package com.huawei.security.jgss.krb5;

import com.huawei.security.jgss.GSSCaller;
import com.huawei.security.jgss.krb5.ExKrb5Util;
import com.huawei.security.jgss.spi.GSSNameSpi;
import com.huawei.security.krb5.EncryptionKey;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Provider;
import java.util.Map;
import javax.security.auth.DestroyFailedException;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/huawei/security/jgss/krb5/ExKrb5AcceptCredential.class */
public class ExKrb5AcceptCredential implements Krb5CredElement {
    private static final long serialVersionUID = 7714332137352567952L;
    private ExKrb5NameElement name;
    private ExKrb5Util.ServiceCreds screds;

    private ExKrb5AcceptCredential(ExKrb5NameElement exKrb5NameElement, ExKrb5Util.ServiceCreds serviceCreds) {
        this.name = exKrb5NameElement;
        this.screds = serviceCreds;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExKrb5AcceptCredential getInstance(final GSSCaller gSSCaller, ExKrb5NameElement exKrb5NameElement, Map<String, ?> map) throws GSSException {
        final String name = exKrb5NameElement == null ? null : exKrb5NameElement.getKrb5PrincipalName().getName();
        final AccessControlContext context = AccessController.getContext();
        try {
            ExKrb5Util.ServiceCreds serviceCreds = (ExKrb5Util.ServiceCreds) AccessController.doPrivileged(new PrivilegedExceptionAction<ExKrb5Util.ServiceCreds>() { // from class: com.huawei.security.jgss.krb5.ExKrb5AcceptCredential.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public ExKrb5Util.ServiceCreds run() throws Exception {
                    return ExKrb5Util.getServiceCreds(GSSCaller.this == GSSCaller.CALLER_UNKNOWN ? GSSCaller.CALLER_ACCEPT : GSSCaller.this, name, context);
                }
            });
            if (serviceCreds == null) {
                throw new GSSException(13, -1, "Failed to find any Kerberos credentails");
            }
            if (exKrb5NameElement == null) {
                exKrb5NameElement = ExKrb5NameElement.getInstance(serviceCreds.getName(), ExKrb5MechFactory.NT_GSS_KRB5_PRINCIPAL, map);
            }
            return new ExKrb5AcceptCredential(exKrb5NameElement, serviceCreds);
        } catch (PrivilegedActionException e) {
            GSSException gSSException = new GSSException(13, -1, "Attempt to obtain new ACCEPT credentials failed!");
            gSSException.initCause(e.getException());
            throw gSSException;
        }
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public final GSSNameSpi getName() throws GSSException {
        return this.name;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public int getInitLifetime() throws GSSException {
        return 0;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public int getAcceptLifetime() throws GSSException {
        return Integer.MAX_VALUE;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public boolean isInitiatorCredential() throws GSSException {
        return false;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public boolean isAcceptorCredential() throws GSSException {
        return true;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public final Oid getMechanism() {
        return ExKrb5MechFactory.GSS_KRB5_MECH_OID;
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public final Provider getProvider() {
        return ExKrb5MechFactory.PROVIDER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionKey[] getKrb5EncryptionKeys(String str) {
        return this.screds.getEKeys(str);
    }

    @Override // com.huawei.security.jgss.spi.GSSCredentialSpi
    public void dispose() throws GSSException {
        try {
            destroy();
        } catch (DestroyFailedException e) {
            new GSSException(11, -1, "Could not destroy credentials - " + e.getMessage()).initCause(e);
        }
    }

    public void destroy() throws DestroyFailedException {
        this.screds.destroy();
    }
}
