package javax.security.auth.kerberos;

import java.io.IOException;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.io.Serializable;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.Date;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Refreshable;
import sun.security.krb5.Credentials;
import sun.security.krb5.KrbException;
import sun.security.util.HexDumpEncoder;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:8/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:9A/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:BCDEF/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:G/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:H/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:I/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:J/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
  input_file:com/kohlschutter/jdk/home/lib/ct.sym:K/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.sig
 */
/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.security.jgss/javax/security/auth/kerberos/KerberosTicket.class */
public class KerberosTicket implements Destroyable, Refreshable, Serializable {
    private static final long serialVersionUID = 7395334370157380539L;
    private static final int FORWARDABLE_TICKET_FLAG = 1;
    private static final int FORWARDED_TICKET_FLAG = 2;
    private static final int PROXIABLE_TICKET_FLAG = 3;
    private static final int PROXY_TICKET_FLAG = 4;
    private static final int POSTDATED_TICKET_FLAG = 6;
    private static final int RENEWABLE_TICKET_FLAG = 8;
    private static final int INITIAL_TICKET_FLAG = 9;
    private static final int NUM_FLAGS = 32;
    private byte[] asn1Encoding;
    private KeyImpl sessionKey;
    private boolean[] flags;
    private Date authTime;
    private Date startTime;
    private Date endTime;
    private Date renewTill;
    private KerberosPrincipal client;
    private KerberosPrincipal server;
    private InetAddress[] clientAddresses;
    KerberosTicket proxy = null;
    private transient boolean destroyed = false;
    transient KerberosPrincipal clientAlias = null;
    transient KerberosPrincipal serverAlias = null;

    public KerberosTicket(byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) {
        init(bArr, kerberosPrincipal, kerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
    }

    private void init(byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) {
        if (bArr2 == null) {
            throw new IllegalArgumentException("Session key for ticket cannot be null");
        }
        init(bArr, kerberosPrincipal, kerberosPrincipal2, new KeyImpl(bArr2, i), zArr, date, date2, date3, date4, inetAddressArr);
    }

    private void init(byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, KeyImpl keyImpl, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("ASN.1 encoding of ticket cannot be null");
        }
        this.asn1Encoding = (byte[]) bArr.clone();
        if (kerberosPrincipal == null) {
            throw new IllegalArgumentException("Client name in ticket cannot be null");
        }
        this.client = kerberosPrincipal;
        if (kerberosPrincipal2 == null) {
            throw new IllegalArgumentException("Server name in ticket cannot be null");
        }
        this.server = kerberosPrincipal2;
        this.sessionKey = keyImpl;
        if (zArr == null) {
            this.flags = new boolean[32];
        } else if (zArr.length >= 32) {
            this.flags = (boolean[]) zArr.clone();
        } else {
            this.flags = new boolean[32];
            System.arraycopy(zArr, 0, this.flags, 0, zArr.length);
        }
        if (this.flags[8] && date4 != null) {
            this.renewTill = new Date(date4.getTime());
        }
        if (date != null) {
            this.authTime = new Date(date.getTime());
        }
        if (date2 != null) {
            this.startTime = new Date(date2.getTime());
        } else {
            this.startTime = this.authTime;
        }
        if (date3 == null) {
            throw new IllegalArgumentException("End time for ticket validity cannot be null");
        }
        this.endTime = new Date(date3.getTime());
        if (inetAddressArr != null) {
            this.clientAddresses = (InetAddress[]) inetAddressArr.clone();
        }
    }

    public final KerberosPrincipal getClient() {
        return this.client;
    }

    public final KerberosPrincipal getServer() {
        return this.server;
    }

    public final SecretKey getSessionKey() {
        if (this.destroyed) {
            throw new IllegalStateException("This ticket is no longer valid");
        }
        return new EncryptionKey(this.sessionKey.getEncoded(), this.sessionKey.getKeyType());
    }

    public final int getSessionKeyType() {
        if (this.destroyed) {
            throw new IllegalStateException("This ticket is no longer valid");
        }
        return this.sessionKey.getKeyType();
    }

    public final boolean isForwardable() {
        return this.flags != null && this.flags[1];
    }

    public final boolean isForwarded() {
        return this.flags != null && this.flags[2];
    }

    public final boolean isProxiable() {
        return this.flags != null && this.flags[3];
    }

    public final boolean isProxy() {
        return this.flags != null && this.flags[4];
    }

    public final boolean isPostdated() {
        return this.flags != null && this.flags[6];
    }

    public final boolean isRenewable() {
        return this.flags != null && this.flags[8];
    }

    public final boolean isInitial() {
        return this.flags != null && this.flags[9];
    }

    public final boolean[] getFlags() {
        if (this.flags == null) {
            return null;
        }
        return (boolean[]) this.flags.clone();
    }

    public final Date getAuthTime() {
        if (this.authTime == null) {
            return null;
        }
        return (Date) this.authTime.clone();
    }

    public final Date getStartTime() {
        if (this.startTime == null) {
            return null;
        }
        return (Date) this.startTime.clone();
    }

    public final Date getEndTime() {
        if (this.endTime == null) {
            return null;
        }
        return (Date) this.endTime.clone();
    }

    public final Date getRenewTill() {
        if (this.renewTill == null) {
            return null;
        }
        return (Date) this.renewTill.clone();
    }

    public final InetAddress[] getClientAddresses() {
        if (this.clientAddresses == null) {
            return null;
        }
        return (InetAddress[]) this.clientAddresses.clone();
    }

    public final byte[] getEncoded() {
        if (this.destroyed) {
            throw new IllegalStateException("This ticket is no longer valid");
        }
        return (byte[]) this.asn1Encoding.clone();
    }

    @Override // javax.security.auth.Refreshable
    public boolean isCurrent() {
        return this.endTime != null && System.currentTimeMillis() <= this.endTime.getTime();
    }

    @Override // javax.security.auth.Refreshable
    public void refresh() throws RefreshFailedException {
        if (this.destroyed) {
            throw new RefreshFailedException("A destroyed ticket cannot be renewd.");
        }
        if (!isRenewable()) {
            throw new RefreshFailedException("This ticket is not renewable");
        }
        if (getRenewTill() == null) {
            return;
        }
        if (System.currentTimeMillis() > getRenewTill().getTime()) {
            throw new RefreshFailedException("This ticket is past its last renewal time.");
        }
        try {
            Credentials renew = new Credentials(this.asn1Encoding, this.client.getName(), this.clientAlias != null ? this.clientAlias.getName() : null, this.server.getName(), this.serverAlias != null ? this.serverAlias.getName() : null, this.sessionKey.getEncoded(), this.sessionKey.getKeyType(), this.flags, this.authTime, this.startTime, this.endTime, this.renewTill, this.clientAddresses).renew();
            synchronized (this) {
                try {
                    destroy();
                } catch (DestroyFailedException e) {
                }
                init(renew.getEncoded(), new KerberosPrincipal(renew.getClient().getName()), new KerberosPrincipal(renew.getServer().getName(), 2), renew.getSessionKey().getBytes(), renew.getSessionKey().getEType(), renew.getFlags(), renew.getAuthTime(), renew.getStartTime(), renew.getEndTime(), renew.getRenewTill(), renew.getClientAddresses());
                this.destroyed = false;
            }
        } catch (IOException | KrbException e2) {
            RefreshFailedException refreshFailedException = new RefreshFailedException("Failed to renew Kerberos Ticket for client " + String.valueOf(this.client) + " and server " + String.valueOf(this.server) + " - " + e2.getMessage());
            refreshFailedException.initCause(e2);
            throw refreshFailedException;
        }
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        if (this.destroyed) {
            return;
        }
        Arrays.fill(this.asn1Encoding, (byte) 0);
        this.client = null;
        this.server = null;
        this.sessionKey.destroy();
        this.flags = null;
        this.authTime = null;
        this.startTime = null;
        this.endTime = null;
        this.renewTill = null;
        this.clientAddresses = null;
        this.destroyed = true;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public String toString() {
        if (this.destroyed) {
            return "Destroyed KerberosTicket";
        }
        StringBuilder sb = new StringBuilder();
        if (this.clientAddresses != null) {
            for (int i = 0; i < this.clientAddresses.length; i++) {
                sb.append("clientAddresses[" + i + "] = " + this.clientAddresses[i].toString());
            }
        }
        return "Ticket (hex) = \n" + new HexDumpEncoder().encodeBuffer(this.asn1Encoding) + "\nClient Principal = " + this.client.toString() + "\nServer Principal = " + this.server.toString() + "\nSession Key = " + this.sessionKey.toString() + "\nForwardable Ticket " + this.flags[1] + "\nForwarded Ticket " + this.flags[2] + "\nProxiable Ticket " + this.flags[3] + "\nProxy Ticket " + this.flags[4] + "\nPostdated Ticket " + this.flags[6] + "\nRenewable Ticket " + this.flags[8] + "\nInitial Ticket " + this.flags[9] + "\nAuth Time = " + String.valueOf(this.authTime) + "\nStart Time = " + String.valueOf(this.startTime) + "\nEnd Time = " + this.endTime.toString() + "\nRenew Till = " + String.valueOf(this.renewTill) + "\nClient Addresses " + (this.clientAddresses == null ? " Null " : sb.toString() + (this.proxy == null ? "" : "\nwith a proxy ticket") + "\n");
    }

    public int hashCode() {
        if (isDestroyed()) {
            return 17;
        }
        int hashCode = (((((((((17 * 37) + Arrays.hashCode(getEncoded())) * 37) + this.endTime.hashCode()) * 37) + this.client.hashCode()) * 37) + this.server.hashCode()) * 37) + this.sessionKey.hashCode();
        if (this.authTime != null) {
            hashCode = (hashCode * 37) + this.authTime.hashCode();
        }
        if (this.startTime != null) {
            hashCode = (hashCode * 37) + this.startTime.hashCode();
        }
        if (this.renewTill != null) {
            hashCode = (hashCode * 37) + this.renewTill.hashCode();
        }
        int hashCode2 = (hashCode * 37) + Arrays.hashCode(this.clientAddresses);
        if (this.proxy != null) {
            hashCode2 = (hashCode2 * 37) + this.proxy.hashCode();
        }
        return (hashCode2 * 37) + Arrays.hashCode(this.flags);
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof KerberosTicket)) {
            return false;
        }
        KerberosTicket kerberosTicket = (KerberosTicket) obj;
        if (isDestroyed() || kerberosTicket.isDestroyed() || !Arrays.equals(getEncoded(), kerberosTicket.getEncoded()) || !this.endTime.equals(kerberosTicket.getEndTime()) || !this.server.equals(kerberosTicket.getServer()) || !this.client.equals(kerberosTicket.getClient()) || !this.sessionKey.equals(kerberosTicket.sessionKey) || !Arrays.equals(this.clientAddresses, kerberosTicket.getClientAddresses()) || !Arrays.equals(this.flags, kerberosTicket.getFlags())) {
            return false;
        }
        if (this.authTime == null) {
            if (kerberosTicket.getAuthTime() != null) {
                return false;
            }
        } else if (!this.authTime.equals(kerberosTicket.getAuthTime())) {
            return false;
        }
        if (this.startTime == null) {
            if (kerberosTicket.getStartTime() != null) {
                return false;
            }
        } else if (!this.startTime.equals(kerberosTicket.getStartTime())) {
            return false;
        }
        if (this.renewTill == null) {
            if (kerberosTicket.getRenewTill() != null) {
                return false;
            }
        } else if (!this.renewTill.equals(kerberosTicket.getRenewTill())) {
            return false;
        }
        return Objects.equals(this.proxy, kerberosTicket.proxy);
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        if (this.sessionKey == null) {
            throw new InvalidObjectException("Session key cannot be null");
        }
        try {
            init(this.asn1Encoding, this.client, this.server, this.sessionKey, this.flags, this.authTime, this.startTime, this.endTime, this.renewTill, this.clientAddresses);
        } catch (IllegalArgumentException e) {
            throw ((InvalidObjectException) new InvalidObjectException(e.getMessage()).initCause(e));
        }
    }
}
