package sun.security.krb5;

import java.io.IOException;
import sun.security.krb5.internal.APOptions;
import sun.security.krb5.internal.APReq;
import sun.security.krb5.internal.Authenticator;
import sun.security.krb5.internal.AuthorizationData;
import sun.security.krb5.internal.EncTicketPart;
import sun.security.krb5.internal.HostAddress;
import sun.security.krb5.internal.KRBError;
import sun.security.krb5.internal.KdcErrException;
import sun.security.krb5.internal.KerberosTime;
import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.KrbApErrException;
import sun.security.krb5.internal.LocalSeqNumber;
import sun.security.krb5.internal.SeqNumber;
import sun.security.krb5.internal.Ticket;
import sun.security.krb5.internal.crypto.EType;
import sun.security.krb5.internal.rcache.AuthTime;
import sun.security.krb5.internal.rcache.CacheTable;
import sun.security.util.DerValue;

/* loaded from: classes5.dex */
public class KrbApReq {
    private APReq apReqMessg;
    private Authenticator authenticator;
    private Credentials creds;
    private KerberosTime ctime;
    private int cusec;
    private byte[] obuf;
    private static CacheTable table = new CacheTable();
    private static boolean DEBUG = Krb5.DEBUG;

    public KrbApReq(Credentials credentials, boolean z, boolean z2, boolean z3, Checksum checksum) throws Asn1Exception, KrbCryptoException, KrbException, IOException {
        APOptions aPOptions = z ? new APOptions(2) : new APOptions();
        if (DEBUG) {
            System.out.println(">>> KrbApReq: APOptions are " + ((Object) aPOptions));
        }
        init(aPOptions, credentials, checksum, z2 ? new EncryptionKey(credentials.getSessionKey()) : null, new LocalSeqNumber(), null, 11);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KrbApReq(APOptions aPOptions, Ticket ticket, EncryptionKey encryptionKey, Realm realm, PrincipalName principalName, Checksum checksum, KerberosTime kerberosTime, EncryptionKey encryptionKey2, SeqNumber seqNumber, AuthorizationData authorizationData) throws Asn1Exception, IOException, KdcErrException, KrbCryptoException {
        init(aPOptions, ticket, encryptionKey, realm, principalName, checksum, kerberosTime, encryptionKey2, seqNumber, authorizationData, 7);
    }

    public KrbApReq(byte[] bArr, EncryptionKey[] encryptionKeyArr) throws KrbException, IOException {
        this.obuf = bArr;
        if (this.apReqMessg == null) {
            decode();
        }
        authenticate(encryptionKeyArr, null);
    }

    private void authenticate(EncryptionKey[] encryptionKeyArr, HostAddress hostAddress) throws KrbException, IOException {
        int eType = this.apReqMessg.ticket.encPart.getEType();
        EncryptionKey findKey = EncryptionKey.findKey(eType, encryptionKeyArr);
        if (findKey == null) {
            throw new KrbException(400, "Cannot find key of appropriate type to decrypt AP REP - " + EType.toString(eType));
        }
        EncTicketPart encTicketPart = new EncTicketPart(this.apReqMessg.ticket.encPart.reset(this.apReqMessg.ticket.encPart.decrypt(findKey, 2), true));
        checkPermittedEType(encTicketPart.key.getEType());
        this.authenticator = new Authenticator(this.apReqMessg.authenticator.reset(this.apReqMessg.authenticator.decrypt(encTicketPart.key, 11), true));
        this.ctime = this.authenticator.ctime;
        this.cusec = this.authenticator.cusec;
        this.authenticator.ctime.setMicroSeconds(this.authenticator.cusec);
        this.authenticator.cname.setRealm(this.authenticator.crealm);
        this.apReqMessg.ticket.sname.setRealm(this.apReqMessg.ticket.realm);
        encTicketPart.cname.setRealm(encTicketPart.crealm);
        Config.getInstance().resetDefaultRealm(this.apReqMessg.ticket.realm.toString());
        if (!this.authenticator.cname.equals(encTicketPart.cname)) {
            throw new KrbApErrException(36);
        }
        KerberosTime kerberosTime = new KerberosTime(true);
        if (!this.authenticator.ctime.inClockSkew(kerberosTime)) {
            throw new KrbApErrException(37);
        }
        AuthTime authTime = new AuthTime(this.authenticator.ctime.getTime(), this.authenticator.cusec);
        String principalName = this.authenticator.cname.toString();
        if (table.get(authTime, this.authenticator.cname.toString()) != null) {
            throw new KrbApErrException(34);
        }
        table.put(principalName, authTime, kerberosTime.getTime());
        if (hostAddress != null && encTicketPart.caddr != null) {
            if (hostAddress == null) {
                throw new KrbApErrException(38);
            }
            if (!encTicketPart.caddr.inList(hostAddress)) {
                throw new KrbApErrException(38);
            }
        }
        KerberosTime kerberosTime2 = new KerberosTime(true);
        if ((encTicketPart.starttime != null && encTicketPart.starttime.greaterThanWRTClockSkew(kerberosTime2)) || encTicketPart.flags.get(7)) {
            throw new KrbApErrException(33);
        }
        if (encTicketPart.endtime != null && kerberosTime2.greaterThanWRTClockSkew(encTicketPart.endtime)) {
            throw new KrbApErrException(32);
        }
        this.creds = new Credentials(this.apReqMessg.ticket, this.authenticator.cname, this.apReqMessg.ticket.sname, encTicketPart.key, null, encTicketPart.authtime, encTicketPart.starttime, encTicketPart.endtime, encTicketPart.renewTill, encTicketPart.caddr);
        if (DEBUG) {
            System.out.println(">>> KrbApReq: authenticate succeed.");
        }
    }

    private static void checkPermittedEType(int i) throws KrbException {
        int[] defaults = EType.getDefaults("permitted_enctypes");
        if (defaults == null) {
            throw new KrbException("No supported encryption types listed in permitted_enctypes");
        }
        if (EType.isSupported(i, defaults)) {
            return;
        }
        throw new KrbException(EType.toString(i) + " encryption type not in permitted_enctypes list");
    }

    private void createMessage(APOptions aPOptions, Ticket ticket, EncryptionKey encryptionKey, Realm realm, PrincipalName principalName, Checksum checksum, KerberosTime kerberosTime, EncryptionKey encryptionKey2, SeqNumber seqNumber, AuthorizationData authorizationData, int i) throws Asn1Exception, IOException, KdcErrException, KrbCryptoException {
        this.authenticator = new Authenticator(realm, principalName, checksum, kerberosTime.getMicroSeconds(), kerberosTime, encryptionKey2, seqNumber != null ? new Integer(seqNumber.current()) : null, authorizationData);
        this.apReqMessg = new APReq(aPOptions, ticket, new EncryptedData(encryptionKey, this.authenticator.asn1Encode(), i));
    }

    private void init(APOptions aPOptions, Credentials credentials, Checksum checksum, EncryptionKey encryptionKey, SeqNumber seqNumber, AuthorizationData authorizationData, int i) throws KrbException, IOException {
        this.ctime = new KerberosTime(true);
        init(aPOptions, credentials.ticket, credentials.key, credentials.client.getRealm(), credentials.client, checksum, this.ctime, encryptionKey, seqNumber, authorizationData, i);
    }

    private void init(APOptions aPOptions, Ticket ticket, EncryptionKey encryptionKey, Realm realm, PrincipalName principalName, Checksum checksum, KerberosTime kerberosTime, EncryptionKey encryptionKey2, SeqNumber seqNumber, AuthorizationData authorizationData, int i) throws Asn1Exception, IOException, KdcErrException, KrbCryptoException {
        createMessage(aPOptions, ticket, encryptionKey, realm, principalName, checksum, kerberosTime, encryptionKey2, seqNumber, authorizationData, i);
        this.obuf = this.apReqMessg.asn1Encode();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int cusec() {
        return this.cusec;
    }

    void decode() throws KrbException, IOException {
        decode(new DerValue(this.obuf));
    }

    void decode(DerValue derValue) throws KrbException, IOException {
        this.apReqMessg = null;
        try {
            this.apReqMessg = new APReq(derValue);
        } catch (Asn1Exception e) {
            this.apReqMessg = null;
            KRBError kRBError = new KRBError(derValue);
            String errorString = kRBError.getErrorString();
            if (errorString.charAt(errorString.length() - 1) == 0) {
                errorString = errorString.substring(0, errorString.length() - 1);
            }
            KrbException krbException = new KrbException(kRBError.getErrorCode(), errorString);
            krbException.initCause(e);
            throw krbException;
        }
    }

    APOptions getAPOptions() throws KrbException, IOException {
        if (this.apReqMessg == null) {
            decode();
        }
        APReq aPReq = this.apReqMessg;
        if (aPReq != null) {
            return aPReq.apOptions;
        }
        return null;
    }

    public Checksum getChecksum() {
        return this.authenticator.getChecksum();
    }

    public PrincipalName getClient() {
        return this.creds.getClient();
    }

    public Credentials getCreds() {
        return this.creds;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KerberosTime getCtime() {
        KerberosTime kerberosTime = this.ctime;
        return kerberosTime != null ? kerberosTime : this.authenticator.ctime;
    }

    public byte[] getMessage() {
        return this.obuf;
    }

    public boolean getMutualAuthRequired() throws KrbException, IOException {
        if (this.apReqMessg == null) {
            decode();
        }
        APReq aPReq = this.apReqMessg;
        if (aPReq != null) {
            return aPReq.apOptions.get(2);
        }
        return false;
    }

    public Integer getSeqNumber() {
        return this.authenticator.getSeqNumber();
    }

    public EncryptionKey getSubKey() {
        return this.authenticator.getSubKey();
    }

    boolean useSessionKey() throws KrbException, IOException {
        if (this.apReqMessg == null) {
            decode();
        }
        APReq aPReq = this.apReqMessg;
        if (aPReq != null) {
            return aPReq.apOptions.get(1);
        }
        return false;
    }
}
