package sun.security.krb5;

import java.io.IOException;
import java.util.Arrays;
import javax.security.auth.kerberos.KeyTab;
import sun.security.jgss.krb5.Krb5Util;
import sun.security.krb5.internal.HostAddresses;
import sun.security.krb5.internal.KDCOptions;
import sun.security.krb5.internal.KRBError;
import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.PAData;
import sun.security.krb5.internal.crypto.EType;

/* loaded from: classes4.dex */
public final class KrbAsReqBuilder {
    private HostAddresses addresses;
    private PrincipalName cname;
    private KerberosTime from;
    private final KeyTab ktab;
    private KDCOptions options;
    private PAData[] paList;
    private final char[] password;
    private KrbAsRep rep;
    private KrbAsReq req;
    private KerberosTime rtime;
    private PrincipalName sname;
    private State state;
    private KerberosTime till;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public enum State {
        INIT,
        REQ_OK,
        DESTROYED
    }

    public KrbAsReqBuilder(PrincipalName principalName, KeyTab keyTab) throws KrbException {
        init(principalName);
        this.ktab = keyTab;
        this.password = null;
    }

    public KrbAsReqBuilder(PrincipalName principalName, char[] cArr) throws KrbException {
        init(principalName);
        this.password = (char[]) cArr.clone();
        this.ktab = null;
    }

    private KrbAsReq build(EncryptionKey encryptionKey) throws KrbException, IOException {
        int[] iArr;
        if (this.password != null) {
            iArr = EType.getDefaults("default_tkt_enctypes");
        } else {
            EncryptionKey[] keysFromJavaxKeyTab = Krb5Util.keysFromJavaxKeyTab(this.ktab, this.cname);
            int[] defaults = EType.getDefaults("default_tkt_enctypes", keysFromJavaxKeyTab);
            for (EncryptionKey encryptionKey2 : keysFromJavaxKeyTab) {
                encryptionKey2.destroy();
            }
            iArr = defaults;
        }
        return new KrbAsReq(encryptionKey, this.options, this.cname, this.sname, this.from, this.till, this.rtime, iArr, this.addresses);
    }

    private void checkState(State state, String str) {
        if (this.state == state) {
            return;
        }
        throw new IllegalStateException(str + " at " + state + " state");
    }

    private void init(PrincipalName principalName) throws KrbException {
        this.cname = principalName;
        this.state = State.INIT;
    }

    private KrbAsReqBuilder resolve() throws KrbException, Asn1Exception, IOException {
        KeyTab keyTab = this.ktab;
        if (keyTab != null) {
            this.rep.decryptUsingKeyTab(keyTab, this.req, this.cname);
        } else {
            this.rep.decryptUsingPassword(this.password, this.req, this.cname);
        }
        if (this.rep.getPA() != null) {
            PAData[] pADataArr = this.paList;
            if (pADataArr == null || pADataArr.length == 0) {
                this.paList = this.rep.getPA();
            } else {
                int length = this.rep.getPA().length;
                if (length > 0) {
                    PAData[] pADataArr2 = this.paList;
                    int length2 = pADataArr2.length;
                    this.paList = (PAData[]) Arrays.copyOf(pADataArr2, pADataArr2.length + length);
                    System.arraycopy(this.rep.getPA(), 0, this.paList, length2, length);
                }
            }
        }
        return this;
    }

    private KrbAsReqBuilder send() throws KrbException, IOException {
        EncryptionKey acquireSecretKey;
        KdcComm kdcComm = new KdcComm(this.cname.getRealmAsString());
        EncryptionKey encryptionKey = null;
        boolean z = false;
        while (true) {
            try {
                this.req = build(encryptionKey);
                this.rep = new KrbAsRep(kdcComm.send(this.req.encoding()));
                return this;
            } catch (KrbException e) {
                if (z || !(e.returnCode() == 24 || e.returnCode() == 25)) {
                    throw e;
                }
                if (Krb5.DEBUG) {
                    System.out.println("KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ");
                }
                KRBError error = e.getError();
                int preferredEType = PAData.getPreferredEType(error.getPA(), EType.getDefaults("default_tkt_enctypes")[0]);
                char[] cArr = this.password;
                if (cArr == null) {
                    EncryptionKey[] keysFromJavaxKeyTab = Krb5Util.keysFromJavaxKeyTab(this.ktab, this.cname);
                    acquireSecretKey = EncryptionKey.findKey(preferredEType, keysFromJavaxKeyTab);
                    if (acquireSecretKey != null) {
                        acquireSecretKey = (EncryptionKey) acquireSecretKey.clone();
                    }
                    for (EncryptionKey encryptionKey2 : keysFromJavaxKeyTab) {
                        encryptionKey2.destroy();
                    }
                } else {
                    acquireSecretKey = EncryptionKey.acquireSecretKey(this.cname, cArr, preferredEType, PAData.getSaltAndParams(preferredEType, error.getPA()));
                }
                this.paList = error.getPA();
                encryptionKey = acquireSecretKey;
                z = true;
            }
        }
        throw e;
    }

    public KrbAsReqBuilder action() throws KrbException, Asn1Exception, IOException {
        checkState(State.INIT, "Cannot call action");
        this.state = State.REQ_OK;
        return send().resolve();
    }

    public void destroy() {
        this.state = State.DESTROYED;
        char[] cArr = this.password;
        if (cArr != null) {
            Arrays.fill(cArr, (char) 0);
        }
    }

    public sun.security.krb5.internal.ccache.Credentials getCCreds() {
        checkState(State.REQ_OK, "Cannot retrieve CCreds");
        return this.rep.getCCreds();
    }

    public Credentials getCreds() {
        checkState(State.REQ_OK, "Cannot retrieve creds");
        return this.rep.getCreds();
    }

    public EncryptionKey[] getKeys(boolean z) throws KrbException {
        checkState(z ? State.REQ_OK : State.INIT, "Cannot get keys");
        if (this.password == null) {
            throw new IllegalStateException("Required password not provided");
        }
        int[] defaults = EType.getDefaults("default_tkt_enctypes");
        EncryptionKey[] encryptionKeyArr = new EncryptionKey[defaults.length];
        String str = null;
        for (int i = 0; i < defaults.length; i++) {
            try {
                PAData.SaltAndParams saltAndParams = PAData.getSaltAndParams(defaults[i], this.paList);
                if (saltAndParams != null) {
                    if (defaults[i] != 23 && saltAndParams.salt != null) {
                        str = saltAndParams.salt;
                    }
                    encryptionKeyArr[i] = EncryptionKey.acquireSecretKey(this.cname, this.password, defaults[i], saltAndParams);
                }
            } catch (IOException e) {
                KrbException krbException = new KrbException(Krb5.ASN1_PARSE_ERROR);
                krbException.initCause(e);
                throw krbException;
            }
        }
        if (str == null) {
            str = this.cname.getSalt();
        }
        for (int i2 = 0; i2 < defaults.length; i2++) {
            if (encryptionKeyArr[i2] == null) {
                encryptionKeyArr[i2] = EncryptionKey.acquireSecretKey(this.password, str, defaults[i2], (byte[]) null);
            }
        }
        return encryptionKeyArr;
    }

    public void setAddresses(HostAddresses hostAddresses) {
        checkState(State.INIT, "Cannot specify addresses");
        this.addresses = hostAddresses;
    }

    public void setOptions(KDCOptions kDCOptions) {
        checkState(State.INIT, "Cannot specify options");
        this.options = kDCOptions;
    }

    public void setTarget(PrincipalName principalName) {
        checkState(State.INIT, "Cannot specify target");
        this.sname = principalName;
    }
}
