package javax.security.auth.kerberos;

import java.io.IOException;
import java.io.Serializable;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import javax.security.auth.RefreshFailedException;
import javax.security.auth.Refreshable;
import sun.misc.HexDumpEncoder;
import sun.security.krb5.Credentials;
import sun.security.krb5.KrbException;

/* loaded from: input_file:118666-03/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/rt.jar:javax/security/auth/kerberos/KerberosTicket.class */
public class KerberosTicket implements Destroyable, Refreshable, Serializable {
    private static final long serialVersionUID = 7395334370157380539L;
    private static final int FORWARDABLE_TICKET_FLAG = 1;
    private static final int FORWARDED_TICKET_FLAG = 2;
    private static final int PROXIABLE_TICKET_FLAG = 3;
    private static final int PROXY_TICKET_FLAG = 4;
    private static final int POSTDATED_TICKET_FLAG = 6;
    private static final int RENEWABLE_TICKET_FLAG = 8;
    private static final int INITIAL_TICKET_FLAG = 9;
    private static final int NUM_FLAGS = 32;
    private byte[] asn1Encoding;
    private KeyImpl sessionKey;
    private boolean[] flags;
    private Date authTime;
    private Date startTime;
    private Date endTime;
    private Date renewTill;
    private KerberosPrincipal client;
    private KerberosPrincipal server;
    private InetAddress[] clientAddresses;
    private transient boolean destroyed = false;

    public KerberosTicket(byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) {
        init(bArr, kerberosPrincipal, kerberosPrincipal2, bArr2, i, zArr, date, date2, date3, date4, inetAddressArr);
    }

    private void init(byte[] bArr, KerberosPrincipal kerberosPrincipal, KerberosPrincipal kerberosPrincipal2, byte[] bArr2, int i, boolean[] zArr, Date date, Date date2, Date date3, Date date4, InetAddress[] inetAddressArr) {
        if (bArr == null) {
            throw new IllegalArgumentException("ASN.1 encoding of ticket cannot be null");
        }
        this.asn1Encoding = (byte[]) bArr.clone();
        if (kerberosPrincipal == null) {
            throw new IllegalArgumentException("Client name in ticket cannot be null");
        }
        this.client = kerberosPrincipal;
        if (kerberosPrincipal2 == null) {
            throw new IllegalArgumentException("Server name in ticket cannot be null");
        }
        this.server = kerberosPrincipal2;
        if (bArr2 == null) {
            throw new IllegalArgumentException("Session key for ticket cannot be null");
        }
        this.sessionKey = new KeyImpl(bArr2, i);
        if (zArr == null) {
            this.flags = new boolean[32];
        } else if (zArr.length >= 32) {
            this.flags = (boolean[]) zArr.clone();
        } else {
            this.flags = new boolean[32];
            for (int i2 = 0; i2 < zArr.length; i2++) {
                this.flags[i2] = zArr[i2];
            }
        }
        if (this.flags[8]) {
            if (date4 == null) {
                throw new IllegalArgumentException("The renewable period end time cannot be null for renewable tickets.");
            }
            this.renewTill = date4;
        }
        if (date == null) {
            throw new IllegalArgumentException("Authentication time of ticket cannot be null");
        }
        this.authTime = date;
        this.startTime = date2 != null ? date2 : date;
        if (date3 == null) {
            throw new IllegalArgumentException("End time for ticket validity cannot be null");
        }
        this.endTime = date3;
        if (inetAddressArr != null) {
            this.clientAddresses = (InetAddress[]) inetAddressArr.clone();
        }
    }

    public final KerberosPrincipal getClient() {
        return this.client;
    }

    public final KerberosPrincipal getServer() {
        return this.server;
    }

    public final SecretKey getSessionKey() {
        if (this.destroyed) {
            throw new IllegalStateException("This ticket is no longer valid");
        }
        return this.sessionKey;
    }

    public final int getSessionKeyType() {
        if (this.destroyed) {
            throw new IllegalStateException("This ticket is no longer valid");
        }
        return this.sessionKey.getKeyType();
    }

    public final boolean isForwardable() {
        return this.flags[1];
    }

    public final boolean isForwarded() {
        return this.flags[2];
    }

    public final boolean isProxiable() {
        return this.flags[3];
    }

    public final boolean isProxy() {
        return this.flags[4];
    }

    public final boolean isPostdated() {
        return this.flags[6];
    }

    public final boolean isRenewable() {
        return this.flags[8];
    }

    public final boolean isInitial() {
        return this.flags[9];
    }

    public final boolean[] getFlags() {
        if (this.flags == null) {
            return null;
        }
        return (boolean[]) this.flags.clone();
    }

    public final Date getAuthTime() {
        if (this.authTime == null) {
            return null;
        }
        return new Date(this.authTime.getTime());
    }

    public final Date getStartTime() {
        if (this.startTime == null) {
            return null;
        }
        return new Date(this.startTime.getTime());
    }

    public final Date getEndTime() {
        if (this.endTime == null) {
            return null;
        }
        return new Date(this.endTime.getTime());
    }

    public final Date getRenewTill() {
        if (this.renewTill == null) {
            return null;
        }
        return new Date(this.renewTill.getTime());
    }

    public final InetAddress[] getClientAddresses() {
        if (this.clientAddresses == null) {
            return null;
        }
        return (InetAddress[]) this.clientAddresses.clone();
    }

    public final byte[] getEncoded() {
        if (this.destroyed) {
            throw new IllegalStateException("This ticket is no longer valid");
        }
        return (byte[]) this.asn1Encoding.clone();
    }

    @Override // javax.security.auth.Refreshable
    public boolean isCurrent() {
        return System.currentTimeMillis() <= getEndTime().getTime();
    }

    @Override // javax.security.auth.Refreshable
    public void refresh() throws RefreshFailedException {
        if (this.destroyed) {
            throw new RefreshFailedException("A destroyed ticket cannot be renewd.");
        }
        if (!isRenewable()) {
            throw new RefreshFailedException("This ticket is not renewable");
        }
        if (System.currentTimeMillis() > getRenewTill().getTime()) {
            throw new RefreshFailedException("This ticket is past its last renewal time.");
        }
        Throwable th = null;
        Credentials credentials = null;
        try {
            credentials = new Credentials(this.asn1Encoding, this.client.toString(), this.server.toString(), this.sessionKey.getEncoded(), this.sessionKey.getKeyType(), this.flags, this.authTime, this.startTime, this.endTime, this.renewTill, this.clientAddresses).renew();
        } catch (IOException e) {
            th = e;
        } catch (KrbException e2) {
            th = e2;
        }
        if (th != null) {
            RefreshFailedException refreshFailedException = new RefreshFailedException("Failed to renew Kerberos Ticket for client " + ((Object) this.client) + " and server " + ((Object) this.server) + " - " + th.getMessage());
            refreshFailedException.initCause(th);
            throw refreshFailedException;
        }
        synchronized (this) {
            try {
                destroy();
            } catch (DestroyFailedException e3) {
            }
            init(credentials.getEncoded(), new KerberosPrincipal(credentials.getClient().getName()), new KerberosPrincipal(credentials.getServer().getName()), credentials.getSessionKey().getBytes(), credentials.getSessionKey().getEType(), credentials.getFlags(), credentials.getAuthTime(), credentials.getStartTime(), credentials.getEndTime(), credentials.getRenewTill(), credentials.getClientAddresses());
            this.destroyed = false;
        }
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        if (this.destroyed) {
            return;
        }
        Arrays.fill(this.asn1Encoding, (byte) 0);
        this.client = null;
        this.server = null;
        this.sessionKey.destroy();
        this.flags = null;
        this.authTime = null;
        this.startTime = null;
        this.endTime = null;
        this.renewTill = null;
        this.clientAddresses = null;
        this.destroyed = true;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public String toString() {
        if (this.destroyed) {
            throw new IllegalStateException("This ticket is no longer valid");
        }
        StringBuffer stringBuffer = new StringBuffer();
        if (this.clientAddresses != null) {
            for (int i = 0; i < this.clientAddresses.length; i++) {
                stringBuffer.append("clientAddresses[" + i + "] = " + this.clientAddresses[i].toString());
            }
        }
        return "Ticket (hex) = \n" + new HexDumpEncoder().encode(this.asn1Encoding) + "\nClient Principal = " + this.client.toString() + "\nServer Principal = " + this.server.toString() + "\nSession Key = " + this.sessionKey.toString() + "\nForwardable Ticket " + this.flags[1] + "\nForwarded Ticket " + this.flags[2] + "\nProxiable Ticket " + this.flags[3] + "\nProxy Ticket " + this.flags[4] + "\nPostdated Ticket " + this.flags[6] + "\nRenewable Ticket " + this.flags[8] + "\nInitial Ticket " + this.flags[8] + "\nAuth Time = " + this.authTime.toString() + "\nStart Time = " + this.startTime.toString() + "\nEnd Time = " + this.endTime.toString() + "\nRenew Till = " + (this.renewTill == null ? "Null " : this.renewTill.toString()) + "\nClient Addresses " + (this.clientAddresses == null ? " Null " : stringBuffer.toString() + "\n");
    }
}
