package org.apache.harmony.auth.jgss.kerberos;

import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.harmony.auth.jgss.kerberos.toolbox.KerberosToolboxSpi;
import org.apache.harmony.javax.security.auth.RefreshFailedException;
import org.apache.harmony.javax.security.auth.kerberos.KerberosKey;
import org.apache.harmony.javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.harmony.javax.security.auth.kerberos.KerberosTicket;
import org.apache.harmony.javax.security.auth.kerberos.ServicePermission;
import org.apache.harmony.javax.security.auth.login.LoginContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: classes2.dex */
public class KerberosUtils {
    public static final String DEFAULT_CHARSET_NAME = "UTF-8";
    public static final int DEFAULT_GSSEXCEPTION_MAJOR_CODE = 3;
    public static final int DEFAULT_GSSEXCEPTION_MINOR_CODE = 0;
    public static final String KERBEROS_CONTEXT_ACCEPT = "org.apache.harmony.auth.jgss.accept";
    public static final String KERBEROS_CONTEXT_INIT = "org.apache.harmony.auth.jgss.initiate";
    public static final String KERBEROS_TOOLBOX_PROVIDER = "org.apache.harmony.auth.jgss.kerberos.toolbox.KerberosToolboxImpl";
    public static final Oid KRB5_MECH;
    public static final Oid KRB5_PRINCIPAL_NAMETYPE;
    public static final String SERVICE_PERMISSION_ACTION_ACCEPT = "accept";
    public static final String SERVICE_PERMISSION_ACTION_INITIATE = "initiate";
    public static final String[] SUPPORTED_KEY_ENCRYPT = {"DES"};
    public static final Oid[] SUPPORTED_NAME_MECHS;

    static {
        try {
            KRB5_MECH = new Oid("1.2.840.113554.1.2.2");
            KRB5_PRINCIPAL_NAMETYPE = new Oid("1.2.840.113554.1.2.2.1");
            SUPPORTED_NAME_MECHS = new Oid[]{GSSName.NT_USER_NAME, GSSName.NT_HOSTBASED_SERVICE, GSSName.NT_EXPORT_NAME, KRB5_PRINCIPAL_NAMETYPE};
        } catch (GSSException unused) {
            throw new Error();
        }
    }

    public static void checkServerKeyServicePermission(KerberosKey kerberosKey) {
        checkServicePermission(kerberosKey.getPrincipal(), SERVICE_PERMISSION_ACTION_ACCEPT);
    }

    public static void checkServicePermission(KerberosPrincipal kerberosPrincipal, String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager == null) {
            return;
        }
        securityManager.checkPermission(new ServicePermission(kerberosPrincipal.getName(), str));
    }

    public static void checkTGTServicePermission(KerberosTicket kerberosTicket) {
        checkServicePermission(kerberosTicket.getServer(), SERVICE_PERMISSION_ACTION_INITIATE);
    }

    private static KerberosTicket getKerberosTicketFromContext(final KerberosPrincipal kerberosPrincipal, final KerberosPrincipal kerberosPrincipal2) {
        KerberosTicket kerberosTicket = (KerberosTicket) AccessController.doPrivileged(new PrivilegedAction<KerberosTicket>() { // from class: org.apache.harmony.auth.jgss.kerberos.KerberosUtils.1
            @Override // java.security.PrivilegedAction
            public KerberosTicket run() {
                return KerberosUtils.getTicketFromSubject(Subject.getSubject(AccessController.getContext()), KerberosPrincipal.this, kerberosPrincipal2);
            }
        }, AccessController.getContext());
        if (kerberosTicket != null) {
            checkTGTServicePermission(kerberosTicket);
        }
        return kerberosTicket;
    }

    public static KerberosToolboxSpi getKerberosToolbox(String str) throws Exception {
        return (KerberosToolboxSpi) Class.forName(KERBEROS_TOOLBOX_PROVIDER).getConstructor(String.class).newInstance(str);
    }

    public static KerberosKey[] getKeys(KerberosPrincipal kerberosPrincipal) {
        KerberosKey[] keysFromContext = kerberosPrincipal != null ? getKeysFromContext(kerberosPrincipal) : null;
        return keysFromContext != null ? keysFromContext : getKeysFromLoginModule(kerberosPrincipal);
    }

    private static KerberosKey[] getKeysFromContext(final KerberosPrincipal kerberosPrincipal) {
        KerberosKey[] kerberosKeyArr = (KerberosKey[]) AccessController.doPrivileged(new PrivilegedAction<KerberosKey[]>() { // from class: org.apache.harmony.auth.jgss.kerberos.KerberosUtils.2
            @Override // java.security.PrivilegedAction
            public KerberosKey[] run() {
                return KerberosUtils.getKeysFromSubject(Subject.getSubject(AccessController.getContext()), KerberosPrincipal.this);
            }
        }, AccessController.getContext());
        if (kerberosKeyArr.length <= 0) {
            return null;
        }
        checkServerKeyServicePermission(kerberosKeyArr[0]);
        return kerberosKeyArr;
    }

    private static KerberosKey[] getKeysFromLoginModule(KerberosPrincipal kerberosPrincipal) {
        try {
            LoginContext loginContext = new LoginContext(KERBEROS_CONTEXT_ACCEPT);
            loginContext.login();
            Subject subject = loginContext.getSubject();
            if (kerberosPrincipal == null) {
                kerberosPrincipal = getPrincipalFromContext();
            }
            return getKeysFromSubject(subject, kerberosPrincipal);
        } catch (LoginException e) {
            e.printStackTrace();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KerberosKey[] getKeysFromSubject(Subject subject, KerberosPrincipal kerberosPrincipal) {
        Set<KerberosKey> privateCredentials = subject.getPrivateCredentials(KerberosKey.class);
        ArrayList arrayList = new ArrayList();
        for (KerberosKey kerberosKey : privateCredentials) {
            if (kerberosPrincipal.equals(kerberosKey.getPrincipal())) {
                arrayList.add(kerberosKey);
            }
        }
        return (KerberosKey[]) arrayList.toArray(new KerberosKey[arrayList.size()]);
    }

    private static KerberosPrincipal getPrincipalFromContext() {
        return (KerberosPrincipal) AccessController.doPrivileged(new PrivilegedAction<KerberosPrincipal>() { // from class: org.apache.harmony.auth.jgss.kerberos.KerberosUtils.3
            @Override // java.security.PrivilegedAction
            public KerberosPrincipal run() {
                Set principals = Subject.getSubject(AccessController.getContext()).getPrincipals(KerberosPrincipal.class);
                if (principals.size() == 0) {
                    return null;
                }
                return (KerberosPrincipal) principals.iterator().next();
            }
        }, AccessController.getContext());
    }

    public static KerberosTicket getTGT(KerberosPrincipal kerberosPrincipal) {
        KerberosTicket kerberosTicketFromContext = kerberosPrincipal != null ? getKerberosTicketFromContext(kerberosPrincipal, getTGTServerPrincipal(kerberosPrincipal)) : null;
        return kerberosTicketFromContext != null ? kerberosTicketFromContext : getTGTFromLoginModule(kerberosPrincipal);
    }

    private static KerberosTicket getTGTFromLoginModule(KerberosPrincipal kerberosPrincipal) {
        try {
            LoginContext loginContext = new LoginContext(KERBEROS_CONTEXT_INIT);
            loginContext.login();
            Subject subject = loginContext.getSubject();
            if (kerberosPrincipal == null) {
                kerberosPrincipal = getPrincipalFromContext();
            }
            return getTicketFromSubject(subject, kerberosPrincipal, getTGTServerPrincipal(kerberosPrincipal));
        } catch (LoginException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static KerberosPrincipal getTGTServerPrincipal(KerberosPrincipal kerberosPrincipal) {
        String realm = kerberosPrincipal.getRealm();
        return new KerberosPrincipal("krbtgt/" + realm + "@" + realm);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KerberosTicket getTicketFromSubject(Subject subject, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2) {
        if (subject == null) {
            return null;
        }
        Set privateCredentials = subject.getPrivateCredentials(KerberosTicket.class);
        Iterator it = privateCredentials.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KerberosTicket kerberosTicket = (KerberosTicket) it.next();
            if (kerberosPrincipal.equals(kerberosTicket.getClient()) && kerberosPrincipal2.equals(kerberosTicket.getServer())) {
                if (isCurrent(kerberosTicket)) {
                    return kerberosTicket;
                }
                privateCredentials.remove(kerberosTicket);
            }
        }
        return null;
    }

    private static boolean isCurrent(KerberosTicket kerberosTicket) {
        if (kerberosTicket.isCurrent()) {
            return true;
        }
        try {
            try {
                kerberosTicket.refresh();
                return true;
            } catch (RefreshFailedException unused) {
                kerberosTicket.destroy();
                return false;
            }
        } catch (DestroyFailedException e) {
            e.printStackTrace();
            return false;
        }
    }
}
