package sun.security.krb5.internal.rcache;

import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.channels.SeekableByteChannel;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFilePermission;
import java.security.AccessController;
import java.util.HashSet;
import java.util.Set;
import sun.security.action.GetPropertyAction;
import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.KrbApErrException;
import sun.security.krb5.internal.ReplayCache;

/* loaded from: classes4.dex */
public class DflCache extends ReplayCache {
    private static final int EXCESSREPS = 30;
    private static final int KRB5_RV_VNO = 1281;
    private static int uid;
    private final String source;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class Storage implements Closeable {
        SeekableByteChannel chan;

        private Storage() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void append(AuthTimeWithHash authTimeWithHash) throws IOException {
            this.chan.write(ByteBuffer.wrap(authTimeWithHash.encode(true)));
            this.chan.write(ByteBuffer.wrap(authTimeWithHash.encode(false)));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static void create(Path path) throws IOException {
            SeekableByteChannel createNoClose = createNoClose(path);
            if (createNoClose != null) {
                createNoClose.close();
            }
            makeMine(path);
        }

        private static SeekableByteChannel createNoClose(Path path) throws IOException {
            SeekableByteChannel newByteChannel = Files.newByteChannel(path, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING, StandardOpenOption.WRITE);
            ByteBuffer allocate = ByteBuffer.allocate(6);
            allocate.putShort((short) 1281);
            allocate.order(ByteOrder.nativeOrder());
            allocate.putInt(KerberosTime.getDefaultSkew());
            allocate.flip();
            newByteChannel.write(allocate);
            return newByteChannel;
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* JADX WARN: Removed duplicated region for block: B:28:0x0061  */
        /* JADX WARN: Removed duplicated region for block: B:37:? A[Catch: all -> 0x006b, Throwable -> 0x006d, SYNTHETIC, TRY_LEAVE, TryCatch #2 {, blocks: (B:4:0x0014, B:19:0x003c, B:29:0x0067, B:30:0x006a), top: B:3:0x0014, outer: #6 }] */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public static void expunge(java.nio.file.Path r12, sun.security.krb5.internal.KerberosTime r13) throws java.io.IOException {
            /*
                java.nio.file.Path r0 = r12.getParent()
                r1 = 0
                java.nio.file.attribute.FileAttribute[] r2 = new java.nio.file.attribute.FileAttribute[r1]
                r3 = 0
                java.lang.String r4 = "rcache"
                java.nio.file.Path r0 = java.nio.file.Files.createTempFile(r0, r4, r3, r2)
                java.nio.file.OpenOption[] r2 = new java.nio.file.OpenOption[r1]
                java.nio.channels.SeekableByteChannel r2 = java.nio.file.Files.newByteChannel(r12, r2)
                java.nio.channels.SeekableByteChannel r4 = createNoClose(r0)     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L6d
                int r13 = r13.getSeconds()     // Catch: java.lang.Throwable -> L56 java.lang.Throwable -> L59
                int r5 = readHeader(r2)     // Catch: java.lang.Throwable -> L56 java.lang.Throwable -> L59
                int r13 = r13 - r5
                long r5 = (long) r13
            L22:
                r13 = 1
                sun.security.krb5.internal.rcache.AuthTime r7 = sun.security.krb5.internal.rcache.AuthTime.readFrom(r2)     // Catch: java.nio.BufferUnderflowException -> L3a java.lang.Throwable -> L56 java.lang.Throwable -> L59
                int r8 = r7.ctime     // Catch: java.nio.BufferUnderflowException -> L3a java.lang.Throwable -> L56 java.lang.Throwable -> L59
                long r8 = (long) r8     // Catch: java.nio.BufferUnderflowException -> L3a java.lang.Throwable -> L56 java.lang.Throwable -> L59
                int r10 = (r8 > r5 ? 1 : (r8 == r5 ? 0 : -1))
                if (r10 <= 0) goto L22
                byte[] r7 = r7.encode(r13)     // Catch: java.nio.BufferUnderflowException -> L3a java.lang.Throwable -> L56 java.lang.Throwable -> L59
                java.nio.ByteBuffer r7 = java.nio.ByteBuffer.wrap(r7)     // Catch: java.nio.BufferUnderflowException -> L3a java.lang.Throwable -> L56 java.lang.Throwable -> L59
                r4.write(r7)     // Catch: java.nio.BufferUnderflowException -> L3a java.lang.Throwable -> L56 java.lang.Throwable -> L59
                goto L22
            L3a:
                if (r4 == 0) goto L3f
                r4.close()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L6d
            L3f:
                if (r2 == 0) goto L44
                r2.close()
            L44:
                makeMine(r0)
                r2 = 2
                java.nio.file.CopyOption[] r2 = new java.nio.file.CopyOption[r2]
                java.nio.file.StandardCopyOption r3 = java.nio.file.StandardCopyOption.REPLACE_EXISTING
                r2[r1] = r3
                java.nio.file.StandardCopyOption r1 = java.nio.file.StandardCopyOption.ATOMIC_MOVE
                r2[r13] = r1
                java.nio.file.Files.move(r0, r12, r2)
                return
            L56:
                r12 = move-exception
                r13 = r3
                goto L5f
            L59:
                r12 = move-exception
                throw r12     // Catch: java.lang.Throwable -> L5b
            L5b:
                r13 = move-exception
                r11 = r13
                r13 = r12
                r12 = r11
            L5f:
                if (r4 == 0) goto L6a
                if (r13 == 0) goto L67
                r4.close()     // Catch: java.lang.Throwable -> L6a java.lang.Throwable -> L6b
                goto L6a
            L67:
                r4.close()     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L6d
            L6a:
                throw r12     // Catch: java.lang.Throwable -> L6b java.lang.Throwable -> L6d
            L6b:
                r12 = move-exception
                goto L70
            L6d:
                r12 = move-exception
                r3 = r12
                throw r3     // Catch: java.lang.Throwable -> L6b
            L70:
                if (r2 == 0) goto L7b
                if (r3 == 0) goto L78
                r2.close()     // Catch: java.lang.Throwable -> L7b
                goto L7b
            L78:
                r2.close()
            L7b:
                goto L7d
            L7c:
                throw r12
            L7d:
                goto L7c
            */
            throw new UnsupportedOperationException("Method not decompiled: sun.security.krb5.internal.rcache.DflCache.Storage.expunge(java.nio.file.Path, sun.security.krb5.internal.KerberosTime):void");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int loadAndCheck(Path path, AuthTimeWithHash authTimeWithHash, KerberosTime kerberosTime) throws IOException, KrbApErrException {
            Set<PosixFilePermission> posixFilePermissions;
            if (Files.isSymbolicLink(path)) {
                throw new IOException("Symlink not accepted");
            }
            boolean z = false;
            try {
                posixFilePermissions = Files.getPosixFilePermissions(path, new LinkOption[0]);
                if (DflCache.uid != -1 && ((Integer) Files.getAttribute(path, "unix:uid", new LinkOption[0])).intValue() != DflCache.uid) {
                    throw new IOException("Not mine");
                }
            } catch (UnsupportedOperationException unused) {
            }
            if (posixFilePermissions.contains(PosixFilePermission.GROUP_READ) || posixFilePermissions.contains(PosixFilePermission.GROUP_WRITE) || posixFilePermissions.contains(PosixFilePermission.GROUP_EXECUTE) || posixFilePermissions.contains(PosixFilePermission.OTHERS_READ) || posixFilePermissions.contains(PosixFilePermission.OTHERS_WRITE) || posixFilePermissions.contains(PosixFilePermission.OTHERS_EXECUTE)) {
                throw new IOException("Accessible by someone else");
            }
            this.chan = Files.newByteChannel(path, StandardOpenOption.WRITE, StandardOpenOption.READ);
            long seconds = kerberosTime.getSeconds() - readHeader(this.chan);
            long j = 0;
            int i = 0;
            while (true) {
                try {
                    j = this.chan.position();
                    AuthTime readFrom = AuthTime.readFrom(this.chan);
                    if (readFrom instanceof AuthTimeWithHash) {
                        if (authTimeWithHash.equals(readFrom)) {
                            throw new KrbApErrException(34);
                        }
                        if (authTimeWithHash.isSameIgnoresHash(readFrom)) {
                            z = true;
                        }
                    } else if (authTimeWithHash.isSameIgnoresHash(readFrom) && !z) {
                        throw new KrbApErrException(34);
                    }
                    i = ((long) readFrom.ctime) < seconds ? i + 1 : i - 1;
                } catch (BufferUnderflowException unused2) {
                    this.chan.position(j);
                    return i;
                }
            }
        }

        private static void makeMine(Path path) throws IOException {
            try {
                HashSet hashSet = new HashSet();
                hashSet.add(PosixFilePermission.OWNER_READ);
                hashSet.add(PosixFilePermission.OWNER_WRITE);
                Files.setPosixFilePermissions(path, hashSet);
            } catch (UnsupportedOperationException unused) {
            }
        }

        private static int readHeader(SeekableByteChannel seekableByteChannel) throws IOException {
            ByteBuffer allocate = ByteBuffer.allocate(6);
            seekableByteChannel.read(allocate);
            if (allocate.getShort(0) != 1281) {
                throw new IOException("Not correct rcache version");
            }
            allocate.order(ByteOrder.nativeOrder());
            return allocate.getInt(2);
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            SeekableByteChannel seekableByteChannel = this.chan;
            if (seekableByteChannel != null) {
                seekableByteChannel.close();
            }
            this.chan = null;
        }
    }

    static {
        try {
            Class<?> cls = Class.forName("com.sun.security.auth.module.UnixSystem");
            uid = (int) ((Long) cls.getMethod("getUid", new Class[0]).invoke(cls.newInstance(), new Object[0])).longValue();
        } catch (Exception unused) {
            uid = -1;
        }
    }

    public DflCache(String str) {
        this.source = str;
    }

    private synchronized void checkAndStore0(KerberosTime kerberosTime, AuthTimeWithHash authTimeWithHash) throws IOException, KrbApErrException {
        Storage storage;
        int loadAndCheck;
        try {
            Path fileName = getFileName(this.source, authTimeWithHash.server);
            storage = new Storage();
            try {
                loadAndCheck = storage.loadAndCheck(fileName, authTimeWithHash, kerberosTime);
            } catch (IOException unused) {
                Storage.create(fileName);
                loadAndCheck = storage.loadAndCheck(fileName, authTimeWithHash, kerberosTime);
            }
            storage.append(authTimeWithHash);
            storage.close();
            if (loadAndCheck > 30) {
                Storage.expunge(fileName, kerberosTime);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    storage.close();
                } catch (Throwable unused2) {
                }
            } else {
                storage.close();
            }
            throw th;
        }
    }

    private static String defaultFile(String str) {
        int indexOf = str.indexOf(47);
        if (indexOf == -1) {
            indexOf = str.indexOf(64);
        }
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        if (uid == -1) {
            return str;
        }
        return str + "_" + uid;
    }

    private static String defaultPath() {
        return (String) AccessController.doPrivileged(new GetPropertyAction("java.io.tmpdir"));
    }

    private static Path getFileName(String str, String str2) {
        String substring;
        String str3;
        String str4;
        if (!str.equals("dfl")) {
            if (!str.startsWith("dfl:")) {
                throw new IllegalArgumentException();
            }
            substring = str.substring(4);
            int lastIndexOf = substring.lastIndexOf(47);
            int lastIndexOf2 = substring.lastIndexOf(92);
            if (lastIndexOf2 > lastIndexOf) {
                lastIndexOf = lastIndexOf2;
            }
            if (lastIndexOf == -1) {
                str3 = defaultPath();
            } else if (!new File(substring).isDirectory()) {
                str3 = null;
            }
            String str5 = str3;
            str4 = substring;
            substring = str5;
            return new File(substring, str4).toPath();
        }
        substring = defaultPath();
        str4 = defaultFile(str2);
        return new File(substring, str4).toPath();
    }

    @Override // sun.security.krb5.internal.ReplayCache
    public void checkAndStore(KerberosTime kerberosTime, AuthTimeWithHash authTimeWithHash) throws KrbApErrException {
        try {
            checkAndStore0(kerberosTime, authTimeWithHash);
        } catch (IOException e) {
            KrbApErrException krbApErrException = new KrbApErrException(60);
            krbApErrException.initCause(e);
            throw krbApErrException;
        }
    }
}
