package com.sun.xml.ws.security.kerb;

import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.List;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginException;
import sun.security.action.GetBooleanAction;
import sun.security.jgss.GSSUtil;
import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;

/* loaded from: input_file:spg-ui-war-2.1.10.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/kerb/Krb5Util.class */
public class Krb5Util {
    static final boolean DEBUG = ((Boolean) AccessController.doPrivileged((PrivilegedAction) new GetBooleanAction("sun.security.krb5.debug"))).booleanValue();

    private Krb5Util() {
    }

    public static KerberosTicket getTicketFromSubjectAndTgs(int i, String str, String str2, String str3, AccessControlContext accessControlContext) throws LoginException, KrbException, IOException {
        boolean z;
        Credentials acquireServiceCreds;
        Subject subject = Subject.getSubject(accessControlContext);
        KerberosTicket kerberosTicket = (KerberosTicket) SubjectComber.find(subject, str2, str, KerberosTicket.class);
        if (kerberosTicket != null) {
            return kerberosTicket;
        }
        Subject subject2 = null;
        if (!GSSUtil.useSubjectCredsOnly()) {
            try {
                subject2 = GSSUtil.login(i, GSSUtil.GSS_KRB5_MECH_OID);
                kerberosTicket = (KerberosTicket) SubjectComber.find(subject2, str2, str, KerberosTicket.class);
                if (kerberosTicket != null) {
                    return kerberosTicket;
                }
            } catch (LoginException e) {
            }
        }
        KerberosTicket kerberosTicket2 = (KerberosTicket) SubjectComber.find(subject, str3, str, KerberosTicket.class);
        if (kerberosTicket2 != null || subject2 == null) {
            z = true;
        } else {
            kerberosTicket2 = (KerberosTicket) SubjectComber.find(subject2, str3, str, KerberosTicket.class);
            z = false;
        }
        if (kerberosTicket2 != null && (acquireServiceCreds = Credentials.acquireServiceCreds(str2, ticketToCreds(kerberosTicket2))) != null) {
            kerberosTicket = credsToTicket(acquireServiceCreds);
            if (z && subject != null && !subject.isReadOnly()) {
                subject.getPrivateCredentials().add(kerberosTicket);
            }
        }
        return kerberosTicket;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KerberosTicket getTicket(int i, String str, String str2, AccessControlContext accessControlContext) throws LoginException {
        KerberosTicket kerberosTicket = (KerberosTicket) SubjectComber.find(Subject.getSubject(accessControlContext), str2, str, KerberosTicket.class);
        if (kerberosTicket == null && !GSSUtil.useSubjectCredsOnly()) {
            kerberosTicket = (KerberosTicket) SubjectComber.find(GSSUtil.login(i, GSSUtil.GSS_KRB5_MECH_OID), str2, str, KerberosTicket.class);
        }
        return kerberosTicket;
    }

    public static Subject getSubject(int i, AccessControlContext accessControlContext) throws LoginException {
        Subject subject = Subject.getSubject(accessControlContext);
        if (subject == null && !GSSUtil.useSubjectCredsOnly()) {
            subject = GSSUtil.login(i, GSSUtil.GSS_KRB5_MECH_OID);
        }
        return subject;
    }

    public static KerberosKey[] getKeys(int i, String str, AccessControlContext accessControlContext) throws LoginException {
        int size;
        List list = (List) SubjectComber.findMany(Subject.getSubject(accessControlContext), str, null, KerberosKey.class);
        if (list == null && !GSSUtil.useSubjectCredsOnly()) {
            list = (List) SubjectComber.findMany(GSSUtil.login(i, GSSUtil.GSS_KRB5_MECH_OID), str, null, KerberosKey.class);
        }
        if (list == null || (size = list.size()) <= 0) {
            return null;
        }
        KerberosKey[] kerberosKeyArr = new KerberosKey[size];
        list.toArray(kerberosKeyArr);
        return kerberosKeyArr;
    }

    public static KerberosTicket credsToTicket(Credentials credentials) {
        EncryptionKey sessionKey = credentials.getSessionKey();
        return new KerberosTicket(credentials.getEncoded(), new KerberosPrincipal(credentials.getClient().getName()), new KerberosPrincipal(credentials.getServer().getName()), sessionKey.getBytes(), sessionKey.getEType(), credentials.getFlags(), credentials.getAuthTime(), credentials.getStartTime(), credentials.getEndTime(), credentials.getRenewTill(), credentials.getClientAddresses());
    }

    public static Credentials ticketToCreds(KerberosTicket kerberosTicket) throws KrbException, IOException {
        return new Credentials(kerberosTicket.getEncoded(), kerberosTicket.getClient().getName(), kerberosTicket.getServer().getName(), kerberosTicket.getSessionKey().getEncoded(), kerberosTicket.getSessionKeyType(), kerberosTicket.getFlags(), kerberosTicket.getAuthTime(), kerberosTicket.getStartTime(), kerberosTicket.getEndTime(), kerberosTicket.getRenewTill(), kerberosTicket.getClientAddresses());
    }
}
