package sun.security.krb5;

import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Date;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.CredentialsUtil;
import sun.security.krb5.internal.HostAddresses;
import sun.security.krb5.internal.KDCOptions;
import sun.security.krb5.internal.KRBError;
import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.Ticket;
import sun.security.krb5.internal.TicketFlags;
import sun.security.krb5.internal.ccache.CredentialsCache;
import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.ktab.KeyTab;

/* loaded from: classes7.dex */
public class Credentials {
    private static boolean DEBUG = Krb5.DEBUG;
    static boolean alreadyLoaded = false;
    private static boolean alreadyTried = false;
    private static CredentialsCache cache;
    KerberosTime authTime;
    HostAddresses cAddr;
    PrincipalName client;
    KerberosTime endTime;
    TicketFlags flags;
    EncryptionKey key;
    KerberosTime renewTill;
    PrincipalName server;
    EncryptionKey serviceKey;
    KerberosTime startTime;
    Ticket ticket;

    public Credentials(Ticket ticket, PrincipalName principalName, PrincipalName principalName2, EncryptionKey encryptionKey, TicketFlags ticketFlags, KerberosTime kerberosTime, KerberosTime kerberosTime2, KerberosTime kerberosTime3, KerberosTime kerberosTime4, HostAddresses hostAddresses) {
        this.ticket = ticket;
        this.client = principalName;
        this.server = principalName2;
        this.key = encryptionKey;
        this.flags = ticketFlags;
        this.authTime = kerberosTime;
        this.startTime = kerberosTime2;
        this.endTime = kerberosTime3;
        this.renewTill = kerberosTime4;
        this.cAddr = hostAddresses;
    }

    public Credentials(byte[] bArr, String str, String str2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) throws KrbException, IOException {
        this(new Ticket(bArr), new PrincipalName(str, 1), new PrincipalName(str2), new EncryptionKey(i, bArr2), zArr == null ? null : new TicketFlags(zArr), date == null ? null : new KerberosTime(date), date2 == null ? null : new KerberosTime(date2), date3 == null ? null : new KerberosTime(date3), date4 != null ? new KerberosTime(date4) : null, null);
    }

    public static synchronized Credentials acquireDefaultCreds() {
        Credentials credentials;
        synchronized (Credentials.class) {
            credentials = null;
            if (cache == null) {
                cache = CredentialsCache.getInstance();
            }
            if (cache != null) {
                if (DEBUG) {
                    System.out.println(">>> KrbCreds found the default ticket granting ticket in credential cache.");
                }
                sun.security.krb5.internal.ccache.Credentials defaultCreds = cache.getDefaultCreds();
                if (EType.isSupported(defaultCreds.getEType())) {
                    credentials = defaultCreds.setKrbCreds();
                } else if (DEBUG) {
                    System.out.println(">>> unsupported key type found the default TGT: " + defaultCreds.getEType());
                }
            }
            if (credentials == null) {
                if (!alreadyTried) {
                    try {
                        ensureLoaded();
                    } catch (Exception e) {
                        if (DEBUG) {
                            System.out.println("Can not load credentials cache");
                            e.printStackTrace();
                        }
                        alreadyTried = true;
                    }
                }
                if (alreadyLoaded) {
                    if (DEBUG) {
                        System.out.println(">> Acquire default native Credentials");
                    }
                    credentials = acquireDefaultNativeCreds();
                }
            }
        }
        return credentials;
    }

    private static native Credentials acquireDefaultNativeCreds();

    public static Credentials acquireServiceCreds(String str, Credentials credentials) throws KrbException, IOException {
        return CredentialsUtil.acquireServiceCreds(str, credentials);
    }

    public static Credentials acquireTGT(PrincipalName principalName, EncryptionKey[] encryptionKeyArr, char[] cArr) throws KrbException, IOException {
        KrbAsRep sendASRequest;
        if (principalName == null) {
            throw new IllegalArgumentException("Cannot have null principal to do AS-Exchange");
        }
        if (encryptionKeyArr == null) {
            throw new IllegalArgumentException("Cannot have null secretKey to do AS-Exchange");
        }
        try {
            sendASRequest = sendASRequest(principalName, encryptionKeyArr, null);
        } catch (KrbException e) {
            if (e.returnCode() != 24 && e.returnCode() != 25) {
                throw e;
            }
            if (DEBUG) {
                System.out.println("AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ");
            }
            KRBError error = e.getError();
            byte[] salt = error.getSalt();
            if (salt != null && salt.length > 0) {
                principalName.setSalt(new String(salt));
            }
            if (cArr != null) {
                encryptionKeyArr = EncryptionKey.acquireSecretKeys(cArr, principalName.getSalt(), true, error.getEType(), error.getParams());
            }
            sendASRequest = sendASRequest(principalName, encryptionKeyArr, e.getError());
        }
        return sendASRequest.getCreds();
    }

    public static Credentials acquireTGTFromCache(PrincipalName principalName, String str) throws KrbException, IOException {
        if (str != null || !((String) AccessController.doPrivileged(new GetPropertyAction("os.name"))).toUpperCase().startsWith("WINDOWS")) {
            CredentialsCache credentialsCache = CredentialsCache.getInstance(principalName, str);
            if (credentialsCache == null) {
                return null;
            }
            sun.security.krb5.internal.ccache.Credentials defaultCreds = credentialsCache.getDefaultCreds();
            if (EType.isSupported(defaultCreds.getEType())) {
                return defaultCreds.setKrbCreds();
            }
            if (DEBUG) {
                System.out.println(">>> unsupported key type found the default TGT: " + defaultCreds.getEType());
            }
            return null;
        }
        Credentials acquireDefaultCreds = acquireDefaultCreds();
        if (acquireDefaultCreds == null) {
            if (DEBUG) {
                System.out.println(">>> Found no TGT's in LSA");
            }
            return null;
        }
        if (principalName == null) {
            if (DEBUG) {
                System.out.println(">>> Obtained TGT from LSA: " + ((Object) acquireDefaultCreds));
            }
            return acquireDefaultCreds;
        }
        if (acquireDefaultCreds.getClient().equals(principalName)) {
            if (DEBUG) {
                System.out.println(">>> Obtained TGT from LSA: " + ((Object) acquireDefaultCreds));
            }
            return acquireDefaultCreds;
        }
        if (DEBUG) {
            System.out.println(">>> LSA contains TGT for " + ((Object) acquireDefaultCreds.getClient()) + " not " + ((Object) principalName));
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void ensureLoaded() {
        AccessController.doPrivileged(new PrivilegedAction() { // from class: sun.security.krb5.Credentials.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                System.loadLibrary("w2k_lsa_auth");
                return null;
            }
        });
        alreadyLoaded = true;
    }

    public static Credentials getServiceCreds(String str, File file) {
        try {
            PrincipalName principalName = new PrincipalName(str);
            if (principalName.getRealm() == null) {
                String defaultRealm = Config.getInstance().getDefaultRealm();
                if (defaultRealm == null) {
                    return null;
                }
                principalName.setRealm(defaultRealm);
            }
            KeyTab keyTab = file == null ? KeyTab.getInstance() : KeyTab.getInstance(file);
            if (keyTab == null || !keyTab.findServiceEntry(principalName)) {
                return null;
            }
            EncryptionKey readServiceKey = keyTab.readServiceKey(principalName);
            Credentials credentials = new Credentials(null, principalName, null, null, null, null, null, null, null, null);
            credentials.serviceKey = readServiceKey;
            return credentials;
        } catch (RealmException e) {
            if (DEBUG) {
                e.printStackTrace();
            }
            return null;
        } catch (KrbException e2) {
            if (DEBUG) {
                e2.printStackTrace();
            }
            return null;
        }
    }

    public static void printDebug(Credentials credentials) {
        System.out.println(">>> DEBUG: ----Credentials----");
        System.out.println("\tclient: " + credentials.client.toString());
        System.out.println("\tserver: " + credentials.server.toString());
        System.out.println("\tticket: realm: " + credentials.ticket.realm.toString());
        System.out.println("\t        sname: " + credentials.ticket.sname.toString());
        if (credentials.startTime != null) {
            System.out.println("\tstartTime: " + credentials.startTime.getTime());
        }
        System.out.println("\tendTime: " + credentials.endTime.getTime());
        System.out.println("        ----Credentials end----");
    }

    private static KrbAsRep sendASRequest(PrincipalName principalName, EncryptionKey[] encryptionKeyArr, KRBError kRBError) throws KrbException, IOException {
        KrbAsReq krbAsReq = kRBError == null ? new KrbAsReq(principalName, encryptionKeyArr) : new KrbAsReq(principalName, encryptionKeyArr, true, kRBError.getEType(), kRBError.getSalt(), kRBError.getParams());
        String str = null;
        try {
            str = krbAsReq.send();
            return krbAsReq.getReply(encryptionKeyArr);
        } catch (KrbException e) {
            if (e.returnCode() != 52) {
                throw e;
            }
            krbAsReq.send(principalName.getRealmString(), str, true);
            return krbAsReq.getReply(encryptionKeyArr);
        }
    }

    private static Credentials serviceCreds(ServiceName serviceName, Credentials credentials) throws KrbException, IOException {
        String str;
        KrbTgsRep reply;
        KrbTgsReq krbTgsReq = new KrbTgsReq(new KDCOptions(), credentials, serviceName, null, null, null, null, null, null, null, null);
        try {
            str = krbTgsReq.send();
        } catch (KrbException e) {
            e = e;
            str = null;
        }
        try {
            reply = krbTgsReq.getReply();
        } catch (KrbException e2) {
            e = e2;
            if (e.returnCode() != 52) {
                throw e;
            }
            krbTgsReq.send(serviceName.getRealmString(), str, true);
            reply = krbTgsReq.getReply();
            return reply.getCreds();
        }
        return reply.getCreds();
    }

    public boolean checkDelegate() {
        return this.flags.get(13);
    }

    public final Date getAuthTime() {
        KerberosTime kerberosTime = this.authTime;
        if (kerberosTime != null) {
            return kerberosTime.toDate();
        }
        return null;
    }

    public CredentialsCache getCache() {
        return cache;
    }

    public final PrincipalName getClient() {
        return this.client;
    }

    public final InetAddress[] getClientAddresses() {
        HostAddresses hostAddresses = this.cAddr;
        if (hostAddresses == null) {
            return null;
        }
        return hostAddresses.getInetAddresses();
    }

    public final byte[] getEncoded() {
        try {
            return this.ticket.asn1Encode();
        } catch (IOException e) {
            if (DEBUG) {
                System.out.println(e);
            }
            return null;
        } catch (Asn1Exception e2) {
            if (DEBUG) {
                System.out.println(e2);
            }
            return null;
        }
    }

    public final Date getEndTime() {
        KerberosTime kerberosTime = this.endTime;
        if (kerberosTime != null) {
            return kerberosTime.toDate();
        }
        return null;
    }

    public final boolean[] getFlags() {
        TicketFlags ticketFlags = this.flags;
        if (ticketFlags == null) {
            return null;
        }
        return ticketFlags.toBooleanArray();
    }

    public final Date getRenewTill() {
        KerberosTime kerberosTime = this.renewTill;
        if (kerberosTime != null) {
            return kerberosTime.toDate();
        }
        return null;
    }

    public final PrincipalName getServer() {
        return this.server;
    }

    public EncryptionKey getServiceKey() {
        return this.serviceKey;
    }

    public final EncryptionKey getSessionKey() {
        return this.key;
    }

    public final Date getStartTime() {
        KerberosTime kerberosTime = this.startTime;
        if (kerberosTime != null) {
            return kerberosTime.toDate();
        }
        return null;
    }

    public Ticket getTicket() {
        return this.ticket;
    }

    public TicketFlags getTicketFlags() {
        return this.flags;
    }

    public boolean isForwardable() {
        return this.flags.get(1);
    }

    public boolean isRenewable() {
        return this.flags.get(8);
    }

    public Credentials renew() throws KrbException, IOException {
        String str;
        KrbTgsRep reply;
        KDCOptions kDCOptions = new KDCOptions();
        kDCOptions.set(30, true);
        kDCOptions.set(8, true);
        KrbTgsReq krbTgsReq = new KrbTgsReq(kDCOptions, this, this.server, null, null, null, null, this.cAddr, null, null, null);
        try {
            str = krbTgsReq.send();
        } catch (KrbException e) {
            e = e;
            str = null;
        }
        try {
            reply = krbTgsReq.getReply();
        } catch (KrbException e2) {
            e = e2;
            if (e.returnCode() != 52) {
                throw e;
            }
            krbTgsReq.send(this.server.getRealmString(), str, true);
            reply = krbTgsReq.getReply();
            return reply.getCreds();
        }
        return reply.getCreds();
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("Credentials:");
        stringBuffer.append("\nclient=");
        stringBuffer.append((Object) this.client);
        stringBuffer.append("\nserver=");
        stringBuffer.append((Object) this.server);
        if (this.authTime != null) {
            stringBuffer.append("\nauthTime=");
            stringBuffer.append((Object) this.authTime);
        }
        if (this.startTime != null) {
            stringBuffer.append("\nstartTime=");
            stringBuffer.append((Object) this.startTime);
        }
        stringBuffer.append("\nendTime=");
        stringBuffer.append((Object) this.endTime);
        stringBuffer.append("\nrenewTill=");
        stringBuffer.append((Object) this.renewTill);
        stringBuffer.append("\nflags: ");
        stringBuffer.append((Object) this.flags);
        stringBuffer.append("\nEType (int): ");
        stringBuffer.append(this.key.getEType());
        return stringBuffer.toString();
    }
}
