package net.jini.jeri.kerberos;

import com.bigdata.journal.Options;
import com.sun.jini.action.GetIntegerAction;
import com.sun.jini.discovery.internal.EndpointInternals;
import com.sun.jini.discovery.internal.KerberosEndpointInternalsAccess;
import com.sun.jini.jeri.internal.connection.BasicConnManagerFactory;
import com.sun.jini.jeri.internal.connection.ConnManager;
import com.sun.jini.jeri.internal.connection.ConnManagerFactory;
import com.sun.jini.jeri.internal.connection.ServerConnManager;
import com.sun.jini.jeri.internal.runtime.Util;
import com.sun.jini.logging.Levels;
import com.sun.jini.logging.LogUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidObjectException;
import java.io.ObjectInputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.lang.ref.WeakReference;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.nio.channels.SocketChannel;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.SocketFactory;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import net.jini.core.constraint.Delegation;
import net.jini.core.constraint.Integrity;
import net.jini.core.constraint.InvocationConstraint;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.io.UnsupportedConstraintException;
import net.jini.jeri.Endpoint;
import net.jini.jeri.OutboundRequestIterator;
import net.jini.jeri.ServerEndpoint;
import net.jini.jeri.connection.Connection;
import net.jini.jeri.connection.ConnectionEndpoint;
import net.jini.jeri.connection.OutboundRequestHandle;
import net.jini.jeri.kerberos.KerberosUtil;
import net.jini.security.AuthenticationPermission;
import net.jini.security.Security;
import net.jini.security.proxytrust.TrustEquivalence;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:net/jini/jeri/kerberos/KerberosEndpoint.class */
public final class KerberosEndpoint implements Endpoint, TrustEquivalence, Serializable {
    private static final long serialVersionUID = -880347439811805543L;
    private final String serverHost;
    private final int serverPort;
    private final KerberosPrincipal serverPrincipal;
    private final SocketFactory csf;
    private static GSSManager gssManager;
    private transient KerberosUtil.SoftCache softCache;
    private transient ConnectionEndpointImpl connectionEndpoint;
    private transient ConnManager connManager;
    private transient boolean disableSocketConnect;
    private static final int NO_ERROR = -1;
    private static final int UNSUPPORTABLE_CONSTRAINT_REQUIRED = 0;
    private static final int NULL_SUBJECT = 1;
    private static final int NO_CLIENT_PRINCIPAL = 2;
    private static final int UNSATISFIABLE_CONSTRAINT_REQUIRED = 3;
    private static final String[] ERROR_STRINGS;
    static Class class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionImpl;
    static Class class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
    static Class class$net$jini$jeri$kerberos$KerberosEndpoint;
    private static final Logger logger = Logger.getLogger("net.jini.jeri.kerberos.client");
    private static final Object classLock = new Object();
    private static final int maxCacheSize = ((Integer) AccessController.doPrivileged(new GetIntegerAction("com.sun.jini.jeri.kerberos.KerberosEndpoint.maxCacheSize", 64))).intValue();
    private static final int minGssContextLifetime = ((Integer) AccessController.doPrivileged(new GetIntegerAction("com.sun.jini.jeri.kerberos.KerberosEndpoint.minGssContextLifetime", 30))).intValue();
    private static final int maxGssContextRetries = ((Integer) AccessController.doPrivileged(new GetIntegerAction("com.sun.jini.jeri.kerberos.KerberosEndpoint.maxGssContextRetries", 3))).intValue();
    private static final Map internTable = new WeakHashMap(5);

    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosEndpoint$CacheKey.class */
    private static final class CacheKey {
        private final Subject subject;
        private final InvocationConstraints constraints;

        CacheKey(Subject subject, InvocationConstraints invocationConstraints) {
            this.subject = subject;
            this.constraints = invocationConstraints;
        }

        public int hashCode() {
            return System.identityHashCode(this.subject) ^ System.identityHashCode(this.constraints);
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof CacheKey)) {
                return false;
            }
            CacheKey cacheKey = (CacheKey) obj;
            return this.subject == cacheKey.subject && this.constraints == cacheKey.constraints;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosEndpoint$ConnectionEndpointImpl.class */
    public final class ConnectionEndpointImpl implements ConnectionEndpoint {
        static final boolean $assertionsDisabled;
        private final KerberosEndpoint this$0;

        private ConnectionEndpointImpl(KerberosEndpoint kerberosEndpoint) {
            this.this$0 = kerberosEndpoint;
        }

        @Override // net.jini.jeri.connection.ConnectionEndpoint
        public Connection connect(OutboundRequestHandle outboundRequestHandle) throws IOException {
            RequestHandleImpl checkRequestHandleImpl = this.this$0.checkRequestHandleImpl(outboundRequestHandle);
            KerberosUtil.Config config = null;
            Exception exc = null;
            try {
                List configs = checkRequestHandleImpl.getConfigs();
                config = (KerberosUtil.Config) configs.get(0);
                if (KerberosEndpoint.logger.isLoggable(Level.FINE)) {
                    KerberosEndpoint.logger.log(Level.FINE, "Passed in request handle is:\n{0},\nconfiguration list returned by getConfigs is:\n{1},\nin which the first one will be used.", new Object[]{checkRequestHandleImpl, configs});
                }
            } catch (SecurityException e) {
                exc = e;
            } catch (UnsupportedConstraintException e2) {
                exc = e2;
            }
            if (exc != null) {
                if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                    KerberosUtil.logThrow(KerberosEndpoint.logger, Levels.FAILED, getClass(), "connect", "failed to find a supportable connection configuration for the request", null, exc);
                }
                if (checkRequestHandleImpl.errorCode == 0) {
                    throw ((UnsupportedConstraintException) exc);
                }
                KerberosUtil.secureThrow(exc, new UnsupportedConstraintException(new StringBuffer().append("Either there are conflicting or unsatisfiable constraint requirements, or the JAAS login has not been done (Subject.getSubject(AccessController.getContext()) returns null), or no appropriate Kerberos principal and corresponding TGT allowed by the requirements can be found in the current subject. ").append(checkRequestHandleImpl.constraints).toString()));
            }
            ConnectionImpl connectionImpl = new ConnectionImpl(this.this$0, !this.this$0.disableSocketConnect ? connectToHost(checkRequestHandleImpl) : newSocket(), config);
            if (KerberosEndpoint.logger.isLoggable(Level.FINE)) {
                KerberosEndpoint.logger.log(Level.FINE, "New connection established:\n{0}", new Object[]{connectionImpl});
            }
            return connectionImpl;
        }

        private Socket connectToHost(RequestHandleImpl requestHandleImpl) throws IOException {
            Class cls;
            Class cls2;
            Class cls3;
            Class cls4;
            Class cls5;
            Class cls6;
            Class cls7;
            try {
                IOException iOException = null;
                SecurityException securityException = null;
                for (InetAddress inetAddress : InetAddress.getAllByName(this.this$0.serverHost)) {
                    InetSocketAddress inetSocketAddress = new InetSocketAddress(inetAddress, this.this$0.serverPort);
                    try {
                        return connectToSocketAddress(inetSocketAddress, requestHandleImpl);
                    } catch (IOException e) {
                        if (KerberosEndpoint.logger.isLoggable(Levels.HANDLED)) {
                            Logger logger = KerberosEndpoint.logger;
                            Level level = Levels.HANDLED;
                            if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                                cls7 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                                KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls7;
                            } else {
                                cls7 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                            }
                            LogUtil.logThrow(logger, level, cls7, "connectToHost", "exception connecting to {0}", new Object[]{inetSocketAddress}, e);
                        }
                        iOException = e;
                        if (e instanceof SocketTimeoutException) {
                            break;
                        }
                    } catch (SecurityException e2) {
                        if (KerberosEndpoint.logger.isLoggable(Levels.HANDLED)) {
                            Logger logger2 = KerberosEndpoint.logger;
                            Level level2 = Levels.HANDLED;
                            if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                                cls6 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                                KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls6;
                            } else {
                                cls6 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                            }
                            LogUtil.logThrow(logger2, level2, cls6, "connectToHost", "exception connecting to {0}", new Object[]{inetSocketAddress}, e2);
                        }
                        securityException = e2;
                    }
                }
                if (iOException != null) {
                    if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                        Logger logger3 = KerberosEndpoint.logger;
                        Level level3 = Levels.FAILED;
                        if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                            cls5 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                            KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls5;
                        } else {
                            cls5 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                        }
                        LogUtil.logThrow(logger3, level3, cls5, "connectToHost", "exception connecting to {0}", new Object[]{new StringBuffer().append(this.this$0.serverHost).append(":").append(this.this$0.serverPort).toString()}, iOException);
                    }
                    throw iOException;
                }
                if (!$assertionsDisabled && securityException == null) {
                    throw new AssertionError();
                }
                if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                    Logger logger4 = KerberosEndpoint.logger;
                    Level level4 = Levels.FAILED;
                    if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                        cls4 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                        KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls4;
                    } else {
                        cls4 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                    }
                    LogUtil.logThrow(logger4, level4, cls4, "connectToHost", "exception connecting to {0}", new Object[]{new StringBuffer().append(this.this$0.serverHost).append(":").append(this.this$0.serverPort).toString()}, securityException);
                }
                throw securityException;
            } catch (SecurityException e3) {
                if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                    Logger logger5 = KerberosEndpoint.logger;
                    Level level5 = Levels.FAILED;
                    if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                        cls3 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                        KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls3;
                    } else {
                        cls3 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                    }
                    LogUtil.logThrow(logger5, level5, cls3, "connectToHost", "exception resolving host {0}", new Object[]{this.this$0.serverHost}, e3);
                }
                throw e3;
            } catch (UnknownHostException e4) {
                try {
                    return connectToSocketAddress(new InetSocketAddress(this.this$0.serverHost, this.this$0.serverPort), requestHandleImpl);
                } catch (IOException e5) {
                    if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                        Logger logger6 = KerberosEndpoint.logger;
                        Level level6 = Levels.FAILED;
                        if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                            cls2 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                            KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls2;
                        } else {
                            cls2 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                        }
                        LogUtil.logThrow(logger6, level6, cls2, "connectToHost", "exception connecting to unresolved host {0}", new Object[]{new StringBuffer().append(this.this$0.serverHost).append(":").append(this.this$0.serverPort).toString()}, e5);
                    }
                    throw e5;
                } catch (SecurityException e6) {
                    if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                        Logger logger7 = KerberosEndpoint.logger;
                        Level level7 = Levels.FAILED;
                        if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                            cls = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                            KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls;
                        } else {
                            cls = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                        }
                        LogUtil.logThrow(logger7, level7, cls, "connectToHost", "exception connecting to unresolved host {0}", new Object[]{new StringBuffer().append(this.this$0.serverHost).append(":").append(this.this$0.serverPort).toString()}, e6);
                    }
                    throw e6;
                }
            }
        }

        private Socket connectToSocketAddress(SocketAddress socketAddress, RequestHandleImpl requestHandleImpl) throws IOException {
            long currentTimeMillis = requestHandleImpl.connectionAbsoluteTime - System.currentTimeMillis();
            if (currentTimeMillis <= 0) {
                throw new SocketTimeoutException("connection timeout passed before socket.connect is called");
            }
            Socket newSocket = newSocket();
            boolean z = false;
            try {
                if (currentTimeMillis > Options.MEM_MAX_EXTENT) {
                    newSocket.connect(socketAddress);
                } else {
                    newSocket.connect(socketAddress, (int) currentTimeMillis);
                }
                z = true;
                if (1 == 0) {
                    try {
                        newSocket.close();
                    } catch (IOException e) {
                    }
                }
                return newSocket;
            } catch (Throwable th) {
                if (!z) {
                    try {
                        newSocket.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        }

        private Socket newSocket() throws IOException {
            Socket createSocket;
            if (this.this$0.csf != null) {
                try {
                    createSocket = this.this$0.csf.createSocket();
                    if (KerberosEndpoint.logger.isLoggable(Level.FINE)) {
                        KerberosEndpoint.logger.log(Level.FINE, "created socket {0} using factory {1}", new Object[]{createSocket, this.this$0.csf});
                    }
                } catch (IOException e) {
                    if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                        KerberosUtil.logThrow(KerberosEndpoint.logger, Levels.FAILED, getClass(), "newSocket", "failed to create socket using the given SocketFactory {0}", new Object[]{this.this$0.csf}, e);
                    }
                    throw e;
                }
            } else {
                createSocket = new Socket();
                KerberosEndpoint.logger.log(Level.FINE, "created socket {0}", createSocket);
            }
            setSocketOptions(createSocket);
            return createSocket;
        }

        private void setSocketOptions(Socket socket) {
            try {
                socket.setTcpNoDelay(true);
            } catch (SocketException e) {
                if (KerberosEndpoint.logger.isLoggable(Levels.HANDLED)) {
                    KerberosUtil.logThrow(KerberosEndpoint.logger, Levels.HANDLED, getClass(), "connect", "failed to setTcpNoDelay option for {0}", new Object[]{socket}, e);
                }
            }
            try {
                socket.setKeepAlive(true);
            } catch (SocketException e2) {
                if (KerberosEndpoint.logger.isLoggable(Levels.HANDLED)) {
                    KerberosUtil.logThrow(KerberosEndpoint.logger, Levels.HANDLED, getClass(), "connect", "failed to setKeepAlive options for {0}", new Object[]{socket}, e2);
                }
            }
        }

        @Override // net.jini.jeri.connection.ConnectionEndpoint
        public Connection connect(OutboundRequestHandle outboundRequestHandle, Collection collection, Collection collection2) {
            Class cls;
            Class cls2;
            Class cls3;
            Class cls4;
            RequestHandleImpl checkRequestHandleImpl = this.this$0.checkRequestHandleImpl(outboundRequestHandle);
            if (collection == null) {
                throw new NullPointerException("active collection cannot be null");
            }
            if (collection2 == null) {
                throw new NullPointerException("idle collection cannot be null");
            }
            try {
                List<KerberosUtil.Config> configs = checkRequestHandleImpl.getConfigs();
                boolean z = false;
                for (KerberosUtil.Config config : configs) {
                    Iterator it2 = collection.iterator();
                    while (it2.hasNext()) {
                        ConnectionImpl checkConnection = this.this$0.checkConnection(it2.next());
                        if (checkConnection.satisfies(config)) {
                            if (KerberosEndpoint.logger.isLoggable(Level.FINE)) {
                                KerberosEndpoint.logger.log(Level.FINE, "found an active connection for reusing:\n{0}\n{1}", new Object[]{checkConnection, config});
                            }
                            if (!z) {
                                try {
                                    checkResolvePermission();
                                    z = true;
                                } catch (SecurityException e) {
                                    if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                                        Logger logger = KerberosEndpoint.logger;
                                        Level level = Levels.FAILED;
                                        if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                                            cls3 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                                            KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls3;
                                        } else {
                                            cls3 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                                        }
                                        LogUtil.logThrow(logger, level, cls3, "connect", "exception resolving host {0}", new Object[]{this.this$0.serverHost}, e);
                                    }
                                    throw e;
                                }
                            }
                            try {
                                checkConnection.checkConnectPermission();
                                return checkConnection;
                            } catch (SecurityException e2) {
                                if (KerberosEndpoint.logger.isLoggable(Levels.HANDLED)) {
                                    Logger logger2 = KerberosEndpoint.logger;
                                    Level level2 = Levels.HANDLED;
                                    if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                                        cls4 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                                        KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls4;
                                    } else {
                                        cls4 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                                    }
                                    LogUtil.logThrow(logger2, level2, cls4, "connect", "access to reuse connection {0} denied", new Object[]{checkConnection.sock}, e2);
                                }
                            }
                        }
                    }
                }
                for (KerberosUtil.Config config2 : configs) {
                    Iterator it3 = collection2.iterator();
                    while (it3.hasNext()) {
                        ConnectionImpl checkConnection2 = this.this$0.checkConnection(it3.next());
                        if (checkConnection2.switchTo(config2)) {
                            if (KerberosEndpoint.logger.isLoggable(Level.FINE)) {
                                KerberosEndpoint.logger.log(Level.FINE, "found an idle connection for reusing:\n{0}\n{1}", new Object[]{checkConnection2, config2});
                            }
                            if (!z) {
                                try {
                                    checkResolvePermission();
                                    z = true;
                                } catch (SecurityException e3) {
                                    if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                                        Logger logger3 = KerberosEndpoint.logger;
                                        Level level3 = Levels.FAILED;
                                        if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                                            cls2 = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                                            KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls2;
                                        } else {
                                            cls2 = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                                        }
                                        LogUtil.logThrow(logger3, level3, cls2, "connect", "exception resolving host {0}", new Object[]{this.this$0.serverHost}, e3);
                                    }
                                    throw e3;
                                }
                            }
                            try {
                                checkConnection2.checkConnectPermission();
                                return checkConnection2;
                            } catch (SecurityException e4) {
                                if (KerberosEndpoint.logger.isLoggable(Levels.HANDLED)) {
                                    Logger logger4 = KerberosEndpoint.logger;
                                    Level level4 = Levels.HANDLED;
                                    if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl == null) {
                                        cls = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionEndpointImpl");
                                        KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl = cls;
                                    } else {
                                        cls = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionEndpointImpl;
                                    }
                                    LogUtil.logThrow(logger4, level4, cls, "connect", "access to reuse connection {0} denied", new Object[]{checkConnection2.sock}, e4);
                                }
                            }
                        }
                    }
                }
                return null;
            } catch (Exception e5) {
                return null;
            }
        }

        private void checkResolvePermission() {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkConnect(this.this$0.serverHost, -1);
            }
        }

        ConnectionEndpointImpl(KerberosEndpoint kerberosEndpoint, AnonymousClass1 anonymousClass1) {
            this(kerberosEndpoint);
        }

        static {
            Class cls;
            if (KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint == null) {
                cls = KerberosEndpoint.class$("net.jini.jeri.kerberos.KerberosEndpoint");
                KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint = cls;
            } else {
                cls = KerberosEndpoint.class$net$jini$jeri$kerberos$KerberosEndpoint;
            }
            $assertionsDisabled = !cls.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosEndpoint$ConnectionImpl.class */
    public final class ConnectionImpl extends KerberosUtil.Connection implements Connection {
        private static final int KRB_AP_ERR_REPEAT = 34;
        private InputStream istream;
        private OutputStream ostream;
        private final KerberosEndpoint this$0;

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        ConnectionImpl(KerberosEndpoint kerberosEndpoint, Socket socket, KerberosUtil.Config config) throws IOException {
            super(socket);
            this.this$0 = kerberosEndpoint;
            this.clientPrincipal = config.clientPrincipal;
            this.doEncryption = config.encry;
            this.doDelegation = config.deleg;
            this.connectionLogger = KerberosEndpoint.logger;
            boolean z = false;
            try {
                try {
                    Security.doPrivileged(new PrivilegedExceptionAction(this) { // from class: net.jini.jeri.kerberos.KerberosEndpoint.5
                        private final ConnectionImpl this$1;

                        {
                            this.this$1 = this;
                        }

                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws IOException, GSSException {
                            this.this$1.establishContext();
                            return null;
                        }
                    });
                    this.ostream = new KerberosUtil.ConnectionOutputStream(this);
                    this.istream = new KerberosUtil.ConnectionInputStream(this);
                    z = true;
                    if (1 == 0) {
                        close();
                    }
                } catch (PrivilegedActionException e) {
                    Exception exception = e.getException();
                    if (KerberosEndpoint.logger.isLoggable(Levels.FAILED)) {
                        KerberosUtil.logThrow(KerberosEndpoint.logger, Levels.FAILED, getClass(), "constructor", "failed to establish GSSContext for this connection with {0}.", new Object[]{config}, exception);
                    }
                    if (!(exception instanceof GSSException)) {
                        throw ((IOException) exception);
                    }
                    IOException iOException = new IOException("Failed to establish GSS context for this connection.");
                    iOException.initCause(exception);
                    throw iOException;
                }
            } catch (Throwable th) {
                if (!z) {
                    close();
                }
                throw th;
            }
        }

        @Override // net.jini.jeri.connection.Connection
        public OutputStream getOutputStream() throws IOException {
            return this.ostream;
        }

        @Override // net.jini.jeri.connection.Connection
        public InputStream getInputStream() throws IOException {
            return this.istream;
        }

        @Override // net.jini.jeri.connection.Connection
        public SocketChannel getChannel() {
            return null;
        }

        @Override // net.jini.jeri.connection.Connection
        public void populateContext(OutboundRequestHandle outboundRequestHandle, Collection collection) {
            if (outboundRequestHandle == null) {
                throw new NullPointerException("handle is null");
            }
            if (collection == null) {
                throw new NullPointerException("context is null");
            }
        }

        @Override // net.jini.jeri.connection.Connection
        public InvocationConstraints getUnfulfilledConstraints(OutboundRequestHandle outboundRequestHandle) {
            return this.this$0.checkRequestHandleImpl(outboundRequestHandle).unfulfilledConstraints;
        }

        @Override // net.jini.jeri.connection.Connection
        public void writeRequestData(OutboundRequestHandle outboundRequestHandle, OutputStream outputStream) {
        }

        @Override // net.jini.jeri.connection.Connection
        public IOException readResponseData(OutboundRequestHandle outboundRequestHandle, InputStream inputStream) {
            return null;
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer("KerberosEndpoint.ConnectionImpl");
            stringBuffer.append(new StringBuffer().append("[clientPrincipal=").append(this.clientPrincipal).toString());
            stringBuffer.append(new StringBuffer().append(" serverPrincipal=").append(this.this$0.serverPrincipal).toString());
            stringBuffer.append(new StringBuffer().append(" doEncryption=").append(this.doEncryption).toString());
            stringBuffer.append(new StringBuffer().append(" doDelegation=").append(this.doDelegation).toString());
            stringBuffer.append(new StringBuffer().append(" client=").append(this.sock.getLocalAddress().getHostName()).toString());
            stringBuffer.append(new StringBuffer().append(":").append(this.sock.getLocalPort()).toString());
            stringBuffer.append(new StringBuffer().append(" server=").append(this.sock.getInetAddress().getHostName()).toString());
            stringBuffer.append(new StringBuffer().append(":").append(this.sock.getPort()).toString());
            stringBuffer.append(']');
            return stringBuffer.toString();
        }

        boolean satisfies(KerberosUtil.Config config) {
            return this.gssContext.getLifetime() >= KerberosEndpoint.minGssContextLifetime && this.clientPrincipal.equals(config.clientPrincipal) && this.doEncryption == config.encry && this.doDelegation == config.deleg;
        }

        void checkConnectPermission() {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                InetSocketAddress inetSocketAddress = (InetSocketAddress) this.sock.getRemoteSocketAddress();
                if (inetSocketAddress.isUnresolved()) {
                    securityManager.checkConnect(inetSocketAddress.getHostName(), this.sock.getPort());
                } else {
                    securityManager.checkConnect(inetSocketAddress.getAddress().getHostAddress(), this.sock.getPort());
                }
            }
        }

        boolean switchTo(KerberosUtil.Config config) {
            if (this.gssContext.getLifetime() < KerberosEndpoint.minGssContextLifetime || !this.clientPrincipal.equals(config.clientPrincipal) || this.doDelegation != config.deleg) {
                return false;
            }
            this.doEncryption = config.encry;
            return true;
        }

        KerberosEndpoint getEndpoint() {
            return this.this$0;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void establishContext() throws IOException, GSSException {
            synchronized (KerberosEndpoint.classLock) {
                if (KerberosEndpoint.gssManager == null) {
                    GSSManager unused = KerberosEndpoint.gssManager = GSSManager.getInstance();
                }
            }
            GSSCredential createCredential = KerberosEndpoint.gssManager.createCredential(KerberosEndpoint.gssManager.createName(this.clientPrincipal.getName(), KerberosUtil.krb5NameType), Integer.MAX_VALUE, KerberosUtil.krb5MechOid, 1);
            GSSName createName = KerberosEndpoint.gssManager.createName(this.this$0.serverPrincipal.getName(), KerberosUtil.krb5NameType);
            loop0: for (int i = KerberosEndpoint.maxGssContextRetries; i > 0; i--) {
                this.gssContext = KerberosEndpoint.gssManager.createContext(createName, KerberosUtil.krb5MechOid, createCredential, 0);
                this.gssContext.requestMutualAuth(true);
                this.gssContext.requestInteg(true);
                this.gssContext.requestConf(true);
                this.gssContext.requestCredDeleg(this.doDelegation);
                this.gssContext.requestReplayDet(true);
                this.gssContext.requestSequenceDet(true);
                byte[] bArr = new byte[0];
                while (true) {
                    try {
                        byte[] initSecContext = this.gssContext.initSecContext(bArr, 0, bArr.length);
                        if (initSecContext != null) {
                            this.dos.writeInt(initSecContext.length);
                            this.dos.write(initSecContext);
                            this.dos.flush();
                        }
                        if (this.gssContext.isEstablished()) {
                            break loop0;
                        }
                        bArr = new byte[this.dis.readInt()];
                        this.dis.readFully(bArr);
                    } catch (GSSException e) {
                        if ((e.getMessage().indexOf("34") < 0 && e.getMajor() != 19 && e.getMinor() != 34 && e.getMessage().indexOf("Request is a replay") < 0) || i == 1) {
                            throw e;
                        }
                    }
                }
            }
            if (!this.gssContext.getIntegState() || ((this.doEncryption && !this.gssContext.getConfState()) || ((this.doDelegation && !this.gssContext.getCredDelegState()) || !this.gssContext.getTargName().toString().equals(this.this$0.serverPrincipal.getName())))) {
                throw new IOException("Failed to establish gss context for connection");
            }
            KerberosEndpoint.logger.log(Level.FINE, "GSSContext established for {0}", this);
        }
    }

    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosEndpoint$KerberosEndpointInternals.class */
    private static final class KerberosEndpointInternals implements EndpointInternals {
        private KerberosEndpointInternals() {
        }

        static void registerDiscoveryBackDoor() {
            try {
                Security.doPrivileged(new PrivilegedAction(new KerberosEndpointInternals()) { // from class: net.jini.jeri.kerberos.KerberosEndpoint.2
                    private final KerberosEndpointInternals val$backDoor;

                    {
                        this.val$backDoor = r4;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        KerberosEndpointInternalsAccess.set(this.val$backDoor);
                        return null;
                    }
                });
            } catch (Throwable th) {
                KerberosEndpoint.logger.log(Level.WARNING, "Problem registering with discovery provider", th);
            }
        }

        @Override // com.sun.jini.discovery.internal.EndpointInternals
        public void disableSocketConnect(Endpoint endpoint) {
            ((KerberosEndpoint) endpoint).disableSocketConnect = true;
        }

        @Override // com.sun.jini.discovery.internal.EndpointInternals
        public void setConnManagerFactory(Endpoint endpoint, ConnManagerFactory connManagerFactory) {
            KerberosEndpoint kerberosEndpoint = (KerberosEndpoint) endpoint;
            kerberosEndpoint.connManager = connManagerFactory.create(kerberosEndpoint.connectionEndpoint);
        }

        @Override // com.sun.jini.discovery.internal.EndpointInternals
        public void setServerConnManager(ServerEndpoint serverEndpoint, ServerConnManager serverConnManager) {
            ((KerberosServerEndpoint) serverEndpoint).serverConnManager = serverConnManager;
        }

        @Override // com.sun.jini.discovery.internal.EndpointInternals
        public InvocationConstraints getUnfulfilledConstraints(OutboundRequestHandle outboundRequestHandle) {
            return ((RequestHandleImpl) outboundRequestHandle).unfulfilledConstraints;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosEndpoint$RequestHandleImpl.class */
    public final class RequestHandleImpl implements OutboundRequestHandle {
        private Subject clientSubject;
        private InvocationConstraints constraints;
        private boolean subjectReadOnly;
        private Set subjectClientPrincipals;
        private Set clientPrincipals;
        private int errorCode;
        private String detailedExceptionMsg;
        private KerberosUtil.Config[] configs;
        private InvocationConstraints unfulfilledConstraints;
        long connectionAbsoluteTime;
        private final KerberosEndpoint this$0;

        RequestHandleImpl(KerberosEndpoint kerberosEndpoint, Subject subject, InvocationConstraints invocationConstraints) {
            this.this$0 = kerberosEndpoint;
            this.errorCode = -1;
            for (InvocationConstraint invocationConstraint : invocationConstraints.requirements()) {
                if (!KerberosUtil.isSupportableConstraint(invocationConstraint)) {
                    this.errorCode = 0;
                    this.detailedExceptionMsg = new StringBuffer().append("A constraint unsupportable by this endpoint has been required: ").append(invocationConstraint).toString();
                    return;
                }
            }
            this.clientPrincipals = new HashSet();
            Iterator it2 = invocationConstraints.requirements().iterator();
            while (it2.hasNext()) {
                if (!KerberosUtil.collectCpCandidates((InvocationConstraint) it2.next(), this.clientPrincipals)) {
                    this.errorCode = 0;
                    this.detailedExceptionMsg = new StringBuffer().append("Client principal constraint related conflicts found in the given set of constraints: ").append(invocationConstraints).toString();
                    return;
                }
            }
            if (subject == null) {
                this.errorCode = 1;
                this.detailedExceptionMsg = "JAAS login has not been done properly, the subject associated with the current AccessControlContext is null.";
                return;
            }
            this.clientSubject = subject;
            this.constraints = invocationConstraints;
            this.subjectReadOnly = subject.isReadOnly();
            this.subjectClientPrincipals = getClientPrincipals(subject);
            if (this.subjectClientPrincipals.size() == 0) {
                this.errorCode = 2;
                this.detailedExceptionMsg = "JAAS login has not been done properly, the subject associated with the current AccessControlContext contains no KerberosPrincipal.";
                return;
            }
            if (this.clientPrincipals.size() > 0) {
                this.clientPrincipals.retainAll(this.subjectClientPrincipals);
            } else {
                this.clientPrincipals = this.subjectClientPrincipals;
            }
            boolean z = KerberosUtil.containsConstraint(invocationConstraints.requirements(), Delegation.YES) || KerberosUtil.containsConstraint(invocationConstraints.preferences(), Delegation.YES);
            ArrayList arrayList = new ArrayList();
            KerberosUtil.ConfigIter configIter = new KerberosUtil.ConfigIter(this.clientPrincipals, kerberosEndpoint.serverPrincipal, z);
            while (configIter.hasNext()) {
                KerberosUtil.Config next = configIter.next();
                Iterator it3 = invocationConstraints.requirements().iterator();
                while (true) {
                    if (it3.hasNext()) {
                        if (!KerberosUtil.isSatisfiable(next, (InvocationConstraint) it3.next())) {
                            break;
                        }
                    } else {
                        arrayList.add(next);
                        break;
                    }
                }
            }
            if (arrayList.size() == 0) {
                this.errorCode = 3;
                this.detailedExceptionMsg = new StringBuffer().append("Constraints unsatisfiable by this endpoint with the current subject have been required: ").append(invocationConstraints).append(", while the KerberosPrincipal set of ").append("the subject is: ").append(this.subjectClientPrincipals).toString();
                return;
            }
            this.configs = (KerberosUtil.Config[]) arrayList.toArray(new KerberosUtil.Config[arrayList.size()]);
            for (int i = 0; i < this.configs.length; i++) {
                Iterator it4 = invocationConstraints.preferences().iterator();
                while (it4.hasNext()) {
                    if (KerberosUtil.isSatisfiable(this.configs[i], (InvocationConstraint) it4.next())) {
                        this.configs[i].prefCount++;
                    }
                }
            }
            Arrays.sort(this.configs, new Comparator(this) { // from class: net.jini.jeri.kerberos.KerberosEndpoint.3
                private final RequestHandleImpl this$1;

                {
                    this.this$1 = this;
                }

                @Override // java.util.Comparator
                public int compare(Object obj, Object obj2) {
                    return ((KerberosUtil.Config) obj2).prefCount - ((KerberosUtil.Config) obj).prefCount;
                }
            });
            if (KerberosUtil.containsConstraint(invocationConstraints.requirements(), Integrity.YES)) {
                this.unfulfilledConstraints = KerberosUtil.INTEGRITY_REQUIRED_CONSTRAINTS;
            } else if (KerberosUtil.containsConstraint(invocationConstraints.preferences(), Integrity.YES)) {
                this.unfulfilledConstraints = KerberosUtil.INTEGRITY_PREFERRED_CONSTRAINTS;
            } else {
                this.unfulfilledConstraints = InvocationConstraints.EMPTY;
            }
            this.connectionAbsoluteTime = Math.min(computeConnectionTimeLimit(invocationConstraints.requirements()), computeConnectionTimeLimit(invocationConstraints.preferences()));
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer("KerberosEndpoint.RequestHandleImpl[\n");
            if (this.errorCode != -1) {
                stringBuffer.append(new StringBuffer().append("errorCode=").append(KerberosEndpoint.ERROR_STRINGS[this.errorCode]).toString());
                stringBuffer.append(new StringBuffer().append(" errorExceptionMsg=").append(this.detailedExceptionMsg).toString());
            } else {
                stringBuffer.append(new StringBuffer().append("constraints=").append(this.constraints).toString());
                stringBuffer.append(new StringBuffer().append("\nprincipalsInSubject=").append(this.subjectClientPrincipals).toString());
                stringBuffer.append("\nallowedConfigs=[\n");
                if (this.configs.length > 0) {
                    stringBuffer.append(this.configs[0]);
                }
                for (int i = 1; i < this.configs.length; i++) {
                    stringBuffer.append(new StringBuffer().append(",\n").append(this.configs[i]).toString());
                }
                stringBuffer.append("],");
                stringBuffer.append(new StringBuffer().append("\nunfulfilledConstraints=").append(this.unfulfilledConstraints).toString());
                stringBuffer.append("\nconnectionAbsoluteTime=");
                if (this.connectionAbsoluteTime == Long.MAX_VALUE) {
                    stringBuffer.append("NO_LIMIT");
                } else {
                    stringBuffer.append(new Date(this.connectionAbsoluteTime));
                }
            }
            stringBuffer.append(']');
            return stringBuffer.toString();
        }

        boolean reusable(Subject subject) {
            if (subject == null || this.subjectReadOnly) {
                return true;
            }
            return getClientPrincipals(subject).equals(this.subjectClientPrincipals);
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v16 */
        /* JADX WARN: Type inference failed for: r0v40 */
        /* JADX WARN: Type inference failed for: r0v50 */
        /* JADX WARN: Type inference failed for: r0v54 */
        /* JADX WARN: Type inference failed for: r1v7 */
        List getConfigs() throws UnsupportedConstraintException {
            if (this.errorCode != -1) {
                throw new UnsupportedConstraintException(this.detailedExceptionMsg);
            }
            KerberosTicket[] kerberosTicketArr = (KerberosTicket[]) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: net.jini.jeri.kerberos.KerberosEndpoint.4
                private final RequestHandleImpl this$1;

                {
                    this.this$1 = this;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    return this.this$1.getTickets();
                }
            });
            ArrayList arrayList = new ArrayList(this.configs.length);
            boolean z = 3;
            KerberosPrincipal kerberosPrincipal = null;
            boolean z2 = 2;
            KerberosPrincipal kerberosPrincipal2 = null;
            HashMap hashMap = new HashMap();
            for (int i = 0; i < this.configs.length; i++) {
                AuthenticationPermission authenticationPermission = getAuthenticationPermission(this.configs[i].clientPrincipal, this.configs[i].deleg);
                Boolean bool = (Boolean) hashMap.get(authenticationPermission);
                if (bool == null) {
                    try {
                        KerberosUtil.checkAuthPermission(authenticationPermission);
                        hashMap.put(authenticationPermission, Boolean.TRUE);
                    } catch (SecurityException e) {
                        hashMap.put(authenticationPermission, Boolean.FALSE);
                    }
                } else if (bool == Boolean.FALSE) {
                }
                if (this.configs[i].deleg) {
                    if (z > 2) {
                        z = 2;
                        kerberosPrincipal = this.configs[i].clientPrincipal;
                    }
                    KerberosTicket findTicket = findTicket(kerberosTicketArr, this.configs[i].clientPrincipal);
                    if (findTicket != null) {
                        if (z > 1) {
                            z = true;
                            kerberosPrincipal = this.configs[i].clientPrincipal;
                        }
                        if (findTicket.isForwardable()) {
                            arrayList.add(this.configs[i]);
                        }
                    }
                } else {
                    if (z2 > 1) {
                        z2 = true;
                        kerberosPrincipal2 = this.configs[i].clientPrincipal;
                    }
                    if (findTicket(kerberosTicketArr, this.configs[i].clientPrincipal) != null) {
                        arrayList.add(this.configs[i]);
                    }
                }
            }
            if (arrayList.size() != 0) {
                return arrayList;
            }
            if (z2 < z) {
                switch (z2) {
                    case true:
                        throw new UnsupportedConstraintException(new StringBuffer().append("JAAS login has not been done properly, the subject associated with the current AccessControlContext does not contain a valid TGT for ").append(kerberosPrincipal2.getName()).toString());
                    case true:
                        throw new SecurityException(new StringBuffer().append("Caller does not have any of the following acceptable permissions: ").append(hashMap.keySet()).toString());
                    default:
                        throw new AssertionError("should not reach here");
                }
            }
            switch (z) {
                case true:
                    throw new UnsupportedConstraintException(new StringBuffer().append("JAAS login has not been done properly, the subject associated with the current AccessControlContext contains a valid TGT for ").append(kerberosPrincipal.getName()).append(", but the TGT is not ").append("forwardable.").toString());
                case true:
                    throw new UnsupportedConstraintException(new StringBuffer().append("JAAS login has not been done properly, the subject associated with the current AccessControlContext does not contain a valid TGT for ").append(kerberosPrincipal.getName()).toString());
                default:
                    throw new AssertionError("should not reach here");
            }
        }

        KerberosEndpoint getEndpoint() {
            return this.this$0;
        }

        private Set getClientPrincipals(Subject subject) {
            HashSet hashSet;
            Set<Principal> principals = subject.getPrincipals();
            synchronized (principals) {
                hashSet = new HashSet(principals.size());
                for (Principal principal : principals) {
                    if (principal instanceof KerberosPrincipal) {
                        hashSet.add(principal);
                    }
                }
            }
            return hashSet;
        }

        /* JADX WARN: Removed duplicated region for block: B:13:0x008f A[SYNTHETIC] */
        /* JADX WARN: Removed duplicated region for block: B:17:0x000c A[SYNTHETIC] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private long computeConnectionTimeLimit(java.util.Set r6) {
            /*
                r5 = this;
                r0 = 9223372036854775807(0x7fffffffffffffff, double:NaN)
                r7 = r0
                r0 = r6
                java.util.Iterator r0 = r0.iterator()
                r9 = r0
            Lc:
                r0 = r9
                boolean r0 = r0.hasNext()
                if (r0 == 0) goto L95
                r0 = r9
                java.lang.Object r0 = r0.next()
                r10 = r0
                r0 = -9223372036854775808
                r11 = r0
                r0 = r10
                boolean r0 = r0 instanceof net.jini.core.constraint.ConstraintAlternatives
                if (r0 == 0) goto L76
                r0 = r10
                net.jini.core.constraint.ConstraintAlternatives r0 = (net.jini.core.constraint.ConstraintAlternatives) r0
                java.util.Set r0 = r0.elements()
                r13 = r0
                r0 = r13
                java.util.Iterator r0 = r0.iterator()
                r14 = r0
            L3f:
                r0 = r14
                boolean r0 = r0.hasNext()
                if (r0 == 0) goto L73
                r0 = r14
                java.lang.Object r0 = r0.next()
                r15 = r0
                r0 = r15
                boolean r0 = r0 instanceof net.jini.core.constraint.ConnectionAbsoluteTime
                if (r0 == 0) goto Lc
                r0 = r15
                net.jini.core.constraint.ConnectionAbsoluteTime r0 = (net.jini.core.constraint.ConnectionAbsoluteTime) r0
                long r0 = r0.getTime()
                r16 = r0
                r0 = r11
                r1 = r16
                int r0 = (r0 > r1 ? 1 : (r0 == r1 ? 0 : -1))
                if (r0 >= 0) goto L70
                r0 = r16
                r11 = r0
            L70:
                goto L3f
            L73:
                goto L88
            L76:
                r0 = r10
                boolean r0 = r0 instanceof net.jini.core.constraint.ConnectionAbsoluteTime
                if (r0 == 0) goto Lc
                r0 = r10
                net.jini.core.constraint.ConnectionAbsoluteTime r0 = (net.jini.core.constraint.ConnectionAbsoluteTime) r0
                long r0 = r0.getTime()
                r11 = r0
            L88:
                r0 = r11
                r1 = r7
                int r0 = (r0 > r1 ? 1 : (r0 == r1 ? 0 : -1))
                if (r0 >= 0) goto L92
                r0 = r11
                r7 = r0
            L92:
                goto Lc
            L95:
                r0 = r7
                return r0
            */
            throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.kerberos.KerberosEndpoint.RequestHandleImpl.computeConnectionTimeLimit(java.util.Set):long");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public KerberosTicket[] getTickets() {
            ArrayList arrayList = new ArrayList();
            Set<Object> privateCredentials = this.clientSubject.getPrivateCredentials();
            synchronized (privateCredentials) {
                for (Object obj : privateCredentials) {
                    if (obj instanceof KerberosTicket) {
                        KerberosTicket kerberosTicket = (KerberosTicket) obj;
                        if (kerberosTicket.getServer().getName().startsWith("krbtgt/") && !kerberosTicket.isDestroyed() && kerberosTicket.isCurrent()) {
                            arrayList.add(kerberosTicket);
                        }
                    }
                }
            }
            return (KerberosTicket[]) arrayList.toArray(new KerberosTicket[arrayList.size()]);
        }

        private KerberosTicket findTicket(KerberosTicket[] kerberosTicketArr, KerberosPrincipal kerberosPrincipal) {
            String stringBuffer = new StringBuffer().append("krbtgt/").append(this.this$0.serverPrincipal.getRealm()).append("@").append(kerberosPrincipal.getRealm()).toString();
            for (int i = 0; i < kerberosTicketArr.length; i++) {
                if (kerberosTicketArr[i].getClient().equals(kerberosPrincipal) && kerberosTicketArr[i].getServer().getName().equals(stringBuffer)) {
                    return kerberosTicketArr[i];
                }
            }
            return null;
        }

        private AuthenticationPermission getAuthenticationPermission(KerberosPrincipal kerberosPrincipal, boolean z) {
            return new AuthenticationPermission(Collections.singleton(kerberosPrincipal), Collections.singleton(this.this$0.serverPrincipal), z ? "delegate" : "connect");
        }
    }

    private KerberosEndpoint(String str, int i, KerberosPrincipal kerberosPrincipal, SocketFactory socketFactory) {
        if (str == null) {
            throw new NullPointerException("serverHost is null");
        }
        if (i <= 0 || i > 65535) {
            throw new IllegalArgumentException(new StringBuffer().append("server port number out of range 1-65535: serverPort = ").append(i).toString());
        }
        if (kerberosPrincipal == null) {
            throw new NullPointerException("serverPrincipal is null");
        }
        this.serverHost = str;
        this.serverPort = i;
        this.serverPrincipal = kerberosPrincipal;
        this.csf = socketFactory;
        logger.log(Level.FINE, "created {0}", this);
    }

    public static KerberosEndpoint getInstance(String str, int i, KerberosPrincipal kerberosPrincipal) {
        return intern(new KerberosEndpoint(str, i, kerberosPrincipal, null));
    }

    public static KerberosEndpoint getInstance(String str, int i, KerberosPrincipal kerberosPrincipal, SocketFactory socketFactory) {
        return intern(new KerberosEndpoint(str, i, kerberosPrincipal, socketFactory));
    }

    public String getHost() {
        return this.serverHost;
    }

    public int getPort() {
        return this.serverPort;
    }

    public KerberosPrincipal getPrincipal() {
        return this.serverPrincipal;
    }

    public SocketFactory getSocketFactory() {
        return this.csf;
    }

    @Override // net.jini.jeri.Endpoint
    public OutboundRequestIterator newRequest(InvocationConstraints invocationConstraints) {
        if (invocationConstraints == null) {
            throw new NullPointerException("constraints cannot be null");
        }
        logger.log(Level.FINE, "newRequest requested with constraints:\n{0}", invocationConstraints);
        Subject subject = (Subject) Security.doPrivileged(new PrivilegedAction(this) { // from class: net.jini.jeri.kerberos.KerberosEndpoint.1
            private final KerberosEndpoint this$0;

            {
                this.this$0 = this;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return Subject.getSubject(AccessController.getContext());
            }
        });
        CacheKey cacheKey = new CacheKey(subject, invocationConstraints);
        RequestHandleImpl requestHandleImpl = (RequestHandleImpl) this.softCache.get(cacheKey);
        if (requestHandleImpl == null || !requestHandleImpl.reusable(subject)) {
            requestHandleImpl = new RequestHandleImpl(this, subject, invocationConstraints);
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "new request handle has been constructed:\n{0}", new Object[]{requestHandleImpl});
            }
            this.softCache.put(cacheKey, requestHandleImpl);
        }
        return this.connManager.newRequest(requestHandleImpl);
    }

    @Override // net.jini.security.proxytrust.TrustEquivalence
    public boolean checkTrustEquivalence(Object obj) {
        return equals(obj);
    }

    public int hashCode() {
        return (((getClass().getName().hashCode() ^ this.serverPrincipal.hashCode()) ^ this.serverHost.hashCode()) ^ this.serverPort) ^ (this.csf != null ? this.csf.hashCode() : 0);
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof KerberosEndpoint)) {
            return false;
        }
        KerberosEndpoint kerberosEndpoint = (KerberosEndpoint) obj;
        return this.serverPrincipal.equals(kerberosEndpoint.serverPrincipal) && this.serverHost.equals(kerberosEndpoint.serverHost) && this.serverPort == kerberosEndpoint.serverPort && Util.sameClassAndEquals(this.csf, kerberosEndpoint.csf);
    }

    public String toString() {
        return new StringBuffer().append("KerberosEndpoint[serverHost=").append(this.serverHost).append(" serverPort=").append(this.serverPort).append(" serverPrincipal=").append(this.serverPrincipal).append(this.csf == null ? "" : new StringBuffer().append("csf = ").append(this.csf.toString()).toString()).append("]").toString();
    }

    private Object readResolve() {
        return intern(this);
    }

    private void readObject(ObjectInputStream objectInputStream) throws IOException, ClassNotFoundException {
        objectInputStream.defaultReadObject();
        if (this.serverHost == null) {
            throw new InvalidObjectException("serverHost is null");
        }
        if (this.serverPort <= 0 || this.serverPort > 65535) {
            throw new InvalidObjectException(new StringBuffer().append("server port number out of range 1-65535: serverPort = : ").append(this.serverPort).toString());
        }
        if (this.serverPrincipal == null) {
            throw new InvalidObjectException("serverPrincipal is null");
        }
    }

    private static KerberosEndpoint intern(KerberosEndpoint kerberosEndpoint) {
        KerberosEndpoint kerberosEndpoint2;
        synchronized (internTable) {
            WeakReference weakReference = (WeakReference) internTable.get(kerberosEndpoint);
            if (weakReference != null && (kerberosEndpoint2 = (KerberosEndpoint) weakReference.get()) != null) {
                return kerberosEndpoint2;
            }
            kerberosEndpoint.softCache = new KerberosUtil.SoftCache(maxCacheSize);
            kerberosEndpoint.getClass();
            kerberosEndpoint.connectionEndpoint = new ConnectionEndpointImpl(kerberosEndpoint, null);
            kerberosEndpoint.connManager = new BasicConnManagerFactory().create(kerberosEndpoint.connectionEndpoint);
            internTable.put(kerberosEndpoint, new WeakReference(kerberosEndpoint));
            return kerberosEndpoint;
        }
    }

    private void checkEndpoint(KerberosEndpoint kerberosEndpoint) {
        if (!equals(kerberosEndpoint)) {
            throw new IllegalArgumentException(new StringBuffer().append("endpoint mismatch, this endpoint is: ").append(this).append(", passed in endpoint is: ").append(kerberosEndpoint).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public RequestHandleImpl checkRequestHandleImpl(Object obj) {
        if (obj == null) {
            throw new NullPointerException("Handle cannot be null");
        }
        if (!(obj instanceof RequestHandleImpl)) {
            throw new IllegalArgumentException(new StringBuffer().append("Unexpected handle type: ").append(obj).toString());
        }
        RequestHandleImpl requestHandleImpl = (RequestHandleImpl) obj;
        checkEndpoint(requestHandleImpl.getEndpoint());
        return requestHandleImpl;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ConnectionImpl checkConnection(Object obj) {
        Class cls;
        if (obj instanceof ConnectionImpl) {
            ConnectionImpl connectionImpl = (ConnectionImpl) obj;
            checkEndpoint(connectionImpl.getEndpoint());
            return connectionImpl;
        }
        StringBuffer append = new StringBuffer().append("Expected connection type is ");
        if (class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionImpl == null) {
            cls = class$("net.jini.jeri.kerberos.KerberosEndpoint$ConnectionImpl");
            class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionImpl = cls;
        } else {
            cls = class$net$jini$jeri$kerberos$KerberosEndpoint$ConnectionImpl;
        }
        throw new IllegalArgumentException(append.append(cls).append(", while ").append(obj).append(" is passed in.").toString());
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        KerberosEndpointInternals.registerDiscoveryBackDoor();
        ERROR_STRINGS = new String[]{"UNSUPPORTABLE_CONSTRAINT_REQUIRED", "NULL_SUBJECT", "NO_CLIENT_PRINCIPAL", "UNSATISFIABLE_CONSTRAINT_REQUIRED"};
    }
}
