package com.huawei.security.jgss.krb5;

import com.huawei.auth.kerberos.ExKerberosPrincipal;
import com.huawei.security.auth.kerberos.ExKerberosTicket;
import com.huawei.security.jgss.GSSCaller;
import com.huawei.security.jgss.spi.GSSNameSpi;
import com.huawei.security.krb5.EncryptionKey;
import com.huawei.security.krb5.ExConfig;
import com.huawei.security.krb5.ExCredentials;
import com.huawei.security.krb5.ExPrincipalName;
import com.huawei.security.krb5.KrbException;
import java.io.IOException;
import java.net.InetAddress;
import java.security.AccessController;
import java.security.Provider;
import java.util.Date;
import java.util.Map;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.login.LoginException;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/huawei/security/jgss/krb5/ExKrb5InitCredential.class */
public class ExKrb5InitCredential extends ExKerberosTicket implements Krb5CredElement {
    private static final long serialVersionUID = 7723415700837898232L;
    private ExKrb5NameElement name;
    private ExCredentials krb5Credentials;
    private Map<String, ?> props;

    private ExKrb5InitCredential(ExKrb5NameElement exKrb5NameElement, byte[] bArr, ExKerberosPrincipal exKerberosPrincipal, ExKerberosPrincipal exKerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr, Map<String, ?> map) throws GSSException {
        super(bArr, exKerberosPrincipal, exKerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr, (String) map.get("confKey"));
        this.name = exKrb5NameElement;
        this.props = map;
        try {
            this.krb5Credentials = new ExCredentials(bArr, exKerberosPrincipal.getName(), exKerberosPrincipal2.getName(), bArr2, i, zArr, date, date2, date3, date4, inetAddressArr, null, (String) this.props.get("confKey"));
        } catch (KrbException e) {
            throw new GSSException(13, -1, e.getMessage());
        } catch (IOException e2) {
            throw new GSSException(13, -1, e2.getMessage());
        }
    }

    private ExKrb5InitCredential(ExKrb5NameElement exKrb5NameElement, ExCredentials exCredentials, byte[] bArr, ExKerberosPrincipal exKerberosPrincipal, ExKerberosPrincipal exKerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr, Map<String, ?> map) throws GSSException {
        super(bArr, exKerberosPrincipal, exKerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr, (String) map.get("confKey"));
        this.name = exKrb5NameElement;
        this.props = map;
        this.krb5Credentials = exCredentials;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExKrb5InitCredential getInstance(GSSCaller gSSCaller, ExKrb5NameElement exKrb5NameElement, int i, Map<String, ?> map) throws GSSException {
        ExKerberosTicket tgt = getTgt(gSSCaller, exKrb5NameElement, i, map);
        if (tgt == null) {
            throw new GSSException(13, -1, "Failed to find any Kerberos tgt");
        }
        if (exKrb5NameElement == null) {
            exKrb5NameElement = ExKrb5NameElement.getInstance(tgt.getClient().getName(), ExKrb5MechFactory.NT_GSS_KRB5_PRINCIPAL, map);
        }
        return new ExKrb5InitCredential(exKrb5NameElement, tgt.getEncoded(), tgt.getClient(), tgt.getServer(), tgt.getSessionKey().getEncoded(), tgt.getSessionKeyType(), tgt.getFlags(), tgt.getAuthTime(), tgt.getStartTime(), tgt.getEndTime(), tgt.getRenewTill(), tgt.getClientAddresses(), map);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExKrb5InitCredential getInstance(ExKrb5NameElement exKrb5NameElement, ExCredentials exCredentials, Map<String, ?> map) throws GSSException {
        EncryptionKey sessionKey = exCredentials.getSessionKey();
        ExPrincipalName client = exCredentials.getClient();
        ExPrincipalName server = exCredentials.getServer();
        ExKerberosPrincipal exKerberosPrincipal = null;
        ExKerberosPrincipal exKerberosPrincipal2 = null;
        ExKrb5NameElement exKrb5NameElement2 = null;
        if (client != null) {
            String name = client.getName();
            exKrb5NameElement2 = ExKrb5NameElement.getInstance(name, ExKrb5MechFactory.NT_GSS_KRB5_PRINCIPAL, map);
            exKerberosPrincipal = new ExKerberosPrincipal(name, (String) map.get("confKey"));
        }
        if (server != null) {
            exKerberosPrincipal2 = new ExKerberosPrincipal(server.getName(), 2, (String) map.get("confKey"));
        }
        return new ExKrb5InitCredential(exKrb5NameElement2, exCredentials, exCredentials.getEncoded(), exKerberosPrincipal, exKerberosPrincipal2, sessionKey.getBytes(), sessionKey.getEType(), exCredentials.getFlags(), exCredentials.getAuthTime(), exCredentials.getStartTime(), exCredentials.getEndTime(), exCredentials.getRenewTill(), exCredentials.getClientAddresses(), map);
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public final GSSNameSpi getName() throws GSSException {
        return this.name;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public int getInitLifetime() throws GSSException {
        return ((int) (getEndTime().getTime() - new Date().getTime())) / 1000;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public int getAcceptLifetime() throws GSSException {
        return 0;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public boolean isInitiatorCredential() throws GSSException {
        return true;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public boolean isAcceptorCredential() throws GSSException {
        return false;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public final Oid getMechanism() {
        return ExKrb5MechFactory.GSS_KRB5_MECH_OID;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public final Provider getProvider() {
        return ExKrb5MechFactory.PROVIDER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExCredentials getKrb5Credentials() {
        return this.krb5Credentials;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public void dispose() throws GSSException {
        try {
            destroy();
        } catch (DestroyFailedException e) {
            new GSSException(11, -1, "Could not destroy credentials - " + e.getMessage()).initCause(e);
        }
    }

    private static ExKerberosTicket getTgt(GSSCaller gSSCaller, ExKrb5NameElement exKrb5NameElement, int i, Map<String, ?> map) throws GSSException {
        String str;
        if (exKrb5NameElement != null) {
            str = exKrb5NameElement.getKrb5PrincipalName().getName();
        } else {
            str = null;
            try {
                ExConfig.getInstance((String) map.get("confKey"));
            } catch (KrbException e) {
                GSSException gSSException = new GSSException(13, -1, "Attempt to obtain INITIATE credentials failed! (" + e.getMessage() + ")");
                gSSException.initCause(e);
                throw gSSException;
            }
        }
        try {
            return ExKrb5Util.getTicket(gSSCaller == GSSCaller.CALLER_UNKNOWN ? GSSCaller.CALLER_INITIATE : gSSCaller, str, null, AccessController.getContext());
        } catch (LoginException e2) {
            e2.printStackTrace();
            return null;
        }
    }
}
