package com.huawei.security.jgss.krb5;

import com.huawei.auth.kerberos.ExKerberosPrincipal;
import com.huawei.auth.kerberos.JavaxSecurityAuthKerberosAccessImpl;
import com.huawei.security.action.GetBooleanAction;
import com.huawei.security.auth.kerberos.ExKerberosKey;
import com.huawei.security.auth.kerberos.ExKerberosTicket;
import com.huawei.security.jgss.GSSCaller;
import com.huawei.security.jgss.GSSUtil;
import com.huawei.security.krb5.EncryptionKey;
import com.huawei.security.krb5.ExCredentials;
import com.huawei.security.krb5.ExPrincipalName;
import com.huawei.security.krb5.KrbException;
import com.huawei.security.krb5.internal.ktab.KeyTab;
import com.huawei.util.Objects;
import java.io.IOException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginException;

/* loaded from: input_file:com/huawei/security/jgss/krb5/ExKrb5Util.class */
public final class ExKrb5Util {
    static final boolean DEBUG = ((Boolean) AccessController.doPrivileged(new GetBooleanAction("com.huawei.security.krb5.debug"))).booleanValue();

    /* loaded from: input_file:com/huawei/security/jgss/krb5/ExKrb5Util$KeysFromKeyTab.class */
    public static class KeysFromKeyTab extends ExKerberosKey {
        private static final long serialVersionUID = 1747775961411454450L;

        public KeysFromKeyTab(ExKerberosKey exKerberosKey) {
            super(exKerberosKey.getPrincipal(), exKerberosKey.getEncoded(), exKerberosKey.getKeyType(), exKerberosKey.getVersionNumber());
        }
    }

    /* loaded from: input_file:com/huawei/security/jgss/krb5/ExKrb5Util$ServiceCreds.class */
    public static class ServiceCreds {
        private ExKerberosPrincipal kp;
        private List<KeyTab> ktabs;
        private List<KerberosKey> kk;
        private ExKerberosTicket tgt;
        private Subject subj;

        /* JADX INFO: Access modifiers changed from: private */
        public static ServiceCreds getInstance(Subject subject, String str) {
            ServiceCreds serviceCreds = new ServiceCreds();
            serviceCreds.subj = subject;
            for (ExKerberosPrincipal exKerberosPrincipal : subject.getPrincipals(ExKerberosPrincipal.class)) {
                if (str == null || exKerberosPrincipal.getName().equals(str)) {
                    serviceCreds.kp = exKerberosPrincipal;
                    str = exKerberosPrincipal.getName();
                    break;
                }
            }
            if (serviceCreds.kp == null) {
                List findMany = SubjectComber.findMany(subject, null, null, ExKerberosKey.class);
                if (findMany.isEmpty()) {
                    return null;
                }
                serviceCreds.kp = ((ExKerberosKey) findMany.get(0)).getPrincipal();
                str = serviceCreds.kp.getName();
                if (ExKrb5Util.DEBUG) {
                    System.out.println(">>> ServiceCreds: no kp? find one from kk: " + str);
                }
            }
            serviceCreds.ktabs = SubjectComber.findMany(subject, str, null, KeyTab.class);
            serviceCreds.kk = SubjectComber.findMany(subject, str, null, KerberosKey.class);
            serviceCreds.tgt = (ExKerberosTicket) SubjectComber.find(subject, null, str, ExKerberosTicket.class);
            if (serviceCreds.ktabs.isEmpty() && serviceCreds.kk.isEmpty() && serviceCreds.tgt == null) {
                return null;
            }
            return serviceCreds;
        }

        public String getName() {
            return this.kp.getName();
        }

        public ExKerberosKey[] getKKeys(String str) {
            if (this.ktabs.isEmpty()) {
                return (ExKerberosKey[]) this.kk.toArray(new ExKerberosKey[this.kk.size()]);
            }
            ArrayList arrayList = new ArrayList();
            Iterator<KeyTab> it = this.ktabs.iterator();
            while (it.hasNext()) {
                for (ExKerberosKey exKerberosKey : it.next().getKeys(this.kp, str)) {
                    arrayList.add(exKerberosKey);
                }
            }
            if (!this.subj.isReadOnly()) {
                Set<Object> privateCredentials = this.subj.getPrivateCredentials();
                synchronized (privateCredentials) {
                    Iterator<Object> it2 = privateCredentials.iterator();
                    while (it2.hasNext()) {
                        Object next = it2.next();
                        if ((next instanceof KeysFromKeyTab) && Objects.equals(((ExKerberosKey) next).getPrincipal(), this.kp)) {
                            it2.remove();
                        }
                    }
                }
                Iterator it3 = arrayList.iterator();
                while (it3.hasNext()) {
                    this.subj.getPrivateCredentials().add(new KeysFromKeyTab((ExKerberosKey) it3.next()));
                }
            }
            return (ExKerberosKey[]) arrayList.toArray(new ExKerberosKey[arrayList.size()]);
        }

        public EncryptionKey[] getEKeys(String str) {
            ExKerberosKey[] kKeys = getKKeys(str);
            EncryptionKey[] encryptionKeyArr = new EncryptionKey[kKeys.length];
            for (int i = 0; i < encryptionKeyArr.length; i++) {
                encryptionKeyArr[i] = new EncryptionKey(kKeys[i].getEncoded(), kKeys[i].getKeyType(), new Integer(kKeys[i].getVersionNumber()));
            }
            return encryptionKeyArr;
        }

        public void destroy() {
            this.kp = null;
            this.ktabs = null;
            this.kk = null;
        }
    }

    private ExKrb5Util() {
    }

    public static String generateConfKey(String str, String str2, String str3) {
        return new StringBuilder(128).append(str == null ? "<NULL>" : str).append('|').append(str2 == null ? "<NULL>" : str2).append('|').append(str3 == null ? "<NULL>" : str3).toString();
    }

    public static String[] reclaimKeyParts(String str) {
        if (str == null || str.length() < 5) {
            return null;
        }
        int indexOf = str.indexOf(124);
        int indexOf2 = str.indexOf(124, indexOf + 1);
        if (indexOf == -1 || indexOf2 == -1 || indexOf == indexOf2 || indexOf2 == str.length() - 1) {
            return null;
        }
        String[] strArr = {str.substring(0, indexOf), str.substring(indexOf + 1, indexOf2), str.substring(indexOf2 + 1)};
        if (strArr[0].equals("<NULL>")) {
            strArr[0] = null;
        }
        if (strArr[1].equals("<NULL>")) {
            strArr[1] = null;
        }
        return strArr;
    }

    public static EncryptionKey[] keysFromJavaxKeyTab(KeyTab keyTab, ExPrincipalName exPrincipalName, String str) {
        return JavaxSecurityAuthKerberosAccessImpl.keyTabGetEncryptionKeys(keyTab, exPrincipalName, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ExKerberosTicket getTicket(GSSCaller gSSCaller, String str, String str2, AccessControlContext accessControlContext) throws LoginException {
        Subject subject = Subject.getSubject(accessControlContext);
        if (subject == null) {
            return null;
        }
        ExKerberosTicket exKerberosTicket = (ExKerberosTicket) SubjectComber.find(subject, str2, str, ExKerberosTicket.class);
        if (exKerberosTicket == null && !GSSUtil.useSubjectCredsOnly(gSSCaller)) {
            exKerberosTicket = (ExKerberosTicket) SubjectComber.find(GSSUtil.login(gSSCaller, GSSUtil.GSS_KRB5_MECH_OID), str2, str, ExKerberosTicket.class);
        }
        return exKerberosTicket;
    }

    public static ExCredentials ticketToCreds(ExKerberosTicket exKerberosTicket, String str) throws KrbException, IOException {
        return new ExCredentials(exKerberosTicket.getEncoded(), exKerberosTicket.getClient().getName(), exKerberosTicket.getServer().getName(), exKerberosTicket.getSessionKey().getEncoded(), exKerberosTicket.getSessionKeyType(), exKerberosTicket.getFlags(), exKerberosTicket.getAuthTime(), exKerberosTicket.getStartTime(), exKerberosTicket.getEndTime(), exKerberosTicket.getRenewTill(), exKerberosTicket.getClientAddresses(), null, str);
    }

    public static ExKerberosTicket credsToTicket(ExCredentials exCredentials, String str) {
        EncryptionKey sessionKey = exCredentials.getSessionKey();
        return new ExKerberosTicket(exCredentials.getEncoded(), new ExKerberosPrincipal(exCredentials.getClient().getName(), str), new ExKerberosPrincipal(exCredentials.getServer().getName(), 2, str), sessionKey.getBytes(), sessionKey.getEType(), exCredentials.getFlags(), exCredentials.getAuthTime(), exCredentials.getStartTime(), exCredentials.getEndTime(), exCredentials.getRenewTill(), exCredentials.getClientAddresses(), str);
    }

    public static ServiceCreds getServiceCreds(GSSCaller gSSCaller, String str, AccessControlContext accessControlContext) throws LoginException {
        Subject subject = Subject.getSubject(accessControlContext);
        ServiceCreds serviceCreds = null;
        if (subject != null) {
            serviceCreds = ServiceCreds.getInstance(subject, str);
        }
        if (serviceCreds == null && !GSSUtil.useSubjectCredsOnly(gSSCaller)) {
            serviceCreds = ServiceCreds.getInstance(GSSUtil.login(gSSCaller, GSSUtil.GSS_KRB5_MECH_OID), str);
        }
        return serviceCreds;
    }
}
