package com.orientechnologies.security.kerberos;

import com.orientechnologies.common.log.OLogManager;
import java.security.PrivilegedAction;
import javax.security.auth.Subject;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/orientechnologies/security/kerberos/OKerberosLibrary.class */
public class OKerberosLibrary {
    private static final byte[] SPENGO_OID = {6, 6, 43, 6, 1, 5, 5, 2};

    public static void checkNativeJGSS(Subject subject, String str, boolean z) {
        try {
            if (Boolean.getBoolean("sun.security.jgss.native")) {
                OLogManager.instance().info((Object) null, "OKerberosLibrary.checkNativeJGSS() Using Native JGSS, Principal = " + str, new Object[0]);
                int i = 1;
                if (!z) {
                    i = 2;
                }
                GSSManager gSSManager = GSSManager.getInstance();
                GSSName createName = gSSManager.createName(str, GSSName.NT_USER_NAME);
                Oid oid = new Oid("1.2.840.113554.1.2.2");
                OLogManager.instance().info((Object) null, "OKerberosLibrary.checkNativeJGSS() calling createCredential() for Kerberos OID", new Object[0]);
                GSSCredential createCredential = gSSManager.createCredential(createName, 0, oid, i);
                subject.getPrivateCredentials().add(createCredential);
                OLogManager.instance().info((Object) null, "OKerberosLibrary.checkNativeJGSS() Kerberos credential name = " + createCredential.getName().toString(), new Object[0]);
                Oid oid2 = new Oid("1.3.6.1.5.5.2");
                OLogManager.instance().info((Object) null, "OKerberosLibrary.checkNativeJGSS() calling createCredential() for SPNEGO OID", new Object[0]);
                GSSCredential createCredential2 = gSSManager.createCredential(createName, 0, oid2, i);
                subject.getPrivateCredentials().add(createCredential2);
                OLogManager.instance().info((Object) null, "OKerberosLibrary.checkNativeJGSS() Kerberos credential name = " + createCredential2.getName().toString(), new Object[0]);
            }
        } catch (Exception e) {
            OLogManager.instance().error((Object) null, "OKerberosLibrary.checkNativeJGSS() Exception: ", e, new Object[0]);
        }
    }

    public static String getSPNegoSource(Subject subject, final String str, final byte[] bArr) {
        return (String) Subject.doAs(subject, new PrivilegedAction<String>() { // from class: com.orientechnologies.security.kerberos.OKerberosLibrary.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                String str2 = null;
                try {
                    GSSManager gSSManager = GSSManager.getInstance();
                    GSSCredential createCredential = gSSManager.createCredential(gSSManager.createName(str, GSSName.NT_USER_NAME), 0, new Oid("1.3.6.1.5.5.2"), 2);
                    OLogManager.instance().info((Object) null, "OKerberosLibrary.getSPNegoSource() Kerberos credential name = " + createCredential.getName().toString(), new Object[0]);
                    GSSContext createContext = gSSManager.createContext(createCredential);
                    if (createContext != null) {
                        if (!createContext.isEstablished()) {
                            createContext.acceptSecContext(bArr, 0, bArr.length);
                        }
                        if (createContext.getSrcName() != null) {
                            OLogManager.instance().info(this, "OKerberosLibrary.getSPNegoSource() context srcName = " + createContext.getSrcName(), new Object[0]);
                            str2 = createContext.getSrcName().toString();
                        }
                        createContext.dispose();
                    } else {
                        OLogManager.instance().error(this, "OKerberosLibrary.getSPNegoSource() Could not create a GSSContext", (Throwable) null, new Object[0]);
                    }
                } catch (Exception e) {
                    OLogManager.instance().error(this, "OKerberosLibrary.getSPNegoSource() Exception: ", e, new Object[0]);
                }
                return str2;
            }
        });
    }

    public static String getKerberosSource(Subject subject, final String str, final byte[] bArr) {
        return (String) Subject.doAs(subject, new PrivilegedAction<String>() { // from class: com.orientechnologies.security.kerberos.OKerberosLibrary.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public String run() {
                String str2 = null;
                try {
                    GSSManager gSSManager = GSSManager.getInstance();
                    GSSCredential createCredential = gSSManager.createCredential(gSSManager.createName(str, GSSName.NT_USER_NAME), 0, new Oid("1.2.840.113554.1.2.2"), 2);
                    OLogManager.instance().info((Object) null, "OKerberosLibrary.getKerberosSource() Kerberos credential name = " + createCredential.getName().toString(), new Object[0]);
                    GSSContext createContext = gSSManager.createContext(createCredential);
                    if (createContext != null) {
                        if (!createContext.isEstablished()) {
                            createContext.acceptSecContext(bArr, 0, bArr.length);
                            if (createContext.getSrcName() != null) {
                                str2 = createContext.getSrcName().toString();
                            }
                        }
                        createContext.dispose();
                    } else {
                        OLogManager.instance().error(this, "getKerberosSource() Could not create a GSSContext", (Throwable) null, new Object[0]);
                    }
                } catch (Exception e) {
                    OLogManager.instance().error((Object) null, "OKerberosLibrary.getKerberosSource() Exception: ", e, new Object[0]);
                }
                return str2;
            }
        });
    }

    public static boolean isSPNegoTicket(byte[] bArr) {
        if (bArr == null || bArr.length < 2) {
            return false;
        }
        return isNegTokenInit(bArr) || isNegTokenArg(bArr);
    }

    private static boolean isNegTokenInit(byte[] bArr) {
        if (bArr[0] != 96) {
            return false;
        }
        int i = (bArr[1] & 128) != 0 ? 1 + (bArr[1] & Byte.MAX_VALUE) : 1;
        if (bArr.length < SPENGO_OID.length + 1 + i) {
            return false;
        }
        for (int i2 = 0; i2 < SPENGO_OID.length; i2++) {
            if (SPENGO_OID[i2] != bArr[i2 + 1 + i]) {
                return false;
            }
        }
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static boolean isNegTokenArg(byte[] bArr) {
        byte b;
        if ((bArr[0] & 255) != 161) {
            return false;
        }
        if ((bArr[1] & 128) == 0) {
            b = bArr[1];
        } else {
            b = 0;
            for (int i = bArr[1] & Byte.MAX_VALUE; i > 0; i--) {
                b = ((b << 8) | (bArr[2] & 255)) == true ? 1 : 0;
            }
        }
        return bArr.length == b + 2;
    }

    public static boolean isServiceTicket(String str) {
        return str != null && str.startsWith("YI");
    }
}
