package ru.runa.wfe.security.auth;

import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import ru.runa.wfe.user.Actor;

/* loaded from: input_file:ru/runa/wfe/security/auth/KerberosLoginModule.class */
public class KerberosLoginModule extends LoginModuleBase {
    @Override // ru.runa.wfe.security.auth.LoginModuleBase
    protected Actor login(CallbackHandler callbackHandler) throws Exception {
        if (!(callbackHandler instanceof KerberosCallbackHandler)) {
            return null;
        }
        if (!KerberosLoginModuleResources.isEnabled()) {
            this.log.warn("kerberos auth is disabled in kerberos.properties");
            return null;
        }
        KerberosCallback kerberosCallback = new KerberosCallback();
        callbackHandler.handle(new Callback[]{kerberosCallback});
        GSSManager gSSManager = GSSManager.getInstance();
        GSSContext createContext = gSSManager.createContext(gSSManager.createCredential(gSSManager.createName(KerberosLoginModuleResources.getServerPrincipal(), (Oid) null), Integer.MAX_VALUE, (Oid) null, 2));
        createContext.requestMutualAuth(false);
        byte[] authToken = kerberosCallback.getAuthToken();
        createContext.acceptSecContext(authToken, 0, authToken.length);
        String gSSName = createContext.getSrcName().toString();
        String substring = gSSName.substring(0, gSSName.indexOf("@"));
        if (substring == null) {
            throw new LoginException("No client name was provided.");
        }
        return this.executorDAO.getActorCaseInsensitive(substring);
    }
}
