } else if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "initSecContext: found KerberosTicket in subject private creds");
                        }
                    }
                } catch (Exception e) {
                    Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "222", this);
                    Tr.error(tc, "security.auth.kerberos.exception", new Object[]{"getGSSCredential()", e});
                }
            }
            if (!OID.compareOIDs(str3, "1.2.840.113554.1.2.2") && gSSCredential == null && kerberosTicket == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "initSecContext: creating context based on OID: " + str3);
                }
                bArr = WSSecurityContextFactory.getInstance().createContext(str3).initSecContext(subject, str, str2, str3);
            } else if (!OID.compareOIDs(str3, "1.2.840.113554.1.2.2") || ((gSSCredential == null && kerberosTicket == null) || str2 == null || !str2.contains(":") || str == null || str.contains("/"))) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "initSecContext: creating Kerberos initial context token.");
                }
                String str4 = null;
                int lastIndexOf = str.lastIndexOf("@");
                if (lastIndexOf != -1) {
                    str4 = str.substring(lastIndexOf + 1, str.length());
                    str = str.substring(0, lastIndexOf);
                }
                if (str4 == null || str4.length() == 0) {
                    str4 = str2;
                }
                final String str5 = str4;
                final GSSCredential gSSCredential2 = gSSCredential;
                final String str6 = str;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Target realm name: " + str5);
                }
                final Subject createSubjectFromKRBAuthnToken = SubjectHelper.createSubjectFromKRBAuthnToken(subject);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "initSecContext: doAs(subject, ...) " + createSubjectFromKRBAuthnToken);
                }
                bArr = (byte[]) Subject.doAs(createSubjectFromKRBAuthnToken, new PrivilegedExceptionAction() { // from class: com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws GSSException, WSLoginFailedException, WSSecurityContextException, WSSecurityException, CredentialDestroyedException, CredentialExpiredException {
                        WSCredential wSCredentialFromSubject;
                        String replace;
                        String str7;
                        GSSCredential gSSCredential3 = gSSCredential2;
                        GSSCredential gSSCredential4 = null;
                        GSSContext gSSContext = null;
                        byte[] bArr2 = null;
                        try {
                            wSCredentialFromSubject = SubjectHelper.getWSCredentialFromSubject(createSubjectFromKRBAuthnToken);
                            if (str6.indexOf("/") == -1) {
                                GSSCredential serverSpnGSSCred = ContextManagerFactory.getInstance().getServerSpnGSSCred();
                                if (serverSpnGSSCred == null) {
                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.NoCredFound", new Object[]{wSCredentialFromSubject, str6, str2});
                                    throw new WSSecurityContextException(7, 0, (String) null);
                                }
                                String obj = serverSpnGSSCred.getName().toString();
                                String service = RealmSecurityName.getService(obj);
                                if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                    Tr.debug(Krb5WSSecurityContextImpl.tc, "SecurityName: " + obj);
                                    Tr.debug(Krb5WSSecurityContextImpl.tc, "ServiceName: " + service);
                                }
                                String str8 = str6;
                                if (service != null && str6.equalsIgnoreCase(MailMessage.DEFAULT_HOST)) {
                                    str8 = InetAddress.getLocalHost().getCanonicalHostName();
                                    if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                        Tr.debug(Krb5WSSecurityContextImpl.tc, "canonicalHostName: " + str8);
                                    }
                                }
                                replace = service + "/" + str8;
                            } else {
                                replace = str6.indexOf("@") != -1 ? str6.replace("@", "/") : str6;
                            }
                            str7 = replace + "@" + str5;
                            if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                Tr.debug(Krb5WSSecurityContextImpl.tc, "Target Kerberos Service Principal Name (service/hostname@KerberosRealm): " + str7);
                            }
                        } catch (Exception e2) {
                            if (gSSCredential4 != null) {
                                try {
                                    gSSCredential4.dispose();
                                } catch (GSSException e3) {
                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"dispose()", e3});
                                }
                            }
                            if (gSSContext != null) {
                                try {
                                    gSSContext.dispose();
                                } catch (GSSException e4) {
                                    Manager.Ffdc.log(e4, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "544", this);
                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"dispose()", e4});
                                }
                            }
                        } catch (Throwable th) {
                            if (gSSCredential4 != null) {
                                try {
                                    gSSCredential4.dispose();
                                } catch (GSSException e5) {
                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"dispose()", e5});
                                }
                            }
                            if (gSSContext != null) {
                                try {
                                    gSSContext.dispose();
                                } catch (GSSException e6) {
                                    Manager.Ffdc.log(e6, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "544", this);
                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"dispose()", e6});
                                }
                            }
                            throw th;
                        }
                        if (Krb5WSSecurityContextImpl.this._isDisposed) {
                            Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.instancedisposed", this);
                            throw new WSSecurityContextException(14, 0, (String) null);
                        }
                        Krb5WSSecurityContextImpl.this._initCalled = true;
                        if (wSCredentialFromSubject == null) {
                            Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.init.nullcred", new Object[]{str7, str2});
                            throw new WSSecurityContextException(14, 0, (String) null);
                        }
                        if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                            Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: input cred is non-null, good.");
                        }
                        try {
                            if (!wSCredentialFromSubject.isForwardable()) {
                                Tr.warning(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.init.crednotforwardable", new Object[]{wSCredentialFromSubject, str7, str2});
                            } else if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: cred is forwardable, good.");
                            }
                        } catch (Exception e7) {
                            Manager.Ffdc.log(e7, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "349", this);
                            Tr.warning(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.exception", new Object[]{"isForwardable()", e7});
                        }
                        if (Krb5WSSecurityContextImpl._krb5MechOid == null) {
                            try {
                                Oid unused = Krb5WSSecurityContextImpl._krb5MechOid = new Oid("1.2.840.113554.1.2.2");
                            } catch (GSSException e8) {
                                Manager.Ffdc.log(e8, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "367", this);
                                Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"Oid(\"1.2.840.113554.1.2.2\")", e8});
                                throw Krb5WSSecurityContextImpl.this.mapGssExc(e8);
                            }
                        }
                        try {
                            GSSName createName = Krb5WSSecurityContextImpl._manager.createName(str7, GSSName.NT_USER_NAME, Krb5WSSecurityContextImpl._krb5MechOid);
                            if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                Tr.debug(Krb5WSSecurityContextImpl.tc, "GSS target ServerName: " + createName);
                            }
                            if (gSSCredential3 == null) {
                                if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                    Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: no GSSCredential in cred, using subject creds");
                                }
                                if (createSubjectFromKRBAuthnToken != null) {
                                    Set principals = createSubjectFromKRBAuthnToken.getPrincipals(KerberosPrincipal.class);
                                    if (principals == null || principals.isEmpty()) {
                                        if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                            Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: principal Set in Subject has no KerberosPrincipal");
                                        }
                                    } else if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                        Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: found Kerberos principal in subject principals");
                                        for (Object obj2 : principals) {
                                            if (obj2 != null) {
                                                Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: Kerberos principal in subject: " + obj2.toString());
                                            }
                                        }
                                    }
                                } else if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                    Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: Unable to retrieve subject, subsequent createCredential will probably fail");
                                }
                                try {
                                    gSSCredential4 = Krb5WSSecurityContextImpl._manager.createCredential((GSSName) null, Integer.MAX_VALUE, Krb5WSSecurityContextImpl._krb5MechOid, 1);
                                    gSSCredential3 = gSSCredential4;
                                } catch (GSSException e9) {
                                    Manager.Ffdc.log(e9, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "436", this);
                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"createCredential()", e9});
                                    throw Krb5WSSecurityContextImpl.this.mapGssExc(e9);
                                }
                            } else if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: found GSSCredential in cred, using it " + gSSCredential3);
                            }
                            try {
                                gSSContext = Krb5WSSecurityContextImpl._manager.createContext(createName.canonicalize(Krb5WSSecurityContextImpl._krb5MechOid), Krb5WSSecurityContextImpl._krb5MechOid, gSSCredential3, Integer.MAX_VALUE);
                                try {
                                    gSSContext.requestCredDeleg(true);
                                    if (Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                        Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: replayDet: false");
                                    }
                                    try {
                                        gSSContext.requestReplayDet(false);
                                        try {
                                            bArr2 = gSSContext.initSecContext((byte[]) null, 0, 0);
                                            if (gSSContext.isEstablished() && Krb5WSSecurityContextImpl.tc.isDebugEnabled()) {
                                                Tr.debug(Krb5WSSecurityContextImpl.tc, "initSecContext: clientContext established successfully.");
                                            }
                                            if (gSSCredential4 != null) {
                                                try {
                                                    gSSCredential4.dispose();
                                                } catch (GSSException e10) {
                                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"dispose()", e10});
                                                }
                                            }
                                            if (gSSContext != null) {
                                                try {
                                                    gSSContext.dispose();
                                                } catch (GSSException e11) {
                                                    Manager.Ffdc.log(e11, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "544", this);
                                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"dispose()", e11});
                                                }
                                            }
                                            return bArr2;
                                        } catch (GSSException e12) {
                                            Manager.Ffdc.log(e12, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "507", this);
                                            Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"initSecContext()", e12});
                                            throw Krb5WSSecurityContextImpl.this.mapGssExc(e12);
                                        }
                                    } catch (GSSException e13) {
                                        Manager.Ffdc.log(e13, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "493", this);
                                        Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"requestReplayDet=false", e13});
                                        throw Krb5WSSecurityContextImpl.this.mapGssExc(e13);
                                    }
                                } catch (GSSException e14) {
                                    Manager.Ffdc.log(e14, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "478", this);
                                    Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"requestCredDeleg(true)", e14});
                                    throw Krb5WSSecurityContextImpl.this.mapGssExc(e14);
                                }
                            } catch (GSSException e15) {
                                Manager.Ffdc.log(e15, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "458", this);
                                Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"createContext()", e15});
                                throw Krb5WSSecurityContextImpl.this.mapGssExc(e15);
                            }
                        } catch (GSSException e16) {
                            Manager.Ffdc.log(e16, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "386", this);
                            Tr.error(Krb5WSSecurityContextImpl.tc, "security.auth.kerberos.unexpectedexception", new Object[]{"createName()", e16});
                            throw Krb5WSSecurityContextImpl.this.mapGssExc(e16);
                        }
                    }
                });
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "initSecContext: creating context for LTPA ");
                }
                bArr = WSSecurityContextFactory.getInstance().createContext(LTPAMechOID.value).initSecContext(subject, str, str2, LTPAMechOID.value);
            }
            if (tc.isEntryEnabled()) {
                if (bArr == null) {
                    Tr.exit(tc, "initSecContext()", "returns null byte[]");
                } else {
                    Tr.exit(tc, "initSecContext()", "returns byte[] of length " + bArr.length);
                }
            }
            return bArr;
        } catch (PrivilegedActionException e2) {
            Manager.Ffdc.log(e2, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.initSecContext", "557", this);
            Tr.debug(tc, "Exception in Subject.doAS()", new Object[]{e2.getException()});
            if (e2.getException() instanceof WSSecurityContextException) {
                throw ((WSSecurityContextException) e2.getException());
            }
            throw new WSSecurityContextException(6, 0, e2.getException().getMessage(), e2);
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr) throws WSSecurityContextException {
        return acceptSecContext(bArr, null, null);
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr, Map map) throws WSSecurityContextException {
        return acceptSecContext(bArr, map, null);
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public WSSecurityContextResult acceptSecContext(byte[] bArr, Map map, String str) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "acceptSecContext(token, appContext, authMechOid)");
        }
        try {
            String mechOIDFromGSSToken = GSSFactory.getMechOIDFromGSSToken(bArr);
            if (tc.isEntryEnabled()) {
                Tr.entry(tc, "gssInitToken OID: " + mechOIDFromGSSToken);
            }
            if (bArr == null || bArr.length == 0 || mechOIDFromGSSToken == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "acceptSecContext(null token or oid)");
                }
                return new WSSecurityContextResult(null, ContextManagerFactory.getInstance().createUnauthenticatedSubject());
            }
            if (!OID.compareOIDs(mechOIDFromGSSToken, "1.2.840.113554.1.2.2")) {
                return WSSecurityContextFactory.getInstance().createContext(mechOIDFromGSSToken).acceptSecContext(bArr, map, mechOIDFromGSSToken);
            }
            ContextManager contextManagerFactory = ContextManagerFactory.getInstance();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "token length: " + bArr.length);
            }
            CSIv2Config cSIv2Config = SecurityObjectLocator.getCSIv2Config();
            StateofCurrObj stateofCurrObj = contextManagerFactory.getThreadLocal().get_state_of_curr_obj();
            try {
                Subject serverSubject = stateofCurrObj.getIdentityTokenServerId() ? contextManagerFactory.getServerSubject() : contextManagerFactory.login(contextManagerFactory.getDefaultRealm(), bArr, cSIv2Config.getString("com.ibm.CSI.rmiInboundLoginConfig"), (HttpServletRequest) null, (HttpServletResponse) null, map, (Subject) null, str);
                stateofCurrObj.setIdentityTokenServerId(false);
                WSSecurityContextResult wSSecurityContextResult = new WSSecurityContextResult(null, serverSubject);
                if (wSSecurityContextResult == null) {
                    Tr.error(tc, "security.auth.kerberos.nullconstructor", new Object[]{WSSecurityContextResult.class, SecurityHelper.tokeElement});
                    throw new WSSecurityContextException(14, 0, (String) null);
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "acceptSecContext(token, appContext, authMechOid)");
                }
                return wSSecurityContextResult;
            } catch (Throwable th) {
                stateofCurrObj.setIdentityTokenServerId(false);
                throw th;
            }
        } catch (Exception e) {
            if (!SecurityMessages.suppressFFDCforKrbSkewError(e)) {
                Manager.Ffdc.log(e, this, "com.ibm.ISecurityLocalObjectTokenBaseImpl.Krb5WSSecurityContextImpl.acceptSecContext", "691", this);
            }
            Tr.debug(tc, "Exception accepting initial context token. ", new Object[]{e});
            if (e instanceof WSSecurityContextException) {
                throw ((WSSecurityContextException) e);
            }
            throw new WSSecurityContextException(14, 0, e.getMessage(), e);
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void completeSecContext(byte[] bArr) throws WSSecurityContextException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "completeSecContext()");
        }
        if (this._isDisposed) {
            Tr.error(tc, "security.auth.kerberos.instancedisposed", this);
            throw new WSSecurityContextException(14, 0, (String) null);
        }
        if (!this._initCalled) {
            Tr.error(tc, "security.auth.kerberos.complete.initnotcalled", this);
            throw new WSSecurityContextException(14, 0, (String) null);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "completeSecContext()");
        }
    }

    @Override // com.ibm.websphere.security.auth.WSSecurityContext
    public void dispose() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "dispose()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "dispose()");
        }
    }

    public boolean isDisposed() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isDisposed()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isDisposed()", new Boolean(this._isDisposed));
        }
        return this._isDisposed;
    }

    private String getDefaultRealm() throws IllegalArgumentException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getDefaultRealm()");
        }
        if (_defaultRealm == null) {
            _defaultRealm = new KerberosPrincipal("nobody").getRealm();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getDefaultRealm()", _defaultRealm);
        }
        return _defaultRealm;
    }

    private String mapPrinc(String str, String str2) {
        if (tc.isEntryEnabled()) {
            if (str2 == null) {
                Tr.entry(tc, "mapPrinc()", str);
            } else {
                Tr.entry(tc, "mapPrinc()", str + "@" + str2);
            }
        }
        String str3 = str2 == null ? str : str + "@" + str2;
        if (tc.isEntryEnabled()) {
            if (str2 == null) {
                Tr.exit(tc, "mapPrinc()", str + " -> " + str3);
            } else {
                Tr.exit(tc, "mapPrinc()", str + "@" + str2 + " -> " + str3);
            }
        }
        return str3;
    }

    private GSSName getServerName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServerName()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServerName()", null);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public WSSecurityContextException mapGssExc(GSSException gSSException) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapGssExc()", gSSException);
        }
        int major = gSSException.getMajor();
        WSSecurityContextException wSSecurityContextException = new WSSecurityContextException(mapMajor(major), gSSException.getMinor(), gSSException.getMinorString());
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapGssExc()", wSSecurityContextException);
        }
        return wSSecurityContextException;
    }

    private int mapMajor(int i) {
        int i2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "mapMajor()", new Integer(i));
        }
        switch (i) {
            case 1:
            case 2:
            case 3:
            case 4:
            case 5:
            case 6:
            case 11:
            case 12:
            case 13:
            case 14:
            case 15:
            case 16:
            case 17:
            case 18:
            case 19:
            case 21:
            case 22:
            default:
                i2 = 14;
                break;
            case 7:
            case 8:
            case 20:
                i2 = 5;
                break;
            case 9:
                i2 = 7;
                break;
            case 10:
                i2 = 6;
                break;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "mapMajor()", new Integer(i2));
        }
        return i2;
    }
}
