package org.apache.kerby.kerberos.kerb.gss.impl;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.crypto.CheckSumHandler;
import org.apache.kerby.kerberos.kerb.crypto.CheckSumTypeHandler;
import org.apache.kerby.kerberos.kerb.crypto.EncTypeHandler;
import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
import org.apache.kerby.kerberos.kerb.crypto.cksum.provider.Md5Provider;
import org.apache.kerby.kerberos.kerb.crypto.enc.provider.DesProvider;
import org.apache.kerby.kerberos.kerb.crypto.enc.provider.Rc4Provider;
import org.apache.kerby.kerberos.kerb.type.base.CheckSumType;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/gss/impl/GssEncryptor.class */
public class GssEncryptor {
    private final EncryptionKey encKey;
    private final EncryptionType encKeyType;
    private final byte[] encKeyBytes;
    private CheckSumType checkSumTypeDef;
    private int checkSumSize;
    private boolean isV2;
    private int sgnAlg;
    private int sealAlg;
    private boolean isArcFourHmac;
    private static final byte[] IV_ZEROR_8B = new byte[8];

    public GssEncryptor(EncryptionKey encryptionKey) throws GSSException {
        this.isV2 = false;
        this.sgnAlg = GssTokenV1.SEAL_ALG_NONE;
        this.sealAlg = GssTokenV1.SEAL_ALG_NONE;
        this.isArcFourHmac = false;
        this.encKey = encryptionKey;
        this.encKeyBytes = this.encKey.getKeyData();
        this.encKeyType = encryptionKey.getKeyType();
        if (this.encKeyType == EncryptionType.AES128_CTS_HMAC_SHA1_96) {
            this.checkSumSize = 12;
            this.checkSumTypeDef = CheckSumType.HMAC_SHA1_96_AES128;
            this.isV2 = true;
            return;
        }
        if (this.encKeyType == EncryptionType.AES256_CTS_HMAC_SHA1_96) {
            this.checkSumSize = 12;
            this.checkSumTypeDef = CheckSumType.HMAC_SHA1_96_AES256;
            this.isV2 = true;
            return;
        }
        if (this.encKeyType == EncryptionType.DES_CBC_CRC || this.encKeyType == EncryptionType.DES_CBC_MD5) {
            this.sgnAlg = 0;
            this.sealAlg = 0;
            this.checkSumSize = 8;
        } else if (this.encKeyType == EncryptionType.DES3_CBC_SHA1) {
            this.sgnAlg = GssTokenV1.SGN_ALG_HMAC_SHA1_DES3_KD;
            this.sealAlg = 512;
            this.checkSumSize = 20;
        } else {
            if (this.encKeyType != EncryptionType.ARCFOUR_HMAC) {
                throw new GSSException(11, -1, "Invalid encryption type: " + this.encKeyType.getDisplayName());
            }
            this.sgnAlg = GssTokenV1.SGN_ALG_RC4_HMAC;
            this.sealAlg = GssTokenV1.SEAL_ALG_RC4_HMAC;
            this.checkSumSize = 16;
            this.isArcFourHmac = true;
        }
    }

    public boolean isV2() {
        return this.isV2;
    }

    public int getSgnAlg() {
        return this.sgnAlg;
    }

    public int getSealAlg() {
        return this.sealAlg;
    }

    public boolean isArcFourHmac() {
        return this.isArcFourHmac;
    }

    public byte[] encryptData(byte[] bArr, byte[] bArr2, int i, int i2, int i3) throws GSSException {
        byte[] bArr3 = new byte[bArr.length + i2];
        System.arraycopy(bArr2, i, bArr3, 0, i2);
        System.arraycopy(bArr, 0, bArr3, i2, bArr.length);
        return encryptData(bArr3, i3);
    }

    public byte[] encryptData(byte[] bArr, int i) throws GSSException {
        try {
            return EncryptionHandler.getEncHandler(this.encKey.getKeyType()).encrypt(bArr, this.encKey.getKeyData(), i);
        } catch (KrbException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    public byte[] decryptData(byte[] bArr, int i) throws GSSException {
        try {
            return EncryptionHandler.getEncHandler(this.encKey.getKeyType()).decrypt(bArr, this.encKey.getKeyData(), i);
        } catch (KrbException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    public byte[] calculateCheckSum(byte[] bArr, byte[] bArr2, int i, int i2, int i3) throws GSSException {
        byte[] bArr3 = new byte[i2 + (bArr == null ? 0 : bArr.length)];
        System.arraycopy(bArr2, i, bArr3, 0, i2);
        if (bArr != null) {
            System.arraycopy(bArr, 0, bArr3, i2, bArr.length);
        }
        try {
            return CheckSumHandler.getCheckSumHandler(this.checkSumTypeDef).checksumWithKey(bArr3, this.encKey.getKeyData(), i3);
        } catch (KrbException e) {
            throw new GSSException(11, -1, "Exception in checksum calculation:" + e.getMessage());
        }
    }

    public int getCheckSumSize() throws GSSException {
        return this.checkSumSize;
    }

    private void addPadding(int i, byte[] bArr, int i2) {
        for (int i3 = 0; i3 < i; i3++) {
            bArr[i2 + i3] = (byte) i;
        }
    }

    private byte[] getFirstBytes(byte[] bArr, int i) {
        if (i >= bArr.length) {
            return bArr;
        }
        byte[] bArr2 = new byte[i];
        System.arraycopy(bArr, 0, bArr2, 0, i);
        return bArr2;
    }

    private byte[] getKeyBytesWithLength(int i) {
        return getFirstBytes(this.encKeyBytes, i);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    public byte[] calculateCheckSum(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2, int i3, boolean z) throws GSSException {
        int i4;
        byte[] bArr4;
        CheckSumType checkSumType;
        int i5 = 23;
        int length = (bArr == null ? 0 : bArr.length) + (bArr2 == null ? 0 : bArr2.length) + i2 + i3;
        if (length == i2) {
            bArr4 = bArr3;
            i4 = i;
        } else {
            i4 = 0;
            int i6 = 0;
            bArr4 = new byte[length];
            if (bArr2 != null) {
                System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
                i6 = 0 + bArr2.length;
            }
            if (bArr != null) {
                System.arraycopy(bArr, 0, bArr4, i6, bArr.length);
                i6 += bArr.length;
            }
            System.arraycopy(bArr3, i, bArr4, i6, i2);
            addPadding(i3, bArr4, i2 + i6);
        }
        try {
            switch (this.sgnAlg) {
                case 0:
                    Md5Provider md5Provider = new Md5Provider();
                    md5Provider.hash(bArr4);
                    bArr4 = md5Provider.output();
                    return new DesProvider().cbcMac(this.encKeyBytes, IV_ZEROR_8B, bArr4);
                case GssTokenV1.SGN_ALG_MD25 /* 256 */:
                    throw new GSSException(11, -1, "CheckSum not implemented for SGN_ALG_MD25");
                case 512:
                    return new DesProvider().cbcMac(this.encKeyBytes, IV_ZEROR_8B, bArr4);
                case GssTokenV1.SGN_ALG_HMAC_SHA1_DES3_KD /* 1024 */:
                    checkSumType = CheckSumType.HMAC_SHA1_DES3_KD;
                    break;
                case GssTokenV1.SGN_ALG_RC4_HMAC /* 4352 */:
                    checkSumType = CheckSumType.MD5_HMAC_ARCFOUR;
                    if (z) {
                        i5 = 15;
                        break;
                    }
                    break;
                default:
                    throw new GSSException(11, -1, "CheckSum not implemented for sgnAlg=" + this.sgnAlg);
            }
            CheckSumTypeHandler checkSumHandler = CheckSumHandler.getCheckSumHandler(checkSumType);
            return checkSumHandler.checksumWithKey(bArr4, i4, length, getKeyBytesWithLength(checkSumHandler.keySize()), i5);
        } catch (KrbException e) {
            throw new GSSException(11, -1, "Exception in checksum calculation sgnAlg = " + this.sgnAlg + " : " + e.getMessage());
        }
    }

    public byte[] encryptSequenceNumber(byte[] bArr, byte[] bArr2, boolean z) throws GSSException {
        try {
            switch (this.sgnAlg) {
                case 0:
                case 512:
                    DesProvider desProvider = new DesProvider();
                    byte[] bArr3 = (byte[]) bArr.clone();
                    if (z) {
                        desProvider.encrypt(this.encKeyBytes, bArr2, bArr3);
                    } else {
                        desProvider.decrypt(this.encKeyBytes, bArr2, bArr3);
                    }
                    return bArr3;
                case GssTokenV1.SGN_ALG_MD25 /* 256 */:
                    throw new GSSException(11, -1, "EncSeq not implemented for SGN_ALG_MD25");
                case GssTokenV1.SGN_ALG_HMAC_SHA1_DES3_KD /* 1024 */:
                    EncTypeHandler encHandler = EncryptionHandler.getEncHandler(EncryptionType.DES3_CBC_SHA1_KD);
                    byte[] keyBytesWithLength = getKeyBytesWithLength(encHandler.keySize());
                    byte[] firstBytes = getFirstBytes(bArr2, encHandler.encProvider().blockSize());
                    return z ? encHandler.encryptRaw(bArr, keyBytesWithLength, firstBytes, 24) : encHandler.decryptRaw(bArr, keyBytesWithLength, firstBytes, 24);
                case GssTokenV1.SGN_ALG_RC4_HMAC /* 4352 */:
                    return encryptArcFourHmac(bArr, getKeyBytesWithLength(16), getFirstBytes(bArr2, 8), z);
                default:
                    throw new GSSException(11, -1, "EncSeq not implemented for sgnAlg=" + this.sgnAlg);
            }
        } catch (KrbException e) {
            throw new GSSException(11, -1, "Exception in encrypt seq number sgnAlg = " + this.sgnAlg + " : " + e.getMessage());
        }
    }

    private byte[] getHmacMd5(byte[] bArr, byte[] bArr2) throws GSSException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacMD5");
            Mac mac = Mac.getInstance("HmacMD5");
            mac.init(secretKeySpec);
            return mac.doFinal(bArr2);
        } catch (Exception e) {
            throw new GSSException(11, -1, "Get HmacMD5 failed: " + e.getMessage());
        }
    }

    private byte[] encryptArcFourHmac(byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) throws GSSException {
        byte[] hmacMd5 = getHmacMd5(getHmacMd5(bArr2, new byte[4]), bArr3);
        Rc4Provider rc4Provider = new Rc4Provider();
        try {
            byte[] bArr4 = (byte[]) bArr.clone();
            if (z) {
                rc4Provider.encrypt(hmacMd5, bArr4);
            } else {
                rc4Provider.decrypt(hmacMd5, bArr4);
            }
            return bArr4;
        } catch (KrbException e) {
            throw new GSSException(11, -1, "En/Decrypt sequence failed for ArcFourHmac: " + e.getMessage());
        }
    }

    private byte[] encryptDataArcFourHmac(byte[] bArr, byte[] bArr2, byte[] bArr3, boolean z) throws GSSException {
        byte[] bArr4 = new byte[bArr2.length];
        for (int i = 0; i <= 15; i++) {
            bArr4[i] = (byte) (bArr2[i] ^ 240);
        }
        return encryptArcFourHmac(bArr, bArr4, bArr3, z);
    }

    public byte[] encryptTokenV1(byte[] bArr, byte[] bArr2, int i, int i2, int i3, byte[] bArr3, boolean z) throws GSSException {
        byte[] bArr4;
        EncTypeHandler encHandler;
        if (z) {
            int i4 = 0;
            bArr4 = new byte[(bArr == null ? 0 : bArr.length) + i2 + i3];
            if (bArr != null) {
                System.arraycopy(bArr, 0, bArr4, 0, bArr.length);
                i4 = 0 + bArr.length;
            }
            System.arraycopy(bArr2, i, bArr4, i4, i2);
            addPadding(i3, bArr4, i4 + i2);
        } else {
            bArr4 = bArr2;
            if (bArr2.length != i2) {
                bArr4 = new byte[i2];
                System.arraycopy(bArr2, i, bArr4, 0, i2);
            }
        }
        try {
            switch (this.sealAlg) {
                case 0:
                    encHandler = EncryptionHandler.getEncHandler(EncryptionType.DES_CBC_MD5);
                    break;
                case 512:
                    encHandler = EncryptionHandler.getEncHandler(EncryptionType.DES3_CBC_SHA1_KD);
                    break;
                case GssTokenV1.SEAL_ALG_RC4_HMAC /* 4096 */:
                    return encryptDataArcFourHmac(bArr4, getKeyBytesWithLength(16), bArr3, z);
                default:
                    throw new GSSException(11, -1, "Unknown encryption type sealAlg = " + this.sealAlg);
            }
            byte[] keyBytesWithLength = getKeyBytesWithLength(encHandler.keySize());
            return z ? encHandler.encryptRaw(bArr4, keyBytesWithLength, 22) : encHandler.decryptRaw(bArr4, keyBytesWithLength, 22);
        } catch (KrbException e) {
            throw new GSSException(11, -1, "Exception in encrypt data sealAlg = " + this.sealAlg + " : " + e.getMessage());
        }
    }
}
