package org.springframework.security.kerberos.client.ldap;

import java.security.PrivilegedAction;
import java.util.Hashtable;
import java.util.List;
import javax.naming.AuthenticationException;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/kerberos/client/ldap/KerberosLdapContextSource.class */
public class KerberosLdapContextSource extends DefaultSpringSecurityContextSource implements InitializingBean {
    private Configuration loginConfig;

    public KerberosLdapContextSource(String str) {
        super(str);
    }

    public KerberosLdapContextSource(List<String> list, String str) {
        super(list, str);
    }

    public void afterPropertiesSet() {
        try {
            super.afterPropertiesSet();
            Assert.notNull(this.loginConfig, "loginConfig must be specified");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected DirContext getDirContextInstance(final Hashtable hashtable) throws NamingException {
        hashtable.put("java.naming.security.authentication", "GSSAPI");
        final Throwable[] thArr = {null};
        DirContext dirContext = (DirContext) Subject.doAs(login(), new PrivilegedAction<DirContext>() { // from class: org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public DirContext run() {
                try {
                    return KerberosLdapContextSource.super.getDirContextInstance(hashtable);
                } catch (NamingException e) {
                    thArr[0] = e;
                    return null;
                }
            }
        });
        if (thArr[0] != null) {
            throw thArr[0];
        }
        return dirContext;
    }

    public void setLoginConfig(Configuration configuration) {
        this.loginConfig = configuration;
    }

    private Subject login() throws AuthenticationException {
        try {
            LoginContext loginContext = new LoginContext(KerberosLdapContextSource.class.getSimpleName(), (Subject) null, (CallbackHandler) null, this.loginConfig);
            loginContext.login();
            return loginContext.getSubject();
        } catch (LoginException e) {
            AuthenticationException authenticationException = new AuthenticationException(e.getMessage());
            authenticationException.initCause(e);
            throw authenticationException;
        }
    }
}
