package org.apache.directory.server.kerberos.kdc.ticketgrant;

import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;

/* loaded from: input_file:org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyTgt.class */
public class VerifyTgt implements IoHandlerCommand {
    private String contextKey = "context";

    public void execute(IoHandlerCommand.NextCommand nextCommand, IoSession ioSession, Object obj) throws Exception {
        TicketGrantingContext ticketGrantingContext = (TicketGrantingContext) ioSession.getAttribute(getContextKey());
        KdcConfiguration config = ticketGrantingContext.getConfig();
        Ticket tgt = ticketGrantingContext.getTgt();
        if (!tgt.getRealm().equals(config.getPrimaryRealm())) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_NOT_US);
        }
        String name = tgt.getServerPrincipal().getName();
        String name2 = ticketGrantingContext.getRequest().getServerPrincipal().getName();
        if (!name.equals(config.getServicePrincipal().getName()) && !name.equals(name2)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_NOT_US);
        }
        nextCommand.execute(ioSession, obj);
    }

    protected String getContextKey() {
        return this.contextKey;
    }
}
