package sun.security.mule.krb5.cxf;

import java.net.URL;
import javax.security.auth.callback.CallbackHandler;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.spnego.SpnegoClientAction;
import org.ietf.jgss.GSSException;
import sun.security.mule.krb5.Config;

/* loaded from: input_file:sun/security/mule/krb5/cxf/MuleSpnegoAuthSupplier.class */
public class MuleSpnegoAuthSupplier implements HttpAuthSupplier {
    private static final Log LOG = LogFactory.getLog(MuleSpnegoAuthSupplier.class);
    private byte[] token;
    private SpnegoTokenContext spnegoTokenContext;

    public boolean requiresRequestCaching() {
        return false;
    }

    public String getAuthorization(AuthorizationPolicy authorizationPolicy, URL url, Message message, String str) {
        if (!"Negotiate".equals(authorizationPolicy.getAuthorizationType())) {
            return null;
        }
        LOG.debug("Adding authorization service ticket for service principal name: " + ("HTTP/" + url.getHost()));
        this.token = issueToken(message);
        return "Negotiate " + Base64Utility.encode(this.token);
    }

    private byte[] issueToken(Message message) {
        Config config = (Config) message.get(KerberosConstants.KERBEROS_CONFIG);
        if (config == null) {
            if (LOG.isErrorEnabled()) {
                LOG.error("Cannot find a Kerberos config in the request of the message. Key:sun.security.mule.krb5.configuration");
            }
            throw new RuntimeException("Cannot find a Kerberos config in the request of the message. Key:sun.security.mule.krb5.configuration");
        }
        if (config.getKerberosContext() != null) {
            byte[] bArr = new byte[0];
            try {
                config.getKerberosContext().resetStateToInProgress();
                return config.getKerberosContext().initSecContext(bArr, 0, bArr.length);
            } catch (GSSException e) {
                throw new RuntimeException("cannot generate new AP_REQ", e);
            }
        }
        String str = (String) message.getContextualProperty("ws-security.kerberos.spn");
        CallbackHandler callbackHandler = (CallbackHandler) message.getContextualProperty("ws-security.callback-handler");
        this.spnegoTokenContext = this.spnegoTokenContext != null ? this.spnegoTokenContext : new SpnegoTokenContext();
        Object contextualProperty = message.getContextualProperty("ws-security.spnego.client.action");
        if (contextualProperty instanceof SpnegoClientAction) {
            this.spnegoTokenContext.setSpnegoClientAction((SpnegoClientAction) contextualProperty);
        }
        this.spnegoTokenContext.setKerberosConfig(config);
        try {
            this.spnegoTokenContext.retrieveServiceTicket(callbackHandler, str);
            return this.spnegoTokenContext.getToken();
        } catch (WSSecurityException e2) {
            throw new Fault(e2);
        }
    }
}
