package com.zimbra.cs.security.kerberos;

import com.zimbra.cs.index.query.parser.ParserConstants;
import com.zimbra.cs.mailbox.Metadata;
import java.io.EOFException;
import java.io.File;
import java.io.IOException;
import java.io.PrintStream;
import java.io.RandomAccessFile;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.channels.FileChannel;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.kerberos.KerberosPrincipal;

/* loaded from: input_file:com/zimbra/cs/security/kerberos/Krb5Keytab.class */
public class Krb5Keytab {
    private final File file;
    private final Map<KerberosPrincipal, List<KerberosKey>> keyMap = new HashMap();
    private long lastModified;
    private int version;
    private static final int VERSION_1 = 1281;
    private static final int VERSION_2 = 1282;
    private static Map<File, Krb5Keytab> keytabs = new HashMap();

    public static synchronized Krb5Keytab getInstance(String str) throws IOException {
        File canonicalFile = new File(str).getCanonicalFile();
        Krb5Keytab krb5Keytab = keytabs.get(canonicalFile);
        if (krb5Keytab == null) {
            krb5Keytab = new Krb5Keytab(canonicalFile);
            keytabs.put(canonicalFile, krb5Keytab);
        }
        return krb5Keytab;
    }

    public static Krb5Keytab getInstance(File file) throws IOException {
        return getInstance(file.getPath());
    }

    private Krb5Keytab(File file) throws IOException {
        this.file = file;
        loadKeytab();
    }

    public synchronized List<KerberosKey> getKeys(KerberosPrincipal kerberosPrincipal) throws IOException {
        checkLastModified();
        List<KerberosKey> list = this.keyMap.get(kerberosPrincipal);
        if (list != null) {
            return Collections.unmodifiableList(list);
        }
        return null;
    }

    public File getFile() {
        return this.file;
    }

    private void checkLastModified() throws IOException {
        if (this.file.lastModified() != this.lastModified) {
            loadKeytab();
        }
    }

    private void loadKeytab() throws IOException {
        RandomAccessFile randomAccessFile = new RandomAccessFile(this.file, Metadata.FN_RAW_SUBJ);
        try {
            this.lastModified = this.file.lastModified();
            this.version = readVersion(randomAccessFile);
            if (this.version != VERSION_1 && this.version != VERSION_2) {
                throw formatError("Unsupported file format version 0x" + Integer.toHexString(this.version));
            }
            this.keyMap.clear();
            FileChannel channel = randomAccessFile.getChannel();
            while (channel.position() < channel.size()) {
                readEntry(channel);
            }
        } finally {
            randomAccessFile.close();
        }
    }

    private static int readVersion(RandomAccessFile randomAccessFile) throws IOException {
        return (randomAccessFile.readUnsignedByte() << 8) | randomAccessFile.readUnsignedByte();
    }

    private void readEntry(FileChannel fileChannel) throws IOException {
        int readInt = readInt(fileChannel);
        if (readInt < 0) {
            long position = fileChannel.position() + (-readInt);
            if (position >= fileChannel.size()) {
                throw new EOFException();
            }
            fileChannel.position(position);
            return;
        }
        ByteBuffer readBytes = readBytes(fileChannel, readInt);
        try {
            KerberosPrincipal principal = getPrincipal(readBytes);
            addKey(principal, getKey(readBytes, principal));
        } catch (ArrayIndexOutOfBoundsException e) {
            throw formatError("Invalid entry size " + readInt);
        }
    }

    private KerberosPrincipal getPrincipal(ByteBuffer byteBuffer) throws IOException {
        int i = byteBuffer.getShort() & 65535;
        if (this.version == VERSION_1) {
            i--;
        }
        if (i < 1) {
            throw formatError("Invalid component count (" + i + ")");
        }
        String string = getString(byteBuffer);
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i - 1; i2++) {
            sb.append(getString(byteBuffer)).append('/');
        }
        sb.append(getString(byteBuffer)).append('@').append(string);
        String sb2 = sb.toString();
        int i3 = this.version == VERSION_1 ? 1 : byteBuffer.getInt();
        byteBuffer.getInt();
        return new KerberosPrincipal(sb2, i3);
    }

    private KerberosKey getKey(ByteBuffer byteBuffer, KerberosPrincipal kerberosPrincipal) {
        int i = byteBuffer.get() & 255;
        int i2 = byteBuffer.getShort() & 65535;
        byte[] bytes = getBytes(byteBuffer);
        if (byteBuffer.remaining() >= 4) {
            i = byteBuffer.getInt();
        }
        return new KerberosKey(kerberosPrincipal, bytes, i2, i);
    }

    private void addKey(KerberosPrincipal kerberosPrincipal, KerberosKey kerberosKey) {
        List<KerberosKey> list = this.keyMap.get(kerberosPrincipal);
        if (list == null) {
            list = new ArrayList();
            this.keyMap.put(kerberosPrincipal, list);
        }
        list.add(kerberosKey);
    }

    private String getString(ByteBuffer byteBuffer) {
        try {
            return new String(getBytes(byteBuffer), "US-ASCII");
        } catch (UnsupportedEncodingException e) {
            throw new InternalError("US-ASCII encoding not supported");
        }
    }

    private byte[] getBytes(ByteBuffer byteBuffer) {
        byte[] bArr = new byte[byteBuffer.getShort() & 65535];
        byteBuffer.get(bArr);
        return bArr;
    }

    private int readInt(FileChannel fileChannel) throws IOException {
        return readBytes(fileChannel, 4).getInt();
    }

    private ByteBuffer readBytes(FileChannel fileChannel, int i) throws IOException {
        ByteBuffer allocate = ByteBuffer.allocate(i);
        while (allocate.hasRemaining()) {
            if (fileChannel.read(allocate) == -1) {
                throw new EOFException();
            }
        }
        allocate.flip();
        if (this.version == VERSION_1) {
            allocate.order(ByteOrder.LITTLE_ENDIAN);
        }
        return allocate;
    }

    private IOException formatError(String str) {
        return new IOException("Invalid keytab file '" + this.file + "': " + str);
    }

    public void dump(PrintStream printStream) {
        printStream.printf("Keytab name: %s\n", this.file);
        printStream.printf("Keytab version: 0x%x\n", Integer.valueOf(this.version));
        printStream.printf("KVNO Principal\n", new Object[0]);
        printStream.print("---- ");
        for (int i = 0; i < 75; i++) {
            printStream.print('-');
        }
        printStream.println();
        for (KerberosPrincipal kerberosPrincipal : this.keyMap.keySet()) {
            for (KerberosKey kerberosKey : this.keyMap.get(kerberosPrincipal)) {
                printStream.printf("%4d %s (%s) (0x%x)\n", Integer.valueOf(kerberosKey.getVersionNumber()), kerberosPrincipal.getName(), getKeyTypeName(kerberosKey.getKeyType()), new BigInteger(1, kerberosKey.getEncoded()));
            }
        }
    }

    private static String getKeyTypeName(int i) {
        switch (i) {
            case 0:
                return "No encryption";
            case 1:
                return "DES cbc mode with CRC-32";
            case 2:
                return "DES cbc mode with RSA-MD4";
            case 3:
                return "DES cbc mode with RSA-MD5";
            case 4:
                return "DES cbc mode raw";
            case 5:
            case 7:
            case 9:
            case 10:
            case 11:
            case 12:
            case 13:
            case 14:
            case 15:
            case 19:
            case 20:
            case 21:
            case ParserConstants.TO /* 22 */:
            default:
                return "Unknown type 0x" + Integer.toHexString(i);
            case 6:
                return "Triple DES cbc mode raw";
            case 8:
                return "DES with HMAC/sha1";
            case 16:
                return "Triple DES cbc mode with HMAC/sha1";
            case 17:
                return "AES-128 CTS mode with 96-bit SHA-1 HMAC";
            case 18:
                return "AES-256 CTS mode with 96-bit SHA-1 HMAC";
            case ParserConstants.FROM /* 23 */:
                return "ArcFour with HMAC/md5";
            case ParserConstants.CC /* 24 */:
                return "Exportable ArcFour with HMAC/md5";
        }
    }

    public static void main(String... strArr) throws Exception {
        getInstance(strArr[0]).dump(System.out);
    }
}
