package net.jini.jeri.kerberos;

import com.sun.jini.action.GetIntegerAction;
import com.sun.jini.jeri.internal.connection.BasicServerConnManager;
import com.sun.jini.jeri.internal.connection.ServerConnManager;
import com.sun.jini.jeri.internal.runtime.Util;
import com.sun.jini.logging.Levels;
import com.sun.jini.thread.Executor;
import com.sun.jini.thread.GetThreadPoolAction;
import com.sun.security.jgss.GSSUtil;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.net.UnknownHostException;
import java.nio.channels.SocketChannel;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ServerSocketFactory;
import javax.net.SocketFactory;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;
import net.jini.core.constraint.Integrity;
import net.jini.core.constraint.InvocationConstraint;
import net.jini.core.constraint.InvocationConstraints;
import net.jini.io.UnsupportedConstraintException;
import net.jini.jeri.Endpoint;
import net.jini.jeri.RequestDispatcher;
import net.jini.jeri.ServerEndpoint;
import net.jini.jeri.connection.InboundRequestHandle;
import net.jini.jeri.connection.ServerConnection;
import net.jini.jeri.kerberos.KerberosUtil;
import net.jini.security.Security;
import net.jini.security.SecurityContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;

/* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint.class */
public final class KerberosServerEndpoint implements ServerEndpoint {
    private Subject serverSubject;
    private final KerberosUtil.SoftCache softCache;
    private KerberosPrincipal serverPrincipal;
    private String serverHost;
    private final int port;
    private final SocketFactory csf;
    private final ServerSocketFactory ssf;
    private final ServerEndpoint.ListenEndpoint listenEndpoint;
    ServerConnManager serverConnManager = new BasicServerConnManager();
    private static final Logger logger = Logger.getLogger("net.jini.jeri.kerberos.server");
    private static final Executor systemThreadPool = (Executor) Security.doPrivileged(new GetThreadPoolAction(false));
    private static final GSSManager gssManager = GSSManager.getInstance();
    private static final int maxCacheSize = ((Integer) Security.doPrivileged(new GetIntegerAction("com.sun.jini.jeri.kerberos.KerberosServerEndpoint.maxCacheSize", 256))).intValue();
    private static final InvocationConstraints INTEGRITY_REQUIRED_CONSTRAINTS = new InvocationConstraints(Integrity.YES, (InvocationConstraint) null);
    private static final InvocationConstraints INTEGRITY_PREFERRED_CONSTRAINTS = new InvocationConstraints((InvocationConstraint) null, Integrity.YES);

    /* renamed from: net.jini.jeri.kerberos.KerberosServerEndpoint$7, reason: invalid class name */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$7.class */
    class AnonymousClass7 implements PrivilegedExceptionAction {
        private final ConnectionHandler this$1;

        AnonymousClass7(ConnectionHandler connectionHandler) throws Exception {
            this.this$1 = connectionHandler;
        }

        @Override // java.security.PrivilegedExceptionAction
        public Object run() throws Exception {
            try {
                Subject.doAs(this.this$1.this$0.serverSubject, new PrivilegedExceptionAction(this) { // from class: net.jini.jeri.kerberos.KerberosServerEndpoint.8
                    private final AnonymousClass7 this$2;

                    {
                        this.this$2 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws IOException, GSSException {
                        this.this$2.this$1.connection.establishContext();
                        return null;
                    }
                });
                KerberosServerEndpoint.logger.log(Level.FINE, "established GSSContext for {0}", this.this$1.connection);
                return null;
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$ConnectionHandler.class */
    public final class ConnectionHandler implements Runnable {
        private final ServerConnectionImpl connection;
        private final RequestDispatcher dispatcher;
        private final SecurityContext securityContext;
        private final KerberosServerEndpoint this$0;

        ConnectionHandler(KerberosServerEndpoint kerberosServerEndpoint, ServerConnectionImpl serverConnectionImpl, RequestDispatcher requestDispatcher, SecurityContext securityContext) {
            this.this$0 = kerberosServerEndpoint;
            this.connection = serverConnectionImpl;
            this.dispatcher = requestDispatcher;
            this.securityContext = securityContext;
        }

        @Override // java.lang.Runnable
        public void run() {
            Throwable th = null;
            try {
                AccessController.doPrivileged(new AnonymousClass7(this));
                AccessController.doPrivileged(this.securityContext.wrap(new PrivilegedAction(this) { // from class: net.jini.jeri.kerberos.KerberosServerEndpoint.9
                    private final ConnectionHandler this$1;

                    {
                        this.this$1 = this;
                    }

                    @Override // java.security.PrivilegedAction
                    public Object run() {
                        this.this$1.this$0.serverConnManager.handleConnection(this.this$1.connection, this.this$1.dispatcher);
                        return null;
                    }
                }), this.securityContext.getAccessControlContext());
            } catch (PrivilegedActionException e) {
                th = e.getException();
            } catch (Throwable th2) {
                th = th2;
            }
            if (th != null) {
                if (KerberosServerEndpoint.logger.isLoggable(Levels.HANDLED)) {
                    KerberosUtil.logThrow(KerberosServerEndpoint.logger, Levels.HANDLED, getClass(), "run", "connection handling thread {0} throws", new Object[]{this}, th);
                }
                this.connection.close();
            }
        }

        public String toString() {
            return new StringBuffer().append("KerberosServerEndpoint.ConnectionHandler[serverPrincipal=").append(this.this$0.serverPrincipal).append(" localPort=").append(this.connection.sock.getLocalPort()).append(" remotePort=").append(this.connection.sock.getPort()).append("]").toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$ListenCookieImpl.class */
    public final class ListenCookieImpl implements ServerEndpoint.ListenCookie {
        int localPort;
        private final KerberosServerEndpoint this$0;

        ListenCookieImpl(KerberosServerEndpoint kerberosServerEndpoint, int i) {
            this.this$0 = kerberosServerEndpoint;
            this.localPort = i;
        }

        KerberosServerEndpoint getServerEndpoint() {
            return this.this$0;
        }

        int getLocalPort() {
            return this.localPort;
        }
    }

    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$ListenEndpointImpl.class */
    private final class ListenEndpointImpl implements ServerEndpoint.ListenEndpoint {
        private final KerberosServerEndpoint this$0;

        private ListenEndpointImpl(KerberosServerEndpoint kerberosServerEndpoint) {
            this.this$0 = kerberosServerEndpoint;
        }

        @Override // net.jini.jeri.ServerEndpoint.ListenEndpoint
        public void checkPermissions() {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                try {
                    securityManager.checkListen(this.this$0.port);
                    KerberosUtil.checkAuthPermission(this.this$0.serverPrincipal, null, "listen");
                } catch (SecurityException e) {
                    if (KerberosServerEndpoint.logger.isLoggable(Levels.FAILED)) {
                        KerberosUtil.logThrow(KerberosServerEndpoint.logger, Levels.FAILED, getClass(), "checkPermissions", "check permissions for {0}\nthrows", new Object[]{this}, e);
                    }
                    throw e;
                }
            }
        }

        /*  JADX ERROR: JadxRuntimeException in pass: BlockProcessor
            jadx.core.utils.exceptions.JadxRuntimeException: Unreachable block: B:28:0x01ba
            	at jadx.core.dex.visitors.blocks.BlockProcessor.checkForUnreachableBlocks(BlockProcessor.java:88)
            	at jadx.core.dex.visitors.blocks.BlockProcessor.processBlocksTree(BlockProcessor.java:52)
            	at jadx.core.dex.visitors.blocks.BlockProcessor.visit(BlockProcessor.java:44)
            */
        @Override // net.jini.jeri.ServerEndpoint.ListenEndpoint
        public net.jini.jeri.ServerEndpoint.ListenHandle listen(net.jini.jeri.RequestDispatcher r11) throws java.io.IOException {
            /*
                Method dump skipped, instructions count: 478
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.kerberos.KerberosServerEndpoint.ListenEndpointImpl.listen(net.jini.jeri.RequestDispatcher):net.jini.jeri.ServerEndpoint$ListenHandle");
        }

        public int hashCode() {
            int hashCode = ((getClass().getName().hashCode() ^ System.identityHashCode(this.this$0.serverSubject)) ^ this.this$0.serverPrincipal.hashCode()) ^ this.this$0.port;
            if (this.this$0.ssf != null) {
                hashCode ^= this.this$0.ssf.hashCode();
            }
            return hashCode;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof ListenEndpointImpl)) {
                return false;
            }
            KerberosServerEndpoint serverEndpoint = ((ListenEndpointImpl) obj).getServerEndpoint();
            return this.this$0.serverSubject == serverEndpoint.serverSubject && this.this$0.serverPrincipal.equals(serverEndpoint.serverPrincipal) && this.this$0.port == serverEndpoint.port && Util.sameClassAndEquals(this.this$0.ssf, serverEndpoint.ssf);
        }

        public String toString() {
            return new StringBuffer().append("KerberosServerEndpoint.ListenEndpointImpl[serverPrincipal=").append(this.this$0.serverPrincipal).append(" serverPort = ").append(this.this$0.port).append(this.this$0.ssf == null ? "" : new StringBuffer().append(" ssf = ").append(this.this$0.ssf.toString()).toString()).append(this.this$0.csf == null ? "" : new StringBuffer().append(" csf = ").append(this.this$0.csf.toString()).toString()).append("]").toString();
        }

        private KerberosServerEndpoint getServerEndpoint() {
            return this.this$0;
        }

        ListenEndpointImpl(KerberosServerEndpoint kerberosServerEndpoint, AnonymousClass1 anonymousClass1) {
            this(kerberosServerEndpoint);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$ListenHandleImpl.class */
    public final class ListenHandleImpl implements ServerEndpoint.ListenHandle {
        private final RequestDispatcher dispatcher;
        private final SecurityContext securityContext;
        private KerberosKey serverKey;
        final GSSCredential serverCred;
        ListenCookieImpl listenCookie;
        private final ServerSocket serverSocket;
        private final Set connections = new HashSet();
        private final Object lock = new Object();
        private boolean closed = false;
        private long acceptFailureTime = 0;
        private int acceptFailureCount;
        private final KerberosServerEndpoint this$0;

        ListenHandleImpl(KerberosServerEndpoint kerberosServerEndpoint, RequestDispatcher requestDispatcher, KerberosKey kerberosKey, GSSCredential gSSCredential, ServerSocket serverSocket, SecurityContext securityContext) {
            this.this$0 = kerberosServerEndpoint;
            this.dispatcher = requestDispatcher;
            this.serverKey = kerberosKey;
            this.serverCred = gSSCredential;
            this.serverSocket = serverSocket;
            this.securityContext = securityContext;
            this.listenCookie = new ListenCookieImpl(kerberosServerEndpoint, serverSocket.getLocalPort());
        }

        void startAccepting() {
            KerberosServerEndpoint.systemThreadPool.execute(new Runnable(this) { // from class: net.jini.jeri.kerberos.KerberosServerEndpoint.5
                private final ListenHandleImpl this$1;

                {
                    this.this$1 = this;
                }

                @Override // java.lang.Runnable
                public void run() {
                    this.this$1.executeAcceptLoop();
                }
            }, new StringBuffer().append(toString()).append(" accept loop").toString());
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* JADX WARN: Code restructure failed: missing block: B:11:0x0069, code lost:
        
            net.jini.jeri.kerberos.KerberosServerEndpoint.logger.log(java.util.logging.Level.FINE, "{0} accepted", r0);
            r0 = new net.jini.jeri.kerberos.KerberosServerEndpoint.ConnectionHandler(r10.this$0, r0, r10.dispatcher, r10.securityContext);
            net.jini.jeri.kerberos.KerberosServerEndpoint.systemThreadPool.execute(r0, r0.toString());
         */
        /* JADX WARN: Code restructure failed: missing block: B:12:0x009d, code lost:
        
            if (1 != 0) goto L143;
         */
        /* JADX WARN: Code restructure failed: missing block: B:15:0x00a1, code lost:
        
            if (r0 == null) goto L135;
         */
        /* JADX WARN: Code restructure failed: missing block: B:18:0x00ac, code lost:
        
            if (r0 == null) goto L144;
         */
        /* JADX WARN: Code restructure failed: missing block: B:20:0x00af, code lost:
        
            r0.close();
         */
        /* JADX WARN: Code restructure failed: missing block: B:28:0x00a4, code lost:
        
            r0.close();
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public void executeAcceptLoop() {
            /*
                Method dump skipped, instructions count: 445
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: net.jini.jeri.kerberos.KerberosServerEndpoint.ListenHandleImpl.executeAcceptLoop():void");
        }

        @Override // net.jini.jeri.ServerEndpoint.ListenHandle
        public ServerEndpoint.ListenCookie getCookie() {
            return this.listenCookie;
        }

        @Override // net.jini.jeri.ServerEndpoint.ListenHandle
        public void close() {
            synchronized (this.lock) {
                if (this.closed) {
                    return;
                }
                this.closed = true;
                Iterator it = this.connections.iterator();
                while (it.hasNext()) {
                    ((ServerConnectionImpl) it.next()).close();
                }
                this.connections.clear();
                try {
                    this.serverSocket.close();
                } catch (IOException e) {
                }
                try {
                    this.serverCred.dispose();
                } catch (GSSException e2) {
                }
                KerberosServerEndpoint.logger.log(Level.FINE, "Listen operation {0} has been closed", this);
            }
        }

        public String toString() {
            return new StringBuffer().append("KerberosServerEndpoint.ListenHandleImpl[serverPrincipal=").append(this.this$0.serverPrincipal).append(" portListening = ").append(this.serverSocket.getLocalPort()).append(this.this$0.ssf == null ? "" : new StringBuffer().append(" ssf = ").append(this.this$0.ssf.toString()).toString()).append(this.this$0.csf == null ? "" : new StringBuffer().append(" csf = ").append(this.this$0.csf.toString()).toString()).append("]").toString();
        }

        void remove(ServerConnectionImpl serverConnectionImpl) {
            synchronized (this.lock) {
                if (!this.closed) {
                    this.connections.remove(serverConnectionImpl);
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public boolean checkKey() {
            if (this.serverKey.isDestroyed()) {
                return false;
            }
            return ((Boolean) AccessController.doPrivileged(new PrivilegedAction(this) { // from class: net.jini.jeri.kerberos.KerberosServerEndpoint.6
                private final ListenHandleImpl this$1;

                {
                    this.this$1 = this;
                }

                @Override // java.security.PrivilegedAction
                public Object run() {
                    Set<Object> privateCredentials = this.this$1.this$0.serverSubject.getPrivateCredentials();
                    synchronized (privateCredentials) {
                        Iterator<Object> it = privateCredentials.iterator();
                        while (it.hasNext()) {
                            if (this.this$1.serverKey == it.next()) {
                                return Boolean.TRUE;
                            }
                        }
                        return Boolean.FALSE;
                    }
                }
            })).booleanValue();
        }

        private boolean continueAfterAcceptFailure(Throwable th) {
            long currentTimeMillis = System.currentTimeMillis();
            if (this.acceptFailureTime == 0 || currentTimeMillis - this.acceptFailureTime > 5000) {
                this.acceptFailureTime = currentTimeMillis;
                this.acceptFailureCount = 0;
                return true;
            }
            this.acceptFailureCount++;
            if (this.acceptFailureCount < 10) {
                return true;
            }
            try {
                Thread.sleep(10000L);
                return true;
            } catch (InterruptedException e) {
                return true;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$ServerConnectionImpl.class */
    public final class ServerConnectionImpl extends KerberosUtil.Connection implements ServerConnection {
        private final ListenHandleImpl listenHandle;
        private GSSCredential clientCred;
        private Subject clientSubject;
        private InputStream istream;
        private OutputStream ostream;
        private InboundRequestHandleImpl handleWithEncryption;
        private InboundRequestHandleImpl handleWithoutEncryption;
        private final Object lock;
        private boolean closed;
        private final KerberosServerEndpoint this$0;

        /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$ServerConnectionImpl$CacheKey.class */
        private final class CacheKey {
            private final InboundRequestHandleImpl handle;
            private final InvocationConstraints constraints;
            private final ServerConnectionImpl this$1;

            CacheKey(ServerConnectionImpl serverConnectionImpl, InboundRequestHandleImpl inboundRequestHandleImpl, InvocationConstraints invocationConstraints) {
                this.this$1 = serverConnectionImpl;
                this.handle = inboundRequestHandleImpl;
                this.constraints = invocationConstraints;
            }

            public int hashCode() {
                return this.handle.hashCode() ^ System.identityHashCode(this.constraints);
            }

            public boolean equals(Object obj) {
                if (obj == this) {
                    return true;
                }
                if (!(obj instanceof CacheKey)) {
                    return false;
                }
                CacheKey cacheKey = (CacheKey) obj;
                return this.handle == cacheKey.handle && this.constraints == cacheKey.constraints;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:net/jini/jeri/kerberos/KerberosServerEndpoint$ServerConnectionImpl$InboundRequestHandleImpl.class */
        public final class InboundRequestHandleImpl implements InboundRequestHandle {
            final KerberosUtil.Config config;
            private final ServerConnectionImpl this$1;

            InboundRequestHandleImpl(ServerConnectionImpl serverConnectionImpl, boolean z) {
                this.this$1 = serverConnectionImpl;
                this.config = new KerberosUtil.Config(serverConnectionImpl.clientPrincipal, serverConnectionImpl.this$0.serverPrincipal, z, serverConnectionImpl.doDelegation);
            }
        }

        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
        ServerConnectionImpl(KerberosServerEndpoint kerberosServerEndpoint, Socket socket, ListenHandleImpl listenHandleImpl) throws IOException {
            super(socket);
            this.this$0 = kerberosServerEndpoint;
            this.lock = new Object();
            this.listenHandle = listenHandleImpl;
            this.connectionLogger = KerberosServerEndpoint.logger;
            try {
                socket.setTcpNoDelay(true);
            } catch (SocketException e) {
                if (KerberosServerEndpoint.logger.isLoggable(Levels.HANDLED)) {
                    KerberosUtil.logThrow(KerberosServerEndpoint.logger, Levels.HANDLED, getClass(), "constructor", "failed to setTcpNoDelay option for {0}", new Object[]{socket}, e);
                }
            }
            try {
                socket.setKeepAlive(true);
            } catch (SocketException e2) {
                if (KerberosServerEndpoint.logger.isLoggable(Levels.HANDLED)) {
                    KerberosUtil.logThrow(KerberosServerEndpoint.logger, Levels.HANDLED, getClass(), "constructor", "failed to setKeepAlive option for {0}", new Object[]{socket}, e2);
                }
            }
            this.istream = new KerberosUtil.ConnectionInputStream(this);
            this.ostream = new KerberosUtil.ConnectionOutputStream(this);
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public InputStream getInputStream() throws IOException {
            return this.istream;
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public OutputStream getOutputStream() throws IOException {
            return this.ostream;
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public SocketChannel getChannel() {
            return null;
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public InboundRequestHandle processRequestData(InputStream inputStream, OutputStream outputStream) throws IOException {
            try {
                if (this.clientCred != null) {
                    try {
                        if (this.clientCred.getRemainingLifetime() <= 0) {
                            close();
                            throw new SecurityException("Delegated client credential expired.");
                        }
                    } catch (GSSException e) {
                        close();
                        SecurityException securityException = new SecurityException("Failed to getRemainingLifetime from the delegated client credential.");
                        securityException.initCause(e);
                        throw securityException;
                    }
                }
                if (!this.this$0.serverSubject.getPrincipals().contains(this.this$0.serverPrincipal)) {
                    throw new SecurityException(new StringBuffer().append("serverSubject no longer contains serverPrincipal: ").append(this.this$0.serverPrincipal).append(", failing the connection...").toString());
                }
                if (this.listenHandle.checkKey()) {
                    return this.doEncryption ? this.handleWithEncryption : this.handleWithoutEncryption;
                }
                throw new SecurityException("serverSubject no longer contains the server key or the server key has been destroyed, failing the connection...");
            } catch (SecurityException e2) {
                if (KerberosServerEndpoint.logger.isLoggable(Levels.FAILED)) {
                    KerberosUtil.logThrow(KerberosServerEndpoint.logger, Levels.FAILED, getClass(), "processRequestData", "connection {0} throws", new Object[]{this}, e2);
                }
                close();
                throw e2;
            }
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public void checkPermissions(InboundRequestHandle inboundRequestHandle) {
            checkRequestHandle(inboundRequestHandle);
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkAccept(this.peerHost, this.peerPort);
                KerberosUtil.checkAuthPermission(this.this$0.serverPrincipal, this.clientPrincipal, "accept");
            }
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public InvocationConstraints checkConstraints(InboundRequestHandle inboundRequestHandle, InvocationConstraints invocationConstraints) throws UnsupportedConstraintException {
            InboundRequestHandleImpl checkRequestHandle = checkRequestHandle(inboundRequestHandle);
            if (invocationConstraints == null) {
                throw new NullPointerException("constraints can not be null");
            }
            CacheKey cacheKey = new CacheKey(this, checkRequestHandle, invocationConstraints);
            Object obj = this.this$0.softCache.get(cacheKey);
            if (obj != null) {
                if (obj instanceof UnsupportedConstraintException) {
                    throw ((UnsupportedConstraintException) obj);
                }
                return (InvocationConstraints) obj;
            }
            for (InvocationConstraint invocationConstraint : invocationConstraints.requirements()) {
                try {
                    if (!KerberosUtil.isSupportableConstraint(invocationConstraint)) {
                        UnsupportedConstraintException unsupportedConstraintException = new UnsupportedConstraintException(new StringBuffer().append("A constraint unsupportable by this endpoint has been required: ").append(invocationConstraint).toString());
                        this.this$0.softCache.put(cacheKey, unsupportedConstraintException);
                        throw unsupportedConstraintException;
                    }
                    if (!KerberosUtil.isSatisfiable(checkRequestHandle.config, invocationConstraint)) {
                        UnsupportedConstraintException unsupportedConstraintException2 = new UnsupportedConstraintException(new StringBuffer().append("A required constraint (").append(invocationConstraint).append(") is not ").append("satisfied by this connection: ").append(this).toString());
                        this.this$0.softCache.put(cacheKey, unsupportedConstraintException2);
                        throw unsupportedConstraintException2;
                    }
                } catch (UnsupportedConstraintException e) {
                    if (KerberosServerEndpoint.logger.isLoggable(Levels.FAILED)) {
                        KerberosUtil.logThrow(KerberosServerEndpoint.logger, Levels.FAILED, getClass(), "checkConstraints", "connection {0}\ndoes not satisfies {1},\nthrows", new Object[]{this, invocationConstraints}, e);
                    }
                    throw e;
                }
            }
            InvocationConstraints invocationConstraints2 = InvocationConstraints.EMPTY;
            if (KerberosUtil.containsConstraint(invocationConstraints.requirements(), Integrity.YES)) {
                invocationConstraints2 = KerberosUtil.INTEGRITY_REQUIRED_CONSTRAINTS;
            } else if (KerberosUtil.containsConstraint(invocationConstraints.preferences(), Integrity.YES)) {
                invocationConstraints2 = KerberosUtil.INTEGRITY_PREFERRED_CONSTRAINTS;
            }
            this.this$0.softCache.put(cacheKey, invocationConstraints2);
            return invocationConstraints2;
        }

        @Override // net.jini.jeri.connection.ServerConnection
        public void populateContext(InboundRequestHandle inboundRequestHandle, Collection collection) {
            checkRequestHandle(inboundRequestHandle);
            Util.populateContext(collection, this.sock.getInetAddress());
            Util.populateContext(collection, this.clientSubject);
        }

        @Override // net.jini.jeri.kerberos.KerberosUtil.Connection, net.jini.jeri.connection.ServerConnection
        public void close() {
            synchronized (this.lock) {
                if (this.closed) {
                    return;
                }
                this.closed = true;
                this.listenHandle.remove(this);
                super.close();
            }
        }

        public String toString() {
            StringBuffer stringBuffer = new StringBuffer("KerberosServerEndpoint.ServerConnectionImpl[");
            stringBuffer.append(new StringBuffer().append("clientPrincipal=").append(this.clientPrincipal).toString());
            stringBuffer.append(new StringBuffer().append(" serverPrincipal=").append(this.this$0.serverPrincipal).toString());
            stringBuffer.append(new StringBuffer().append(" doEncryption=").append(this.doEncryption).toString());
            stringBuffer.append(new StringBuffer().append(" doDelegation=").append(this.doDelegation).toString());
            stringBuffer.append(new StringBuffer().append(" client=").append(this.sock.getInetAddress().getHostName()).toString());
            stringBuffer.append(new StringBuffer().append(":").append(this.sock.getPort()).toString());
            stringBuffer.append(new StringBuffer().append(" server=").append(this.sock.getLocalAddress().getHostName()).toString());
            stringBuffer.append(new StringBuffer().append(":").append(this.sock.getLocalPort()).toString());
            stringBuffer.append(']');
            return stringBuffer.toString();
        }

        void establishContext() throws IOException, GSSException {
            this.gssContext = KerberosServerEndpoint.gssManager.createContext(this.listenHandle.serverCred);
            while (!this.gssContext.isEstablished()) {
                byte[] bArr = new byte[this.dis.readInt()];
                this.dis.readFully(bArr);
                byte[] acceptSecContext = this.gssContext.acceptSecContext(bArr, 0, bArr.length);
                if (acceptSecContext != null) {
                    this.dos.writeInt(acceptSecContext.length);
                    this.dos.write(acceptSecContext);
                    this.dos.flush();
                }
            }
            if (!this.gssContext.getIntegState()) {
                throw new IOException("Established GSSContext does not support integrity.");
            }
            this.doEncryption = this.gssContext.getConfState();
            this.doDelegation = this.gssContext.getCredDelegState();
            GSSName srcName = this.gssContext.getSrcName();
            this.clientPrincipal = new KerberosPrincipal(srcName.toString());
            if (this.gssContext.getCredDelegState()) {
                this.clientCred = this.gssContext.getDelegCred();
            }
            this.clientSubject = GSSUtil.createSubject(srcName, this.clientCred);
            this.clientSubject.setReadOnly();
            this.handleWithEncryption = new InboundRequestHandleImpl(this, true);
            this.handleWithoutEncryption = new InboundRequestHandleImpl(this, false);
        }

        private InboundRequestHandleImpl checkRequestHandle(Object obj) {
            if (obj == this.handleWithEncryption || obj == this.handleWithoutEncryption) {
                return (InboundRequestHandleImpl) obj;
            }
            throw new IllegalArgumentException(new StringBuffer().append("Unknown InboundRequestHandle: ").append(obj).toString());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r18v1, types: [java.lang.Exception] */
    private KerberosServerEndpoint(Subject subject, KerberosPrincipal kerberosPrincipal, String str, int i, SocketFactory socketFactory, ServerSocketFactory serverSocketFactory) throws UnsupportedConstraintException {
        boolean z = subject == null;
        boolean z2 = kerberosPrincipal == null;
        subject = z ? (Subject) AccessController.doPrivileged(new PrivilegedAction(this, AccessController.getContext()) { // from class: net.jini.jeri.kerberos.KerberosServerEndpoint.1
            private final AccessControlContext val$acc;
            private final KerberosServerEndpoint this$0;

            {
                this.this$0 = this;
                this.val$acc = r5;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                return Subject.getSubject(this.val$acc);
            }
        }) : subject;
        UnsupportedConstraintException unsupportedConstraintException = null;
        if (z2) {
            if (subject == null) {
                unsupportedConstraintException = new UnsupportedConstraintException("Forgot JAAS login?  Using default serverSubject but no subject is associated with the current access control context.");
            } else {
                try {
                    kerberosPrincipal = findServerPrincipal(subject);
                } catch (Exception e) {
                    unsupportedConstraintException = e;
                }
            }
        } else if (z) {
            try {
                KerberosUtil.checkAuthPermission(kerberosPrincipal, null, "listen");
                if (subject == null) {
                    unsupportedConstraintException = new UnsupportedConstraintException("Forgot JAAS login?  Using default serverSubject but no subject is associated with the current access control context.");
                }
            } catch (SecurityException e2) {
                subject = null;
            }
        }
        if (unsupportedConstraintException != null) {
            if (logger.isLoggable(Levels.FAILED)) {
                KerberosUtil.logThrow(logger, Levels.FAILED, getClass(), "constructor", "construction failed", null, unsupportedConstraintException);
            }
            KerberosUtil.secureThrow(unsupportedConstraintException, new UnsupportedConstraintException("Either the caller has not been granted the right AuthenticationPermission, or there is no default server subject (<code>Subject.getSubject(AccessController.getContext())</code> returns <code>null</code>), or no appropriate Kerberos principal and its corresponding key can be found in the current subject."));
        }
        this.serverSubject = subject;
        this.serverPrincipal = kerberosPrincipal;
        if (i < 0 || i > 65535) {
            throw new IllegalArgumentException(new StringBuffer().append("port number out of range 0-65535: port = ").append(i).toString());
        }
        this.serverHost = str;
        this.port = i;
        this.csf = socketFactory;
        this.ssf = serverSocketFactory;
        this.softCache = new KerberosUtil.SoftCache(maxCacheSize);
        this.listenEndpoint = new ListenEndpointImpl(this, null);
        logger.log(Level.FINE, "created {0}", this);
    }

    public static KerberosServerEndpoint getInstance(int i) throws UnsupportedConstraintException {
        return new KerberosServerEndpoint(null, null, null, i, null, null);
    }

    public static KerberosServerEndpoint getInstance(String str, int i) throws UnsupportedConstraintException {
        return new KerberosServerEndpoint(null, null, str, i, null, null);
    }

    public static KerberosServerEndpoint getInstance(String str, int i, SocketFactory socketFactory, ServerSocketFactory serverSocketFactory) throws UnsupportedConstraintException {
        return new KerberosServerEndpoint(null, null, str, i, socketFactory, serverSocketFactory);
    }

    public static KerberosServerEndpoint getInstance(Subject subject, KerberosPrincipal kerberosPrincipal, String str, int i) throws UnsupportedConstraintException {
        return new KerberosServerEndpoint(subject, kerberosPrincipal, str, i, null, null);
    }

    public static KerberosServerEndpoint getInstance(Subject subject, KerberosPrincipal kerberosPrincipal, String str, int i, SocketFactory socketFactory, ServerSocketFactory serverSocketFactory) throws UnsupportedConstraintException {
        return new KerberosServerEndpoint(subject, kerberosPrincipal, str, i, socketFactory, serverSocketFactory);
    }

    public String getHost() {
        return this.serverHost;
    }

    public int getPort() {
        return this.port;
    }

    public KerberosPrincipal getPrincipal() {
        return this.serverPrincipal;
    }

    public SocketFactory getSocketFactory() {
        return this.csf;
    }

    public ServerSocketFactory getServerSocketFactory() {
        return this.ssf;
    }

    @Override // net.jini.jeri.ServerCapabilities
    public InvocationConstraints checkConstraints(InvocationConstraints invocationConstraints) throws UnsupportedConstraintException {
        if (invocationConstraints == null) {
            throw new NullPointerException();
        }
        try {
            for (InvocationConstraint invocationConstraint : invocationConstraints.requirements()) {
                if (!KerberosUtil.isSupportableConstraint(invocationConstraint)) {
                    throw new UnsupportedConstraintException(new StringBuffer().append("A constraint unsupportable by this endpoint has been required: ").append(invocationConstraint).toString());
                }
            }
            if (getKey(this.serverSubject, this.serverPrincipal) == null) {
                throw new UnsupportedConstraintException(new StringBuffer().append("Failed to find a valid Kerberos key corresponding to serverPrincipal (").append(this.serverPrincipal).append(") in serverSubject.").toString());
            }
            HashSet hashSet = new HashSet();
            Iterator it = invocationConstraints.requirements().iterator();
            while (it.hasNext()) {
                if (!KerberosUtil.collectCpCandidates((InvocationConstraint) it.next(), hashSet)) {
                    throw new UnsupportedConstraintException(new StringBuffer().append("Client principal constraint related conflicts found in the given set of constraints: ").append(invocationConstraints).toString());
                }
            }
            if (hashSet.size() == 0) {
                hashSet.add(new KerberosPrincipal("anyone"));
            }
            boolean z = false;
            KerberosUtil.ConfigIter configIter = new KerberosUtil.ConfigIter(hashSet, this.serverPrincipal, true);
            loop2: while (true) {
                if (!configIter.hasNext()) {
                    break;
                }
                KerberosUtil.Config next = configIter.next();
                Iterator it2 = invocationConstraints.requirements().iterator();
                while (it2.hasNext()) {
                    if (!KerberosUtil.isSatisfiable(next, (InvocationConstraint) it2.next())) {
                        break;
                    }
                }
                z = true;
                break loop2;
            }
            if (!z) {
                throw new UnsupportedConstraintException(new StringBuffer().append("Conflicts found in the given set of constraints: ").append(invocationConstraints).toString());
            }
            InvocationConstraints invocationConstraints2 = InvocationConstraints.EMPTY;
            if (KerberosUtil.containsConstraint(invocationConstraints.requirements(), Integrity.YES)) {
                invocationConstraints2 = KerberosUtil.INTEGRITY_REQUIRED_CONSTRAINTS;
            } else if (KerberosUtil.containsConstraint(invocationConstraints.preferences(), Integrity.YES)) {
                invocationConstraints2 = KerberosUtil.INTEGRITY_PREFERRED_CONSTRAINTS;
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "checkConstraints() has determined that this endpoint can support the given constraints:\n{0}.\nWhile assistances are needed from upper layers to satisfy constraints:\n{1}", new Object[]{invocationConstraints, invocationConstraints2});
            }
            return invocationConstraints2;
        } catch (SecurityException e) {
            if (logger.isLoggable(Levels.FAILED)) {
                KerberosUtil.logThrow(logger, Levels.FAILED, getClass(), "checkConstraints", "check constraints for {0}\nwith {1}\nthrows", new Object[]{this, invocationConstraints}, e);
            }
            throw e;
        } catch (UnsupportedConstraintException e2) {
            if (logger.isLoggable(Levels.FAILED)) {
                KerberosUtil.logThrow(logger, Levels.FAILED, getClass(), "checkConstraints", "check constraints for {0}\nwith {1}\nthrows", new Object[]{this, invocationConstraints}, e2);
            }
            throw e2;
        }
    }

    @Override // net.jini.jeri.ServerEndpoint
    public Endpoint enumerateListenEndpoints(ServerEndpoint.ListenContext listenContext) throws IOException {
        if (this.serverHost == null) {
            try {
                InetAddress inetAddress = (InetAddress) AccessController.doPrivileged(new PrivilegedExceptionAction(this) { // from class: net.jini.jeri.kerberos.KerberosServerEndpoint.2
                    private final KerberosServerEndpoint this$0;

                    {
                        this.this$0 = this;
                    }

                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws UnknownHostException {
                        return InetAddress.getLocalHost();
                    }
                });
                SecurityManager securityManager = System.getSecurityManager();
                if (securityManager != null) {
                    try {
                        securityManager.checkConnect(inetAddress.getHostName(), -1);
                    } catch (SecurityException e) {
                        SecurityException securityException = new SecurityException("Access to resolve local host denied");
                        if (logger.isLoggable(Levels.FAILED)) {
                            KerberosUtil.logThrow(logger, Levels.FAILED, getClass(), "enumerateListenEndpoints", "caller does not have permission to resolve local host", null, securityException);
                        }
                        throw securityException;
                    }
                }
                this.serverHost = inetAddress.getHostAddress();
            } catch (PrivilegedActionException e2) {
                UnknownHostException unknownHostException = (UnknownHostException) e2.getCause();
                if (logger.isLoggable(Levels.FAILED)) {
                    KerberosUtil.logThrow(logger, Levels.FAILED, getClass(), "enumerateListenEndpoints", "InetAddress.getLocalHost() throws", null, unknownHostException);
                }
                throw unknownHostException;
            }
        }
        return KerberosEndpoint.getInstance(this.serverHost, checkListenCookie(listenContext.addListenEndpoint(this.listenEndpoint)).getLocalPort(), this.serverPrincipal, this.csf);
    }

    public int hashCode() {
        return (((((getClass().getName().hashCode() ^ System.identityHashCode(this.serverSubject)) ^ this.serverPrincipal.hashCode()) ^ (this.serverHost != null ? this.serverHost.hashCode() : 0)) ^ this.port) ^ (this.ssf != null ? this.ssf.hashCode() : 0)) ^ (this.csf != null ? this.csf.hashCode() : 0);
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof KerberosServerEndpoint)) {
            return false;
        }
        KerberosServerEndpoint kerberosServerEndpoint = (KerberosServerEndpoint) obj;
        return this.serverSubject == kerberosServerEndpoint.serverSubject && this.serverPrincipal.equals(kerberosServerEndpoint.serverPrincipal) && Util.equals(this.serverHost, kerberosServerEndpoint.serverHost) && this.port == kerberosServerEndpoint.port && Util.sameClassAndEquals(this.csf, kerberosServerEndpoint.csf) && Util.sameClassAndEquals(this.ssf, kerberosServerEndpoint.ssf);
    }

    public String toString() {
        return new StringBuffer().append("KerberosServerEndpoint[serverPrincipal=").append(this.serverPrincipal).append(" serverHost= ").append(this.serverHost).append(" serverPort= ").append(this.port).append(this.ssf == null ? "" : new StringBuffer().append(" ssf = ").append(this.ssf.toString()).toString()).append(this.csf == null ? "" : new StringBuffer().append(" csf = ").append(this.csf.toString()).toString()).append("]").toString();
    }

    private static KerberosPrincipal findServerPrincipal(Subject subject) throws UnsupportedConstraintException {
        Set<Principal> principals = subject.getPrincipals();
        HashSet<KerberosPrincipal> hashSet = new HashSet(principals.size());
        synchronized (principals) {
            for (Principal principal : principals) {
                if (principal instanceof KerberosPrincipal) {
                    hashSet.add(principal);
                }
            }
        }
        if (hashSet.isEmpty()) {
            throw new UnsupportedConstraintException("No KerberosPrincipal found in the serverSubject.");
        }
        boolean z = false;
        for (KerberosPrincipal kerberosPrincipal : hashSet) {
            if (getKey(subject, kerberosPrincipal) != null) {
                return kerberosPrincipal;
            }
            z = true;
        }
        if (z) {
            throw new UnsupportedConstraintException("Cannot find any Kerberos key in the serverSubject corresponding to one of its principals.");
        }
        throw new SecurityException("Caller does not have AuthenticationPermission to access Kerberos keys of any principal in the serverSubject.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static KerberosKey getKey(Subject subject, KerberosPrincipal kerberosPrincipal) {
        KerberosUtil.checkAuthPermission(kerberosPrincipal, null, "listen");
        if (subject == null) {
            return null;
        }
        return (KerberosKey) AccessController.doPrivileged(new PrivilegedAction(subject, kerberosPrincipal) { // from class: net.jini.jeri.kerberos.KerberosServerEndpoint.3
            private final Subject val$subject;
            private final KerberosPrincipal val$principal;

            {
                this.val$subject = subject;
                this.val$principal = kerberosPrincipal;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                Set<Object> privateCredentials = this.val$subject.getPrivateCredentials();
                synchronized (privateCredentials) {
                    for (Object obj : privateCredentials) {
                        if (obj instanceof KerberosKey) {
                            KerberosKey kerberosKey = (KerberosKey) obj;
                            if (!kerberosKey.isDestroyed() && kerberosKey.getPrincipal().equals(this.val$principal)) {
                                return kerberosKey;
                            }
                        }
                    }
                    return null;
                }
            }
        });
    }

    private ListenCookieImpl checkListenCookie(Object obj) {
        if (!(obj instanceof ListenCookieImpl)) {
            throw new IllegalArgumentException(new StringBuffer().append("Cookie with unexpected type: ").append(obj).toString());
        }
        ListenCookieImpl listenCookieImpl = (ListenCookieImpl) obj;
        if (equals(listenCookieImpl.getServerEndpoint())) {
            return listenCookieImpl;
        }
        throw new IllegalArgumentException(new StringBuffer().append("Server endpoint mis-match, enclosing sep is:\n").append(this).append("\nwhile cookie's enclosing sep is:\n").append(listenCookieImpl.getServerEndpoint()).toString());
    }

    static int access$100(KerberosServerEndpoint kerberosServerEndpoint) {
        return kerberosServerEndpoint.port;
    }

    static KerberosPrincipal access$200(KerberosServerEndpoint kerberosServerEndpoint) {
        return kerberosServerEndpoint.serverPrincipal;
    }

    static Logger access$300() {
        return logger;
    }

    static Subject access$400(KerberosServerEndpoint kerberosServerEndpoint) {
        return kerberosServerEndpoint.serverSubject;
    }

    static KerberosKey access$500(Subject subject, KerberosPrincipal kerberosPrincipal) {
        return getKey(subject, kerberosPrincipal);
    }

    static ServerSocketFactory access$800(KerberosServerEndpoint kerberosServerEndpoint) {
        return kerberosServerEndpoint.ssf;
    }
}
