package sun.security.ssl;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import sun.security.util.SecurityConstants;

/* loaded from: input_file:jvmlibs.zip:jsse.jar:sun/security/ssl/Krb5Authentication.class */
enum Krb5Authentication implements SSLAuthentication {
    KRB5("KRB5", new Krb5PossessionGenerator());

    final String keyType;
    final SSLPossessionGenerator possessionGenerator;

    /* loaded from: input_file:jvmlibs.zip:jsse.jar:sun/security/ssl/Krb5Authentication$Krb5Possession.class */
    static final class Krb5Possession implements SSLPossession {
        final Object serviceCreds;

        Krb5Possession(Object obj) {
            this.serviceCreds = obj;
        }
    }

    /* loaded from: input_file:jvmlibs.zip:jsse.jar:sun/security/ssl/Krb5Authentication$Krb5PossessionGenerator.class */
    private static final class Krb5PossessionGenerator implements SSLPossessionGenerator {
        private Krb5PossessionGenerator() {
        }

        @Override // sun.security.ssl.SSLPossessionGenerator
        public SSLPossession createPossession(HandshakeContext handshakeContext) {
            if (handshakeContext.sslConfig.isClientMode) {
                return null;
            }
            Object obj = Krb5Authentication.setupKerberosKeys((ServerHandshakeContext) handshakeContext);
            if (obj == null) {
                return null;
            }
            return new Krb5Possession(obj);
        }
    }

    Krb5Authentication(String str, SSLPossessionGenerator sSLPossessionGenerator) {
        this.keyType = str;
        this.possessionGenerator = sSLPossessionGenerator;
    }

    @Override // sun.security.ssl.SSLPossessionGenerator
    public SSLPossession createPossession(HandshakeContext handshakeContext) {
        return this.possessionGenerator.createPossession(handshakeContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Object setupKerberosKeys(ServerHandshakeContext serverHandshakeContext) {
        try {
            final AccessControlContext accessControlContext = serverHandshakeContext.conContext.acc;
            Object doPrivileged = AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: sun.security.ssl.Krb5Authentication.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    return Krb5Helper.getServiceCreds(AccessControlContext.this);
                }
            });
            if (doPrivileged != null) {
                if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
                    SSLLogger.fine("Using Kerberos creds", new Object[0]);
                }
                String serverPrincipalName = Krb5Helper.getServerPrincipalName(doPrivileged);
                if (serverPrincipalName != null) {
                    SecurityManager securityManager = System.getSecurityManager();
                    if (securityManager != null) {
                        try {
                            securityManager.checkPermission(Krb5Helper.getServicePermission(serverPrincipalName, SecurityConstants.SOCKET_ACCEPT_ACTION), accessControlContext);
                        } catch (SecurityException e) {
                            doPrivileged = null;
                            if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
                                SSLLogger.fine("Permission to access Kerberos secret key denied", new Object[0]);
                            }
                        }
                    }
                }
            } else if (SSLLogger.isOn && SSLLogger.isOn("handshake")) {
                SSLLogger.fine("No Kerberos creds obtained", new Object[0]);
            }
            return doPrivileged;
        } catch (PrivilegedActionException e2) {
            if (!SSLLogger.isOn || !SSLLogger.isOn("handshake")) {
                return null;
            }
            SSLLogger.fine("Attempt to obtain Kerberos key failed: " + e2.toString(), new Object[0]);
            return null;
        }
    }
}
