package jcifs.smb;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import javax.security.auth.Subject;
import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.spnego.NegTokenInit;
import jcifs.spnego.SpnegoConstants;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.ietf.jgss.GSSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class Kerb5Authenticator extends NtlmPasswordAuthenticator {
    private static final String DEFAULT_SERVICE = "cifs";
    private static final long serialVersionUID = 1999400043787454432L;
    private boolean canFallback;
    private int contextLifetime;
    private boolean forceFallback;
    private String realm;
    private String service;
    private Subject subject;
    private String user;
    private int userLifetime;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) Kerb5Authenticator.class);
    private static final Set<ASN1ObjectIdentifier> PREFERRED_MECHS = new HashSet();

    static {
        PREFERRED_MECHS.add(new ASN1ObjectIdentifier("1.2.840.113554.1.2.2"));
        PREFERRED_MECHS.add(new ASN1ObjectIdentifier(SpnegoConstants.LEGACY_KERBEROS_MECHANISM));
    }

    public Kerb5Authenticator(Subject subject) {
        this.subject = null;
        this.user = null;
        this.realm = null;
        this.service = DEFAULT_SERVICE;
        this.userLifetime = 0;
        this.contextLifetime = 0;
        this.canFallback = false;
        this.subject = subject;
    }

    public Kerb5Authenticator(Subject subject, String str, String str2, String str3) {
        super(str, str2, str3);
        this.subject = null;
        this.user = null;
        this.realm = null;
        this.service = DEFAULT_SERVICE;
        this.userLifetime = 0;
        this.contextLifetime = 0;
        this.canFallback = false;
        this.canFallback = true;
        this.subject = subject;
    }

    public static void cloneInternal(Kerb5Authenticator kerb5Authenticator, Kerb5Authenticator kerb5Authenticator2) {
        NtlmPasswordAuthenticator.cloneInternal(kerb5Authenticator, kerb5Authenticator2);
        kerb5Authenticator.setUser(kerb5Authenticator2.getUser());
        kerb5Authenticator.setRealm(kerb5Authenticator2.getRealm());
        kerb5Authenticator.setService(kerb5Authenticator2.getService());
        kerb5Authenticator.setLifeTime(kerb5Authenticator2.getLifeTime());
        kerb5Authenticator.setUserLifeTime(kerb5Authenticator2.getUserLifeTime());
        kerb5Authenticator.canFallback = kerb5Authenticator2.canFallback;
        kerb5Authenticator.forceFallback = kerb5Authenticator2.forceFallback;
    }

    private SpnegoContext createContext(CIFSContext cIFSContext, String str, String str2) throws GSSException {
        return new SpnegoContext(cIFSContext.getConfig(), new Kerb5Context(str2, this.service, this.user, this.userLifetime, this.contextLifetime, str != null ? str.toUpperCase(Locale.ROOT) : null));
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, jcifs.smb.CredentialsInternal
    public Kerb5Authenticator clone() {
        Kerb5Authenticator kerb5Authenticator = new Kerb5Authenticator(getSubject());
        cloneInternal(kerb5Authenticator, this);
        return kerb5Authenticator;
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, jcifs.smb.CredentialsInternal
    public SSPContext createContext(CIFSContext cIFSContext, String str, String str2, byte[] bArr, boolean z) throws SmbException {
        if (str2.indexOf(46) < 0 && str2.toUpperCase(Locale.ROOT).equals(str2)) {
            throw new SmbUnsupportedOperationException("Cannot use netbios/short names with kerberos authentication, have " + str2);
        }
        try {
            NegTokenInit negTokenInit = new NegTokenInit(bArr);
            if (log.isDebugEnabled()) {
                log.debug("Have initial token " + negTokenInit);
            }
            if (negTokenInit.getMechanisms() != null) {
                HashSet hashSet = new HashSet(Arrays.asList(negTokenInit.getMechanisms()));
                boolean z2 = false;
                for (ASN1ObjectIdentifier aSN1ObjectIdentifier : Kerb5Context.SUPPORTED_MECHS) {
                    z2 |= hashSet.contains(aSN1ObjectIdentifier);
                }
                if ((!z2 || this.forceFallback) && this.canFallback && cIFSContext.getConfig().isAllowNTLMFallback()) {
                    log.debug("Falling back to NTLM authentication");
                    return super.createContext(cIFSContext, str, str2, bArr, z);
                }
                if (!z2) {
                    throw new SmbUnsupportedOperationException("Server does not support kerberos authentication");
                }
            }
        } catch (SmbException e) {
            throw e;
        } catch (IOException e2) {
            log.debug("Ignoring invalid initial token", (Throwable) e2);
        }
        try {
            return createContext(cIFSContext, str, str2);
        } catch (GSSException e3) {
            throw new SmbException("Context setup failed", (Throwable) e3);
        }
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, java.security.Principal
    public boolean equals(Object obj) {
        if (obj == null || !(obj instanceof Kerb5Authenticator)) {
            return false;
        }
        return Objects.equals(getSubject(), ((Kerb5Authenticator) obj).getSubject());
    }

    public int getLifeTime() {
        return this.contextLifetime;
    }

    public String getRealm() {
        return this.realm;
    }

    public String getService() {
        return this.service;
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, jcifs.smb.CredentialsInternal
    public Subject getSubject() {
        return this.subject;
    }

    public String getUser() {
        return this.user;
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, jcifs.Credentials
    public String getUserDomain() {
        if (this.realm == null && getSubject() != null) {
            Iterator<Principal> it = getSubject().getPrincipals().iterator();
            while (it.hasNext()) {
                try {
                    return it.next().getRealm();
                } catch (Exception e) {
                }
            }
        }
        return this.realm != null ? this.realm : super.getUserDomain();
    }

    public int getUserLifeTime() {
        return this.userLifetime;
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, java.security.Principal
    public int hashCode() {
        return super.hashCode();
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, jcifs.Credentials
    public boolean isAnonymous() {
        return getSubject() == null && super.isAnonymous();
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator
    public boolean isPreferredMech(ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        return isAnonymous() ? super.isPreferredMech(aSN1ObjectIdentifier) : PREFERRED_MECHS.contains(aSN1ObjectIdentifier);
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, jcifs.smb.CredentialsInternal
    public void refresh() throws CIFSException {
        throw new SmbUnsupportedOperationException("Refreshing credentials is not supported by this authenticator");
    }

    public void setForceFallback(boolean z) {
        this.forceFallback = z;
    }

    public void setLifeTime(int i) {
        this.contextLifetime = i;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void setService(String str) {
        this.service = str;
    }

    protected void setSubject(Subject subject) {
        this.subject = subject;
    }

    public void setUser(String str) {
        this.user = str;
    }

    public void setUserLifeTime(int i) {
        this.userLifetime = i;
    }

    @Override // jcifs.smb.NtlmPasswordAuthenticator, java.security.Principal
    public String toString() {
        return "Kerb5Authenticatior[subject=" + (getSubject() != null ? getSubject().getPrincipals() : null) + ",user=" + this.user + ",realm=" + this.realm + "]";
    }
}
