package org.apache.kerby.kerberos.kerb.gss.impl;

import java.lang.reflect.InvocationTargetException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.KeyTab;
import javax.security.auth.kerberos.ServicePermission;
import org.ietf.jgss.GSSException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.jgss.GSSCaller;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/gss/impl/CredUtils.class */
public class CredUtils {
    private static final Logger LOG = LoggerFactory.getLogger(CredUtils.class);

    public static <T> Set<T> getContextPrivateCredentials(Class<T> cls, AccessControlContext accessControlContext) {
        return Subject.getSubject(accessControlContext).getPrivateCredentials(cls);
    }

    public static <T> Set<T> getContextCredentials(final Class<T> cls) throws GSSException {
        final AccessControlContext context = AccessController.getContext();
        try {
            return (Set) AccessController.doPrivileged(new PrivilegedExceptionAction<Set<T>>() { // from class: org.apache.kerby.kerberos.kerb.gss.impl.CredUtils.1
                @Override // java.security.PrivilegedExceptionAction
                public Set<T> run() throws Exception {
                    return CredUtils.getContextPrivateCredentials(cls, context);
                }
            });
        } catch (PrivilegedActionException e) {
            throw new GSSException(13, -1, "Get credential from context failed");
        }
    }

    public static Set<KerberosKey> getKerberosKeysFromContext(GSSCaller gSSCaller, String str, String str2) throws GSSException {
        return getContextCredentials(KerberosKey.class);
    }

    public static KerberosTicket getKerberosTicketFromContext(GSSCaller gSSCaller, String str, String str2) throws GSSException {
        for (KerberosTicket kerberosTicket : getContextCredentials(KerberosTicket.class)) {
            if (kerberosTicket.isCurrent() && (str2 == null || kerberosTicket.getServer().getName().equals(str2))) {
                if (str == null || kerberosTicket.getClient().getName().equals(str)) {
                    return kerberosTicket;
                }
            }
        }
        return null;
    }

    public static KeyTab getKeyTabFromContext(KerberosPrincipal kerberosPrincipal) throws GSSException {
        KerberosKey[] keys;
        for (KeyTab keyTab : getContextCredentials(KeyTab.class)) {
            KerberosPrincipal kerberosPrincipal2 = kerberosPrincipal;
            if (kerberosPrincipal2 == null) {
                try {
                    kerberosPrincipal2 = (KerberosPrincipal) keyTab.getClass().getDeclaredMethod("getPrincipal", new Class[0]).invoke(keyTab, new Object[0]);
                } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                    LOG.info("Can't get a principal from the keytab", e);
                }
            }
            if (kerberosPrincipal2 != null && (keys = keyTab.getKeys(kerberosPrincipal2)) != null && keys.length > 0) {
                return keyTab;
            }
        }
        return null;
    }

    public static void addCredentialToSubject(final KerberosTicket kerberosTicket) throws GSSException {
        final AccessControlContext context = AccessController.getContext();
        final Subject subject = (Subject) AccessController.doPrivileged(new PrivilegedAction<Subject>() { // from class: org.apache.kerby.kerberos.kerb.gss.impl.CredUtils.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Subject run() {
                return Subject.getSubject(context);
            }
        });
        AccessController.doPrivileged(new PrivilegedAction<Void>() { // from class: org.apache.kerby.kerberos.kerb.gss.impl.CredUtils.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                subject.getPrivateCredentials().add(kerberosTicket);
                return null;
            }
        });
    }

    public static void checkPrincipalPermission(String str, String str2) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new ServicePermission(str, str2));
        }
    }
}
