package sun.security.krb5.internal.tools;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Arrays;
import sun.security.krb5.Config;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbAsRep;
import sun.security.krb5.KrbAsReq;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;
import sun.security.krb5.RealmException;
import sun.security.krb5.internal.HostAddresses;
import sun.security.krb5.internal.KDCOptions;
import sun.security.krb5.internal.KRBError;
import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.Ticket;
import sun.security.krb5.internal.ccache.Credentials;
import sun.security.krb5.internal.ccache.CredentialsCache;

/* loaded from: classes5.dex */
public class Kinit {
    private static final boolean DEBUG = Krb5.DEBUG;
    private KinitOptions options;

    private Kinit(String[] strArr) throws IOException, RealmException, KrbException {
        char[] cArr;
        EncryptionKey[] encryptionKeyArr;
        PrincipalName principalName;
        KDCOptions kDCOptions;
        EncryptionKey[] encryptionKeyArr2;
        char[] cArr2;
        boolean z;
        KrbAsReq krbAsReq;
        EncryptionKey[] encryptionKeyArr3;
        PrincipalName principalName2;
        KrbAsReq krbAsReq2;
        char[] cArr3;
        KrbAsRep sendASRequest;
        Config config = Config.getInstance();
        if (strArr == null || strArr.length == 0) {
            this.options = new KinitOptions();
        } else {
            this.options = new KinitOptions(strArr);
        }
        PrincipalName principal = this.options.getPrincipal();
        String principalName3 = principal != null ? principal.toString() : null;
        boolean z2 = DEBUG;
        if (z2) {
            System.out.println("Principal is " + ((Object) principal));
        }
        char[] cArr4 = this.options.password;
        boolean useKeytabFile = this.options.useKeytabFile();
        if (useKeytabFile) {
            if (z2) {
                System.out.println(">>> Kinit using keytab");
            }
            if (principalName3 == null) {
                throw new IllegalArgumentException("Principal name must be specified.");
            }
            String keytabFileName = this.options.keytabFileName();
            if (keytabFileName != null && z2) {
                System.out.println(">>> Kinit keytab file name: " + keytabFileName);
            }
            EncryptionKey[] acquireSecretKeys = EncryptionKey.acquireSecretKeys(principal, keytabFileName);
            if (acquireSecretKeys == null || acquireSecretKeys.length == 0) {
                String str = "No supported key found in keytab";
                if (principalName3 != null) {
                    str = "No supported key found in keytab for principal " + principalName3;
                }
                throw new KrbException(str);
            }
            cArr = cArr4;
            encryptionKeyArr = acquireSecretKeys;
        } else {
            if (principalName3 == null) {
                throw new IllegalArgumentException(" Can not obtain principal name");
            }
            if (cArr4 == null) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
                System.out.print("Password for " + principalName3 + com.baidu.mobstat.Config.TRACE_TODAY_VISIT_SPLIT);
                System.out.flush();
                cArr4 = bufferedReader.readLine().toCharArray();
                if (z2) {
                    System.out.println(">>> Kinit console input " + new String(cArr4));
                }
            }
            cArr = cArr4;
            encryptionKeyArr = null;
        }
        KDCOptions kDCOptions2 = new KDCOptions();
        setOptions(1, this.options.forwardable, kDCOptions2);
        setOptions(3, this.options.proxiable, kDCOptions2);
        String kDCRealm = this.options.getKDCRealm();
        String defaultRealm = kDCRealm == null ? config.getDefaultRealm() : kDCRealm;
        if (z2) {
            System.out.println(">>> Kinit realm name is " + defaultRealm);
        }
        PrincipalName principalName4 = new PrincipalName("krbtgt/" + defaultRealm);
        principalName4.setRealm(defaultRealm);
        if (z2) {
            System.out.println(">>> Creating KrbAsReq");
        }
        try {
            HostAddresses localAddresses = this.options.getAddressOption() ? HostAddresses.getLocalAddresses() : null;
            try {
                if (useKeytabFile) {
                    principalName = principalName4;
                    kDCOptions = kDCOptions2;
                    encryptionKeyArr2 = encryptionKeyArr;
                    cArr2 = cArr;
                    z = useKeytabFile;
                    krbAsReq = new KrbAsReq(encryptionKeyArr, kDCOptions2, principal, principalName4, (KerberosTime) null, (KerberosTime) null, (KerberosTime) null, (int[]) null, localAddresses, (Ticket[]) null);
                } else {
                    principalName = principalName4;
                    kDCOptions = kDCOptions2;
                    encryptionKeyArr2 = encryptionKeyArr;
                    cArr2 = cArr;
                    z = useKeytabFile;
                    krbAsReq = new KrbAsReq(cArr2, kDCOptions, principal, principalName, (KerberosTime) null, (KerberosTime) null, (KerberosTime) null, (int[]) null, localAddresses, (Ticket[]) null);
                }
                char[] cArr5 = cArr2;
                try {
                    sendASRequest = sendASRequest(krbAsReq, z, defaultRealm, cArr5, encryptionKeyArr2);
                    cArr3 = cArr5;
                    principalName2 = principal;
                } catch (KrbException e) {
                    if (e.returnCode() != 24 && e.returnCode() != 25) {
                        throw e;
                    }
                    if (DEBUG) {
                        System.out.println("Kinit: PREAUTH FAILED/REQ, re-send AS-REQ");
                    }
                    KRBError error = e.getError();
                    int eType = error.getEType();
                    byte[] salt = error.getSalt();
                    byte[] params = error.getParams();
                    if (z) {
                        encryptionKeyArr3 = encryptionKeyArr2;
                        principalName2 = principal;
                        krbAsReq2 = new KrbAsReq(encryptionKeyArr2, true, eType, salt, params, kDCOptions, principal, principalName, (KerberosTime) null, (KerberosTime) null, (KerberosTime) null, (int[]) null, localAddresses, (Ticket[]) null);
                        cArr3 = cArr5;
                    } else {
                        encryptionKeyArr3 = encryptionKeyArr2;
                        principalName2 = principal;
                        cArr3 = cArr5;
                        krbAsReq2 = new KrbAsReq(cArr3, true, eType, salt, params, kDCOptions, principalName2, principalName, (KerberosTime) null, (KerberosTime) null, (KerberosTime) null, (int[]) null, localAddresses, (Ticket[]) null);
                    }
                    sendASRequest = sendASRequest(krbAsReq2, z, defaultRealm, cArr3, encryptionKeyArr3);
                }
                Credentials credentials = sendASRequest.setCredentials();
                CredentialsCache create = CredentialsCache.create(principalName2, this.options.cachename);
                if (create == null) {
                    throw new IOException("Unable to create the cache file " + this.options.cachename);
                }
                create.update(credentials);
                create.save();
                if (this.options.password == null) {
                    System.out.println("New ticket is stored in cache file " + this.options.cachename);
                } else {
                    Arrays.fill(this.options.password, '0');
                }
                if (cArr3 != null) {
                    Arrays.fill(cArr3, '0');
                }
                this.options = null;
            } catch (KrbException e2) {
            } catch (Exception e3) {
                e = e3;
                throw new KrbException(e.toString());
            }
        } catch (KrbException e4) {
            throw e4;
        } catch (Exception e5) {
            e = e5;
        }
    }

    public static void main(String[] strArr) {
        String message;
        try {
            new Kinit(strArr);
        } catch (Exception e) {
            if (e instanceof KrbException) {
                StringBuilder sb = new StringBuilder();
                KrbException krbException = (KrbException) e;
                sb.append(krbException.krbErrorMessage());
                sb.append(" ");
                sb.append(krbException.returnCodeMessage());
                message = sb.toString();
            } else {
                message = e.getMessage();
            }
            if (message != null) {
                System.err.println("Exception: " + message);
            } else {
                System.out.println("Exception: " + ((Object) e));
            }
            e.printStackTrace();
            System.exit(-1);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v5, types: [sun.security.krb5.KrbAsRep] */
    /* JADX WARN: Type inference failed for: r4v7 */
    /* JADX WARN: Type inference failed for: r4v8 */
    private static KrbAsRep sendASRequest(KrbAsReq krbAsReq, boolean z, String str, char[] cArr, EncryptionKey[] encryptionKeyArr) throws IOException, RealmException, KrbException {
        boolean z2 = DEBUG;
        if (z2) {
            System.out.println(">>> Kinit: sending as_req to realm " + str);
        }
        String send = krbAsReq.send(str);
        if (z2) {
            System.out.println(">>> reading response from kdc");
        }
        try {
            krbAsReq = z ? krbAsReq.getReply(encryptionKeyArr) : krbAsReq.getReply(cArr);
            return krbAsReq;
        } catch (KrbException e) {
            if (e.returnCode() != 52) {
                throw e;
            }
            krbAsReq.send(str, send, true);
            return z ? krbAsReq.getReply(encryptionKeyArr) : krbAsReq.getReply(cArr);
        }
    }

    private static void setOptions(int i, int i2, KDCOptions kDCOptions) {
        if (i2 == -1) {
            kDCOptions.set(i, false);
        } else {
            if (i2 != 1) {
                return;
            }
            kDCOptions.set(i, true);
        }
    }
}
