package sun.security.jgss.krb5;

import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.login.LoginException;
import sun.misc.SharedSecrets;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.GSSCaller;
import sun.security.jgss.GSSUtil;
import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;

/* loaded from: classes.dex */
public class Krb5Util {
    static final boolean DEBUG = ((Boolean) AccessController.doPrivileged(new GetBooleanAction("sun.security.krb5.debug"))).booleanValue();

    /* loaded from: classes.dex */
    public static class KeysFromKeyTab extends KerberosKey {
        public KeysFromKeyTab(KerberosKey kerberosKey) {
            super(kerberosKey.getPrincipal(), kerberosKey.getEncoded(), kerberosKey.getKeyType(), kerberosKey.getVersionNumber());
        }
    }

    /* loaded from: classes.dex */
    public static class ServiceCreds {
        private List<KerberosKey> kk;
        private KerberosPrincipal kp;
        private List<KeyTab> ktabs;
        private Subject subj;

        /* JADX INFO: Access modifiers changed from: private */
        public static ServiceCreds getInstance(Subject subject, String str) {
            ServiceCreds serviceCreds = new ServiceCreds();
            serviceCreds.subj = subject;
            for (KerberosPrincipal kerberosPrincipal : subject.getPrincipals(KerberosPrincipal.class)) {
                if (str == null || kerberosPrincipal.getName().equals(str)) {
                    serviceCreds.kp = kerberosPrincipal;
                    str = kerberosPrincipal.getName();
                    break;
                }
            }
            if (serviceCreds.kp == null) {
                List findMany = SubjectComber.findMany(subject, null, null, KerberosKey.class);
                if (findMany.isEmpty()) {
                    return null;
                }
                serviceCreds.kp = ((KerberosKey) findMany.get(0)).getPrincipal();
                str = serviceCreds.kp.getName();
                if (Krb5Util.DEBUG) {
                    System.out.println(">>> ServiceCreds: no kp? find one from kk: " + str);
                }
            }
            serviceCreds.ktabs = SubjectComber.findMany(subject, null, null, KeyTab.class);
            serviceCreds.kk = SubjectComber.findMany(subject, str, null, KerberosKey.class);
            if (serviceCreds.ktabs.isEmpty() && serviceCreds.kk.isEmpty()) {
                return null;
            }
            return serviceCreds;
        }

        public void destroy() {
            this.kp = null;
            this.ktabs = null;
            this.kk = null;
        }

        public EncryptionKey[] getEKeys() {
            KerberosKey[] kKeys = getKKeys();
            EncryptionKey[] encryptionKeyArr = new EncryptionKey[kKeys.length];
            for (int i = 0; i < encryptionKeyArr.length; i++) {
                encryptionKeyArr[i] = new EncryptionKey(kKeys[i].getEncoded(), kKeys[i].getKeyType(), new Integer(kKeys[i].getVersionNumber()));
            }
            return encryptionKeyArr;
        }

        public KerberosKey[] getKKeys() {
            if (this.ktabs.isEmpty()) {
                return (KerberosKey[]) this.kk.toArray(new KerberosKey[this.kk.size()]);
            }
            ArrayList arrayList = new ArrayList();
            Iterator<KeyTab> it = this.ktabs.iterator();
            while (it.hasNext()) {
                for (KerberosKey kerberosKey : it.next().getKeys(this.kp)) {
                    arrayList.add(kerberosKey);
                }
            }
            if (!this.subj.isReadOnly()) {
                Set<Object> privateCredentials = this.subj.getPrivateCredentials();
                synchronized (privateCredentials) {
                    Iterator<Object> it2 = privateCredentials.iterator();
                    while (it2.hasNext()) {
                        Object next = it2.next();
                        if ((next instanceof KeysFromKeyTab) && Objects.equals(((KerberosKey) next).getPrincipal(), this.kp)) {
                            it2.remove();
                        }
                    }
                }
                Iterator it3 = arrayList.iterator();
                while (it3.hasNext()) {
                    this.subj.getPrivateCredentials().add(new KeysFromKeyTab((KerberosKey) it3.next()));
                }
            }
            return (KerberosKey[]) arrayList.toArray(new KerberosKey[arrayList.size()]);
        }

        public String getName() {
            return this.kp.getName();
        }
    }

    private Krb5Util() {
    }

    public static KerberosTicket credsToTicket(Credentials credentials) {
        EncryptionKey sessionKey = credentials.getSessionKey();
        return new KerberosTicket(credentials.getEncoded(), new KerberosPrincipal(credentials.getClient().getName()), new KerberosPrincipal(credentials.getServer().getName(), 2), sessionKey.getBytes(), sessionKey.getEType(), credentials.getFlags(), credentials.getAuthTime(), credentials.getStartTime(), credentials.getEndTime(), credentials.getRenewTill(), credentials.getClientAddresses());
    }

    public static ServiceCreds getServiceCreds(GSSCaller gSSCaller, String str, AccessControlContext accessControlContext) throws LoginException {
        Subject subject = Subject.getSubject(accessControlContext);
        ServiceCreds serviceCreds = subject != null ? ServiceCreds.getInstance(subject, str) : null;
        return (serviceCreds != null || GSSUtil.useSubjectCredsOnly(gSSCaller)) ? serviceCreds : ServiceCreds.getInstance(GSSUtil.login(gSSCaller, GSSUtil.GSS_KRB5_MECH_OID), str);
    }

    public static Subject getSubject(GSSCaller gSSCaller, AccessControlContext accessControlContext) throws LoginException {
        Subject subject = Subject.getSubject(accessControlContext);
        return (subject != null || GSSUtil.useSubjectCredsOnly(gSSCaller)) ? subject : GSSUtil.login(gSSCaller, GSSUtil.GSS_KRB5_MECH_OID);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KerberosTicket getTicket(GSSCaller gSSCaller, String str, String str2, AccessControlContext accessControlContext) throws LoginException {
        KerberosTicket kerberosTicket = (KerberosTicket) SubjectComber.find(Subject.getSubject(accessControlContext), str2, str, KerberosTicket.class);
        return (kerberosTicket != null || GSSUtil.useSubjectCredsOnly(gSSCaller)) ? kerberosTicket : (KerberosTicket) SubjectComber.find(GSSUtil.login(gSSCaller, GSSUtil.GSS_KRB5_MECH_OID), str2, str, KerberosTicket.class);
    }

    public static KerberosTicket getTicketFromSubjectAndTgs(GSSCaller gSSCaller, String str, String str2, String str3, AccessControlContext accessControlContext) throws LoginException, KrbException, IOException {
        KerberosTicket kerberosTicket;
        Subject login;
        KerberosTicket kerberosTicket2;
        KerberosTicket kerberosTicket3;
        boolean z;
        Credentials acquireServiceCreds;
        Subject subject = Subject.getSubject(accessControlContext);
        KerberosTicket kerberosTicket4 = (KerberosTicket) SubjectComber.find(subject, str2, str, KerberosTicket.class);
        if (kerberosTicket4 != null) {
            return kerberosTicket4;
        }
        Subject subject2 = null;
        if (GSSUtil.useSubjectCredsOnly(gSSCaller)) {
            kerberosTicket = kerberosTicket4;
        } else {
            try {
                login = GSSUtil.login(gSSCaller, GSSUtil.GSS_KRB5_MECH_OID);
            } catch (LoginException e) {
            }
            try {
                KerberosTicket kerberosTicket5 = (KerberosTicket) SubjectComber.find(login, str2, str, KerberosTicket.class);
                if (kerberosTicket5 != null) {
                    return kerberosTicket5;
                }
                subject2 = login;
                kerberosTicket = kerberosTicket5;
            } catch (LoginException e2) {
                subject2 = login;
                kerberosTicket = kerberosTicket4;
                kerberosTicket2 = (KerberosTicket) SubjectComber.find(subject, str3, str, KerberosTicket.class);
                if (kerberosTicket2 == null) {
                }
                kerberosTicket3 = kerberosTicket2;
                z = true;
                if (kerberosTicket3 != null) {
                    kerberosTicket = credsToTicket(acquireServiceCreds);
                    if (z) {
                        subject.getPrivateCredentials().add(kerberosTicket);
                    }
                }
                return kerberosTicket;
            }
        }
        kerberosTicket2 = (KerberosTicket) SubjectComber.find(subject, str3, str, KerberosTicket.class);
        if (kerberosTicket2 == null || subject2 == null) {
            kerberosTicket3 = kerberosTicket2;
            z = true;
        } else {
            kerberosTicket3 = (KerberosTicket) SubjectComber.find(subject2, str3, str, KerberosTicket.class);
            z = false;
        }
        if (kerberosTicket3 != null && (acquireServiceCreds = Credentials.acquireServiceCreds(str2, ticketToCreds(kerberosTicket3))) != null) {
            kerberosTicket = credsToTicket(acquireServiceCreds);
            if (z && subject != null && !subject.isReadOnly()) {
                subject.getPrivateCredentials().add(kerberosTicket);
            }
        }
        return kerberosTicket;
    }

    public static EncryptionKey[] keysFromJavaxKeyTab(KeyTab keyTab, PrincipalName principalName) {
        return SharedSecrets.getJavaxSecurityAuthKerberosAccess().keyTabGetEncryptionKeys(keyTab, principalName);
    }

    public static Credentials ticketToCreds(KerberosTicket kerberosTicket) throws KrbException, IOException {
        return new Credentials(kerberosTicket.getEncoded(), kerberosTicket.getClient().getName(), kerberosTicket.getServer().getName(), kerberosTicket.getSessionKey().getEncoded(), kerberosTicket.getSessionKeyType(), kerberosTicket.getFlags(), kerberosTicket.getAuthTime(), kerberosTicket.getStartTime(), kerberosTicket.getEndTime(), kerberosTicket.getRenewTill(), kerberosTicket.getClientAddresses());
    }
}
