package com.blackberry.security.krb5.svc;

import android.content.Context;
import android.content.RestrictionsManager;
import android.os.Bundle;
import android.util.Base64;
import android.util.Log;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;

/* loaded from: classes.dex */
public class KerberosUtil {
    private static boolean aws = false;
    private static String cjp;
    private static g cjq;

    /* loaded from: classes.dex */
    public static class TicketInfo {
        public int expiry;
        public String username;

        public TicketInfo(String str, int i) {
            this.username = str;
            this.expiry = i;
        }
    }

    public static void L(Context context) {
        if (context == null) {
            throw new IllegalStateException("Unable to retrieve app restrictions, null context");
        }
        RestrictionsManager restrictionsManager = (RestrictionsManager) context.getSystemService("restrictions");
        if (restrictionsManager == null) {
            throw new IllegalStateException("Unable to retrieve app restrictions, null restrictions manager");
        }
        Bundle applicationRestrictions = restrictionsManager.getApplicationRestrictions();
        if (applicationRestrictions == null) {
            throw new IllegalStateException("Unable to retrieve app restrictions, null bundle");
        }
        if (applicationRestrictions.isEmpty()) {
            throw new IllegalStateException("Unable to retrieve app restrictions, empty bundle.");
        }
        Log.d("LDAPKerberosUtil", "Trying to get Security Kerberos configuration from the app restrictions.");
        String string = applicationRestrictions.getString("com.blackberry.security.krb5Conf", null);
        if (string == null || string.isEmpty()) {
            Log.d("LDAPKerberosUtil", "Couldn't get Security Kerberos configuration from the app restrictions. Will try SSO Kerberos configuration next.");
            string = applicationRestrictions.getString("com.blackberry.sso.spnego.krb5Conf", null);
            if (string == null || string.isEmpty()) {
                Log.d("LDAPKerberosUtil", "Couldn't get SSO Kerberos configuration from the app restrictions, either.");
                throw new IllegalStateException("Unable to configure Kerberos Service due to missing app restrictions.");
            }
        }
        try {
            string = new String(Base64.decode(string, 0));
        } catch (IllegalArgumentException e) {
            Log.d("LDAPKerberosUtil", "krb5 file either bad syntax or not base64");
            e.printStackTrace();
        }
        if (string.length() == 0) {
            throw new IllegalStateException("App restriction not set");
        }
        Log.i("LDAPKerberosUtil", "=== BEGIN KERBEROS CONFIG ===\n" + string + "\n=== END KERBEROS CONFIG ===");
        File file = new File(context.getDir("config", 0), "krb5.conf");
        try {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(file));
            outputStreamWriter.write(string);
            outputStreamWriter.close();
            c("KRB5_CONFIG", file.getAbsolutePath());
            cjp = context.getDir("ccache", 0).getAbsolutePath();
            c("KRB5CCNAME", "DIR:" + context.getDir("ccache", 0).getAbsolutePath());
            Log.i("LDAPKerberosUtil", "KRB5_CONFIG=" + file.getAbsolutePath());
            Log.i("LDAPKerberosUtil", "KRB5CCNAME=DIR:" + context.getDir("ccache", 0).getAbsolutePath());
            cjq = new g(context);
            Log.i("LDAPKerberosUtil", "Configure complete");
            aws = true;
        } catch (IOException e2) {
            e2.printStackTrace();
            throw new IllegalStateException("Failed to create config file");
        }
    }

    public static void V(String str) {
        try {
            try {
                cjq.gY(str);
            } catch (Exception unused) {
                Log.w("LDAPKerberosUtil", "Encountered unexpected issue with deleting record db");
            }
            kdestroy(str);
        } catch (UnsatisfiedLinkError e) {
            Log.w("LDAPKerberosUtil", "Unable to trigger kdestroy - " + e.getMessage());
        }
    }

    public static TicketInfo at(String str, String str2) {
        try {
            return kfind(str, str2);
        } catch (UnsatisfiedLinkError e) {
            Log.w("LDAPKerberosUtil", "Unable to trigger kfind - " + e.getMessage());
            return null;
        }
    }

    private static void c(String str, String str2) {
        try {
            setenv(str, str2);
        } catch (UnsatisfiedLinkError e) {
            Log.w("LDAPKerberosUtil", "Unable to trigger setenv - " + e.getMessage());
        }
    }

    private static boolean c(i iVar) {
        boolean z = false;
        if (cjq == null) {
            Log.w("LDAPKerberosUtil", "No db, cannot add/update permission record");
        } else {
            try {
                if (n(iVar.getUid(), iVar.getUsername()) != null) {
                    if (cjq.b(iVar) != 0) {
                        Log.w("LDAPKerberosUtil", "Failed to update permission record");
                    } else {
                        z = true;
                    }
                } else if (cjq.a(iVar) != 0) {
                    Log.w("LDAPKerberosUtil", "Failed to add permission record");
                } else {
                    z = true;
                }
            } catch (Exception unused) {
                Log.w("LDAPKerberosUtil", "Encountered unexpected issue with adding/updating record db");
            }
        }
        return z;
    }

    public static void cleanup() {
        g gVar = cjq;
        if (gVar != null) {
            gVar.close();
        }
        aws = false;
        Log.d("LDAPKerberosUtil", "Cleanup complete");
    }

    public static String j(int i, String str, String str2) {
        TicketInfo ticketInfo;
        try {
            kinit(str, str2);
            try {
                ticketInfo = at(str, "krbtgt");
            } catch (Exception e) {
                Log.e("LDAPKerberosUtil", "java_kfind() failed - " + e.getMessage(), e);
                ticketInfo = null;
            }
            if (c(new i(ticketInfo.username, i, ticketInfo.expiry)) && ticketInfo != null) {
                return ticketInfo.username;
            }
            return null;
        } catch (UnsatisfiedLinkError e2) {
            Log.w("LDAPKerberosUtil", "Unable to trigger kinit - " + e2.getMessage());
            return null;
        }
    }

    private static native void kdestroy();

    private static native void kdestroy(String str);

    private static native TicketInfo kfind(String str, String str2);

    private static native void kinit(String str, String str2);

    private static native String klist();

    public static i n(int i, String str) {
        g gVar = cjq;
        if (gVar == null) {
            Log.w("LDAPKerberosUtil", "No db, cannot retrieve permission record");
        } else {
            try {
                return gVar.w(str, i);
            } catch (Exception unused) {
                Log.w("LDAPKerberosUtil", "Encountered unexpected issue retrieving permission record db");
            }
        }
        return null;
    }

    public static boolean po() {
        return aws;
    }

    public static void pq() {
        try {
            cjq.deleteDb();
            kdestroy();
        } catch (UnsatisfiedLinkError e) {
            e.printStackTrace();
        }
    }

    private static native void setenv(String str, String str2);
}
