package net.jini.jeri.kerberos;

import com.sun.jini.logging.Levels;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.ref.ReferenceQueue;
import java.lang.ref.SoftReference;
import java.net.Socket;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.LogRecord;
import java.util.logging.Logger;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import net.jini.core.constraint.ClientAuthentication;
import net.jini.core.constraint.ClientMaxPrincipal;
import net.jini.core.constraint.ClientMaxPrincipalType;
import net.jini.core.constraint.ClientMinPrincipal;
import net.jini.core.constraint.ClientMinPrincipalType;
import net.jini.core.constraint.Confidentiality;
import net.jini.core.constraint.ConstraintAlternatives;
import net.jini.core.constraint.Delegation;
import net.jini.core.constraint.Integrity;
import net.jini.core.constraint.InvocationConstraint;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.core.constraint.ServerAuthentication;
import net.jini.core.constraint.ServerMinPrincipal;
import net.jini.io.UnsupportedConstraintException;
import net.jini.security.AuthenticationPermission;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil.class */
public class KerberosUtil {
    static final Oid krb5MechOid;
    static final Oid krb5NameType;
    static final InvocationConstraints INTEGRITY_REQUIRED_CONSTRAINTS;
    static final InvocationConstraints INTEGRITY_PREFERRED_CONSTRAINTS;
    private static final boolean[] BOOL_TABLE;
    private static final Map depends;
    static Class class$net$jini$core$constraint$ConnectionAbsoluteTime;
    static Class class$net$jini$core$constraint$ConnectionRelativeTime;
    static Class class$net$jini$core$constraint$Integrity;
    static Class class$net$jini$core$constraint$Confidentiality;
    static Class class$net$jini$core$constraint$ClientAuthentication;
    static Class class$net$jini$core$constraint$ServerAuthentication;
    static Class class$net$jini$core$constraint$ClientMinPrincipal;
    static Class class$net$jini$core$constraint$ClientMinPrincipalType;
    static Class class$net$jini$core$constraint$ClientMaxPrincipal;
    static Class class$net$jini$core$constraint$ClientMaxPrincipalType;
    static Class class$net$jini$core$constraint$Delegation;
    static Class class$net$jini$core$constraint$ServerMinPrincipal;
    static Class class$javax$security$auth$kerberos$KerberosPrincipal;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$Config.class */
    public static final class Config {
        KerberosPrincipal clientPrincipal;
        KerberosPrincipal serverPrincipal;
        boolean encry;
        boolean deleg;
        int prefCount;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Config(KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, boolean z, boolean z2) {
            this.clientPrincipal = kerberosPrincipal;
            this.serverPrincipal = kerberosPrincipal2;
            this.encry = z;
            this.deleg = z2;
        }

        public String toString() {
            return new StringBuffer().append("Config[clientPrincipal=").append(this.clientPrincipal).append(" serverPrincipal=").append(this.serverPrincipal).append(" encry=").append(this.encry).append(" deleg=").append(this.deleg).append(" prefCount=").append(this.prefCount).append("]").toString();
        }
    }

    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$ConfigIter.class */
    static final class ConfigIter {
        private final Set clientPrincipals;
        private final KerberosPrincipal serverPrincipal;
        private Iterator cpIter;
        private final boolean canDeleg;
        private int configId = 0;
        private int numConfigs;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ConfigIter(Set set, KerberosPrincipal kerberosPrincipal, boolean z) {
            this.clientPrincipals = set;
            this.serverPrincipal = kerberosPrincipal;
            this.canDeleg = z;
            this.numConfigs = set.size() * 2;
            if (z) {
                this.numConfigs *= 2;
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean hasNext() {
            return this.configId < this.numConfigs;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Config next() {
            Config config;
            if (this.configId >= this.numConfigs) {
                throw new NoSuchElementException();
            }
            if (this.configId % this.clientPrincipals.size() == 0) {
                this.cpIter = this.clientPrincipals.iterator();
            }
            KerberosPrincipal kerberosPrincipal = (KerberosPrincipal) this.cpIter.next();
            int size = (this.configId / this.clientPrincipals.size()) % 2;
            if (this.canDeleg) {
                config = new Config(kerberosPrincipal, this.serverPrincipal, KerberosUtil.BOOL_TABLE[size], KerberosUtil.BOOL_TABLE[(this.configId / this.clientPrincipals.size()) / 2]);
            } else {
                config = new Config(kerberosPrincipal, this.serverPrincipal, KerberosUtil.BOOL_TABLE[size], false);
            }
            this.configId++;
            return config;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$Connection.class */
    public static class Connection {
        protected static final int INTEGRITY_QOP = 2;
        protected static final int PRIVACY_QOP = 0;
        protected final Socket sock;
        protected final String peerHost;
        protected final int peerPort;
        protected DataInputStream dis;
        protected DataOutputStream dos;
        KerberosPrincipal clientPrincipal;
        protected GSSContext gssContext;
        protected boolean doEncryption;
        protected boolean doDelegation;
        protected Logger connectionLogger;

        /* JADX INFO: Access modifiers changed from: package-private */
        public Connection(Socket socket) throws IOException {
            this.sock = socket;
            this.peerHost = socket.getInetAddress().getHostName();
            this.peerPort = socket.getPort();
            this.dis = new DataInputStream(socket.getInputStream());
            this.dos = new DataOutputStream(socket.getOutputStream());
        }

        public void close() {
            this.connectionLogger.log(Level.FINE, "closing {0}", this);
            try {
                this.sock.close();
            } catch (IOException e) {
            }
        }

        void write(byte[] bArr, int i, int i2) throws IOException {
            byte[] wrap;
            MessageProp messageProp = this.doEncryption ? new MessageProp(0, true) : new MessageProp(2, false);
            try {
                try {
                    synchronized (this.gssContext) {
                        wrap = this.gssContext.wrap(bArr, i, i2, messageProp);
                    }
                    if (this.doEncryption != messageProp.getPrivacy()) {
                        throw new IOException(new StringBuffer().append("Returned token encryption property is: ").append(messageProp.getPrivacy()).append(",\nwhile connection encryption requirement is: ").append(this.doEncryption).toString());
                    }
                    if (this.connectionLogger.isLoggable(Level.FINEST)) {
                        this.connectionLogger.log(Level.FINEST, new StringBuffer().append("wrapped ").append(i2).append(" bytes (").append(this.doEncryption ? "" : "not ").append("encrypted) into a ").append(wrap.length).append(" bytes token and sending it over the network").toString());
                    }
                    this.dos.writeInt(wrap.length);
                    this.dos.write(wrap);
                } catch (GSSException e) {
                    IOException iOException = new IOException("Failed to wrap buf into GSS token.");
                    iOException.initCause(e);
                    throw iOException;
                }
            } catch (IOException e2) {
                if (this.connectionLogger.isLoggable(Levels.FAILED)) {
                    KerberosUtil.logThrow(this.connectionLogger, Levels.FAILED, getClass(), "write", "failed to wrap buf of size {0} into a GSS token,\nconnection is {1},\nthrows ", new Object[]{new Integer(i2), this}, e2);
                }
                throw e2;
            }
        }

        void flush() throws IOException {
            this.dos.flush();
        }

        byte[] read() throws IOException {
            byte[] unwrap;
            try {
                MessageProp messageProp = new MessageProp(0, false);
                byte[] bArr = new byte[this.dis.readInt()];
                this.dis.readFully(bArr);
                try {
                    synchronized (this.gssContext) {
                        unwrap = this.gssContext.unwrap(bArr, 0, bArr.length, messageProp);
                    }
                    this.doEncryption = messageProp.getPrivacy();
                    if (this.connectionLogger.isLoggable(Level.FINEST)) {
                        this.connectionLogger.log(Level.FINEST, new StringBuffer().append("received a ").append(bArr.length).append(" bytes token (").append(this.doEncryption ? "" : "not ").append("encrypted), ").append(unwrap.length).append(" bytes when unwrapped").toString());
                    }
                    return unwrap;
                } catch (GSSException e) {
                    IOException iOException = new IOException(new StringBuffer().append("Failed to unwrap a GSS token of length ").append(bArr.length).toString());
                    iOException.initCause(e);
                    throw iOException;
                }
            } catch (IOException e2) {
                if (this.connectionLogger.isLoggable(Levels.FAILED)) {
                    KerberosUtil.logThrow(this.connectionLogger, Levels.FAILED, getClass(), "read", "read fails on connection {0}, throws", new Object[]{this}, e2);
                }
                throw e2;
            }
        }
    }

    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$ConnectionInputStream.class */
    static class ConnectionInputStream extends InputStream {
        private byte[] buf = new byte[0];
        private int offset = 0;
        private final Connection connection;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ConnectionInputStream(Connection connection) {
            this.connection = connection;
        }

        /* JADX WARN: Code restructure failed: missing block: B:2:0x0009, code lost:
        
            if (r6.offset == r6.buf.length) goto L4;
         */
        /* JADX WARN: Code restructure failed: missing block: B:3:0x000c, code lost:
        
            r6.buf = r6.connection.read();
         */
        /* JADX WARN: Code restructure failed: missing block: B:4:0x001c, code lost:
        
            if (r6.buf.length == 0) goto L10;
         */
        /* JADX WARN: Code restructure failed: missing block: B:6:0x001f, code lost:
        
            r6.offset = 0;
         */
        /* JADX WARN: Code restructure failed: missing block: B:8:0x0024, code lost:
        
            r0 = r6.buf;
            r2 = r6.offset;
            r6.offset = r2 + 1;
         */
        /* JADX WARN: Code restructure failed: missing block: B:9:0x0034, code lost:
        
            return r0[r2];
         */
        @Override // java.io.InputStream
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public synchronized int read() throws java.io.IOException {
            /*
                r6 = this;
                r0 = r6
                int r0 = r0.offset
                r1 = r6
                byte[] r1 = r1.buf
                int r1 = r1.length
                if (r0 != r1) goto L24
            Lc:
                r0 = r6
                r1 = r6
                net.jini.jeri.kerberos.KerberosUtil$Connection r1 = r1.connection
                byte[] r1 = r1.read()
                r0.buf = r1
                r0 = r6
                byte[] r0 = r0.buf
                int r0 = r0.length
                if (r0 == 0) goto Lc
                r0 = r6
                r1 = 0
                r0.offset = r1
            L24:
                r0 = r6
                byte[] r0 = r0.buf
                r1 = r6
                r2 = r1
                int r2 = r2.offset
                r3 = r2; r2 = r1; r1 = r3; 
                r4 = 1
                int r3 = r3 + r4
                r2.offset = r3
                r0 = r0[r1]
                return r0
            */
            throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.kerberos.KerberosUtil.ConnectionInputStream.read():int");
        }

        /* JADX WARN: Code restructure failed: missing block: B:13:0x002d, code lost:
        
            if (r6.offset == r6.buf.length) goto L16;
         */
        /* JADX WARN: Code restructure failed: missing block: B:14:0x0030, code lost:
        
            r6.buf = r6.connection.read();
         */
        /* JADX WARN: Code restructure failed: missing block: B:15:0x0040, code lost:
        
            if (r6.buf.length == 0) goto L22;
         */
        /* JADX WARN: Code restructure failed: missing block: B:17:0x0043, code lost:
        
            r6.offset = 0;
         */
        /* JADX WARN: Code restructure failed: missing block: B:19:0x0048, code lost:
        
            r0 = java.lang.Math.min(r6.buf.length - r6.offset, r9);
            java.lang.System.arraycopy(r6.buf, r6.offset, r7, r8, r0);
            r6.offset += r0;
         */
        /* JADX WARN: Code restructure failed: missing block: B:20:0x0074, code lost:
        
            return r0;
         */
        @Override // java.io.InputStream
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public synchronized int read(byte[] r7, int r8, int r9) throws java.io.IOException {
            /*
                r6 = this;
                r0 = r7
                if (r0 != 0) goto Lc
                java.lang.NullPointerException r0 = new java.lang.NullPointerException
                r1 = r0
                r1.<init>()
                throw r0
            Lc:
                r0 = r8
                if (r0 < 0) goto L1c
                r0 = r9
                if (r0 < 0) goto L1c
                r0 = r8
                r1 = r9
                int r0 = r0 + r1
                r1 = r7
                int r1 = r1.length
                if (r0 <= r1) goto L24
            L1c:
                java.lang.IndexOutOfBoundsException r0 = new java.lang.IndexOutOfBoundsException
                r1 = r0
                r1.<init>()
                throw r0
            L24:
                r0 = r6
                int r0 = r0.offset
                r1 = r6
                byte[] r1 = r1.buf
                int r1 = r1.length
                if (r0 != r1) goto L48
            L30:
                r0 = r6
                r1 = r6
                net.jini.jeri.kerberos.KerberosUtil$Connection r1 = r1.connection
                byte[] r1 = r1.read()
                r0.buf = r1
                r0 = r6
                byte[] r0 = r0.buf
                int r0 = r0.length
                if (r0 == 0) goto L30
                r0 = r6
                r1 = 0
                r0.offset = r1
            L48:
                r0 = r6
                byte[] r0 = r0.buf
                int r0 = r0.length
                r1 = r6
                int r1 = r1.offset
                int r0 = r0 - r1
                r1 = r9
                int r0 = java.lang.Math.min(r0, r1)
                r10 = r0
                r0 = r6
                byte[] r0 = r0.buf
                r1 = r6
                int r1 = r1.offset
                r2 = r7
                r3 = r8
                r4 = r10
                java.lang.System.arraycopy(r0, r1, r2, r3, r4)
                r0 = r6
                r1 = r0
                int r1 = r1.offset
                r2 = r10
                int r1 = r1 + r2
                r0.offset = r1
                r0 = r10
                return r0
            */
            throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.kerberos.KerberosUtil.ConnectionInputStream.read(byte[], int, int):int");
        }

        @Override // java.io.InputStream
        public synchronized int available() throws IOException {
            return this.buf.length - this.offset;
        }

        @Override // java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            this.connection.dis.close();
        }
    }

    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$ConnectionOutputStream.class */
    static class ConnectionOutputStream extends OutputStream {
        private static final int bufSize = 8000;
        private final byte[] buf = new byte[bufSize];
        private int curLen = 0;
        private final Connection connection;

        /* JADX INFO: Access modifiers changed from: package-private */
        public ConnectionOutputStream(Connection connection) {
            this.connection = connection;
        }

        @Override // java.io.OutputStream
        public synchronized void write(int i) throws IOException {
            if (this.curLen == bufSize) {
                this.connection.write(this.buf, 0, this.curLen);
                this.curLen = 0;
            }
            byte[] bArr = this.buf;
            int i2 = this.curLen;
            this.curLen = i2 + 1;
            bArr[i2] = (byte) i;
        }

        @Override // java.io.OutputStream
        public synchronized void write(byte[] bArr, int i, int i2) throws IOException {
            if (bArr == null) {
                throw new NullPointerException();
            }
            if (i < 0 || i2 < 0 || i + i2 > bArr.length) {
                throw new IndexOutOfBoundsException();
            }
            if (this.curLen + i2 >= bufSize) {
                int i3 = bufSize - this.curLen;
                System.arraycopy(bArr, i, this.buf, this.curLen, i3);
                i += i3;
                i2 -= i3;
                this.connection.write(this.buf, 0, bufSize);
                this.curLen = 0;
            }
            while (i2 > bufSize) {
                this.connection.write(bArr, i, bufSize);
                i += bufSize;
                i2 -= 8000;
            }
            System.arraycopy(bArr, i, this.buf, this.curLen, i2);
            this.curLen += i2;
        }

        @Override // java.io.OutputStream, java.io.Flushable
        public synchronized void flush() throws IOException {
            if (this.curLen > 0) {
                this.connection.write(this.buf, 0, this.curLen);
                this.curLen = 0;
            }
            this.connection.flush();
        }

        @Override // java.io.OutputStream, java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            try {
                flush();
            } finally {
                this.connection.dis.close();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$SoftCache.class */
    public static class SoftCache {
        private final LRUHashMap hash;
        private ReferenceQueue queue;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$SoftCache$LRUHashMap.class */
        public class LRUHashMap extends LinkedHashMap {
            private int maxCacheSize;
            private final SoftCache this$0;

            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            LRUHashMap(SoftCache softCache, int i, int i2) {
                super(i2, 0.75f, true);
                this.this$0 = softCache;
                if (i < 0) {
                    throw new IllegalArgumentException("negative cache size");
                }
                this.maxCacheSize = i;
            }

            @Override // java.util.LinkedHashMap
            protected boolean removeEldestEntry(Map.Entry entry) {
                if (size() <= this.maxCacheSize) {
                    return false;
                }
                ValueCell.strip(entry.getValue(), true);
                return true;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:net/jini/jeri/kerberos/KerberosUtil$SoftCache$ValueCell.class */
        public static class ValueCell extends SoftReference {
            private static Object INVALID_KEY = new Object();
            private Object key;

            private ValueCell(Object obj, Object obj2, ReferenceQueue referenceQueue) {
                super(obj2, referenceQueue);
                this.key = obj;
            }

            /* JADX INFO: Access modifiers changed from: private */
            public static ValueCell create(Object obj, Object obj2, ReferenceQueue referenceQueue) {
                if (obj2 == null) {
                    return null;
                }
                return new ValueCell(obj, obj2, referenceQueue);
            }

            /* JADX INFO: Access modifiers changed from: private */
            public static Object strip(Object obj, boolean z) {
                if (obj == null) {
                    return null;
                }
                ValueCell valueCell = (ValueCell) obj;
                Object obj2 = valueCell.get();
                if (z) {
                    valueCell.drop();
                }
                return obj2;
            }

            /* JADX INFO: Access modifiers changed from: private */
            public boolean isValid() {
                return this.key != INVALID_KEY;
            }

            private void drop() {
                clear();
                this.key = INVALID_KEY;
            }
        }

        SoftCache() {
            this(Integer.MAX_VALUE, 8);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SoftCache(int i) {
            this(i, 8);
        }

        SoftCache(int i, int i2) {
            this.queue = new ReferenceQueue();
            this.hash = new LRUHashMap(this, i, i2);
        }

        public synchronized Object put(Object obj, Object obj2) {
            processQueue();
            return ValueCell.strip(this.hash.put(obj, ValueCell.create(obj, obj2, this.queue)), true);
        }

        public synchronized Object get(Object obj) {
            processQueue();
            return ValueCell.strip(this.hash.get(obj), false);
        }

        public synchronized Object remove(Object obj) {
            processQueue();
            return ValueCell.strip(this.hash.remove(obj), true);
        }

        public synchronized void clear() {
            processQueue();
            this.hash.clear();
        }

        private void processQueue() {
            while (true) {
                ValueCell valueCell = (ValueCell) this.queue.poll();
                if (valueCell == null) {
                    return;
                }
                if (valueCell.isValid()) {
                    this.hash.remove(valueCell.key);
                }
            }
        }
    }

    private KerberosUtil() {
    }

    static boolean canGetSubject() {
        try {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager == null) {
                return true;
            }
            securityManager.checkPermission(new AuthPermission("getSubject"));
            return true;
        } catch (SecurityException e) {
            return false;
        }
    }

    static boolean isSupportedConstraintType(InvocationConstraint invocationConstraint) {
        return depends.get(invocationConstraint.getClass()) != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSupportableConstraint(InvocationConstraint invocationConstraint) {
        Class cls;
        Class cls2;
        if (invocationConstraint instanceof ConstraintAlternatives) {
            Class<?> cls3 = null;
            for (InvocationConstraint invocationConstraint2 : ((ConstraintAlternatives) invocationConstraint).elements()) {
                if (cls3 == null) {
                    cls3 = invocationConstraint2.getClass();
                } else if (cls3 != invocationConstraint2.getClass()) {
                    return false;
                }
                if (isSupportableConstraint(invocationConstraint2)) {
                    return true;
                }
            }
            return false;
        }
        if (!isSupportedConstraintType(invocationConstraint)) {
            return false;
        }
        if (invocationConstraint instanceof Integrity) {
            return invocationConstraint == Integrity.YES;
        }
        if (invocationConstraint instanceof ClientAuthentication) {
            return invocationConstraint == ClientAuthentication.YES;
        }
        if (invocationConstraint instanceof ServerAuthentication) {
            return invocationConstraint == ServerAuthentication.YES;
        }
        if (invocationConstraint instanceof ClientMinPrincipal) {
            Set elements = ((ClientMinPrincipal) invocationConstraint).elements();
            if (elements.size() > 1) {
                return false;
            }
            return elements.iterator().next() instanceof KerberosPrincipal;
        }
        if (invocationConstraint instanceof ClientMinPrincipalType) {
            Set elements2 = ((ClientMinPrincipalType) invocationConstraint).elements();
            if (elements2.size() > 1) {
                return false;
            }
            if (class$javax$security$auth$kerberos$KerberosPrincipal == null) {
                cls2 = class$("javax.security.auth.kerberos.KerberosPrincipal");
                class$javax$security$auth$kerberos$KerberosPrincipal = cls2;
            } else {
                cls2 = class$javax$security$auth$kerberos$KerberosPrincipal;
            }
            return elements2.contains(cls2);
        }
        if (invocationConstraint instanceof ClientMaxPrincipal) {
            Iterator it = ((ClientMaxPrincipal) invocationConstraint).elements().iterator();
            while (it.hasNext()) {
                if (it.next() instanceof KerberosPrincipal) {
                    return true;
                }
            }
            return false;
        }
        if (invocationConstraint instanceof ClientMaxPrincipalType) {
            Set elements3 = ((ClientMaxPrincipalType) invocationConstraint).elements();
            if (class$javax$security$auth$kerberos$KerberosPrincipal == null) {
                cls = class$("javax.security.auth.kerberos.KerberosPrincipal");
                class$javax$security$auth$kerberos$KerberosPrincipal = cls;
            } else {
                cls = class$javax$security$auth$kerberos$KerberosPrincipal;
            }
            return elements3.contains(cls);
        }
        if (!(invocationConstraint instanceof ServerMinPrincipal)) {
            return true;
        }
        Set elements4 = ((ServerMinPrincipal) invocationConstraint).elements();
        if (elements4.size() > 1) {
            return false;
        }
        return elements4.iterator().next() instanceof KerberosPrincipal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isSatisfiable(Config config, InvocationConstraint invocationConstraint) {
        Class cls;
        Class cls2;
        if (invocationConstraint instanceof ConstraintAlternatives) {
            Iterator it = ((ConstraintAlternatives) invocationConstraint).elements().iterator();
            while (it.hasNext()) {
                if (isSatisfiable(config, (InvocationConstraint) it.next())) {
                    return true;
                }
            }
            return false;
        }
        if (!isSupportedConstraintType(invocationConstraint)) {
            return false;
        }
        if (invocationConstraint instanceof Integrity) {
            return invocationConstraint == Integrity.YES;
        }
        if (invocationConstraint instanceof Confidentiality) {
            return config.encry == (invocationConstraint == Confidentiality.YES);
        }
        if (invocationConstraint instanceof ClientAuthentication) {
            return invocationConstraint == ClientAuthentication.YES;
        }
        if (invocationConstraint instanceof ServerAuthentication) {
            return invocationConstraint == ServerAuthentication.YES;
        }
        if (invocationConstraint instanceof Delegation) {
            return config.deleg == (invocationConstraint == Delegation.YES);
        }
        if (invocationConstraint instanceof ClientMinPrincipal) {
            Set elements = ((ClientMinPrincipal) invocationConstraint).elements();
            if (elements.size() > 1) {
                return false;
            }
            return elements.contains(config.clientPrincipal);
        }
        if (invocationConstraint instanceof ClientMinPrincipalType) {
            Set elements2 = ((ClientMinPrincipalType) invocationConstraint).elements();
            if (elements2.size() > 1) {
                return false;
            }
            if (class$javax$security$auth$kerberos$KerberosPrincipal == null) {
                cls2 = class$("javax.security.auth.kerberos.KerberosPrincipal");
                class$javax$security$auth$kerberos$KerberosPrincipal = cls2;
            } else {
                cls2 = class$javax$security$auth$kerberos$KerberosPrincipal;
            }
            return elements2.contains(cls2);
        }
        if (invocationConstraint instanceof ClientMaxPrincipal) {
            return ((ClientMaxPrincipal) invocationConstraint).elements().contains(config.clientPrincipal);
        }
        if (invocationConstraint instanceof ClientMaxPrincipalType) {
            Set elements3 = ((ClientMaxPrincipalType) invocationConstraint).elements();
            if (class$javax$security$auth$kerberos$KerberosPrincipal == null) {
                cls = class$("javax.security.auth.kerberos.KerberosPrincipal");
                class$javax$security$auth$kerberos$KerberosPrincipal = cls;
            } else {
                cls = class$javax$security$auth$kerberos$KerberosPrincipal;
            }
            return elements3.contains(cls);
        }
        if (!(invocationConstraint instanceof ServerMinPrincipal)) {
            return true;
        }
        Set elements4 = ((ServerMinPrincipal) invocationConstraint).elements();
        if (elements4.size() > 1) {
            return false;
        }
        return elements4.contains(config.serverPrincipal);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean collectCpCandidates(InvocationConstraint invocationConstraint, Set set) {
        boolean z = false;
        HashSet hashSet = new HashSet();
        if (invocationConstraint instanceof ConstraintAlternatives) {
            for (ClientMaxPrincipal clientMaxPrincipal : ((ConstraintAlternatives) invocationConstraint).elements()) {
                if (clientMaxPrincipal instanceof ClientMinPrincipal) {
                    z = true;
                    Set elements = ((ClientMinPrincipal) clientMaxPrincipal).elements();
                    Object next = elements.iterator().next();
                    if (elements.size() <= 1 && (next instanceof KerberosPrincipal)) {
                        hashSet.add(next);
                    }
                } else if (clientMaxPrincipal instanceof ClientMaxPrincipal) {
                    z = true;
                    for (Object obj : clientMaxPrincipal.elements()) {
                        if (obj instanceof KerberosPrincipal) {
                            hashSet.add(obj);
                        }
                    }
                }
            }
        } else if (invocationConstraint instanceof ClientMinPrincipal) {
            z = true;
            Set elements2 = ((ClientMinPrincipal) invocationConstraint).elements();
            Object next2 = elements2.iterator().next();
            if (elements2.size() > 1 || !(next2 instanceof KerberosPrincipal)) {
                return false;
            }
            hashSet.add(next2);
        } else if (invocationConstraint instanceof ClientMaxPrincipal) {
            z = true;
            for (Object obj2 : ((ClientMaxPrincipal) invocationConstraint).elements()) {
                if (obj2 instanceof KerberosPrincipal) {
                    hashSet.add(obj2);
                }
            }
        }
        if (!z) {
            return true;
        }
        if (set.size() != 0) {
            set.retainAll(hashSet);
            return set.size() > 0;
        }
        if (hashSet.size() <= 0) {
            return false;
        }
        set.addAll(hashSet);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkAuthPermission(KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            Set singleton = Collections.singleton(kerberosPrincipal);
            Set set = null;
            if (kerberosPrincipal2 != null) {
                set = Collections.singleton(kerberosPrincipal2);
            }
            securityManager.checkPermission(new AuthenticationPermission(singleton, set, str));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkAuthPermission(AuthenticationPermission authenticationPermission) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(authenticationPermission);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean containsConstraint(Set set, InvocationConstraint invocationConstraint) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            ConstraintAlternatives constraintAlternatives = (InvocationConstraint) it.next();
            if (constraintAlternatives instanceof ConstraintAlternatives) {
                return constraintAlternatives.elements().contains(invocationConstraint);
            }
            if (constraintAlternatives.equals(invocationConstraint)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static GSSCredential getGSSCredential(Subject subject, KerberosPrincipal kerberosPrincipal, GSSManager gSSManager, int i) throws GSSException {
        try {
            return (GSSCredential) Subject.doAs(subject, new PrivilegedExceptionAction(gSSManager, kerberosPrincipal, i) { // from class: net.jini.jeri.kerberos.KerberosUtil.1
                private final GSSManager val$manager;
                private final KerberosPrincipal val$principal;
                private final int val$usage;

                {
                    this.val$manager = gSSManager;
                    this.val$principal = kerberosPrincipal;
                    this.val$usage = i;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws GSSException {
                    return this.val$manager.createCredential(this.val$manager.createName(this.val$principal.getName(), KerberosUtil.krb5NameType), Integer.MAX_VALUE, KerberosUtil.krb5MechOid, this.val$usage);
                }
            });
        } catch (PrivilegedActionException e) {
            throw e.getException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void secureThrow(Exception exc, UnsupportedConstraintException unsupportedConstraintException) throws UnsupportedConstraintException {
        if (!canGetSubject()) {
            throw unsupportedConstraintException;
        }
        if (!(exc instanceof SecurityException)) {
            throw ((UnsupportedConstraintException) exc);
        }
        throw ((SecurityException) exc);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void logThrow(Logger logger, Level level, Class cls, String str, String str2, Object[] objArr, Throwable th) {
        LogRecord logRecord = new LogRecord(level, str2);
        logRecord.setLoggerName(logger.getName());
        logRecord.setSourceClassName(cls.getName());
        logRecord.setSourceMethodName(str);
        logRecord.setParameters(objArr);
        logRecord.setThrown(th);
        logger.log(logRecord);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        Class cls6;
        Class cls7;
        Class cls8;
        Class cls9;
        Class cls10;
        Class cls11;
        Class cls12;
        try {
            krb5MechOid = new Oid("1.2.840.113554.1.2.2");
            krb5NameType = new Oid("1.2.840.113554.1.2.2.1");
            INTEGRITY_REQUIRED_CONSTRAINTS = new InvocationConstraints(Integrity.YES, (InvocationConstraint) null);
            INTEGRITY_PREFERRED_CONSTRAINTS = new InvocationConstraints((InvocationConstraint) null, Integrity.YES);
            BOOL_TABLE = new boolean[]{false, true};
            depends = new HashMap();
            InvocationConstraint[] invocationConstraintArr = new InvocationConstraint[0];
            Map map = depends;
            if (class$net$jini$core$constraint$ConnectionAbsoluteTime == null) {
                cls = class$("net.jini.core.constraint.ConnectionAbsoluteTime");
                class$net$jini$core$constraint$ConnectionAbsoluteTime = cls;
            } else {
                cls = class$net$jini$core$constraint$ConnectionAbsoluteTime;
            }
            map.put(cls, invocationConstraintArr);
            Map map2 = depends;
            if (class$net$jini$core$constraint$ConnectionRelativeTime == null) {
                cls2 = class$("net.jini.core.constraint.ConnectionRelativeTime");
                class$net$jini$core$constraint$ConnectionRelativeTime = cls2;
            } else {
                cls2 = class$net$jini$core$constraint$ConnectionRelativeTime;
            }
            map2.put(cls2, invocationConstraintArr);
            Map map3 = depends;
            if (class$net$jini$core$constraint$Integrity == null) {
                cls3 = class$("net.jini.core.constraint.Integrity");
                class$net$jini$core$constraint$Integrity = cls3;
            } else {
                cls3 = class$net$jini$core$constraint$Integrity;
            }
            map3.put(cls3, invocationConstraintArr);
            Map map4 = depends;
            if (class$net$jini$core$constraint$Confidentiality == null) {
                cls4 = class$("net.jini.core.constraint.Confidentiality");
                class$net$jini$core$constraint$Confidentiality = cls4;
            } else {
                cls4 = class$net$jini$core$constraint$Confidentiality;
            }
            map4.put(cls4, invocationConstraintArr);
            Map map5 = depends;
            if (class$net$jini$core$constraint$ClientAuthentication == null) {
                cls5 = class$("net.jini.core.constraint.ClientAuthentication");
                class$net$jini$core$constraint$ClientAuthentication = cls5;
            } else {
                cls5 = class$net$jini$core$constraint$ClientAuthentication;
            }
            map5.put(cls5, invocationConstraintArr);
            Map map6 = depends;
            if (class$net$jini$core$constraint$ServerAuthentication == null) {
                cls6 = class$("net.jini.core.constraint.ServerAuthentication");
                class$net$jini$core$constraint$ServerAuthentication = cls6;
            } else {
                cls6 = class$net$jini$core$constraint$ServerAuthentication;
            }
            map6.put(cls6, invocationConstraintArr);
            InvocationConstraint[] invocationConstraintArr2 = {ClientAuthentication.YES};
            Map map7 = depends;
            if (class$net$jini$core$constraint$ClientMinPrincipal == null) {
                cls7 = class$("net.jini.core.constraint.ClientMinPrincipal");
                class$net$jini$core$constraint$ClientMinPrincipal = cls7;
            } else {
                cls7 = class$net$jini$core$constraint$ClientMinPrincipal;
            }
            map7.put(cls7, invocationConstraintArr2);
            Map map8 = depends;
            if (class$net$jini$core$constraint$ClientMinPrincipalType == null) {
                cls8 = class$("net.jini.core.constraint.ClientMinPrincipalType");
                class$net$jini$core$constraint$ClientMinPrincipalType = cls8;
            } else {
                cls8 = class$net$jini$core$constraint$ClientMinPrincipalType;
            }
            map8.put(cls8, invocationConstraintArr2);
            Map map9 = depends;
            if (class$net$jini$core$constraint$ClientMaxPrincipal == null) {
                cls9 = class$("net.jini.core.constraint.ClientMaxPrincipal");
                class$net$jini$core$constraint$ClientMaxPrincipal = cls9;
            } else {
                cls9 = class$net$jini$core$constraint$ClientMaxPrincipal;
            }
            map9.put(cls9, invocationConstraintArr2);
            Map map10 = depends;
            if (class$net$jini$core$constraint$ClientMaxPrincipalType == null) {
                cls10 = class$("net.jini.core.constraint.ClientMaxPrincipalType");
                class$net$jini$core$constraint$ClientMaxPrincipalType = cls10;
            } else {
                cls10 = class$net$jini$core$constraint$ClientMaxPrincipalType;
            }
            map10.put(cls10, invocationConstraintArr2);
            Map map11 = depends;
            if (class$net$jini$core$constraint$Delegation == null) {
                cls11 = class$("net.jini.core.constraint.Delegation");
                class$net$jini$core$constraint$Delegation = cls11;
            } else {
                cls11 = class$net$jini$core$constraint$Delegation;
            }
            map11.put(cls11, invocationConstraintArr2);
            InvocationConstraint[] invocationConstraintArr3 = {ServerAuthentication.YES};
            Map map12 = depends;
            if (class$net$jini$core$constraint$ServerMinPrincipal == null) {
                cls12 = class$("net.jini.core.constraint.ServerMinPrincipal");
                class$net$jini$core$constraint$ServerMinPrincipal = cls12;
            } else {
                cls12 = class$net$jini$core$constraint$ServerMinPrincipal;
            }
            map12.put(cls12, invocationConstraintArr3);
        } catch (GSSException e) {
            throw new ExceptionInInitializerError((Throwable) e);
        }
    }
}
