package org.apache.kerby.kerberos.kerb.gss.impl;

import java.lang.reflect.InvocationTargetException;
import java.util.Set;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KeyTab;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.jgss.GSSCaller;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/gss/impl/GssAcceptCred.class */
public final class GssAcceptCred extends GssCredElement {
    private static final Logger LOG = LoggerFactory.getLogger(GssAcceptCred.class);
    private final KeyTab keyTab;
    private final Set<KerberosKey> kerberosKeySet;

    public static GssAcceptCred getInstance(GSSCaller gSSCaller, GssNameElement gssNameElement, int i) throws GSSException {
        String str;
        KeyTab keyTab = getKeyTab(gssNameElement);
        Set<KerberosKey> set = null;
        if (keyTab == null) {
            set = gssNameElement == null ? CredUtils.getKerberosKeysFromContext(gSSCaller, null, null) : CredUtils.getKerberosKeysFromContext(gSSCaller, gssNameElement.getPrincipalName().getName(), null);
        }
        if (keyTab == null && set == null) {
            str = "Failed to find any Kerberos credential";
            throw new GSSException(13, -1, gssNameElement != null ? str + " for " + gssNameElement.getPrincipalName().getName() : "Failed to find any Kerberos credential");
        }
        if (gssNameElement == null) {
            if (keyTab != null) {
                try {
                    gssNameElement = GssNameElement.getInstance(((KerberosPrincipal) keyTab.getClass().getDeclaredMethod("getPrincipal", new Class[0]).invoke(keyTab, new Object[0])).getName(), GSSName.NT_HOSTBASED_SERVICE);
                } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | SecurityException | InvocationTargetException e) {
                    LOG.info("Can't get a principal from the keytab", e);
                    throw new GSSException(13, -1, "Can't get a principal from the keytab");
                }
            } else {
                gssNameElement = GssNameElement.getInstance(set.iterator().next().getPrincipal().getName(), GSSName.NT_HOSTBASED_SERVICE);
            }
        }
        return new GssAcceptCred(gSSCaller, gssNameElement, keyTab, i, set);
    }

    private static KeyTab getKeyTab(GssNameElement gssNameElement) throws GSSException {
        return gssNameElement == null ? CredUtils.getKeyTabFromContext(null) : CredUtils.getKeyTabFromContext(new KerberosPrincipal(gssNameElement.getPrincipalName().getName(), gssNameElement.getPrincipalName().getNameType().getValue()));
    }

    private GssAcceptCred(GSSCaller gSSCaller, GssNameElement gssNameElement, KeyTab keyTab, int i, Set<KerberosKey> set) {
        super(gSSCaller, gssNameElement);
        this.keyTab = keyTab;
        this.accLifeTime = i;
        this.kerberosKeySet = set;
    }

    public boolean isInitiatorCredential() throws GSSException {
        return false;
    }

    public boolean isAcceptorCredential() throws GSSException {
        return true;
    }

    public KeyTab getKeyTab() {
        return this.keyTab;
    }

    public EncryptionKey getEncryptionKey(int i, int i2) {
        if (this.kerberosKeySet != null) {
            return GssUtil.getEncryptionKey((KerberosKey[]) this.kerberosKeySet.toArray(new KerberosKey[this.kerberosKeySet.size()]), i);
        }
        return GssUtil.getEncryptionKey(this.keyTab.getKeys(new KerberosPrincipal(this.name.getPrincipalName().getName(), this.name.getPrincipalName().getNameType().getValue())), i, i2);
    }
}
