package sun.security.krb5;

import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.Security;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.StringTokenizer;
import jdk.javadoc.internal.doclint.DocLint;
import sun.security.krb5.internal.KRBError;
import sun.security.krb5.internal.Krb5;

/* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.security.jgss/sun/security/krb5/KdcComm.class */
public final class KdcComm {
    private static int defaultKdcRetryLimit;
    private static int defaultKdcTimeout;
    private static int defaultUdpPrefLimit;
    private static final boolean DEBUG = Krb5.DEBUG;
    private static int tryLessMaxRetries = 1;
    private static int tryLessTimeout = 5000;
    private static BpType badPolicy;
    private String realm;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.security.jgss/sun/security/krb5/KdcComm$BpType.class */
    public enum BpType {
        NONE,
        TRY_LAST,
        TRY_LESS
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.security.jgss/sun/security/krb5/KdcComm$KdcAccessibility.class */
    public static class KdcAccessibility {
        private static Set<String> bads = new HashSet();

        KdcAccessibility() {
        }

        private static synchronized void addBad(String str) {
            if (KdcComm.DEBUG) {
                System.out.println(">>> KdcAccessibility: add " + str);
            }
            bads.add(str);
        }

        private static synchronized void removeBad(String str) {
            if (KdcComm.DEBUG) {
                System.out.println(">>> KdcAccessibility: remove " + str);
            }
            bads.remove(str);
        }

        private static synchronized boolean isBad(String str) {
            return bads.contains(str);
        }

        private static synchronized void reset() {
            if (KdcComm.DEBUG) {
                System.out.println(">>> KdcAccessibility: reset");
            }
            bads.clear();
        }

        private static synchronized List<String> list(String str) {
            StringTokenizer stringTokenizer = new StringTokenizer(str);
            ArrayList arrayList = new ArrayList();
            if (KdcComm.badPolicy == BpType.TRY_LAST) {
                ArrayList arrayList2 = new ArrayList();
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    if (bads.contains(nextToken)) {
                        arrayList2.add(nextToken);
                    } else {
                        arrayList.add(nextToken);
                    }
                }
                arrayList.addAll(arrayList2);
            } else {
                while (stringTokenizer.hasMoreTokens()) {
                    arrayList.add(stringTokenizer.nextToken());
                }
            }
            return arrayList;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/kohlschutter/jdk/home/modules/java.security.jgss/sun/security/krb5/KdcComm$KdcCommunication.class */
    public static class KdcCommunication implements PrivilegedExceptionAction<byte[]> {
        private String kdc;
        private int port;
        private boolean useTCP;
        private int timeout;
        private int retries;
        private byte[] obuf;

        public KdcCommunication(String str, int i, boolean z, int i2, int i3, byte[] bArr) {
            this.kdc = str;
            this.port = i;
            this.useTCP = z;
            this.timeout = i2;
            this.retries = i3;
            this.obuf = bArr;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        /* JADX WARN: Code restructure failed: missing block: B:20:0x00b0, code lost:
        
            return r9;
         */
        @Override // java.security.PrivilegedExceptionAction
        /* renamed from: run */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public byte[] run2() throws java.io.IOException, sun.security.krb5.KrbException {
            /*
                r8 = this;
                r0 = 0
                r9 = r0
                r0 = 1
                r10 = r0
            L4:
                r0 = r10
                r1 = r8
                int r1 = r1.retries
                if (r0 > r1) goto Laf
                r0 = r8
                boolean r0 = r0.useTCP
                if (r0 == 0) goto L18
                java.lang.String r0 = "TCP"
                goto L1a
            L18:
                java.lang.String r0 = "UDP"
            L1a:
                r11 = r0
                boolean r0 = sun.security.krb5.KdcComm.DEBUG
                if (r0 == 0) goto L3f
                java.io.PrintStream r0 = java.lang.System.out
                r1 = r8
                java.lang.String r1 = r1.kdc
                r2 = r11
                r3 = r8
                int r3 = r3.port
                r4 = r8
                int r4 = r4.timeout
                r5 = r10
                r6 = r8
                byte[] r6 = r6.obuf
                int r6 = r6.length
                java.lang.String r1 = ">>> KDCCommunication: kdc=" + r1 + " " + r2 + ":" + r3 + ", timeout=" + r4 + ",Attempt =" + r5 + ", #bytes=" + r6
                r0.println(r1)
            L3f:
                r0 = r11
                r1 = r8
                java.lang.String r1 = r1.kdc     // Catch: java.net.SocketTimeoutException -> L88
                r2 = r8
                int r2 = r2.port     // Catch: java.net.SocketTimeoutException -> L88
                r3 = r8
                int r3 = r3.timeout     // Catch: java.net.SocketTimeoutException -> L88
                sun.security.krb5.internal.NetClient r0 = sun.security.krb5.internal.NetClient.getInstance(r0, r1, r2, r3)     // Catch: java.net.SocketTimeoutException -> L88
                r12 = r0
                r0 = r12
                r1 = r8
                byte[] r1 = r1.obuf     // Catch: java.lang.Throwable -> L6d java.net.SocketTimeoutException -> L88
                r0.send(r1)     // Catch: java.lang.Throwable -> L6d java.net.SocketTimeoutException -> L88
                r0 = r12
                byte[] r0 = r0.receive()     // Catch: java.lang.Throwable -> L6d java.net.SocketTimeoutException -> L88
                r9 = r0
                r0 = r12
                if (r0 == 0) goto L6a
                r0 = r12
                r0.close()     // Catch: java.net.SocketTimeoutException -> L88
            L6a:
                goto Laf
            L6d:
                r13 = move-exception
                r0 = r12
                if (r0 == 0) goto L85
                r0 = r12
                r0.close()     // Catch: java.lang.Throwable -> L7c java.net.SocketTimeoutException -> L88
                goto L85
            L7c:
                r14 = move-exception
                r0 = r13
                r1 = r14
                r0.addSuppressed(r1)     // Catch: java.net.SocketTimeoutException -> L88
            L85:
                r0 = r13
                throw r0     // Catch: java.net.SocketTimeoutException -> L88
            L88:
                r12 = move-exception
                boolean r0 = sun.security.krb5.KdcComm.DEBUG
                if (r0 == 0) goto L9c
                java.io.PrintStream r0 = java.lang.System.out
                r1 = r10
                java.lang.String r1 = "SocketTimeOutException with attempt: " + r1
                r0.println(r1)
            L9c:
                r0 = r10
                r1 = r8
                int r1 = r1.retries
                if (r0 != r1) goto La9
                r0 = 0
                r9 = r0
                r0 = r12
                throw r0
            La9:
                int r10 = r10 + 1
                goto L4
            Laf:
                r0 = r9
                return r0
            */
            throw new UnsupportedOperationException("Method not decompiled: sun.security.krb5.KdcComm.KdcCommunication.run2():byte[]");
        }
    }

    public static void initStatic() {
        String str = (String) AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: sun.security.krb5.KdcComm.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            /* renamed from: run */
            public String run2() {
                return Security.getProperty("krb5.kdc.bad.policy");
            }
        });
        if (str != null) {
            String lowerCase = str.toLowerCase(Locale.ENGLISH);
            String[] split = lowerCase.split(":");
            if ("tryless".equals(split[0])) {
                if (split.length > 1) {
                    String[] split2 = split[1].split(DocLint.SEPARATOR);
                    try {
                        int parseInt = Integer.parseInt(split2[0]);
                        if (split2.length > 1) {
                            tryLessTimeout = Integer.parseInt(split2[1]);
                        }
                        tryLessMaxRetries = parseInt;
                    } catch (NumberFormatException e) {
                        if (DEBUG) {
                            System.out.println("Invalid krb5.kdc.bad.policy parameter for tryLess: " + lowerCase + ", use default");
                        }
                    }
                }
                badPolicy = BpType.TRY_LESS;
            } else if ("trylast".equals(split[0])) {
                badPolicy = BpType.TRY_LAST;
            } else {
                badPolicy = BpType.NONE;
            }
        } else {
            badPolicy = BpType.NONE;
        }
        int i = -1;
        int i2 = -1;
        int i3 = -1;
        try {
            Config config = Config.getInstance();
            i = parseTimeString(config.get("libdefaults", "kdc_timeout"));
            i2 = parsePositiveIntString(config.get("libdefaults", "max_retries"));
            i3 = parsePositiveIntString(config.get("libdefaults", "udp_preference_limit"));
        } catch (Exception e2) {
            if (DEBUG) {
                System.out.println("Exception in getting KDC communication settings, using default value " + e2.getMessage());
            }
        }
        defaultKdcTimeout = i > 0 ? i : 30000;
        defaultKdcRetryLimit = i2 > 0 ? i2 : 3;
        if (i3 < 0) {
            defaultUdpPrefLimit = Krb5.KDC_DEFAULT_UDP_PREF_LIMIT;
        } else if (i3 > 32700) {
            defaultUdpPrefLimit = Krb5.KDC_HARD_UDP_LIMIT;
        } else {
            defaultUdpPrefLimit = i3;
        }
        KdcAccessibility.reset();
    }

    public KdcComm(String str) throws KrbException {
        if (str == null) {
            str = Config.getInstance().getDefaultRealm();
            if (str == null) {
                throw new KrbException(60, "Cannot find default realm");
            }
        }
        this.realm = str;
    }

    public byte[] send(KrbKdcReq krbKdcReq) throws IOException, KrbException {
        int realmSpecificValue = getRealmSpecificValue(this.realm, "udp_preference_limit", defaultUdpPrefLimit);
        byte[] encoding = krbKdcReq.encoding();
        return send(krbKdcReq, realmSpecificValue > 0 && encoding != null && encoding.length > realmSpecificValue);
    }

    private byte[] send(KrbKdcReq krbKdcReq, boolean z) throws IOException, KrbException {
        if (krbKdcReq == null) {
            return null;
        }
        Config config = Config.getInstance();
        if (this.realm == null) {
            this.realm = config.getDefaultRealm();
            if (this.realm == null) {
                throw new KrbException(60, "Cannot find default realm");
            }
        }
        String kDCList = config.getKDCList(this.realm);
        if (kDCList == null) {
            throw new KrbException("Cannot get kdc for realm " + this.realm);
        }
        Iterator<String> iterator2 = KdcAccessibility.list(kDCList).iterator2();
        if (!iterator2.hasNext()) {
            throw new KrbException("Cannot get kdc for realm " + this.realm);
        }
        byte[] bArr = null;
        try {
            bArr = sendIfPossible(krbKdcReq, iterator2.next(), z);
        } catch (Exception e) {
            boolean z2 = false;
            while (iterator2.hasNext()) {
                try {
                    bArr = sendIfPossible(krbKdcReq, iterator2.next(), z);
                    z2 = true;
                    break;
                } catch (Exception e2) {
                }
            }
            if (!z2) {
                throw e;
            }
        }
        if (bArr == null) {
            throw new IOException("Cannot get a KDC reply");
        }
        return bArr;
    }

    private byte[] sendIfPossible(KrbKdcReq krbKdcReq, String str, boolean z) throws IOException, KrbException {
        Credentials additionalCreds;
        try {
            byte[] send = send(krbKdcReq, str, z);
            KRBError kRBError = null;
            try {
                kRBError = new KRBError(send);
            } catch (Exception e) {
            }
            if (kRBError != null) {
                if (kRBError.getErrorCode() == 52) {
                    send = send(krbKdcReq, str, true);
                } else {
                    if (kRBError.getErrorCode() == 29) {
                        throw new KrbException("A service is not available");
                    }
                    if (kRBError.getErrorCode() == 13 && Credentials.S4U2PROXY_ACCEPT_NON_FORWARDABLE && (krbKdcReq instanceof KrbTgsReq) && (additionalCreds = ((KrbTgsReq) krbKdcReq).getAdditionalCreds()) != null && !additionalCreds.isForwardable()) {
                        throw new KrbException("S4U2Proxy with non-forwardable ticket");
                    }
                }
            }
            KdcAccessibility.removeBad(str);
            return send;
        } catch (Exception e2) {
            if (DEBUG) {
                System.out.println(">>> KrbKdcReq send: error trying " + str);
                e2.printStackTrace(System.out);
            }
            KdcAccessibility.addBad(str);
            throw e2;
        }
    }

    private byte[] send(KrbKdcReq krbKdcReq, String str, boolean z) throws IOException, KrbException {
        String substring;
        int parsePositiveIntString;
        if (krbKdcReq == null) {
            return null;
        }
        int i = 88;
        int realmSpecificValue = getRealmSpecificValue(this.realm, "max_retries", defaultKdcRetryLimit);
        int realmSpecificValue2 = getRealmSpecificValue(this.realm, "kdc_timeout", defaultKdcTimeout);
        if (badPolicy == BpType.TRY_LESS && KdcAccessibility.isBad(str)) {
            if (realmSpecificValue > tryLessMaxRetries) {
                realmSpecificValue = tryLessMaxRetries;
            }
            if (realmSpecificValue2 > tryLessTimeout) {
                realmSpecificValue2 = tryLessTimeout;
            }
        }
        String str2 = null;
        if (str.charAt(0) == '[') {
            int indexOf = str.indexOf(93, 1);
            if (indexOf == -1) {
                throw new IOException("Illegal KDC: " + str);
            }
            substring = str.substring(1, indexOf);
            if (indexOf != str.length() - 1) {
                if (str.charAt(indexOf + 1) != ':') {
                    throw new IOException("Illegal KDC: " + str);
                }
                str2 = str.substring(indexOf + 2);
            }
        } else {
            int indexOf2 = str.indexOf(58);
            if (indexOf2 == -1) {
                substring = str;
            } else if (str.indexOf(58, indexOf2 + 1) > 0) {
                substring = str;
            } else {
                substring = str.substring(0, indexOf2);
                str2 = str.substring(indexOf2 + 1);
            }
        }
        if (str2 != null && (parsePositiveIntString = parsePositiveIntString(str2)) > 0) {
            i = parsePositiveIntString;
        }
        byte[] encoding = krbKdcReq.encoding();
        if (DEBUG) {
            System.out.println(">>> KrbKdcReq send: kdc=" + substring + (z ? " TCP:" : " UDP:") + i + ", timeout=" + realmSpecificValue2 + ", number of retries =" + realmSpecificValue + ", #bytes=" + encoding.length);
        }
        try {
            byte[] bArr = (byte[]) AccessController.doPrivileged(new KdcCommunication(substring, i, z, realmSpecificValue2, realmSpecificValue, encoding));
            if (DEBUG) {
                System.out.println(">>> KrbKdcReq send: #bytes read=" + (bArr != null ? bArr.length : 0));
            }
            return bArr;
        } catch (PrivilegedActionException e) {
            Exception exception = e.getException();
            if (exception instanceof IOException) {
                throw ((IOException) exception);
            }
            throw ((KrbException) exception);
        }
    }

    private static int parseTimeString(String str) {
        if (str == null) {
            return -1;
        }
        if (!str.endsWith("s")) {
            return parsePositiveIntString(str);
        }
        int parsePositiveIntString = parsePositiveIntString(str.substring(0, str.length() - 1));
        if (parsePositiveIntString < 0) {
            return -1;
        }
        return parsePositiveIntString * 1000;
    }

    private int getRealmSpecificValue(String str, String str2, int i) {
        int i2 = i;
        if (str == null) {
            return i2;
        }
        int i3 = -1;
        try {
            String str3 = Config.getInstance().get("realms", str, str2);
            i3 = str2.equals("kdc_timeout") ? parseTimeString(str3) : parsePositiveIntString(str3);
        } catch (Exception e) {
        }
        if (i3 > 0) {
            i2 = i3;
        }
        return i2;
    }

    private static int parsePositiveIntString(String str) {
        if (str == null) {
            return -1;
        }
        try {
            int parseInt = Integer.parseInt(str);
            if (parseInt >= 0) {
                return parseInt;
            }
            return -1;
        } catch (Exception e) {
            return -1;
        }
    }

    static {
        initStatic();
    }
}
