package com.sun.xml.ws.security.kerb;

import java.io.IOException;
import java.net.InetAddress;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.util.Date;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import sun.security.jgss.spi.GSSNameSpi;
import sun.security.krb5.Config;
import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;

/* loaded from: input_file:spg-ui-war-2.1.23.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/kerb/Krb5InitCredential.class */
public class Krb5InitCredential extends KerberosTicket implements Krb5CredElement {
    private static final long serialVersionUID = 7723415700837898232L;
    private Krb5NameElement name;
    private Credentials krb5Credentials;

    private Krb5InitCredential(Krb5NameElement krb5NameElement, byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) throws GSSException {
        super(bArr, kerberosPrincipal, kerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
        this.name = krb5NameElement;
        try {
            this.krb5Credentials = new Credentials(bArr, kerberosPrincipal.getName(), kerberosPrincipal2.getName(), bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
        } catch (KrbException e) {
            throw new GSSException(13, -1, e.getMessage());
        } catch (IOException e2) {
            throw new GSSException(13, -1, e2.getMessage());
        }
    }

    private Krb5InitCredential(Krb5NameElement krb5NameElement, Credentials credentials, byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) throws GSSException {
        super(bArr, kerberosPrincipal, kerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
        this.name = krb5NameElement;
        this.krb5Credentials = credentials;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Krb5InitCredential getInstance(int i, Krb5NameElement krb5NameElement, int i2) throws GSSException {
        KerberosTicket tgt = getTgt(i, krb5NameElement, i2);
        if (tgt == null) {
            throw new GSSException(13, -1, "Failed to find any Kerberos tgt");
        }
        if (krb5NameElement == null) {
            krb5NameElement = Krb5NameElement.getInstance(tgt.getClient().getName(), Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
        }
        return new Krb5InitCredential(krb5NameElement, tgt.getEncoded(), tgt.getClient(), tgt.getServer(), tgt.getSessionKey().getEncoded(), tgt.getSessionKeyType(), tgt.getFlags(), tgt.getAuthTime(), tgt.getStartTime(), tgt.getEndTime(), tgt.getRenewTill(), tgt.getClientAddresses());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Krb5InitCredential getInstance(Krb5NameElement krb5NameElement, Credentials credentials) throws GSSException {
        EncryptionKey sessionKey = credentials.getSessionKey();
        PrincipalName client = credentials.getClient();
        PrincipalName server = credentials.getServer();
        KerberosPrincipal kerberosPrincipal = null;
        KerberosPrincipal kerberosPrincipal2 = null;
        Krb5NameElement krb5NameElement2 = null;
        if (client != null) {
            String name = client.getName();
            krb5NameElement2 = Krb5NameElement.getInstance(name, Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
            kerberosPrincipal = new KerberosPrincipal(name);
        }
        if (server != null) {
            kerberosPrincipal2 = new KerberosPrincipal(server.getName());
        }
        return new Krb5InitCredential(krb5NameElement2, credentials, credentials.getEncoded(), kerberosPrincipal, kerberosPrincipal2, sessionKey.getBytes(), sessionKey.getEType(), credentials.getFlags(), credentials.getAuthTime(), credentials.getStartTime(), credentials.getEndTime(), credentials.getRenewTill(), credentials.getClientAddresses());
    }

    public final GSSNameSpi getName() throws GSSException {
        return this.name;
    }

    public int getInitLifetime() throws GSSException {
        return (int) (getEndTime().getTime() - new Date().getTime());
    }

    public int getAcceptLifetime() throws GSSException {
        return 0;
    }

    public boolean isInitiatorCredential() throws GSSException {
        return true;
    }

    public boolean isAcceptorCredential() throws GSSException {
        return false;
    }

    public final Oid getMechanism() {
        return Krb5MechFactory.GSS_KRB5_MECH_OID;
    }

    public final Provider getProvider() {
        return Krb5MechFactory.PROVIDER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Credentials getKrb5Credentials() {
        return this.krb5Credentials;
    }

    public void dispose() throws GSSException {
        try {
            destroy();
        } catch (DestroyFailedException e) {
            new GSSException(11, -1, "Could not destroy credentials - " + e.getMessage()).initCause(e);
        }
    }

    private static KerberosTicket getTgt(int i, Krb5NameElement krb5NameElement, int i2) throws GSSException {
        String str;
        String defaultRealm;
        if (krb5NameElement != null) {
            str = krb5NameElement.getKrb5PrincipalName().getName();
            defaultRealm = krb5NameElement.getKrb5PrincipalName().getRealmAsString();
        } else {
            str = null;
            try {
                defaultRealm = Config.getInstance().getDefaultRealm();
            } catch (KrbException e) {
                GSSException gSSException = new GSSException(13, -1, "Attempt to obtain INITIATE credentials failed! (" + e.getMessage() + ")");
                gSSException.initCause(e);
                throw gSSException;
            }
        }
        final String str2 = new String("krbtgt/" + defaultRealm + "@" + defaultRealm);
        final AccessControlContext context = AccessController.getContext();
        try {
            final int i3 = i == -1 ? 1 : i;
            final String str3 = str;
            return (KerberosTicket) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.sun.xml.ws.security.kerb.Krb5InitCredential.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return Krb5Util.getTicket(i3, str3, str2, context);
                }
            });
        } catch (PrivilegedActionException e2) {
            GSSException gSSException2 = new GSSException(13, -1, "Attempt to obtain new INITIATE credentials failed! (" + e2.getMessage() + ")");
            gSSException2.initCause(e2.getException());
            throw gSSException2;
        }
    }
}
