package sun.security.krb5.internal;

import java.io.IOException;
import sun.security.krb5.Credentials;
import sun.security.krb5.KrbException;
import sun.security.krb5.KrbTgsReq;
import sun.security.krb5.PrincipalName;
import sun.security.krb5.Realm;

/* loaded from: input_file:libs/rt.jar:sun/security/krb5/internal/CredentialsUtil.class */
public class CredentialsUtil {
    private static boolean DEBUG = Krb5.DEBUG;

    public static Credentials acquireS4U2selfCreds(PrincipalName principalName, Credentials credentials) throws KrbException, IOException {
        if (!principalName.getRealmString().equals(credentials.getClient().getRealmString())) {
            throw new KrbException("Cross realm impersonation not supported");
        }
        if (!credentials.isForwardable()) {
            throw new KrbException("S4U2self needs a FORWARDABLE ticket");
        }
        Credentials sendAndGetCreds = new KrbTgsReq(credentials, credentials.getClient(), new PAData(129, new PAForUserEnc(principalName, credentials.getSessionKey()).asn1Encode())).sendAndGetCreds();
        if (!sendAndGetCreds.getClient().equals(principalName)) {
            throw new KrbException("S4U2self request not honored by KDC");
        }
        if (sendAndGetCreds.isForwardable()) {
            return sendAndGetCreds;
        }
        throw new KrbException("S4U2self ticket must be FORWARDABLE");
    }

    public static Credentials acquireS4U2proxyCreds(String str, Ticket ticket, PrincipalName principalName, Credentials credentials) throws KrbException, IOException {
        Credentials sendAndGetCreds = new KrbTgsReq(credentials, ticket, new PrincipalName(str)).sendAndGetCreds();
        if (sendAndGetCreds.getClient().equals(principalName)) {
            return sendAndGetCreds;
        }
        throw new KrbException("S4U2proxy request not honored by KDC");
    }

    public static Credentials acquireServiceCreds(String str, Credentials credentials) throws KrbException, IOException {
        PrincipalName principalName = new PrincipalName(str);
        String realmString = principalName.getRealmString();
        String realmString2 = credentials.getClient().getRealmString();
        if (realmString2.equals(realmString)) {
            if (DEBUG) {
                System.out.println(">>> Credentials acquireServiceCreds: same realm");
            }
            return serviceCreds(principalName, credentials);
        }
        Credentials credentials2 = null;
        boolean[] zArr = new boolean[1];
        Credentials tGTforRealm = getTGTforRealm(realmString2, realmString, credentials, zArr);
        if (tGTforRealm != null) {
            if (DEBUG) {
                System.out.println(">>> Credentials acquireServiceCreds: got right tgt");
                System.out.println(">>> Credentials acquireServiceCreds: obtaining service creds for " + ((Object) principalName));
            }
            try {
                credentials2 = serviceCreds(principalName, tGTforRealm);
            } catch (Exception e) {
                if (DEBUG) {
                    System.out.println(e);
                }
                credentials2 = null;
            }
        }
        if (credentials2 == null) {
            throw new KrbApErrException(63, "No service creds");
        }
        if (DEBUG) {
            System.out.println(">>> Credentials acquireServiceCreds: returning creds:");
            Credentials.printDebug(credentials2);
        }
        if (!zArr[0]) {
            credentials2.resetDelegate();
        }
        return credentials2;
    }

    private static Credentials getTGTforRealm(String str, String str2, Credentials credentials, boolean[] zArr) throws KrbException {
        Credentials credentials2;
        String[] realmsList = Realm.getRealmsList(str, str2);
        Credentials credentials3 = null;
        zArr[0] = true;
        Credentials credentials4 = credentials;
        int i = 0;
        while (true) {
            if (i >= realmsList.length) {
                break;
            }
            PrincipalName tgsService = PrincipalName.tgsService(str2, realmsList[i]);
            if (DEBUG) {
                System.out.println(">>> Credentials acquireServiceCreds: main loop: [" + i + "] tempService=" + ((Object) tgsService));
            }
            try {
                credentials2 = serviceCreds(tgsService, credentials4);
            } catch (Exception e) {
                credentials2 = null;
            }
            if (credentials2 == null) {
                if (DEBUG) {
                    System.out.println(">>> Credentials acquireServiceCreds: no tgt; searching thru capath");
                }
                credentials2 = null;
                for (int i2 = i + 1; credentials2 == null && i2 < realmsList.length; i2++) {
                    PrincipalName tgsService2 = PrincipalName.tgsService(realmsList[i2], realmsList[i]);
                    if (DEBUG) {
                        System.out.println(">>> Credentials acquireServiceCreds: inner loop: [" + i2 + "] tempService=" + ((Object) tgsService2));
                    }
                    try {
                        credentials2 = serviceCreds(tgsService2, credentials4);
                    } catch (Exception e2) {
                        credentials2 = null;
                    }
                }
            }
            if (credentials2 != null) {
                String instanceComponent = credentials2.getServer().getInstanceComponent();
                if (zArr[0] && !credentials2.checkDelegate()) {
                    if (DEBUG) {
                        System.out.println(">>> Credentials acquireServiceCreds: global OK-AS-DELEGATE turned off at " + ((Object) credentials2.getServer()));
                    }
                    zArr[0] = false;
                }
                if (DEBUG) {
                    System.out.println(">>> Credentials acquireServiceCreds: got tgt");
                }
                if (instanceComponent.equals(str2)) {
                    credentials3 = credentials2;
                    break;
                }
                int i3 = i + 1;
                while (i3 < realmsList.length && !instanceComponent.equals(realmsList[i3])) {
                    i3++;
                }
                if (i3 >= realmsList.length) {
                    break;
                }
                i = i3;
                credentials4 = credentials2;
                if (DEBUG) {
                    System.out.println(">>> Credentials acquireServiceCreds: continuing with main loop counter reset to " + i);
                }
            } else if (DEBUG) {
                System.out.println(">>> Credentials acquireServiceCreds: no tgt; cannot get creds");
            }
        }
        return credentials3;
    }

    private static Credentials serviceCreds(PrincipalName principalName, Credentials credentials) throws KrbException, IOException {
        return new KrbTgsReq(credentials, principalName).sendAndGetCreds();
    }
}
