package org.ldaptive.transport;

import java.util.HashMap;
import javax.security.auth.Subject;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import javax.security.sasl.SaslException;
import org.ldaptive.BindResponse;
import org.ldaptive.sasl.GssApiBindRequest;
import org.ldaptive.sasl.SaslClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/ldaptive-2.2.0.jar:org/ldaptive/transport/GssApiSaslClient.class */
public class GssApiSaslClient implements SaslClient<GssApiBindRequest> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) GssApiSaslClient.class);

    @Override // org.ldaptive.sasl.SaslClient
    public BindResponse bind(TransportConnection transportConnection, GssApiBindRequest gssApiBindRequest) throws LoginException, SaslException {
        Subject subject;
        if (gssApiBindRequest.getJaasName() != null) {
            if (gssApiBindRequest.getJaasRefreshConfig()) {
                try {
                    Configuration.getConfiguration().refresh();
                } catch (Exception e) {
                    LOGGER.warn("Could not refresh JAAS configuration", (Throwable) e);
                }
            }
            LOGGER.debug("Invoking JAAS configuration {} for request {}", gssApiBindRequest.getJaasName(), gssApiBindRequest);
            LoginContext loginContext = new LoginContext(gssApiBindRequest.getJaasName(), gssApiBindRequest);
            loginContext.login();
            subject = loginContext.getSubject();
        } else {
            try {
                LoginModule loginModule = (LoginModule) Class.forName(gssApiBindRequest.getJaasLoginModule()).getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                LOGGER.debug("Invoking module {} for request {}", loginModule, gssApiBindRequest);
                subject = new Subject();
                loginModule.initialize(subject, gssApiBindRequest, new HashMap(), gssApiBindRequest.getJaasOptions());
                if (!loginModule.login()) {
                    throw new LoginException("Login failed for " + gssApiBindRequest + " using " + loginModule);
                }
                loginModule.commit();
            } catch (Exception e2) {
                LOGGER.error("Error creating new instance of JAAS module for GSSAPI", (Throwable) e2);
                throw new SaslException("Could not instantiate JAAS module '" + gssApiBindRequest.getJaasLoginModule() + "' for GSSAPI", e2);
            }
        }
        Exception[] excArr = new Exception[1];
        BindResponse bindResponse = (BindResponse) Subject.doAs(subject, () -> {
            try {
                return transportConnection.operation(gssApiBindRequest);
            } catch (Exception e3) {
                LOGGER.warn("SASL GSSAPI operation failed for {}", this, e3);
                excArr[0] = e3;
                return null;
            }
        });
        if (bindResponse == null) {
            throw new SaslException("SASL GSSAPI operation failed for " + gssApiBindRequest, excArr[0]);
        }
        return bindResponse;
    }
}
