package com.sun.net.ssl.internal.ssl;

import java.io.IOException;
import java.io.PrintStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SecureRandom;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.kerberos.ServicePermission;
import sun.security.jgss.LoginUtility;
import sun.security.jgss.krb5.Krb5Util;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.PrincipalName;
import sun.security.krb5.Realm;
import sun.security.krb5.internal.EncTicketPart;
import sun.security.krb5.internal.Ticket;
import sun.security.tools.ToolDialog;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:118668-01/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/jsse.jar:com/sun/net/ssl/internal/ssl/KerberosWrapper.class */
public final class KerberosWrapper extends HandshakeMessage {
    private KerberosPreMasterSecret preMaster;
    private byte[] encodedTicket;
    private KerberosPrincipal peerPrincipal;
    private KerberosPrincipal localPrincipal;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerberosWrapper(String str, boolean z, AccessControlContext accessControlContext, ProtocolVersion protocolVersion, SecureRandom secureRandom) throws IOException {
        KerberosTicket serviceTicket = getServiceTicket(str, z, accessControlContext);
        this.encodedTicket = serviceTicket.getEncoded();
        this.peerPrincipal = serviceTicket.getServer();
        this.localPrincipal = serviceTicket.getClient();
        this.preMaster = new KerberosPreMasterSecret(protocolVersion, secureRandom, new EncryptionKey(serviceTicket.getSessionKeyType(), serviceTicket.getSessionKey().getEncoded()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerberosWrapper(ProtocolVersion protocolVersion, ProtocolVersion protocolVersion2, SecureRandom secureRandom, HandshakeInStream handshakeInStream, KerberosKey[] kerberosKeyArr) throws IOException {
        EncryptionKey encryptionKey;
        EncryptedData encryptedData;
        PrincipalName principalName;
        String name;
        String concat;
        this.encodedTicket = handshakeInStream.getBytes16();
        if (debug != null && Debug.isOn("verbose")) {
            Debug.println(System.out, "encoded Kerberos service ticket", this.encodedTicket);
        }
        try {
            Ticket ticket = new Ticket(this.encodedTicket);
            encryptedData = ticket.encPart;
            principalName = ticket.sname;
            Realm realm = ticket.realm;
            name = kerberosKeyArr[0].getPrincipal().getName();
            concat = principalName.toString().concat(PrincipalName.NAME_REALM_SEPARATOR_STR + realm.toString());
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("KerberosWrapper error getting session key, generating random secret (" + e2.getMessage() + ")");
            }
            encryptionKey = null;
        }
        if (!concat.equals(name)) {
            if (debug != null && Debug.isOn("handshake")) {
                System.out.println("Service principal in Ticket does not match associated principal in KerberosKey");
            }
            throw new IOException("Server principal is " + name + " but ticket is for " + concat);
        }
        int eType = encryptedData.getEType();
        KerberosKey findKey = findKey(eType, kerberosKeyArr);
        if (findKey == null) {
            throw new IOException("Cannot find key of appropriate type to decrypt ticket - need etype " + eType);
        }
        EncTicketPart encTicketPart = new EncTicketPart(encryptedData.reset(encryptedData.decrypt(new EncryptionKey(eType, findKey.getEncoded()), 2), true));
        this.peerPrincipal = new KerberosPrincipal(encTicketPart.cname.getName());
        this.localPrincipal = new KerberosPrincipal(principalName.getName());
        encryptionKey = encTicketPart.key;
        if (debug != null && Debug.isOn("handshake")) {
            System.out.println("server principal: " + name);
            System.out.println("realm: " + encTicketPart.crealm.toString());
            System.out.println("cname: " + encTicketPart.cname.toString());
        }
        handshakeInStream.getBytes16();
        if (encryptionKey != null) {
            this.preMaster = new KerberosPreMasterSecret(protocolVersion, protocolVersion2, secureRandom, handshakeInStream, encryptionKey);
        } else {
            this.preMaster = new KerberosPreMasterSecret(protocolVersion, secureRandom);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.HandshakeMessage
    public int messageType() {
        return 16;
    }

    @Override // com.sun.net.ssl.internal.ssl.HandshakeMessage
    int messageLength() {
        return 6 + this.encodedTicket.length + this.preMaster.getEncrypted().length;
    }

    @Override // com.sun.net.ssl.internal.ssl.HandshakeMessage
    void send(HandshakeOutStream handshakeOutStream) throws IOException {
        handshakeOutStream.putBytes16(this.encodedTicket);
        handshakeOutStream.putBytes16(null);
        handshakeOutStream.putBytes16(this.preMaster.getEncrypted());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sun.net.ssl.internal.ssl.HandshakeMessage
    public void print(PrintStream printStream) throws IOException {
        printStream.println("*** KerberosWrapper");
        if (debug == null || !Debug.isOn("verbose")) {
            return;
        }
        Debug.println(printStream, "Kerberos service ticket", this.encodedTicket);
        Debug.println(printStream, "Random Secret", this.preMaster.getUnencrypted());
        Debug.println(printStream, "Encrypted random Secret", this.preMaster.getEncrypted());
    }

    private static KerberosTicket getServiceTicket(String str, boolean z, final AccessControlContext accessControlContext) throws IOException {
        String str2 = str;
        if (z) {
            str2 = (String) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.net.ssl.internal.ssl.KerberosWrapper.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    String str3;
                    try {
                        str3 = InetAddress.getLocalHost().getHostName();
                    } catch (UnknownHostException e) {
                        str3 = "localhost";
                    }
                    return str3;
                }
            });
        }
        String str3 = "host/" + str2;
        try {
            PrincipalName principalName = new PrincipalName(str3, 3);
            String realmAsString = principalName.getRealmAsString();
            final String principalName2 = principalName.toString();
            final String str4 = "krbtgt/" + realmAsString + PrincipalName.NAME_REALM_SEPARATOR_STR + realmAsString;
            final String str5 = null;
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(new ServicePermission(principalName2, ToolDialog.SERVICE_PERM_INIT), accessControlContext);
            }
            try {
                KerberosTicket kerberosTicket = (KerberosTicket) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.sun.net.ssl.internal.ssl.KerberosWrapper.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        return Krb5Util.getTicketFromSubjectAndTgs(LoginUtility.JSSE_CLIENT_ENTRY, String.this, principalName2, str4, accessControlContext);
                    }
                });
                if (kerberosTicket == null) {
                    throw new IOException("Failed to find any kerberos service ticket for " + principalName2);
                }
                return kerberosTicket;
            } catch (PrivilegedActionException e) {
                IOException iOException = new IOException("Attempt to obtain kerberos service ticket for " + principalName2 + " failed!");
                iOException.initCause(e);
                throw iOException;
            }
        } catch (SecurityException e2) {
            throw e2;
        } catch (Exception e3) {
            IOException iOException2 = new IOException("Invalid service principal name: " + str3);
            iOException2.initCause(e3);
            throw iOException2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerberosPreMasterSecret getPreMasterSecret() {
        return this.preMaster;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerberosPrincipal getPeerPrincipal() {
        return this.peerPrincipal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerberosPrincipal getLocalPrincipal() {
        return this.localPrincipal;
    }

    private static KerberosKey findKey(int i, KerberosKey[] kerberosKeyArr) {
        for (int i2 = 0; i2 < kerberosKeyArr.length; i2++) {
            if (i == kerberosKeyArr[i2].getKeyType()) {
                return kerberosKeyArr[i2];
            }
        }
        if (i != 1 && i != 3) {
            return null;
        }
        for (int i3 = 0; i3 < kerberosKeyArr.length; i3++) {
            int keyType = kerberosKeyArr[i3].getKeyType();
            if (keyType == 1 || keyType == 3) {
                return new KerberosKey(kerberosKeyArr[i3].getPrincipal(), kerberosKeyArr[i3].getEncoded(), i, kerberosKeyArr[i3].getVersionNumber());
            }
        }
        return null;
    }
}
