package sun.security.jgss.krb5;

import java.io.IOException;
import java.security.Provider;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.kerberos.KerberosTicket;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
import sun.security.jgss.GSSCaller;
import sun.security.jgss.spi.GSSCredentialSpi;
import sun.security.jgss.spi.GSSNameSpi;
import sun.security.krb5.Credentials;
import sun.security.krb5.KrbException;
import sun.security.krb5.internal.Ticket;

/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.security.jgss/sun/security/jgss/krb5/Krb5ProxyCredential.class */
public class Krb5ProxyCredential implements Krb5CredElement {
    public final Krb5InitCredential self;
    private final Krb5NameElement client;
    public final Ticket tkt;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Krb5ProxyCredential(Krb5InitCredential krb5InitCredential, Krb5NameElement krb5NameElement, Ticket ticket) {
        this.self = krb5InitCredential;
        this.tkt = ticket;
        this.client = krb5NameElement;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final Krb5NameElement getName() throws GSSException {
        return this.client;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public int getInitLifetime() throws GSSException {
        return this.self.getInitLifetime();
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public int getAcceptLifetime() throws GSSException {
        return 0;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public boolean isInitiatorCredential() throws GSSException {
        return true;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public boolean isAcceptorCredential() throws GSSException {
        return false;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final Oid getMechanism() {
        return Krb5MechFactory.GSS_KRB5_MECH_OID;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public final Provider getProvider() {
        return Krb5MechFactory.PROVIDER;
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public void dispose() throws GSSException {
        try {
            this.self.destroy();
        } catch (DestroyFailedException e) {
            new GSSException(11, -1, "Could not destroy credentials - " + e.getMessage()).initCause(e);
        }
    }

    @Override // sun.security.jgss.spi.GSSCredentialSpi
    public GSSCredentialSpi impersonate(GSSNameSpi gSSNameSpi) throws GSSException {
        throw new GSSException(11, -1, "Only an initiate credentials can impersonate");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Krb5CredElement tryImpersonation(GSSCaller gSSCaller, Krb5InitCredential krb5InitCredential) throws GSSException {
        try {
            KerberosTicket kerberosTicket = krb5InitCredential.proxyTicket;
            if (kerberosTicket == null) {
                return krb5InitCredential;
            }
            Credentials ticketToCreds = Krb5Util.ticketToCreds(kerberosTicket);
            return new Krb5ProxyCredential(krb5InitCredential, Krb5NameElement.getInstance(ticketToCreds.getClient()), ticketToCreds.getTicket());
        } catch (IOException | KrbException e) {
            throw new GSSException(9, -1, "Cannot create proxy credential");
        }
    }
}
