package sun.security.jgss.krb5;

import java.io.IOException;
import java.net.InetAddress;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.Provider;
import java.util.Date;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import sun.security.jgss.LoginUtility;
import sun.security.jgss.spi.GSSNameSpi;
import sun.security.krb5.Config;
import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;

/* loaded from: input_file:efixes/PK60674_Hpux_PaRISC/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/jgss/krb5/Krb5InitCredential.class */
public class Krb5InitCredential extends KerberosTicket implements Krb5CredElement {
    private static Class TICKET_CLASS;
    private Krb5NameElement name;
    private Credentials krb5Credentials;
    static Class class$javax$security$auth$kerberos$KerberosTicket;

    private Krb5InitCredential(Krb5NameElement krb5NameElement, byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) throws GSSException {
        super(bArr, kerberosPrincipal, kerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
        this.name = krb5NameElement;
        try {
            this.krb5Credentials = new Credentials(bArr, kerberosPrincipal.getName(), kerberosPrincipal2.getName(), bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
        } catch (IOException e) {
            throw new GSSException(13, -1, e.getMessage());
        } catch (KrbException e2) {
            throw new GSSException(13, -1, e2.getMessage());
        }
    }

    private Krb5InitCredential(Krb5NameElement krb5NameElement, Credentials credentials, byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) throws GSSException {
        super(bArr, kerberosPrincipal, kerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
        this.name = krb5NameElement;
        this.krb5Credentials = credentials;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Krb5InitCredential getInstance(Krb5NameElement krb5NameElement, int i) throws GSSException {
        KerberosTicket tgtFromSubject = getTgtFromSubject(krb5NameElement, i);
        if (tgtFromSubject == null) {
            throw new GSSException(13, -1, "Failed to find any Kerberos Ticket");
        }
        if (krb5NameElement == null) {
            krb5NameElement = Krb5NameElement.getInstance(tgtFromSubject.getClient().getName(), Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
        }
        return new Krb5InitCredential(krb5NameElement, tgtFromSubject.getEncoded(), tgtFromSubject.getClient(), tgtFromSubject.getServer(), tgtFromSubject.getSessionKey().getEncoded(), tgtFromSubject.getSessionKeyType(), tgtFromSubject.getFlags(), tgtFromSubject.getAuthTime(), tgtFromSubject.getStartTime(), tgtFromSubject.getEndTime(), tgtFromSubject.getRenewTill(), tgtFromSubject.getClientAddresses());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Krb5InitCredential getInstance(Krb5NameElement krb5NameElement, Credentials credentials) throws GSSException {
        EncryptionKey sessionKey = credentials.getSessionKey();
        PrincipalName client = credentials.getClient();
        PrincipalName server = credentials.getServer();
        KerberosPrincipal kerberosPrincipal = null;
        KerberosPrincipal kerberosPrincipal2 = null;
        Krb5NameElement krb5NameElement2 = null;
        if (client != null) {
            String name = client.getName();
            krb5NameElement2 = Krb5NameElement.getInstance(name, Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
            kerberosPrincipal = new KerberosPrincipal(name);
        }
        if (server != null) {
            kerberosPrincipal2 = new KerberosPrincipal(server.getName());
        }
        return new Krb5InitCredential(krb5NameElement2, credentials, credentials.getEncoded(), kerberosPrincipal, kerberosPrincipal2, sessionKey.getBytes(), sessionKey.getEType(), credentials.getFlags(), credentials.getAuthTime(), credentials.getStartTime(), credentials.getEndTime(), credentials.getRenewTill(), credentials.getClientAddresses());
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final GSSNameSpi getName() throws GSSException {
        return this.name;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public int getInitLifetime() throws GSSException {
        return (int) (getEndTime().getTime() - new Date().getTime());
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public int getAcceptLifetime() throws GSSException {
        return 0;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public boolean isInitiatorCredential() throws GSSException {
        return true;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public boolean isAcceptorCredential() throws GSSException {
        return false;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final Oid getMechanism() {
        return Krb5MechFactory.GSS_KRB5_MECH_OID;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final Provider getProvider() {
        return Krb5MechFactory.PROVIDER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Credentials getKrb5Credentials() {
        return this.krb5Credentials;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public void dispose() throws GSSException {
        try {
            destroy();
        } catch (DestroyFailedException e) {
            new GSSException(11, -1, new StringBuffer().append("Could not destroy credentials - ").append(e.getMessage()).toString()).initCause(e);
        }
    }

    private static KerberosTicket getTgtFromSubject(Krb5NameElement krb5NameElement, int i) throws GSSException {
        String defaultRealm;
        Class cls;
        Class cls2;
        String str = null;
        if (krb5NameElement != null) {
            str = krb5NameElement.getKrb5PrincipalName().getName();
            defaultRealm = krb5NameElement.getKrb5PrincipalName().getRealmAsString();
        } else {
            try {
                defaultRealm = Config.getInstance().getDefaultRealm();
            } catch (KrbException e) {
                GSSException gSSException = new GSSException(13, -1, new StringBuffer().append("Attempt to obtain INITIATE credentials failed! (").append(e.getMessage()).append(")").toString());
                gSSException.initCause(e);
                throw gSSException;
            }
        }
        String str2 = new String(new StringBuffer().append("krbtgt/").append(defaultRealm).append("@").append(defaultRealm).toString());
        AccessControlContext context = AccessController.getContext();
        String str3 = str;
        if (class$javax$security$auth$kerberos$KerberosTicket == null) {
            cls = class$("javax.security.auth.kerberos.KerberosTicket");
            class$javax$security$auth$kerberos$KerberosTicket = cls;
        } else {
            cls = class$javax$security$auth$kerberos$KerberosTicket;
        }
        Object doPrivileged = AccessController.doPrivileged(new SubjectComber(context, str2, str3, cls));
        if (doPrivileged == null && !LoginUtility.useSubjectCredsOnly()) {
            try {
                Subject subject = (Subject) AccessController.doPrivileged(new LoginUtility(LoginUtility.GSS_INITIATE_ENTRY));
                String str4 = str;
                if (class$javax$security$auth$kerberos$KerberosTicket == null) {
                    cls2 = class$("javax.security.auth.kerberos.KerberosTicket");
                    class$javax$security$auth$kerberos$KerberosTicket = cls2;
                } else {
                    cls2 = class$javax$security$auth$kerberos$KerberosTicket;
                }
                doPrivileged = AccessController.doPrivileged(new SubjectComber(subject, str2, str4, cls2));
            } catch (PrivilegedActionException e2) {
                GSSException gSSException2 = new GSSException(13, -1, new StringBuffer().append("Attempt to obtain new INITIATE credentials failed! (").append(e2.getMessage()).append(")").toString());
                gSSException2.initCause(e2.getException());
                throw gSSException2;
            }
        }
        if (doPrivileged == null) {
            return null;
        }
        return (KerberosTicket) doPrivileged;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        try {
            TICKET_CLASS = Class.forName("javax.security.auth.kerberos.KerberosTicket");
        } catch (ClassNotFoundException e) {
        }
    }
}
