package sernet.verinice.kerberos.ticket;

import com.google.common.io.BaseEncoding;
import com.sun.jna.platform.win32.Sspi;
import javax.naming.AuthenticationNotSupportedException;
import org.apache.log4j.Logger;
import sernet.verinice.kerberos.Activator;
import sernet.verinice.service.auth.KerberosTicketService;
import waffle.windows.auth.IWindowsCredentialsHandle;
import waffle.windows.auth.impl.WindowsAccountImpl;
import waffle.windows.auth.impl.WindowsCredentialsHandleImpl;
import waffle.windows.auth.impl.WindowsSecurityContextImpl;

/* loaded from: input_file:sernet/verinice/kerberos/ticket/KerberosTicketServiceWindowsImpl.class */
public class KerberosTicketServiceWindowsImpl implements KerberosTicketService {
    private static Logger LOG = Logger.getLogger(KerberosStatusServiceImpl.class);
    private String clientToken;
    private IWindowsCredentialsHandle clientCredentials;
    private WindowsSecurityContextImpl clientContext;

    public String getClientToken() {
        this.clientCredentials = WindowsCredentialsHandleImpl.getCurrent("NEGOTIATE");
        this.clientCredentials.initialize();
        this.clientContext = new WindowsSecurityContextImpl();
        this.clientContext.setPrincipalName(WindowsAccountImpl.getCurrentUsername());
        this.clientContext.setCredentialsHandle(this.clientCredentials.getHandle());
        this.clientContext.setSecurityPackage("NEGOTIATE");
        this.clientContext.initialize(this.clientContext.getHandle(), (Sspi.SecBufferDesc) null, getADServiceName());
        this.clientToken = "NEGOTIATE " + BaseEncoding.base64().encode(this.clientContext.getToken());
        if (LOG.isDebugEnabled()) {
            LOG.debug("client AD token: " + this.clientToken);
        }
        return this.clientToken;
    }

    public String updateClientToken(String str) {
        byte[] decode = BaseEncoding.base64().decode(str);
        if (decode.length <= 0) {
            throw new RuntimeException((Throwable) new AuthenticationNotSupportedException("no continue token was sent by the server"));
        }
        this.clientContext.initialize(this.clientContext.getHandle(), new Sspi.SecBufferDesc(2, decode), getADServiceName());
        return "NEGOTIATE " + BaseEncoding.base64().encode(this.clientContext.getToken());
    }

    private String getADServiceName() {
        return Activator.getDefault().getPreferenceStore().getString("verinicepro");
    }
}
