package sun.security.jgss.krb5;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.Provider;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import sun.security.jgss.LoginUtility;
import sun.security.jgss.spi.GSSNameSpi;
import sun.security.krb5.EncryptionKey;

/* loaded from: input_file:117667-02/patchzip-d52diu.zip:nsjre.zip:bin/base/jre/lib/rt.jar:sun/security/jgss/krb5/Krb5AcceptCredential.class */
public class Krb5AcceptCredential extends KerberosKey implements Krb5CredElement {
    private static Class KEY_CLASS;
    private Krb5NameElement name;
    private EncryptionKey krb5EncryptionKey;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:117667-02/patchzip-d52diu.zip:nsjre.zip:bin/base/jre/lib/rt.jar:sun/security/jgss/krb5/Krb5AcceptCredential$SubjectComber.class */
    public static class SubjectComber implements PrivilegedAction {
        private AccessControlContext acc;
        private String principal;
        private Subject subject;

        public SubjectComber(AccessControlContext accessControlContext, String str) {
            this.acc = accessControlContext;
            this.principal = str;
        }

        public SubjectComber(Subject subject, String str) {
            this.subject = subject;
            this.principal = str;
        }

        @Override // java.security.PrivilegedAction
        public Object run() {
            if (this.subject == null) {
                this.subject = Subject.getSubject(this.acc);
            }
            if (this.subject == null) {
                return null;
            }
            for (KerberosKey kerberosKey : this.subject.getPrivateCredentials(Krb5AcceptCredential.KEY_CLASS)) {
                if (this.principal == null || this.principal.equals(kerberosKey.getPrincipal().getName())) {
                    return kerberosKey;
                }
            }
            return null;
        }
    }

    private Krb5AcceptCredential(Krb5NameElement krb5NameElement, KerberosKey kerberosKey) {
        super(kerberosKey.getPrincipal(), kerberosKey.getEncoded(), kerberosKey.getKeyType(), kerberosKey.getVersionNumber());
        this.name = krb5NameElement;
        this.krb5EncryptionKey = new EncryptionKey(kerberosKey.getEncoded(), kerberosKey.getKeyType(), new Integer(kerberosKey.getVersionNumber()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Krb5AcceptCredential getInstance(Krb5NameElement krb5NameElement) throws GSSException {
        KerberosKey keyFromSubject = getKeyFromSubject(krb5NameElement);
        if (keyFromSubject == null) {
            throw new GSSException(13, -1, "Failed to find any Kerberos Key");
        }
        if (krb5NameElement == null) {
            krb5NameElement = Krb5NameElement.getInstance(keyFromSubject.getPrincipal().getName(), Krb5MechFactory.NT_GSS_KRB5_PRINCIPAL);
        }
        return new Krb5AcceptCredential(krb5NameElement, keyFromSubject);
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final GSSNameSpi getName() throws GSSException {
        return this.name;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public int getInitLifetime() throws GSSException {
        return 0;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public int getAcceptLifetime() throws GSSException {
        return Integer.MAX_VALUE;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public boolean isInitiatorCredential() throws GSSException {
        return false;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public boolean isAcceptorCredential() throws GSSException {
        return true;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final Oid getMechanism() {
        return Krb5MechFactory.GSS_KRB5_MECH_OID;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final Provider getProvider() {
        return Krb5MechFactory.PROVIDER;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionKey getKrb5EncryptionKey() {
        return this.krb5EncryptionKey;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public void dispose() throws GSSException {
        try {
            destroy();
        } catch (DestroyFailedException e) {
            new GSSException(11, -1, new StringBuffer().append("Could not destroy credentials - ").append(e.getMessage()).toString()).initCause(e);
        }
    }

    @Override // javax.security.auth.kerberos.KerberosKey, javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        this.krb5EncryptionKey.destroy();
        super.destroy();
    }

    private static KerberosKey getKeyFromSubject(Krb5NameElement krb5NameElement) throws GSSException {
        String name = krb5NameElement == null ? null : krb5NameElement.getKrb5PrincipalName().getName();
        Object doPrivileged = AccessController.doPrivileged(new SubjectComber(AccessController.getContext(), name));
        if (doPrivileged == null && !LoginUtility.useSubjectCredsOnly()) {
            try {
                doPrivileged = AccessController.doPrivileged(new SubjectComber((Subject) AccessController.doPrivileged(new LoginUtility(LoginUtility.GSS_ACCEPT_ENTRY)), name));
            } catch (PrivilegedActionException e) {
                GSSException gSSException = new GSSException(13, -1, "Attempt to obtain new ACCEPT credentials failed!");
                gSSException.initCause(e.getException());
                throw gSSException;
            }
        }
        if (doPrivileged == null) {
            return null;
        }
        return (KerberosKey) doPrivileged;
    }

    static {
        try {
            KEY_CLASS = Class.forName("javax.security.auth.kerberos.KerberosKey");
        } catch (ClassNotFoundException e) {
        }
    }
}
