package com.ibm.security.jgss.mech.krb5;

import com.ibm.security.jgss.Debug;
import com.ibm.security.jgss.GSSCaller;
import com.ibm.security.jgss.GSSManagerImpl;
import com.ibm.security.jgss.GSSUtil;
import com.ibm.security.jgss.HttpCaller;
import com.ibm.security.jgss.i18n.I18NException;
import com.ibm.security.jgss.i18n.PropertyResource;
import com.ibm.security.jgss.spi.GSSCredentialSpi;
import com.ibm.security.jgss.spi.GSSNameSpi;
import com.ibm.security.krb5.Credentials;
import com.ibm.security.krb5.EncryptedData;
import com.ibm.security.krb5.EncryptionKey;
import com.ibm.security.krb5.KrbException;
import com.ibm.security.krb5.PrincipalName;
import com.ibm.security.krb5.internal.RealmException;
import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.Provider;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:jre/lib/ibmjgssprovider.jar:com/ibm/security/jgss/mech/krb5/y.class */
public class y implements GSSCredentialSpi {
    private Credentials a;
    private int b;
    private boolean c;
    private long d;
    private long e;
    private long f;
    private GSSNameSpi g;
    private GSSNameSpi h;
    private boolean i;
    private Debug j;
    private GSSCaller k;
    private static final String[] z = null;

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public Provider getProvider() {
        return Krb5MechFactory.a();
    }

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public void dispose() throws GSSException {
        this.i = true;
        this.g = null;
        this.a = null;
    }

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public GSSNameSpi getName() throws GSSException {
        return this.g;
    }

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public int getInitLifetime() throws GSSException {
        if (this.i) {
            I18NException.throwGSSException(16, 0, z[5]);
        }
        if (!isInitiatorCredential()) {
            this.j.out(5, z[6]);
            return 0;
        }
        if (this.e == 2147483647L) {
            return Integer.MAX_VALUE;
        }
        long currentTimeMillis = (this.f + this.e) - (System.currentTimeMillis() / 1000);
        if (currentTimeMillis < 0) {
            currentTimeMillis = 0;
        }
        return (int) currentTimeMillis;
    }

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public int getAcceptLifetime() throws GSSException {
        if (this.i) {
            I18NException.throwGSSException(16, 0, z[5]);
        }
        if (!isAcceptorCredential()) {
            this.j.out(5, z[70]);
            return 0;
        }
        if (this.d == 2147483647L) {
            return Integer.MAX_VALUE;
        }
        long currentTimeMillis = (this.f + this.d) - (System.currentTimeMillis() / 1000);
        if (currentTimeMillis < 0) {
            currentTimeMillis = 0;
        }
        return (int) currentTimeMillis;
    }

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public boolean isInitiatorCredential() throws GSSException {
        return this.b == 1 || this.b == 0;
    }

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public boolean isAcceptorCredential() throws GSSException {
        return this.b == 2 || this.b == 0;
    }

    @Override // com.ibm.security.jgss.spi.GSSCredentialSpi
    public Oid getMechanism() {
        return Krb5MechFactory.b();
    }

    public y(GSSCaller gSSCaller, GSSNameSpi gSSNameSpi, int i, int i2, int i3) throws GSSException {
        this.a = null;
        this.b = 1;
        this.c = false;
        this.d = 0L;
        this.e = 0L;
        this.f = 0L;
        this.g = null;
        this.h = null;
        this.i = false;
        this.j = new Debug(null);
        this.k = GSSCaller.CALLER_UNKNOWN;
        this.k = gSSCaller;
        a(gSSNameSpi, (GSSNameSpi) null, i, i2, i3);
    }

    public y(GSSNameSpi gSSNameSpi, int i, int i2, int i3) throws GSSException {
        this.a = null;
        this.b = 1;
        this.c = false;
        this.d = 0L;
        this.e = 0L;
        this.f = 0L;
        this.g = null;
        this.h = null;
        this.i = false;
        this.j = new Debug(null);
        this.k = GSSCaller.CALLER_UNKNOWN;
        a(gSSNameSpi, (GSSNameSpi) null, i, i2, i3);
    }

    public y(GSSNameSpi gSSNameSpi, GSSNameSpi gSSNameSpi2, int i, int i2, int i3, boolean z2) throws GSSException {
        this.a = null;
        this.b = 1;
        this.c = false;
        this.d = 0L;
        this.e = 0L;
        this.f = 0L;
        this.g = null;
        this.h = null;
        this.i = false;
        this.j = new Debug(null);
        this.k = GSSCaller.CALLER_UNKNOWN;
        this.c = z2;
        a(gSSNameSpi, gSSNameSpi2, i, i2, i3);
    }

    public y(GSSNameSpi gSSNameSpi, GSSNameSpi gSSNameSpi2, int i, int i2, int i3) throws GSSException {
        this.a = null;
        this.b = 1;
        this.c = false;
        this.d = 0L;
        this.e = 0L;
        this.f = 0L;
        this.g = null;
        this.h = null;
        this.i = false;
        this.j = new Debug(null);
        this.k = GSSCaller.CALLER_UNKNOWN;
        a(gSSNameSpi, gSSNameSpi2, i, i2, i3);
    }

    private void a(GSSNameSpi gSSNameSpi, GSSNameSpi gSSNameSpi2, int i, int i2, int i3) throws GSSException {
        if (gSSNameSpi2 != null) {
            try {
                this.h = gSSNameSpi2;
            } catch (GSSException e) {
                throw e;
            } catch (Exception e2) {
                I18NException.throwGSSException(11, 0, z[4], new String[]{e2.toString()});
                return;
            }
        }
        this.a = a(gSSNameSpi, i3);
        this.g = new fb(this.a.getClient());
        this.j.out(5, z[3] + this.g);
        this.f = System.currentTimeMillis() / 1000;
        a(i3, i, i2, this.f, this.a);
        this.b = i3;
        b();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public y(int i) throws GSSException {
        this(null, 0, 0, i);
    }

    private void a(long j, long j2) throws GSSException {
        this.j.out(5, z[61] + j2 + z[1]);
        if (j2 == 0) {
            this.e = j;
        } else if (j2 <= 0) {
            I18NException.throwGSSException(11, 0, z[2]);
        } else {
            this.e = Math.min(j, j2);
        }
    }

    private void b(long j, long j2) throws GSSException {
        this.j.out(5, z[0] + j2 + z[1]);
        if (j2 == 0) {
            this.d = 2147483647L;
        } else if (j2 <= 0) {
            I18NException.throwGSSException(11, 0, z[2]);
        } else {
            this.d = j2;
        }
    }

    private void a(int i, long j, long j2, long j3, Credentials credentials) throws GSSException {
        long j4;
        if (credentials == null) {
            I18NException.throwGSSException(13, 0, z[69]);
        }
        if (credentials.getEndTime() != null) {
            long time = credentials.getEndTime().getTime() / 1000;
            if (this.j.on(5)) {
                this.j.out(5, z[67] + time + z[30] + new Date(time * 1000));
            }
            if (time <= j3) {
                I18NException.throwGSSException(8, 0, z[65]);
            }
            j4 = time - (System.currentTimeMillis() / 1000);
            this.j.out(5, z[68] + j4 + z[1]);
        } else {
            j4 = 86400;
            this.j.out(5, z[66] + 86400L + z[1]);
        }
        if (j4 <= 0) {
            I18NException.throwGSSException(8, 0, z[65]);
        }
        if (i == 1) {
            a(j4, j);
            return;
        }
        if (i == 2) {
            b(j4, j2);
        } else if (i != 0) {
            I18NException.throwGSSException(11, 0, z[27], new Integer[]{new Integer(i)});
        } else {
            a(j4, j);
            b(j4, j2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Credentials a() {
        return this.a;
    }

    private Credentials a(GSSNameSpi gSSNameSpi, int i) throws GSSException {
        Credentials credentials = null;
        if ((this.k instanceof HttpCaller) && (i == 1 || i == 0)) {
            this.j.out(5, z[17] + gSSNameSpi);
            KerberosTicket kerberosTicket = (KerberosTicket) lb.a(Subject.getSubject(AccessController.getContext()), null, null, KerberosTicket.class);
            if (kerberosTicket == null && !GSSUtil.useSubjectCredsOnly()) {
                try {
                    kerberosTicket = (KerberosTicket) lb.a(GSSUtil.login(this.k, GSSUtil.GSS_KRB5_MECH_OID), null, null, KerberosTicket.class);
                } catch (LoginException e) {
                    this.j.out(5, z[20]);
                    GSSException gSSException = new GSSException(13);
                    gSSException.initCause(e);
                    throw gSSException;
                }
            }
            try {
                credentials = a(kerberosTicket);
            } catch (KrbException e2) {
                this.j.out(5, z[22]);
            } catch (IOException e3) {
                this.j.out(5, z[22]);
            }
            if (credentials != null) {
                this.j.out(5, z[28]);
                return credentials;
            }
        }
        if (GSSManagerImpl.useSubjectCredsOnly()) {
            if (i == 1) {
                this.j.out(5, z[29] + GSSManagerImpl.useAllCreds());
                credentials = c(gSSNameSpi, !GSSManagerImpl.useAllCreds());
                if (credentials == null && GSSManagerImpl.useAllCreds()) {
                    this.j.out(5, z[25]);
                    credentials = a(gSSNameSpi, true);
                }
            } else if (i == 2) {
                this.j.out(5, z[26]);
                credentials = b(gSSNameSpi, true);
            } else if (i == 0) {
                this.j.out(5, z[23] + GSSManagerImpl.useAllCreds());
                this.k = this.k == GSSCaller.CALLER_UNKNOWN ? GSSCaller.CALLER_ACCEPT : this.k;
                credentials = a(gSSNameSpi);
                if (credentials == null && GSSManagerImpl.useAllCreds()) {
                    this.j.out(5, z[25]);
                    credentials = a(gSSNameSpi, true);
                }
            } else {
                I18NException.throwGSSException(11, 0, z[27], new Integer[]{new Integer(i)});
            }
        } else if (i == 1) {
            this.j.out(5, z[18] + GSSManagerImpl.useAllCreds());
            credentials = a(gSSNameSpi, 1 == 0);
            if (credentials == null) {
                this.j.out(5, z[21]);
                credentials = c(gSSNameSpi, 1 == 0);
            }
            if (credentials == null) {
                this.j.out(5, z[16]);
                credentials = a(gSSNameSpi);
            }
        } else if (i == 2) {
            this.j.out(5, z[24]);
            credentials = b(gSSNameSpi, true);
        } else if (i == 0) {
            this.j.out(5, z[19]);
            try {
                credentials = a(new fb(b(gSSNameSpi, true).getClient()), 1 == 0);
            } catch (Exception e4) {
                credentials = a((GSSNameSpi) null, 1 == 0);
            }
            c(gSSNameSpi, true);
        } else {
            I18NException.throwGSSException(11, 0, z[27], new Integer[]{new Integer(i)});
        }
        return credentials;
    }

    private Credentials a(GSSNameSpi gSSNameSpi, boolean z2) throws GSSException {
        Credentials credentials = null;
        String str = null;
        try {
            if (gSSNameSpi == null) {
                this.j.out(5, z[44]);
                credentials = Credentials.acquireDefaultCreds();
            } else {
                str = gSSNameSpi.toString();
                this.j.out(5, z[48] + str);
                credentials = Credentials.acquireCreds(str, null);
                if (credentials != null && !credentials.getClient().toString().equals(str)) {
                    this.j.out(5, z[46] + credentials.getClient().toString());
                    credentials = null;
                }
            }
        } catch (Exception e) {
            if (z2) {
                I18NException.throwGSSException(11, 0, z[47], new String[]{e.toString()});
            }
        }
        if (credentials == null && z2) {
            String str2 = z[45];
            String[] strArr = new String[1];
            strArr[0] = str == null ? z[11] : str;
            I18NException.throwGSSException(13, 0, str2, strArr);
        }
        if (credentials != null) {
            this.j.out(5, z[49]);
        }
        return credentials;
    }

    private Credentials b(GSSNameSpi gSSNameSpi, boolean z2) throws GSSException {
        Credentials credentials = null;
        String str = null;
        String str2 = null;
        if (gSSNameSpi != null) {
            try {
                str = gSSNameSpi.toString();
            } catch (RealmException e) {
                if (z2) {
                    I18NException.throwGSSException(11, 0, z[62], new String[]{e.getMessage()});
                }
            } catch (IllegalArgumentException e2) {
                if (z2) {
                    I18NException.throwGSSException(11, 0, z[62], new String[]{e2.getMessage()});
                }
            }
        }
        str2 = str == null ? z[63] : str;
        this.j.out(5, z[64] + str2);
        ServiceCreds serviceCreds = null;
        try {
            serviceCreds = (ServiceCreds) AccessController.doPrivileged(new z(this, str, AccessController.getContext()));
        } catch (PrivilegedActionException e3) {
            I18NException.throwGSSException(13, 0, z[7], new String[]{str2});
        }
        if (serviceCreds == null) {
            I18NException.throwGSSException(13, 0, z[7], new String[]{str2});
        }
        if (str == null || str.equals("")) {
            str = serviceCreds.getName();
        }
        credentials = new Credentials(str, serviceCreds);
        if (credentials == null && z2) {
            I18NException.throwGSSException(11, 0, z[45], new String[]{str2});
        }
        return credentials;
    }

    private void a(Credentials credentials) throws GSSException {
        if (GSSManagerImpl.useSubjectCredsOnly()) {
            EncryptionKey sessionKey = credentials.getSessionKey();
            Subject subject = (Subject) AccessController.doPrivileged(new ab(this, AccessController.getContext()));
            if (subject == null || subject.isReadOnly()) {
                this.j.out(4, z[56]);
                return;
            }
            KerberosTicket kerberosTicket = new KerberosTicket(credentials.getEncoded(), new KerberosPrincipal(credentials.getClient().toString()), new KerberosPrincipal(credentials.getServer().toString()), sessionKey.getBytes(), sessionKey.getEType(), credentials.getFlags(), credentials.getAuthTime(), credentials.getStartTime(), credentials.getEndTime(), credentials.getRenewTill(), credentials.getClientAddresses());
            EncryptionKey[] serviceKeys = credentials.getServiceKeys();
            KerberosKey[] kerberosKeyArr = null;
            if (serviceKeys != null) {
                kerberosKeyArr = new KerberosKey[serviceKeys.length];
                for (int i = 0; i < serviceKeys.length; i++) {
                    Integer keyVersionNumber = serviceKeys[i].getKeyVersionNumber();
                    kerberosKeyArr[i] = new KerberosKey(new KerberosPrincipal(credentials.getClient().toString()), serviceKeys[i].getBytes(), serviceKeys[i].getEType(), keyVersionNumber != null ? keyVersionNumber.intValue() : 0);
                }
            }
            AccessController.doPrivileged(new bb(this, subject, kerberosTicket));
            if (kerberosKeyArr != null) {
                if (this.j.on(4)) {
                    this.j.out(4, z[60] + kerberosKeyArr.length + z[58]);
                }
                int i2 = 0;
                Set<Object> privateCredentials = subject.getPrivateCredentials();
                synchronized (privateCredentials) {
                    for (int i3 = 0; i3 < kerberosKeyArr.length; i3++) {
                        if (privateCredentials.add(kerberosKeyArr[i3])) {
                            i2++;
                            if (this.j.on(4)) {
                                this.j.out(4, z[53] + EncryptedData.encTypeToString(kerberosKeyArr[i3].getKeyType()));
                            }
                        } else if (this.j.on(4)) {
                            this.j.out(4, z[55] + EncryptedData.encTypeToString(kerberosKeyArr[i3].getKeyType()) + z[52]);
                        }
                    }
                    if (this.j.on(4)) {
                        this.j.out(4, z[59] + i2 + z[57]);
                    }
                }
            }
            this.j.out(4, z[54]);
        }
    }

    private Credentials c(GSSNameSpi gSSNameSpi, boolean z2) throws GSSException {
        Credentials credentials = null;
        String str = null;
        String str2 = null;
        if (gSSNameSpi != null) {
            if (gSSNameSpi instanceof fb) {
                str = gSSNameSpi.toString();
                String b = ((fb) gSSNameSpi).b();
                str2 = z[10] + b + "@" + b;
            } else if (z2) {
                I18NException.throwGSSException(11, 0, z[12]);
            }
        }
        this.j.out(5, z[14] + (gSSNameSpi == null ? z[13] : str));
        KerberosTicket kerberosTicket = null;
        try {
            kerberosTicket = (KerberosTicket) AccessController.doPrivileged(new db(this, AccessController.getContext(), str, str2));
        } catch (PrivilegedActionException e) {
            if (z2) {
                throw ((GSSException) e.getException());
            }
        }
        if (kerberosTicket != null) {
            try {
                credentials = a(kerberosTicket);
            } catch (KrbException e2) {
                if (z2) {
                    I18NException.throwGSSException(13, 0, z[15], new String[]{e2.toString()});
                }
            } catch (Exception e3) {
                if (z2) {
                    I18NException.throwGSSException(13, 0, z[8], new String[]{e3.toString()});
                }
            }
        }
        if (credentials == null && z2) {
            String str3 = z[7];
            String[] strArr = new String[1];
            strArr[0] = str == null ? z[11] : str.toString();
            I18NException.throwGSSException(13, 0, str3, strArr);
        }
        if (credentials != null) {
            this.j.out(5, z[9]);
        }
        return credentials;
    }

    private Credentials a(KerberosTicket kerberosTicket) throws KrbException, IOException {
        Credentials credentials = null;
        if (kerberosTicket != null) {
            credentials = new Credentials(kerberosTicket.getEncoded(), kerberosTicket.getClient().getName(), kerberosTicket.getServer().getName(), kerberosTicket.getSessionKey().getEncoded(), kerberosTicket.getSessionKeyType(), kerberosTicket.getFlags(), kerberosTicket.getAuthTime(), kerberosTicket.getStartTime(), kerberosTicket.getEndTime(), kerberosTicket.getRenewTill(), kerberosTicket.getClientAddresses());
        }
        return credentials;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public y(Credentials credentials) throws GSSException {
        this.a = null;
        this.b = 1;
        this.c = false;
        this.d = 0L;
        this.e = 0L;
        this.f = 0L;
        this.g = null;
        this.h = null;
        this.i = false;
        this.j = new Debug(null);
        this.k = GSSCaller.CALLER_UNKNOWN;
        this.b = 1;
        this.f = System.currentTimeMillis() / 1000;
        a(this.b, 0L, 0L, this.f, credentials);
        this.a = credentials;
        this.g = new fb(this.a.getClient());
        b();
    }

    public String toString() {
        String str;
        try {
            PropertyResource generalInstance = PropertyResource.getGeneralInstance();
            String string = generalInstance.getString(z[40]);
            String oid = getMechanism().toString();
            String gSSNameSpi = this.g != null ? this.g.toString() : string;
            String a = a(this.b);
            String format = this.f > 0 ? new SimpleDateFormat().format(new Date(this.f * 1000)) : string;
            String string2 = generalInstance.getString(z[37]);
            String str2 = null;
            String str3 = null;
            if (isInitiatorCredential()) {
                int initLifetime = getInitLifetime();
                str2 = initLifetime == Integer.MAX_VALUE ? string2 : initLifetime > 0 ? generalInstance.getFormattedString(z[41], new Integer[]{new Integer(initLifetime)}) : generalInstance.getString(z[39]);
            }
            if (str2 == null) {
                str2 = string;
            }
            if (isAcceptorCredential()) {
                int acceptLifetime = getAcceptLifetime();
                str3 = acceptLifetime == Integer.MAX_VALUE ? string2 : acceptLifetime > 0 ? generalInstance.getFormattedString(z[41], new Integer[]{new Integer(acceptLifetime)}) : generalInstance.getString(z[39]);
            }
            if (str3 == null) {
                str3 = string;
            }
            String str4 = null;
            String str5 = null;
            if (this.a != null) {
                PrincipalName client = this.a.getClient();
                if (client != null) {
                    str4 = client.toString();
                }
                PrincipalName server = this.a.getServer();
                if (server != null) {
                    str5 = server.toString();
                }
            }
            if (str4 == null) {
                str4 = string;
            }
            if (str5 == null) {
                str5 = string;
            }
            str = generalInstance.getFormattedString(z[43], new String[]{oid, gSSNameSpi, a, format, str2, str3, str4, str5});
        } catch (Exception e) {
            this.j.out(5, z[42] + e.toString());
            str = z[38];
        }
        return str;
    }

    private static String a(int i) throws GSSException {
        String str = z[35];
        switch (i) {
            case 0:
                str = z[34];
                break;
            case 1:
                str = z[35];
                break;
            case 2:
                str = z[36];
                break;
            default:
                I18NException.throwGSSException(11, 0, z[27], new Integer[]{new Integer(i)});
                break;
        }
        return PropertyResource.getGeneralInstance().getString(str);
    }

    private void b() {
        if (this.j.on(5)) {
            this.j.out(5, z[32] + this.f + z[30] + new Date(this.f * 1000).toString());
            if (this.b == 1) {
                this.j.out(5, z[31] + a(this.e));
                return;
            }
            if (this.b == 2) {
                this.j.out(5, z[33] + a(this.d));
            } else if (this.b == 0) {
                this.j.out(5, z[31] + a(this.e));
                this.j.out(5, z[33] + a(this.d));
            }
        }
    }

    private String a(long j) {
        return j == 2147483647L ? z[51] : String.valueOf(j) + z[1];
    }

    private Credentials a(GSSNameSpi gSSNameSpi) throws GSSException {
        Credentials credentials = null;
        String str = null;
        String str2 = null;
        if (gSSNameSpi != null && (gSSNameSpi instanceof fb)) {
            str = gSSNameSpi.toString();
            String b = ((fb) gSSNameSpi).b();
            str2 = z[10] + b + "@" + b;
        }
        this.j.out(5, z[50] + (gSSNameSpi == null ? z[13] : str));
        KerberosTicket kerberosTicket = null;
        try {
            kerberosTicket = (KerberosTicket) AccessController.doPrivileged(new cb(this, this.k == GSSCaller.CALLER_UNKNOWN ? GSSCaller.CALLER_INITIATE : this.k, str, str2, AccessController.getContext()));
        } catch (PrivilegedActionException e) {
            I18NException.throwGSSException(11, 0, z[47], new String[]{e.toString()});
        }
        if (kerberosTicket != null) {
            try {
                credentials = a(kerberosTicket);
            } catch (Exception e2) {
                I18NException.throwGSSException(11, 0, z[47], new String[]{e2.toString()});
            }
        }
        if (credentials != null) {
            this.j.out(5, z[49]);
        }
        return credentials;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GSSCaller a(y yVar) {
        return yVar.k;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Debug b(y yVar) {
        return yVar.j;
    }
}
