package org.springframework.security.kerberos.authentication;

import java.io.UnsupportedEncodingException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Collection;
import javax.security.auth.Subject;
import org.ietf.jgss.MessageProp;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.crypto.codec.Base64;

/* loaded from: input_file:BOOT-INF/lib/spring-security-kerberos-core-1.0.1.RELEASE.jar:org/springframework/security/kerberos/authentication/KerberosServiceRequestToken.class */
public class KerberosServiceRequestToken extends AbstractAuthenticationToken {
    private static final long serialVersionUID = 395488921064775014L;
    private final byte[] token;
    private final Object principal;
    private final transient KerberosTicketValidation ticketValidation;

    public KerberosServiceRequestToken(Object obj, KerberosTicketValidation kerberosTicketValidation, Collection<? extends GrantedAuthority> collection, byte[] bArr) {
        super(collection);
        this.token = bArr;
        this.principal = obj;
        this.ticketValidation = kerberosTicketValidation;
        super.setAuthenticated(true);
    }

    public KerberosServiceRequestToken(byte[] bArr) {
        super(null);
        this.token = bArr;
        this.ticketValidation = null;
        this.principal = null;
    }

    @Override // org.springframework.security.authentication.AbstractAuthenticationToken, java.security.Principal
    public int hashCode() {
        return (31 * super.hashCode()) + Arrays.hashCode(this.token);
    }

    @Override // org.springframework.security.authentication.AbstractAuthenticationToken, java.security.Principal
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        return super.equals(obj) && getClass() == obj.getClass() && Arrays.equals(this.token, ((KerberosServiceRequestToken) obj).token);
    }

    @Override // org.springframework.security.core.Authentication
    public Object getCredentials() {
        return null;
    }

    @Override // org.springframework.security.core.Authentication
    public Object getPrincipal() {
        return this.principal;
    }

    public byte[] getToken() {
        return this.token;
    }

    public KerberosTicketValidation getTicketValidation() {
        return this.ticketValidation;
    }

    public boolean hasResponseToken() {
        return (this.ticketValidation == null || this.ticketValidation.responseToken() == null) ? false : true;
    }

    public String getEncodedResponseToken() {
        if (!hasResponseToken()) {
            throw new IllegalStateException("Unauthenticated or no response token");
        }
        try {
            return new String(Base64.encode(this.ticketValidation.responseToken()), "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Unable to encode response token", e);
        }
    }

    public byte[] decrypt(final byte[] bArr, final int i, final int i2) throws PrivilegedActionException {
        return (byte[]) Subject.doAs(getTicketValidation().subject(), new PrivilegedExceptionAction<byte[]>() { // from class: org.springframework.security.kerberos.authentication.KerberosServiceRequestToken.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public byte[] run() throws Exception {
                return KerberosServiceRequestToken.this.getTicketValidation().getGssContext().unwrap(bArr, i, i2, new MessageProp(true));
            }
        });
    }

    public byte[] decrypt(byte[] bArr) throws PrivilegedActionException {
        return decrypt(bArr, 0, bArr.length);
    }

    public byte[] encrypt(final byte[] bArr, final int i, final int i2) throws PrivilegedActionException {
        return (byte[]) Subject.doAs(getTicketValidation().subject(), new PrivilegedExceptionAction<byte[]>() { // from class: org.springframework.security.kerberos.authentication.KerberosServiceRequestToken.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public byte[] run() throws Exception {
                return KerberosServiceRequestToken.this.getTicketValidation().getGssContext().wrap(bArr, i, i2, new MessageProp(true));
            }
        });
    }

    public byte[] encrypt(byte[] bArr) throws PrivilegedActionException {
        return encrypt(bArr, 0, bArr.length);
    }
}
