package sun.security.krb5.internal.rcache;

import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.channels.SeekableByteChannel;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.security.AccessController;
import java.util.HashSet;
import java.util.Set;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.KrbApErrException;
import sun.security.krb5.internal.ReplayCache;
import sun.util.locale.BaseLocale;

/* loaded from: classes8.dex */
public class DflCache extends ReplayCache {
    private static final int EXCESSREPS = 30;
    private static final int KRB5_RV_VNO = 1281;
    private static int uid;
    private final String source;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes8.dex */
    public static class Storage implements Closeable {
        SeekableByteChannel chan;

        private Storage() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void append(AuthTimeWithHash authTimeWithHash) throws IOException {
            this.chan.write(ByteBuffer.wrap(authTimeWithHash.encode(true)));
            this.chan.write(ByteBuffer.wrap(authTimeWithHash.encode(false)));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void create(Path path) throws IOException {
            SeekableByteChannel createNoClose = createNoClose(path);
            if (createNoClose != null) {
                createNoClose.close();
            }
            makeMine(path);
        }

        private static SeekableByteChannel createNoClose(Path path) throws IOException {
            SeekableByteChannel newByteChannel = Files.newByteChannel(path, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.WRITE);
            ByteBuffer allocate = ByteBuffer.allocate(6);
            allocate.putShort((short) 1281);
            allocate.order(ByteOrder.nativeOrder());
            allocate.putInt(KerberosTime.getDefaultSkew());
            allocate.flip();
            newByteChannel.write(allocate);
            return newByteChannel;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void expunge(Path path, KerberosTime kerberosTime) throws IOException {
            Path createTempFile = Files.createTempFile(path.getParent(), "rcache", null, new FileAttribute[0]);
            SeekableByteChannel newByteChannel = Files.newByteChannel(path, new OpenOption[0]);
            try {
                SeekableByteChannel createNoClose = createNoClose(createTempFile);
                try {
                    long seconds = kerberosTime.getSeconds() - readHeader(newByteChannel);
                    while (true) {
                        try {
                            AuthTime readFrom = AuthTime.readFrom(newByteChannel);
                            if (readFrom.ctime > seconds) {
                                createNoClose.write(ByteBuffer.wrap(readFrom.encode(true)));
                            }
                        } catch (BufferUnderflowException unused) {
                            if (createNoClose != null) {
                                createNoClose.close();
                            }
                            if (newByteChannel != null) {
                                newByteChannel.close();
                            }
                            makeMine(createTempFile);
                            Files.move(createTempFile, path, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE);
                            return;
                        }
                    }
                } finally {
                }
            } catch (Throwable th) {
                try {
                    throw th;
                } catch (Throwable th2) {
                    if (newByteChannel != null) {
                        try {
                            newByteChannel.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    }
                    throw th2;
                }
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int loadAndCheck(Path path, AuthTimeWithHash authTimeWithHash, KerberosTime kerberosTime) throws IOException, KrbApErrException {
            Set<PosixFilePermission> posixFilePermissions;
            if (Files.isSymbolicLink(path)) {
                throw new IOException("Symlink not accepted");
            }
            boolean z = false;
            try {
                posixFilePermissions = Files.getPosixFilePermissions(path, new LinkOption[0]);
                if (DflCache.uid != -1 && ((Integer) Files.getAttribute(path, "unix:uid", new LinkOption[0])).intValue() != DflCache.uid) {
                    throw new IOException("Not mine");
                }
            } catch (UnsupportedOperationException unused) {
            }
            if (posixFilePermissions.contains(PosixFilePermission.GROUP_READ) || posixFilePermissions.contains(PosixFilePermission.GROUP_WRITE) || posixFilePermissions.contains(PosixFilePermission.GROUP_EXECUTE) || posixFilePermissions.contains(PosixFilePermission.OTHERS_READ) || posixFilePermissions.contains(PosixFilePermission.OTHERS_WRITE) || posixFilePermissions.contains(PosixFilePermission.OTHERS_EXECUTE)) {
                throw new IOException("Accessible by someone else");
            }
            this.chan = Files.newByteChannel(path, StandardOpenOption.WRITE, StandardOpenOption.READ);
            long seconds = kerberosTime.getSeconds() - readHeader(this.chan);
            long j = 0;
            int i = 0;
            while (true) {
                try {
                    j = this.chan.position();
                    AuthTime readFrom = AuthTime.readFrom(this.chan);
                    if (readFrom instanceof AuthTimeWithHash) {
                        if (authTimeWithHash.equals(readFrom)) {
                            throw new KrbApErrException(34);
                        }
                        if (authTimeWithHash.isSameIgnoresHash(readFrom)) {
                            z = true;
                        }
                    } else if (authTimeWithHash.isSameIgnoresHash(readFrom) && !z) {
                        throw new KrbApErrException(34);
                    }
                    i = ((long) readFrom.ctime) < seconds ? i + 1 : i - 1;
                } catch (BufferUnderflowException unused2) {
                    this.chan.position(j);
                    return i;
                }
            }
        }

        private static void makeMine(Path path) throws IOException {
            try {
                HashSet hashSet = new HashSet();
                hashSet.add(PosixFilePermission.OWNER_READ);
                hashSet.add(PosixFilePermission.OWNER_WRITE);
                Files.setPosixFilePermissions(path, hashSet);
            } catch (UnsupportedOperationException unused) {
            }
        }

        private static int readHeader(SeekableByteChannel seekableByteChannel) throws IOException {
            ByteBuffer allocate = ByteBuffer.allocate(6);
            seekableByteChannel.read(allocate);
            if (allocate.getShort(0) != 1281) {
                throw new IOException("Not correct rcache version");
            }
            allocate.order(ByteOrder.nativeOrder());
            return allocate.getInt(2);
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            SeekableByteChannel seekableByteChannel = this.chan;
            if (seekableByteChannel != null) {
                seekableByteChannel.close();
            }
            this.chan = null;
        }
    }

    static {
        try {
            Class<?> cls = Class.forName("com.sun.security.auth.module.UnixSystem");
            uid = (int) ((Long) cls.getMethod("getUid", new Class[0]).invoke(cls.newInstance(), new Object[0])).longValue();
        } catch (Exception unused) {
            uid = -1;
        }
    }

    public DflCache(String str) {
        this.source = str;
    }

    private synchronized void checkAndStore0(KerberosTime kerberosTime, AuthTimeWithHash authTimeWithHash) throws IOException, KrbApErrException {
        int loadAndCheck;
        Path fileName = getFileName(this.source, authTimeWithHash.server);
        Storage storage = new Storage();
        try {
            try {
                loadAndCheck = storage.loadAndCheck(fileName, authTimeWithHash, kerberosTime);
            } catch (IOException unused) {
                Storage.create(fileName);
                loadAndCheck = storage.loadAndCheck(fileName, authTimeWithHash, kerberosTime);
            }
            storage.append(authTimeWithHash);
            storage.close();
            if (loadAndCheck > 30) {
                Storage.expunge(fileName, kerberosTime);
            }
        } catch (Throwable th) {
            try {
                throw th;
            } finally {
            }
        }
    }

    private static String defaultFile(String str) {
        int indexOf = str.indexOf(47);
        if (indexOf == -1) {
            indexOf = str.indexOf(64);
        }
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        if (uid == -1) {
            return str;
        }
        return str + BaseLocale.SEP + uid;
    }

    private static String defaultPath() {
        return (String) AccessController.doPrivileged(new GetPropertyAction("java.io.tmpdir"));
    }

    private static Path getFileName(String str, String str2) {
        String substring;
        String str3;
        String defaultFile;
        if (str.equals("dfl")) {
            substring = defaultPath();
            defaultFile = defaultFile(str2);
        } else {
            if (!str.startsWith("dfl:")) {
                throw new IllegalArgumentException();
            }
            substring = str.substring(4);
            int lastIndexOf = substring.lastIndexOf(47);
            int lastIndexOf2 = substring.lastIndexOf(92);
            if (lastIndexOf2 > lastIndexOf) {
                lastIndexOf = lastIndexOf2;
            }
            if (lastIndexOf == -1) {
                str3 = defaultPath();
            } else if (new File(substring).isDirectory()) {
                defaultFile = defaultFile(str2);
            } else {
                str3 = null;
            }
            String str4 = str3;
            defaultFile = substring;
            substring = str4;
        }
        return new File(substring, defaultFile).toPath();
    }

    @Override // sun.security.krb5.internal.ReplayCache
    public void checkAndStore(KerberosTime kerberosTime, AuthTimeWithHash authTimeWithHash) throws KrbApErrException {
        try {
            checkAndStore0(kerberosTime, authTimeWithHash);
        } catch (IOException e) {
            KrbApErrException krbApErrException = new KrbApErrException(60);
            krbApErrException.initCause(e);
            throw krbApErrException;
        }
    }
}
