package org.apache.kerby.kerberos.kerb.gss.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import org.apache.kerby.kerberos.kerb.crypto.util.BytesUtil;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import sun.security.jgss.GSSHeader;
import sun.security.util.ObjectIdentifier;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:BOOT-INF/lib/kerb-gssapi-1.1.1.jar:org/apache/kerby/kerberos/kerb/gss/impl/GssTokenV1.class */
public abstract class GssTokenV1 extends GssTokenBase {
    public static final int SGN_ALG_DES_MAC_MD5 = 0;
    public static final int SGN_ALG_MD25 = 256;
    public static final int SGN_ALG_DES_MAC = 512;
    public static final int SGN_ALG_HMAC_SHA1_DES3_KD = 1024;
    public static final int SGN_ALG_RC4_HMAC = 4352;
    public static final int SEAL_ALG_NONE = 65535;
    public static final int SEAL_ALG_DES = 0;
    public static final int SEAL_ALG_DES3_KD = 512;
    public static final int SEAL_ALG_RC4_HMAC = 4096;
    public static final int KG_USAGE_SEAL = 22;
    public static final int KG_USAGE_SIGN = 23;
    public static final int KG_USAGE_SEQ = 24;
    public static final int KG_USAGE_MS_SIGN = 15;
    private boolean isInitiator;
    private boolean confState;
    private int sequenceNumber;
    protected GssEncryptor encryptor;
    private GSSHeader gssHeader;
    public static final int TOKEN_HEADER_COMM_SIZE = 8;
    public static final int TOKEN_HEADER_SEQ_SIZE = 8;
    private int tokenType;
    private byte[] commHeader;
    private int sgnAlg;
    private int sealAlg;
    private byte[] plainSequenceBytes;
    private byte[] encryptedSequenceNumber;
    private byte[] checkSum;
    private int checkSumSize;
    protected int reconHeaderLen;
    public static ObjectIdentifier objId;

    /* JADX INFO: Access modifiers changed from: protected */
    public int getTokenHeaderSize() {
        return 16 + this.checkSumSize;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getPlainSequenceBytes() {
        return new byte[]{this.plainSequenceBytes[0], this.plainSequenceBytes[1], this.plainSequenceBytes[2], this.plainSequenceBytes[3]};
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssTokenV1(int i, GssContext gssContext) throws GSSException {
        this.commHeader = new byte[8];
        this.encryptedSequenceNumber = new byte[8];
        initialize(i, gssContext, false);
        createTokenHeader();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssTokenV1(int i, GssContext gssContext, MessageProp messageProp, byte[] bArr, int i2, int i3) throws GSSException {
        this.commHeader = new byte[8];
        this.encryptedSequenceNumber = new byte[8];
        reconstructInitializaion(i, gssContext, messageProp, new ByteArrayInputStream(bArr, i2, i3 > 64 ? 64 : i3));
        this.reconHeaderLen = this.gssHeader.getLength() + getTokenHeaderSize();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssTokenV1(int i, GssContext gssContext, MessageProp messageProp, InputStream inputStream) throws GSSException {
        this.commHeader = new byte[8];
        this.encryptedSequenceNumber = new byte[8];
        reconstructInitializaion(i, gssContext, messageProp, inputStream);
    }

    private void reconstructInitializaion(int i, GssContext gssContext, MessageProp messageProp, InputStream inputStream) throws GSSException {
        initialize(i, gssContext, true);
        if (!this.confState) {
            messageProp.setPrivacy(false);
        }
        try {
            this.gssHeader = new GSSHeader(inputStream);
            if (!this.gssHeader.getOid().equals(objId)) {
                throw new GSSException(10, -1, "Invalid token OID");
            }
            reconstructTokenHeader(inputStream, messageProp);
        } catch (IOException e) {
            throw new GSSException(10, -1, "Invalid token:" + e.getMessage());
        }
    }

    private void initialize(int i, GssContext gssContext, boolean z) throws GSSException {
        this.tokenType = i;
        this.isInitiator = gssContext.isInitiator();
        this.confState = gssContext.getConfState();
        this.encryptor = gssContext.getGssEncryptor();
        this.checkSumSize = this.encryptor.getCheckSumSize();
        if (z) {
            this.checkSum = new byte[this.checkSumSize];
        } else {
            this.sequenceNumber = gssContext.incMySequenceNumber();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void calcPrivacyInfo(MessageProp messageProp, byte[] bArr, byte[] bArr2, int i, int i2, int i3) throws GSSException {
        messageProp.setQOP(0);
        if (!this.confState) {
            messageProp.setPrivacy(false);
        }
        this.checkSum = calcCheckSum(bArr, this.commHeader, bArr2, i, i2, i3);
        encryptSequenceNumber();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyToken(byte[] bArr, byte[] bArr2, int i, int i2, int i3) throws GSSException {
        if (MessageDigest.isEqual(this.checkSum, calcCheckSum(bArr, this.commHeader, bArr2, i, i2, i3))) {
        } else {
            throw new GSSException(6, -1, "Corrupt token checksum for " + (this.tokenType == 257 ? "Mic" : "Wrap") + "TokenV1");
        }
    }

    private byte[] calcCheckSum(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2, int i3) throws GSSException {
        return this.encryptor.calculateCheckSum(bArr, bArr2, bArr3, i, i2, i3, this.tokenType == 257);
    }

    private void encryptSequenceNumber() throws GSSException {
        this.plainSequenceBytes = new byte[8];
        if (this.encryptor.isArcFourHmac()) {
            BytesUtil.int2bytes(this.sequenceNumber, this.plainSequenceBytes, 0, true);
        } else {
            BytesUtil.int2bytes(this.sequenceNumber, this.plainSequenceBytes, 0, false);
        }
        if (!this.isInitiator) {
            this.plainSequenceBytes[4] = -1;
            this.plainSequenceBytes[5] = -1;
            this.plainSequenceBytes[6] = -1;
            this.plainSequenceBytes[7] = -1;
        }
        this.encryptedSequenceNumber = this.encryptor.encryptSequenceNumber(this.plainSequenceBytes, this.checkSum, true);
    }

    public void encodeHeader(OutputStream outputStream) throws GSSException, IOException {
        new GSSHeader(objId, getTokenSizeWithoutGssHeader()).encode(outputStream);
        outputStream.write(this.commHeader);
        outputStream.write(this.encryptedSequenceNumber);
        outputStream.write(this.checkSum);
    }

    private void createTokenHeader() {
        this.commHeader[0] = (byte) (this.tokenType >>> 8);
        this.commHeader[1] = (byte) this.tokenType;
        this.sgnAlg = this.encryptor.getSgnAlg();
        this.commHeader[2] = (byte) (this.sgnAlg >>> 8);
        this.commHeader[3] = (byte) this.sgnAlg;
        if (this.tokenType == 513) {
            this.sealAlg = this.encryptor.getSealAlg();
            this.commHeader[4] = (byte) (this.sealAlg >>> 8);
            this.commHeader[5] = (byte) this.sealAlg;
        } else {
            this.commHeader[4] = -1;
            this.commHeader[5] = -1;
        }
        this.commHeader[6] = -1;
        this.commHeader[7] = -1;
    }

    private void reconstructTokenHeader(InputStream inputStream, MessageProp messageProp) throws GSSException {
        try {
            if (inputStream.read(this.commHeader) != this.commHeader.length || inputStream.read(this.encryptedSequenceNumber) != this.encryptedSequenceNumber.length || inputStream.read(this.checkSum) != this.checkSum.length) {
                throw new GSSException(11, -1, "Insufficient in reconstruct token header");
            }
            initTokenHeader(this.commHeader, messageProp);
            this.plainSequenceBytes = this.encryptor.encryptSequenceNumber(this.encryptedSequenceNumber, this.checkSum, false);
            byte b = this.isInitiator ? (byte) -1 : (byte) 0;
            if (this.plainSequenceBytes[4] == b && this.plainSequenceBytes[5] == b && this.plainSequenceBytes[6] == b && this.plainSequenceBytes[7] == b) {
            } else {
                throw new GSSException(6, -1, "Corrupt token sequence for " + (this.tokenType == 257 ? "Mic" : "Wrap") + "TokenV1");
            }
        } catch (IOException e) {
            throw new GSSException(11, -1, "Error in reconstruct token header:" + e.getMessage());
        }
    }

    private void initTokenHeader(byte[] bArr, MessageProp messageProp) throws GSSException {
        int i = (bArr[0] << 8) + bArr[1];
        if (this.tokenType != i) {
            throw new GSSException(10, -1, "Token ID should be " + this.tokenType + " instead of " + i);
        }
        this.sgnAlg = (bArr[2] << 8) + bArr[3];
        this.sealAlg = (bArr[4] << 8) + bArr[5];
        if (bArr[6] != -1 || bArr[7] != -1) {
            throw new GSSException(10, -1, "Invalid token head filler");
        }
        messageProp.setQOP(0);
        messageProp.setPrivacy(this.sealAlg != 65535);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public GSSHeader getGssHeader() {
        return this.gssHeader;
    }

    abstract int getTokenSizeWithoutGssHeader();

    static {
        try {
            objId = new ObjectIdentifier("1.2.840.113554.1.2.2");
        } catch (IOException e) {
        }
    }
}
