package org.apache.kerby.kerberos.kerb.gss.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import org.apache.kerby.kerberos.kerb.crypto.util.BytesUtil;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/apache/kerby/kerberos/kerb/gss/impl/GssTokenV2.class */
public abstract class GssTokenV2 extends GssTokenBase {
    public static final int CONFOUNDER_SIZE = 16;
    public static final int TOKEN_HEADER_SIZE = 16;
    private static final int OFFSET_EC = 4;
    private static final int OFFSET_RRC = 6;
    private boolean isInitiator;
    private boolean acceptorSubKey;
    private boolean confState;
    private int sequenceNumber;
    protected int tokenType;
    private byte[] header;
    protected byte[] tokenData;
    protected byte[] checkSum;
    private int ec;
    private int rrc;
    static final int KG_USAGE_ACCEPTOR_SEAL = 22;
    static final int KG_USAGE_ACCEPTOR_SIGN = 23;
    static final int KG_USAGE_INITIATOR_SEAL = 24;
    static final int KG_USAGE_INITIATOR_SIGN = 25;
    private int keyUsage;
    private static final int FLAG_SENT_BY_ACCEPTOR = 1;
    private static final int FLAG_SEALED = 2;
    private static final int FLAG_ACCEPTOR_SUBKEY = 4;
    protected GssEncryptor encryptor;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssTokenV2(int i, GssContext gssContext) throws GSSException {
        this.isInitiator = true;
        this.acceptorSubKey = false;
        this.confState = true;
        this.header = new byte[16];
        initialize(i, gssContext, false);
    }

    private void initialize(int i, GssContext gssContext, boolean z) throws GSSException {
        this.tokenType = i;
        this.isInitiator = gssContext.isInitiator();
        this.acceptorSubKey = gssContext.getKeyComesFrom() == 4;
        this.confState = gssContext.getConfState();
        boolean z2 = z ? !this.isInitiator : this.isInitiator;
        if (i == 1284) {
            this.keyUsage = z2 ? 24 : 22;
        } else if (i == 1028) {
            this.keyUsage = z2 ? KG_USAGE_INITIATOR_SIGN : 23;
        }
        this.encryptor = gssContext.getGssEncryptor();
        if (z) {
            return;
        }
        this.sequenceNumber = gssContext.incMySequenceNumber();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssTokenV2(int i, GssContext gssContext, MessageProp messageProp, byte[] bArr, int i2, int i3) throws GSSException {
        this(i, gssContext, messageProp, new ByteArrayInputStream(bArr, i2, i3));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssTokenV2(int i, GssContext gssContext, MessageProp messageProp, InputStream inputStream) throws GSSException {
        this.isInitiator = true;
        this.acceptorSubKey = false;
        this.confState = true;
        this.header = new byte[16];
        initialize(i, gssContext, true);
        if (!this.confState) {
            messageProp.setPrivacy(false);
        }
        reconstructTokenHeader(messageProp, inputStream);
        int checkSumSize = (i == 1284 && messageProp.getPrivacy()) ? 32 + this.encryptor.getCheckSumSize() : this.encryptor.getCheckSumSize();
        try {
            int available = inputStream.available();
            if (i == 1028) {
                available = checkSumSize;
                this.tokenData = new byte[available];
                inputStream.read(this.tokenData);
            } else {
                if (available < checkSumSize) {
                    throw new GSSException(10, -1, "Invalid token length");
                }
                this.tokenData = new byte[available];
                inputStream.read(this.tokenData);
            }
            if (i == 1284) {
                this.tokenData = rotate(this.tokenData);
            }
            if (i == 1028 || (i == 1284 && !messageProp.getPrivacy())) {
                int checkSumSize2 = this.encryptor.getCheckSumSize();
                if (i != 1028 && checkSumSize2 != this.ec) {
                    throw new GSSException(10, -1, "Invalid EC");
                }
                this.checkSum = new byte[checkSumSize2];
                System.arraycopy(this.tokenData, available - checkSumSize2, this.checkSum, 0, checkSumSize2);
            }
        } catch (IOException e) {
            throw new GSSException(10, -1, "Invalid token");
        }
    }

    private byte[] rotate(byte[] bArr) {
        int length = bArr.length;
        if (this.rrc % length != 0) {
            this.rrc %= length;
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, this.rrc, bArr2, 0, length - this.rrc);
            System.arraycopy(bArr, 0, bArr2, length - this.rrc, this.rrc);
            bArr = bArr2;
        }
        return bArr;
    }

    public int getKeyUsage() {
        return this.keyUsage;
    }

    public void generateCheckSum(MessageProp messageProp, byte[] bArr, int i, int i2) throws GSSException {
        createTokenHeader(messageProp.getPrivacy());
        if (this.tokenType == 1028 || (!messageProp.getPrivacy() && this.tokenType == 1284)) {
            this.checkSum = getCheckSum(bArr, i, i2);
        }
        if (messageProp.getPrivacy() || this.tokenType != 1284) {
            return;
        }
        this.header[4] = (byte) (this.checkSum.length >>> 8);
        this.header[5] = (byte) (this.checkSum.length & 255);
    }

    public byte[] getCheckSum(byte[] bArr, int i, int i2) throws GSSException {
        if ((this.header[2] & 2) == 0 && this.tokenType == 1284) {
            this.header[4] = 0;
            this.header[5] = 0;
            this.header[OFFSET_RRC] = 0;
            this.header[7] = 0;
        }
        return this.encryptor.calculateCheckSum(this.header, bArr, i, i2, this.keyUsage);
    }

    public boolean verifyCheckSum(byte[] bArr, int i, int i2) throws GSSException {
        return MessageDigest.isEqual(this.checkSum, getCheckSum(bArr, i, i2));
    }

    private void createTokenHeader(boolean z) {
        this.header[0] = (byte) (this.tokenType >>> 8);
        this.header[1] = (byte) this.tokenType;
        this.header[2] = (byte) (((this.isInitiator ? 0 : 1) | ((!z || this.tokenType == 1028) ? 0 : 2) | (this.acceptorSubKey ? 4 : 0)) & 255);
        this.header[3] = -1;
        if (this.tokenType == 1284) {
            this.header[4] = 0;
            this.header[5] = 0;
            this.header[OFFSET_RRC] = 0;
            this.header[7] = 0;
        } else if (this.tokenType == 1028) {
            this.header[4] = -1;
            this.header[5] = -1;
            this.header[OFFSET_RRC] = -1;
            this.header[7] = -1;
        }
        BytesUtil.int2bytes(this.sequenceNumber, this.header, 12, true);
    }

    private void reconstructTokenHeader(MessageProp messageProp, InputStream inputStream) throws GSSException {
        try {
            if (inputStream.read(this.header, 0, this.header.length) != this.header.length) {
                throw new GSSException(11, -1, "Token header can not be read");
            }
            int i = (this.header[0] << 8) + this.header[1];
            if (i != this.tokenType) {
                throw new GSSException(10, -1, "Token ID should be " + this.tokenType + " instead of " + i);
            }
            if ((this.header[2] & 1) != (this.isInitiator)) {
                throw new GSSException(10, -1, "Invalid acceptor flag");
            }
            if ((this.header[2] & 2) == 2 && this.tokenType == 1284) {
                messageProp.setPrivacy(true);
            } else {
                messageProp.setPrivacy(false);
            }
            if (this.tokenType == 1284) {
                if (this.header[3] != -1) {
                    throw new GSSException(10, -1, "Invalid token filler");
                }
                this.ec = BytesUtil.bytes2short(this.header, 4, true);
                this.rrc = BytesUtil.bytes2short(this.header, OFFSET_RRC, true);
            } else if (this.tokenType == 1028) {
                for (int i2 = 3; i2 < 8; i2++) {
                    if ((this.header[i2] & 255) != 255) {
                        throw new GSSException(10, -1, "Invalid token filler");
                    }
                }
            }
            messageProp.setQOP(0);
            this.sequenceNumber = (int) BytesUtil.bytes2long(this.header, 0, true);
        } catch (IOException e) {
            throw new GSSException(11, -1, "Phrase token header failed");
        }
    }

    public int encodeHeader(byte[] bArr, int i) {
        System.arraycopy(this.header, 0, bArr, i, 16);
        return 16;
    }

    public void encodeHeader(OutputStream outputStream) throws IOException {
        outputStream.write(this.header);
    }
}
