package org.apache.kerby.kerberos.kerb.gss.impl;

import com.sun.security.jgss.AuthorizationDataEntry;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbClientBase;
import org.apache.kerby.kerberos.kerb.client.KrbTokenClient;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.HostAddress;
import org.apache.kerby.kerberos.kerb.type.base.HostAddresses;
import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.kerberos.kerb.type.kdc.EncAsRepPart;
import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.kdc.EncTgsRepPart;
import org.apache.kerby.kerberos.kerb.type.ticket.KrbTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.SgtTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
import org.apache.kerby.kerberos.kerb.type.ticket.TicketFlags;
import org.ietf.jgss.GSSException;
import sun.security.jgss.GSSCaller;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/gss/impl/GssUtil.class */
public class GssUtil {
    private static final int KERBEROS_TICKET_NUM_FLAGS = 32;

    public static TgtTicket getTgtTicketFromKerberosTicket(KerberosTicket kerberosTicket) throws GSSException {
        PrincipalName principalName = new PrincipalName(kerberosTicket.getClient().getName());
        Ticket ticketFromAsn1Encoded = getTicketFromAsn1Encoded(kerberosTicket.getEncoded());
        EncAsRepPart encAsRepPart = new EncAsRepPart();
        fillEncKdcRepPart(encAsRepPart, kerberosTicket);
        return new TgtTicket(ticketFromAsn1Encoded, encAsRepPart, principalName);
    }

    public static void fillEncKdcRepPart(EncKdcRepPart encKdcRepPart, KerberosTicket kerberosTicket) {
        PrincipalName principalName = new PrincipalName(kerberosTicket.getClient().getName());
        encKdcRepPart.setKey(new EncryptionKey(kerberosTicket.getSessionKeyType(), kerberosTicket.getSessionKey().getEncoded()));
        encKdcRepPart.setSname(principalName);
        Date authTime = kerberosTicket.getAuthTime();
        if (authTime != null) {
            encKdcRepPart.setAuthTime(new KerberosTime(authTime.getTime()));
        }
        Date startTime = kerberosTicket.getStartTime();
        if (startTime != null) {
            encKdcRepPart.setStartTime(new KerberosTime(startTime.getTime()));
        }
        encKdcRepPart.setEndTime(new KerberosTime(kerberosTicket.getEndTime().getTime()));
        InetAddress[] clientAddresses = kerberosTicket.getClientAddresses();
        HostAddresses hostAddresses = null;
        if (clientAddresses != null) {
            hostAddresses = new HostAddresses();
            for (InetAddress inetAddress : clientAddresses) {
                hostAddresses.add(new HostAddress(inetAddress));
            }
        }
        encKdcRepPart.setCaddr(hostAddresses);
        encKdcRepPart.setFlags(getTicketFlags(kerberosTicket.getFlags()));
        Date renewTill = kerberosTicket.getRenewTill();
        encKdcRepPart.setRenewTill(renewTill == null ? null : new KerberosTime(renewTill.getTime()));
        encKdcRepPart.setSrealm(kerberosTicket.getServer().getRealm());
    }

    public static TicketFlags getTicketFlags(boolean[] zArr) {
        if (zArr == null || zArr.length != KERBEROS_TICKET_NUM_FLAGS) {
            return null;
        }
        int i = 0;
        for (boolean z : zArr) {
            i = (i << 1) + (z ? 1 : 0);
        }
        return new TicketFlags(i);
    }

    public static boolean[] ticketFlagsToBooleans(TicketFlags ticketFlags) {
        boolean[] zArr = new boolean[KERBEROS_TICKET_NUM_FLAGS];
        int flags = ticketFlags.getFlags();
        for (int i = 0; i < KERBEROS_TICKET_NUM_FLAGS; i++) {
            zArr[(KERBEROS_TICKET_NUM_FLAGS - i) - 1] = (flags & 1) != 0;
            flags >>= 1;
        }
        return zArr;
    }

    public static Ticket getTicketFromAsn1Encoded(byte[] bArr) throws GSSException {
        Ticket ticket = new Ticket();
        try {
            ticket.decode(ByteBuffer.wrap(bArr));
            return ticket;
        } catch (IOException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    public static SgtTicket getSgtCredentialFromContext(GSSCaller gSSCaller, String str, String str2) throws GSSException {
        return getSgtTicketFromKerberosTicket(CredUtils.getKerberosTicketFromContext(gSSCaller, str, str2));
    }

    public static SgtTicket getSgtTicketFromKerberosTicket(KerberosTicket kerberosTicket) throws GSSException {
        if (kerberosTicket == null) {
            return null;
        }
        Ticket ticketFromAsn1Encoded = getTicketFromAsn1Encoded(kerberosTicket.getEncoded());
        EncTgsRepPart encTgsRepPart = new EncTgsRepPart();
        fillEncKdcRepPart(encTgsRepPart, kerberosTicket);
        return new SgtTicket(ticketFromAsn1Encoded, encTgsRepPart);
    }

    public static SgtTicket applySgtCredential(KerberosTicket kerberosTicket, KrbToken krbToken, String str) throws GSSException {
        TgtTicket tgtTicketFromKerberosTicket = getTgtTicketFromKerberosTicket(kerberosTicket);
        return krbToken == null ? applySgtCredential(tgtTicketFromKerberosTicket, str) : applySgtCredential(tgtTicketFromKerberosTicket, krbToken, str);
    }

    public static SgtTicket applySgtCredential(TgtTicket tgtTicket, String str) throws GSSException {
        KrbClientBase krbClient = getKrbClient();
        try {
            krbClient.init();
            return krbClient.requestSgt(tgtTicket, str);
        } catch (KrbException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    public static SgtTicket applySgtCredential(TgtTicket tgtTicket, KrbToken krbToken, String str) throws GSSException {
        KrbTokenClient krbTokenClient = getKrbTokenClient();
        try {
            krbTokenClient.init();
            return krbTokenClient.requestSgt(krbToken, str, tgtTicket);
        } catch (KrbException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    public static KerberosTicket convertKrbTicketToKerberosTicket(KrbTicket krbTicket, String str) throws GSSException {
        List elements;
        try {
            byte[] encode = krbTicket.getTicket().encode();
            byte[] keyData = krbTicket.getSessionKey().getKeyData();
            int value = krbTicket.getSessionKey().getKeyType().getValue();
            EncKdcRepPart encKdcRepPart = krbTicket.getEncKdcRepPart();
            KerberosPrincipal kerberosPrincipal = new KerberosPrincipal(str);
            PrincipalName sname = krbTicket.getTicket().getSname();
            KerberosPrincipal kerberosPrincipal2 = new KerberosPrincipal(sname.getName() + "@" + krbTicket.getTicket().getRealm(), sname.getNameType().getValue());
            boolean[] ticketFlagsToBooleans = ticketFlagsToBooleans(encKdcRepPart.getFlags());
            Date date = new Date(encKdcRepPart.getAuthTime().getTime());
            Date date2 = null;
            if (encKdcRepPart.getStartTime() != null) {
                date2 = new Date(encKdcRepPart.getStartTime().getTime());
            }
            Date date3 = new Date(encKdcRepPart.getEndTime().getTime());
            Date date4 = new Date(encKdcRepPart.getRenewTill().getTime());
            InetAddress[] inetAddressArr = null;
            if (encKdcRepPart.getCaddr() != null && (elements = encKdcRepPart.getCaddr().getElements()) != null) {
                int i = 0;
                inetAddressArr = new InetAddress[elements.size()];
                Iterator it = elements.iterator();
                while (it.hasNext()) {
                    try {
                        int i2 = i;
                        i++;
                        inetAddressArr[i2] = InetAddress.getByAddress(((HostAddress) it.next()).getAddress());
                    } catch (UnknownHostException e) {
                        throw new GSSException(11, -1, "Bad client address");
                    }
                }
            }
            return new KerberosTicket(encode, kerberosPrincipal, kerberosPrincipal2, keyData, value, ticketFlagsToBooleans, date, date2, date3, date4, inetAddressArr);
        } catch (IOException e2) {
            throw new GSSException(11, -1, e2.getMessage());
        }
    }

    public static KrbClientBase getKrbClient() {
        try {
            String systemProperty = getSystemProperty("java.security.krb5.conf");
            if (systemProperty != null) {
                File file = new File(systemProperty);
                if (file.exists()) {
                    return new KrbClientBase(file);
                }
            }
            return new KrbClientBase();
        } catch (KrbException e) {
            return null;
        }
    }

    public static KrbTokenClient getKrbTokenClient() {
        try {
            String systemProperty = getSystemProperty("java.security.krb5.conf");
            if (systemProperty != null) {
                File file = new File(systemProperty);
                if (file.exists()) {
                    return new KrbTokenClient(file);
                }
            }
            return new KrbTokenClient();
        } catch (KrbException e) {
            return null;
        }
    }

    public static EncryptionKey[] convertKerberosKeyToEncryptionKey(KerberosKey[] kerberosKeyArr) {
        if (kerberosKeyArr == null) {
            return null;
        }
        EncryptionKey[] encryptionKeyArr = new EncryptionKey[kerberosKeyArr.length];
        int i = 0;
        for (KerberosKey kerberosKey : kerberosKeyArr) {
            int i2 = i;
            i++;
            encryptionKeyArr[i2] = new EncryptionKey(kerberosKey.getKeyType(), kerberosKey.getEncoded());
        }
        return encryptionKeyArr;
    }

    public static EncryptionKey getEncryptionKey(KerberosKey[] kerberosKeyArr, int i, int i2) {
        if (kerberosKeyArr == null) {
            return null;
        }
        for (KerberosKey kerberosKey : kerberosKeyArr) {
            if (kerberosKey.getKeyType() == i && kerberosKey.getVersionNumber() == i2 && !kerberosKey.isDestroyed()) {
                return new EncryptionKey(kerberosKey.getKeyType(), kerberosKey.getEncoded());
            }
        }
        return null;
    }

    public static EncryptionKey getEncryptionKey(KerberosKey[] kerberosKeyArr, int i) {
        if (kerberosKeyArr == null) {
            return null;
        }
        for (KerberosKey kerberosKey : kerberosKeyArr) {
            if (kerberosKey.getKeyType() == i && !kerberosKey.isDestroyed()) {
                return new EncryptionKey(kerberosKey.getKeyType(), kerberosKey.getEncoded());
            }
        }
        return null;
    }

    private static String getSystemProperty(final String str) {
        if (str == null) {
            return null;
        }
        try {
            return (String) AccessController.doPrivileged(new PrivilegedExceptionAction<String>() { // from class: org.apache.kerby.kerberos.kerb.gss.impl.GssUtil.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public String run() {
                    return System.getProperty(str);
                }
            });
        } catch (PrivilegedActionException e) {
            return null;
        }
    }

    public static AuthorizationDataEntry[] kerbyAuthorizationDataToJgssAuthorizationDataEntries(AuthorizationData authorizationData) {
        if (authorizationData == null) {
            return null;
        }
        List elements = authorizationData.getElements();
        AuthorizationDataEntry[] authorizationDataEntryArr = new AuthorizationDataEntry[elements.size()];
        for (int i = 0; i < elements.size(); i++) {
            authorizationDataEntryArr[i] = new AuthorizationDataEntry(((org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry) elements.get(i)).getAuthzType().getValue(), ((org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry) elements.get(i)).getAuthzData());
        }
        return authorizationDataEntryArr;
    }
}
