package com.ibm.ws.wssecurity.util;

import com.ibm.nws.ffdc.FFDCFilter;
import com.ibm.security.jgss.TokenHeader;
import com.ibm.security.jgss.i18n.I18NException;
import com.ibm.security.krb5.Credentials;
import com.ibm.security.krb5.EncryptedData;
import com.ibm.security.krb5.EncryptionKey;
import com.ibm.security.krb5.KrbException;
import com.ibm.security.krb5.internal.APReq;
import com.ibm.security.krb5.internal.EncTicketPart;
import com.ibm.security.krb5.wss.KerberosTokenConsumer;
import com.ibm.ws.sib.wsrm.WSRMConstants;
import com.ibm.ws.webservices.admin.serviceindex.impl.ServiceIndexWriter;
import com.ibm.ws.wssecurity.platform.auth.WSSContextManager;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.MissingResourceException;
import java.util.ResourceBundle;
import java.util.Set;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/util/KRB5Util.class */
public final class KRB5Util {
    private static final String KRB5_OID = "1.2.840.113554.1.2.2";
    private static final char SPACE = ' ';
    private static final char TAB = '\t';
    private static final char NEWLINE = '\n';
    private static final char TILDA = '~';
    private static final char DOT = '.';
    public static final String STR_TOKENID = "tokenID";
    public static final String ATTR_ENCODINGTYPE = "EncodingType";
    public static final int TOK_ID_LEN = 2;
    public static final int Des3EType_KD_KDC_REP_TICKET = 2;
    public static final int AES128_KD_KDC_REP_TICKET = 2;
    public static final int AES256_KD_KDC_REP_TICKET = 2;
    public static final int Rc4HMac_KD_AS_REP_SERV = 2;
    public static final int Rc4HMac_KD_AP_REQ_AUTHN = 11;
    public static final int Des3EType_KD_AP_REQ_AUTH = 11;
    public static final int AES128_KD_AP_REQ_AUTH = 11;
    public static final int AES256_KD_AP_REQ_AUTH = 11;
    public static final int Rc4HMac_KD_TGS_REP = 8;
    public static final int WRAPPED = 1;
    public static final int NOT_WRAPPED = 0;
    public static final int JAAS_LOGIN_CONFIG = 0;
    public static final int TOKEN_CONSUMER_CONFIG = 1;
    public static final int TOKEN_GENERATOR_CONFIG = 2;
    public static final String JAAS_LOGIN_CONFIG_LABEL = "JAAS Login Module";
    public static final String TOKEN_CONSUMER_CONFIG_LABEL = "Token Consumer";
    public static final String TOKEN_GENERATOR_CONFIG_LABEL = "Token Generator";
    public static final String DEFAULT_JAAS_LOGIN_CONFIG = "JAASClient";
    private static Object _lock = new Object();
    private static final TraceComponent tc = Tr.register(KRB5Util.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    public static final byte[] AP_REQ_TOK_ID = {1, 0};
    private static KRBSPNList servicePrincipalNameList = new KRBSPNList();
    private static ResourceBundle nls = null;
    private static final GSSManager _gssMgr = GSSManager.getInstance();
    private static Oid krb5Oid = null;

    public static ResourceBundle getNLS() {
        if (nls == null) {
            try {
                nls = ResourceBundle.getBundle("com.ibm.ws.wssecurity.resources.wssmessages");
            } catch (MissingResourceException e) {
                FFDCFilter.processException(e, KRB5Util.class.getName() + ".getNLS", "1");
            }
        }
        return nls;
    }

    public static String showHex(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return "";
        }
        int length = bArr.length;
        StringBuffer stringBuffer = new StringBuffer(length);
        StringBuffer stringBuffer2 = new StringBuffer(length << 1);
        StringBuffer stringBuffer3 = new StringBuffer(length << 1);
        StringBuffer stringBuffer4 = new StringBuffer(length << 1);
        int i = 0;
        int i2 = 0;
        float f = 0.0f;
        for (byte b : bArr) {
            int i3 = b & 255;
            if (i3 == 13 || i3 == 10 || i3 == 9 || (i3 >= 32 && i3 <= TILDA)) {
                stringBuffer.append((char) i3);
            } else {
                stringBuffer.append('[' + hexPad(Integer.toHexString(i3), 2) + ']');
                f += 1.0f;
            }
            if (i3 < 32 || i3 > TILDA) {
                stringBuffer4.append('.');
            } else {
                stringBuffer4.append((char) i3);
            }
            stringBuffer3.append(hexPad(Integer.toHexString(i3), 2));
            if (i == 3 || i == 7 || i == 11) {
                stringBuffer3.append(' ');
                stringBuffer4.append(' ');
            }
            if (i == 15) {
                stringBuffer2.append(hexPad(Integer.toHexString(i2), 4)).append(":  ").append(stringBuffer3).append(ServiceIndexWriter.INDENT_SPACE).append(stringBuffer4).append("\n");
                i = 0;
                i2 += 16;
                stringBuffer3.setLength(0);
                stringBuffer4.setLength(0);
            } else {
                i++;
            }
        }
        for (int length2 = stringBuffer3.length(); length2 < 35; length2++) {
            stringBuffer3.append(' ');
        }
        stringBuffer2.append(hexPad(Integer.toHexString(i2), 4)).append(":  ").append(stringBuffer3).append(ServiceIndexWriter.INDENT_SPACE).append(stringBuffer4).append("\n");
        return stringBuffer2.toString();
    }

    private static String hexPad(String str, int i) {
        if (str == null || str.length() == 0) {
            return "";
        }
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer(length + i);
        for (int i2 = length; i2 < i; i2++) {
            stringBuffer.append('0');
        }
        stringBuffer.append(str);
        return stringBuffer.toString();
    }

    public static boolean isTGTInSubject(Subject subject) {
        Iterator it;
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isTGTInSubject()");
        }
        if (subject != null && (it = getTokens(subject, KerberosTicket.class).iterator()) != null && it.hasNext()) {
            z = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Kerberor Ticket Exists In Subject [" + z + "]");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isTGTInSubject()");
        }
        return z;
    }

    public static KerberosTicket getTGTInSubject(Subject subject) {
        Iterator it;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTGTInSubject()");
        }
        KerberosTicket kerberosTicket = null;
        if (subject != null && (it = getTokens(subject, KerberosTicket.class).iterator()) != null && it.hasNext()) {
            kerberosTicket = (KerberosTicket) it.next();
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Kerberor Ticket Exists In Subject [" + (kerberosTicket != null) + "]");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTGTInSubject()");
        }
        return kerberosTicket;
    }

    public static boolean isTokenInSubject(Subject subject, Class cls) {
        boolean z = false;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isTokenInSubject()");
        }
        if (subject != null && getTokens(subject, cls).size() > 0) {
            z = true;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Token Exists In Subject [" + z + "]");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isTokenInSubject()");
        }
        return z;
    }

    public static String getKerberosPrincipalFromSubject(Subject subject) {
        Iterator it;
        String str = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrincipalFromSubject()");
        }
        if (subject != null && (it = getPrincipals(subject, KerberosPrincipal.class).iterator()) != null && it.hasNext()) {
            str = ((KerberosPrincipal) it.next()).getName();
            if (str != null) {
                int indexOf = str.indexOf(64);
                if (indexOf > 0) {
                    str = str.substring(0, indexOf);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Kerberos Principal (realm stripped): " + str);
                }
            }
        }
        if (str == null && tc.isDebugEnabled()) {
            Tr.debug(tc, "No Kerberos Principal Found In Subject");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrincipalFromSubject()");
        }
        return str;
    }

    private static Set getTokens(Subject subject, Class cls) {
        return getSubjectObjects(subject, cls, true);
    }

    private static Set getPrincipals(Subject subject, Class cls) {
        return getSubjectObjects(subject, cls, false);
    }

    public static Set getSubjectObjects(final Subject subject, final Class cls, final boolean z) {
        Set set;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubjectObjects");
        }
        HashSet hashSet = new HashSet();
        if (subject == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"subject", "getSubjectObjects"});
            return hashSet;
        }
        if (cls == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"objectClass", "getSubjectObjects"});
            return hashSet;
        }
        synchronized (_lock) {
            set = (Set) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.util.KRB5Util.1
                /* JADX WARN: Multi-variable type inference failed */
                /* JADX WARN: Type inference failed for: r0v13, types: [java.util.Set] */
                /* JADX WARN: Type inference failed for: r0v7, types: [java.util.Set] */
                @Override // java.security.PrivilegedAction
                public Object run() {
                    HashSet hashSet2 = new HashSet();
                    try {
                        hashSet2 = z ? subject.getPrivateCredentials(cls) : subject.getPrincipals(cls);
                        if (KRB5Util.tc.isDebugEnabled()) {
                            Tr.debug(KRB5Util.tc, "Number of subject objects retrived = " + hashSet2.size());
                        }
                    } catch (Throwable th) {
                        Tr.error(KRB5Util.tc, "kerberos.unexpected.exception", th.getMessage());
                    }
                    return hashSet2;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubjectObjects");
        }
        return set;
    }

    public static boolean addCredentialToSubject(final Subject subject, final Object obj) {
        Boolean bool;
        Boolean bool2 = Boolean.FALSE;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addCredentialToSubject");
        }
        if (subject == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"subject", "addCredentialToSubject"});
            return bool2.booleanValue();
        }
        if (obj == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"crendential", "addCredentialToSubject"});
            return bool2.booleanValue();
        }
        synchronized (_lock) {
            bool = (Boolean) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.util.KRB5Util.2
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Boolean bool3 = Boolean.FALSE;
                    try {
                        if (subject != null) {
                            subject.getPrivateCredentials().add(obj);
                            bool3 = Boolean.TRUE;
                            if (KRB5Util.tc.isDebugEnabled()) {
                                Tr.debug(KRB5Util.tc, "Credential added successfully to the subject. ");
                            }
                        }
                    } catch (Throwable th) {
                        if (KRB5Util.tc.isDebugEnabled()) {
                            Tr.debug(KRB5Util.tc, "Credential is NOT added to the subject. ");
                        }
                    }
                    return bool3;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addCredentialToSubject");
        }
        return bool.booleanValue();
    }

    public static boolean addPrincipalToSubject(final Subject subject, final Principal principal) {
        Boolean bool;
        Boolean bool2 = Boolean.FALSE;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "addPrincipalToSubject");
        }
        if (subject == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"subject", "addPrincipalToSubject"});
            return bool2.booleanValue();
        }
        if (principal == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"principal", "addPrincipalToSubject"});
            return bool2.booleanValue();
        }
        synchronized (_lock) {
            bool = (Boolean) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.util.KRB5Util.3
                @Override // java.security.PrivilegedAction
                public Object run() {
                    Boolean bool3 = Boolean.FALSE;
                    try {
                        if (subject != null) {
                            subject.getPrincipals().add(principal);
                            bool3 = Boolean.TRUE;
                            if (KRB5Util.tc.isDebugEnabled()) {
                                Tr.debug(KRB5Util.tc, "Principal added successfully to the subject. ");
                            }
                        }
                    } catch (Throwable th) {
                        if (KRB5Util.tc.isDebugEnabled()) {
                            Tr.debug(KRB5Util.tc, "Principal is NOT added to the subject. ");
                        }
                    }
                    return bool3;
                }
            });
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "addPrincipalToSubject");
        }
        return bool.booleanValue();
    }

    private static HashMap getKerberosTicketProperties(byte[] bArr, Credentials credentials) {
        byte[] decrypt;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKerberosTokenExpiryTime");
        }
        if (bArr == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"token", "getKerberosTokenExpiryTime"});
            return null;
        }
        if (credentials == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"serverCreds", "getKerberosTokenExpiryTime"});
            return null;
        }
        HashMap hashMap = new HashMap();
        try {
            EncryptedData encryptedPart = getAPReq(bArr).getTicket().getEncryptedPart();
            boolean isDesEncType = encryptedPart.isDesEncType();
            int eType = encryptedPart.getEType();
            if (isDesEncType) {
                decrypt = encryptedPart.reset(encryptedPart.decrypt(credentials.getServiceKey(), 2), true);
            } else if (eType == 17) {
                decrypt = encryptedPart.reset(encryptedPart.decrypt(credentials.getServiceKey(), 2), true);
            } else if (eType == 18) {
                decrypt = encryptedPart.reset(encryptedPart.decrypt(credentials.getServiceKey(), 2), true);
            } else {
                try {
                    decrypt = encryptedPart.decrypt(credentials.getServiceKey(), 2);
                } catch (KrbException e) {
                    decrypt = encryptedPart.decrypt(credentials.getServiceKey(), 8);
                }
            }
            EncTicketPart encTicketPart = new EncTicketPart(decrypt);
            hashMap.put(KRBTokenProfileConstants.STR_EXPIRY_TIME, Long.toString(encTicketPart.getEndTime().getTime()));
            hashMap.put("WASPrincipal", encTicketPart.getClient().getName());
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The kerberos ticket properties  = " + hashMap.toString());
            }
        } catch (Throwable th) {
            Tr.error(tc, "kerberos.unexpected.exception", th.getMessage());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKerberosTokenExpiryTime");
        }
        return hashMap;
    }

    private static APReq getAPReq(byte[] bArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAPReq");
        }
        if (bArr == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"token", "getAPReq"});
            return null;
        }
        APReq aPReq = null;
        try {
            if (bArr[0] == 110) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Decoded an AP_REQ input token");
                }
                aPReq = new APReq(bArr);
            } else {
                if (bArr[0] != 96) {
                    throw new RuntimeException("Input Token not of type GSS_Kerberosv5_AP_REQ or Kerberosv5_AP_REQ");
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Decoded a GSS Wrapped input token");
                }
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                TokenHeader tokenHeader = new TokenHeader(byteArrayInputStream);
                Oid mechanism = tokenHeader.getMechanism();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The Mechanism OID =\n" + mechanism.toString());
                }
                if (!mechanism.equals(KerberosTokenConsumer.MECH_TYPE_KRB5) && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Kerberos mechanics not passed" + mechanism.toString());
                }
                int mechTokenLen = tokenHeader.getMechTokenLen();
                byte[] stream2Bytes = stream2Bytes(byteArrayInputStream, mechTokenLen);
                byte[] bArr2 = new byte[mechTokenLen];
                System.arraycopy(stream2Bytes, 0, bArr2, 0, mechTokenLen);
                byte[] bArr3 = new byte[2];
                System.arraycopy(bArr2, 0, bArr3, 0, 2);
                int length = bArr2.length - 2;
                byte[] bArr4 = new byte[length];
                System.arraycopy(bArr2, 2, bArr4, 0, length);
                if (!Arrays.equals(bArr3, AP_REQ_TOK_ID)) {
                    throw new RuntimeException("GSS Token was not an APReq message");
                }
                aPReq = new APReq(bArr4);
            }
        } catch (Throwable th) {
            Tr.error(tc, "kerberos.unexpected.exception", th.getMessage());
            FFDCFilter.processException(th, KRB5Util.class.getName() + ".getAPReq", "1");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAPReq");
        }
        return aPReq;
    }

    private static KerberosKey getServiceKerberosKey(EncryptionKey encryptionKey, String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getServiceKerberosKey");
        }
        KerberosKey kerberosKey = null;
        if (encryptionKey != null) {
            try {
                Integer keyVersionNumber = encryptionKey.getKeyVersionNumber();
                kerberosKey = new KerberosKey(new KerberosPrincipal(str), encryptionKey.getBytes(), encryptionKey.getEType(), keyVersionNumber != null ? keyVersionNumber.intValue() : 0);
            } catch (Exception e) {
                FFDCFilter.processException(e, KRB5Util.class.getName() + ".getServiceKerberosKey", WSRMConstants.RETRIEVE_MESSAGE_CONTEXT);
                return null;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getServiceKerberosKey");
        }
        return kerberosKey;
    }

    private static byte[] stream2Bytes(InputStream inputStream, int i) throws GSSException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "stream2Bytes");
        }
        if (inputStream == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"InputStream", "stream2Bytes"});
            return null;
        }
        byte[] bArr = new byte[i];
        int i2 = 0;
        try {
            i2 = inputStream.read(bArr, 0, i);
        } catch (Exception e) {
            FFDCFilter.processException(e, KRB5Util.class.getName() + ".stream2Bytes", "934");
            I18NException.throwGSSException(10, 0, "StreamReadError", new String[]{e.toString()});
        }
        if (i2 != i) {
            I18NException.throwGSSException(10, 0, "StreamDataLenMismatch", new Integer[]{new Integer(i), new Integer(i2)});
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "stream2Bytes");
        }
        return bArr;
    }

    public static String getFormattedMessage(ResourceBundle resourceBundle, String str, Object[] objArr) {
        String str2 = null;
        try {
            str2 = resourceBundle.getString(str);
            if (str2 != null) {
                str2 = MessageFormat.format(str2, objArr);
            }
        } catch (NullPointerException e) {
            Tr.debug(tc, "Null pointer exception caught trying to find message key " + str + " in resource bundle " + resourceBundle.toString());
        } catch (MissingResourceException e2) {
            Tr.debug(tc, "Cannot find message key in resource bundle " + resourceBundle.toString());
        }
        return str2;
    }

    public static KRBSPNList getSPNList() {
        return servicePrincipalNameList;
    }

    public static String stripOutPrincipalName(String str) {
        int indexOf;
        String str2 = str;
        if (str != null && (indexOf = str.indexOf(64)) > 0) {
            str2 = str.substring(0, indexOf);
        }
        return str2;
    }

    public static String stripOutRealmName(String str) {
        int indexOf;
        String str2 = "";
        if (str != null && (indexOf = str.indexOf(64)) > 0) {
            str2 = str.substring(indexOf + 1);
        }
        return str2;
    }

    public static String getUniqueID(String str, boolean z, WSSContextManager wSSContextManager) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getUniqueID");
        }
        String str2 = "";
        if (str == null) {
            Tr.error(tc, "kerberos.invalid.parm", new Object[]{"was_principal", "getUniqueID"});
            return "";
        }
        if (z) {
            try {
                str2 = wSSContextManager.getRegistry(wSSContextManager.getDefaultRealm()).getUniqueUserId(str);
            } catch (Throwable th) {
            }
        }
        if (str2.equals("")) {
            str2 = String.valueOf(str.hashCode());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "uniqueID: " + str2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getUniqueID()");
        }
        return str2;
    }

    public static String getCurrentLoggedOnUser() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCurrentLoggedOnUser");
        }
        String property = System.getProperty("user.name");
        if (property == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Unable to get the logged on userID.");
            }
            property = "";
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Logged on userID-" + property);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCurrentLoggedOnUser");
        }
        return property;
    }

    public static String stackToString(Throwable th) {
        return StringUtil.stackToString(th);
    }

    public static boolean hasValue(String str) {
        return str != null && str.length() > 0;
    }

    public static boolean hasValue(char[] cArr) {
        return cArr != null && cArr.length > 0;
    }

    public static boolean hasValue(byte[] bArr) {
        return bArr != null && bArr.length > 0;
    }

    public static GSSCredential createInitGSSCred(KerberosTicket kerberosTicket) throws GSSException {
        String name = kerberosTicket.getClient().getName();
        if (!hasValue(name)) {
            return null;
        }
        return _gssMgr.createCredential(_gssMgr.createName(name, GSSName.NT_USER_NAME, getKerberos5Oid()).canonicalize(getKerberos5Oid()), Integer.MAX_VALUE, getKerberos5Oid(), 1);
    }

    public static Oid getKerberos5Oid() throws GSSException {
        if (krb5Oid == null) {
            krb5Oid = new Oid("1.2.840.113554.1.2.2");
        }
        return krb5Oid;
    }

    public static synchronized boolean spnValid(String str) {
        boolean z = true;
        String[] split = str.split("/");
        if (split == null || split.length != 2) {
            z = false;
        } else if (split[1].contains("@")) {
            z = false;
        }
        return z;
    }

    public static synchronized boolean isSubKeyEncTypeSupported(Integer num) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSubKeyEncTypeSupported()...");
        }
        boolean z = false;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "CONTEXT_SUB_KEY_ENC: " + num);
        }
        if (num != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CONTEXT_SUB_KEY_ENC: " + num.getClass().getName());
                Tr.debug(tc, "Current Kerberos subkey encryption type value: " + num.toString());
                Tr.debug(tc, "Current Kerberos subkey encryption type: " + EncryptedData.encTypeToString(num.intValue()));
            }
            int intValue = num.intValue();
            if (intValue == 16 || intValue == 17 || intValue == 18 || intValue == 24 || intValue == 23) {
                z = true;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ERROR: Do not support - " + EncryptedData.encTypeToString(intValue));
            }
            if (intValue == 23 && tc.isDebugEnabled()) {
                Tr.debug(tc, "Kerberos encryption type: " + EncryptedData.encTypeToString(23) + " is tolerated.");
            }
            if (intValue == 24 && tc.isDebugEnabled()) {
                Tr.debug(tc, "Kerberos encryption type: " + EncryptedData.encTypeToString(24) + " is tolerated.");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Supported Kerberos sub key encryption type in Web services security: " + EncryptedData.encTypeToString(17) + ", " + EncryptedData.encTypeToString(18) + ", " + EncryptedData.encTypeToString(16));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isSubKeyEncTypeSupported()...");
        }
        return z;
    }

    public static synchronized boolean isSessKeyEncTypeSupported(Integer num) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSessKeyEncTypeSupported()...");
        }
        boolean z = false;
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "CONTEXT_SESSION_KEY_ENC: " + num);
        }
        if (num != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "CONTEXT_SESSION_KEY_ENC: " + num.getClass().getName());
                Tr.debug(tc, "Current Kerberos session key encryption type value: " + num.toString());
                Tr.debug(tc, "Current Kerberos session key encryption type: " + EncryptedData.encTypeToString(num.intValue()));
            }
            int intValue = num.intValue();
            if (intValue == 16 || intValue == 17 || intValue == 18 || intValue == 24 || intValue == 23) {
                z = true;
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "ERROR: Do not support - " + EncryptedData.encTypeToString(intValue));
            }
            if (intValue == 23 && tc.isDebugEnabled()) {
                Tr.debug(tc, "Kerberos encryption type: " + EncryptedData.encTypeToString(23) + " is tolerated.");
            }
            if (intValue == 24 && tc.isDebugEnabled()) {
                Tr.debug(tc, "Kerberos encryption type: " + EncryptedData.encTypeToString(24) + " is tolerated.");
            }
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Supported Kerberos session key encryption type in Web services security: " + EncryptedData.encTypeToString(17) + ", " + EncryptedData.encTypeToString(18) + ", " + EncryptedData.encTypeToString(16));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "isSessKeyEncTypeSupported()...");
        }
        return z;
    }

    public static String printTGT(KerberosTicket kerberosTicket) {
        return kerberosTicket == null ? "Kerberos TGT is null." : kerberosTicket.isDestroyed() ? "Kerberos TGT is destroyed." : kerberosTicket.toString();
    }

    public static KerberosTicket cloneKerberosTicket(KerberosTicket kerberosTicket) {
        try {
            return new KerberosTicket(kerberosTicket.getEncoded(), kerberosTicket.getClient(), kerberosTicket.getServer(), kerberosTicket.getSessionKey().getEncoded(), kerberosTicket.getSessionKeyType(), kerberosTicket.getFlags(), kerberosTicket.getAuthTime(), kerberosTicket.getStartTime(), kerberosTicket.getEndTime(), kerberosTicket.getRenewTill(), kerberosTicket.getClientAddresses());
        } catch (Throwable th) {
            FFDCFilter.processException(th, KRB5Util.class.getName() + ".cloneKerberosTicket", "1412");
            throw new RuntimeException(th.getCause());
        }
    }

    public static KerberosTicket refresh(KerberosTicket kerberosTicket) throws RefreshFailedException {
        KerberosTicket cloneKerberosTicket = cloneKerberosTicket(kerberosTicket);
        if (cloneKerberosTicket != null) {
            cloneKerberosTicket.refresh();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Refreshed TGT for: " + cloneKerberosTicket.getClient().getName());
                Tr.debug(tc, "       AuthTime: " + cloneKerberosTicket.getAuthTime());
                Tr.debug(tc, "      StartTime: " + cloneKerberosTicket.getStartTime());
                Tr.debug(tc, "        EndTime: " + cloneKerberosTicket.getEndTime());
                Tr.debug(tc, "      RenewTill: " + cloneKerberosTicket.getRenewTill());
            }
        }
        return cloneKerberosTicket;
    }
}
