package sun.security.jgss.krb5;

import java.io.IOException;
import java.net.InetAddress;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.security.auth.kerberos.DelegationPermission;
import org.ietf.jgss.ChannelBinding;
import org.ietf.jgss.GSSException;
import sun.security.krb5.Checksum;
import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbCred;
import sun.security.krb5.KrbException;
import sun.security.krb5.PrincipalName;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:118668-01/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/rt.jar:sun/security/jgss/krb5/InitialToken.class */
public abstract class InitialToken extends Krb5Token {
    private static final int CHECKSUM_TYPE = 32771;
    private static final int CHECKSUM_LENGTH_SIZE = 4;
    private static final int CHECKSUM_BINDINGS_SIZE = 16;
    private static final int CHECKSUM_FLAGS_SIZE = 4;
    private static final int CHECKSUM_DELEG_OPT_SIZE = 2;
    private static final int CHECKSUM_DELEG_LGTH_SIZE = 2;
    private static final int CHECKSUM_DELEG_FLAG = 1;
    private static final int CHECKSUM_MUTUAL_FLAG = 2;
    private static final int CHECKSUM_REPLAY_FLAG = 4;
    private static final int CHECKSUM_SEQUENCE_FLAG = 8;
    private static final int CHECKSUM_CONF_FLAG = 16;
    private static final int CHECKSUM_INTEG_FLAG = 32;
    private final byte[] CHECKSUM_FIRST_BYTES = {16, 0, 0, 0};
    private final int CHANNEL_BINDING_AF_INET = 2;
    private final int CHANNEL_BINDING_AF_NULL_ADDR = 255;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:118668-01/SUNWj5rt/reloc/jdk/instances/jdk1.5.0/jre/lib/rt.jar:sun/security/jgss/krb5/InitialToken$OverloadedChecksum.class */
    public class OverloadedChecksum {
        private byte[] checksumBytes;
        private Credentials delegCreds;
        private int flags;

        public OverloadedChecksum(Krb5Context krb5Context, Credentials credentials, Credentials credentials2) throws KrbException, IOException, GSSException {
            this.checksumBytes = null;
            this.delegCreds = null;
            this.flags = 0;
            byte[] bArr = null;
            int i = 24;
            if (krb5Context.getCredDelegState()) {
                if (credentials.isForwardable()) {
                    bArr = new KrbCred(credentials, credentials2, EncryptionKey.NULL_KEY).getMessage();
                    i = 24 + 4 + bArr.length;
                } else {
                    krb5Context.setCredDelegState(false);
                }
            }
            this.checksumBytes = new byte[i];
            int i2 = 0 + 1;
            this.checksumBytes[0] = InitialToken.this.CHECKSUM_FIRST_BYTES[0];
            int i3 = i2 + 1;
            this.checksumBytes[i2] = InitialToken.this.CHECKSUM_FIRST_BYTES[1];
            int i4 = i3 + 1;
            this.checksumBytes[i3] = InitialToken.this.CHECKSUM_FIRST_BYTES[2];
            int i5 = i4 + 1;
            this.checksumBytes[i4] = InitialToken.this.CHECKSUM_FIRST_BYTES[3];
            if (krb5Context.getChannelBinding() != null) {
                byte[] computeChannelBinding = InitialToken.this.computeChannelBinding(krb5Context.getChannelBinding());
                System.arraycopy(computeChannelBinding, 0, this.checksumBytes, i5, computeChannelBinding.length);
            }
            int i6 = i5 + 16;
            if (krb5Context.getCredDelegState()) {
                this.flags |= 1;
            }
            if (krb5Context.getMutualAuthState()) {
                this.flags |= 2;
            }
            if (krb5Context.getReplayDetState()) {
                this.flags |= 4;
            }
            if (krb5Context.getSequenceDetState()) {
                this.flags |= 8;
            }
            if (krb5Context.getIntegState()) {
                this.flags |= 32;
            }
            if (krb5Context.getConfState()) {
                this.flags |= 16;
            }
            byte[] bArr2 = new byte[4];
            Krb5Token.writeLittleEndian(this.flags, bArr2);
            int i7 = i6 + 1;
            this.checksumBytes[i6] = bArr2[0];
            int i8 = i7 + 1;
            this.checksumBytes[i7] = bArr2[1];
            int i9 = i8 + 1;
            this.checksumBytes[i8] = bArr2[2];
            int i10 = i9 + 1;
            this.checksumBytes[i9] = bArr2[3];
            if (krb5Context.getCredDelegState()) {
                PrincipalName server = credentials2.getServer();
                StringBuffer stringBuffer = new StringBuffer("\"");
                stringBuffer.append(server.getName()).append('\"');
                String realmAsString = server.getRealmAsString();
                stringBuffer.append(" \"krbtgt/").append(realmAsString).append('@');
                stringBuffer.append(realmAsString).append('\"');
                SecurityManager securityManager = System.getSecurityManager();
                if (securityManager != null) {
                    securityManager.checkPermission(new DelegationPermission(stringBuffer.toString()));
                }
                int i11 = i10 + 1;
                this.checksumBytes[i10] = 1;
                int i12 = i11 + 1;
                this.checksumBytes[i11] = 0;
                if (bArr.length > 65535) {
                    throw new GSSException(-1);
                }
                Krb5Token.writeLittleEndian(bArr.length, bArr2);
                int i13 = i12 + 1;
                this.checksumBytes[i12] = bArr2[0];
                this.checksumBytes[i13] = bArr2[1];
                System.arraycopy(bArr, 0, this.checksumBytes, i13 + 1, bArr.length);
            }
        }

        public OverloadedChecksum(Krb5Context krb5Context, Checksum checksum, EncryptionKey encryptionKey) throws GSSException, KrbException, IOException {
            String str;
            boolean z;
            this.checksumBytes = null;
            this.delegCreds = null;
            this.flags = 0;
            this.checksumBytes = checksum.getBytes();
            if (this.checksumBytes[0] != InitialToken.this.CHECKSUM_FIRST_BYTES[0] || this.checksumBytes[1] != InitialToken.this.CHECKSUM_FIRST_BYTES[1] || this.checksumBytes[2] != InitialToken.this.CHECKSUM_FIRST_BYTES[2] || this.checksumBytes[3] != InitialToken.this.CHECKSUM_FIRST_BYTES[3]) {
                throw new GSSException(-1);
            }
            byte[] bArr = new byte[16];
            System.arraycopy(this.checksumBytes, 4, bArr, 0, 16);
            boolean z2 = !Arrays.equals(new byte[16], bArr);
            ChannelBinding channelBinding = krb5Context.getChannelBinding();
            if (z2 || channelBinding != null) {
                if (z2 && channelBinding != null) {
                    z = !Arrays.equals(InitialToken.this.computeChannelBinding(channelBinding), bArr);
                    str = "Bytes mismatch!";
                } else if (channelBinding == null) {
                    str = "ChannelBinding not provided!";
                    z = true;
                } else {
                    str = "Token missing ChannelBinding!";
                    z = true;
                }
                if (z) {
                    throw new GSSException(1, -1, str);
                }
            }
            this.flags = Krb5Token.readLittleEndian(this.checksumBytes, 20, 4);
            if ((this.flags & 1) > 0) {
                int readLittleEndian = Krb5Token.readLittleEndian(this.checksumBytes, 26, 2);
                byte[] bArr2 = new byte[readLittleEndian];
                System.arraycopy(this.checksumBytes, 28, bArr2, 0, readLittleEndian);
                this.delegCreds = new KrbCred(bArr2, EncryptionKey.NULL_KEY).getDelegatedCreds()[0];
            }
        }

        public Checksum getChecksum() throws KrbException {
            return new Checksum(this.checksumBytes, 32771);
        }

        public Credentials getDelegatedCreds() {
            return this.delegCreds;
        }

        public void setContextFlags(Krb5Context krb5Context) {
            if ((this.flags & 1) > 0) {
                krb5Context.setCredDelegState(true);
            }
            if ((this.flags & 2) == 0) {
                krb5Context.setMutualAuthState(false);
            }
            if ((this.flags & 4) == 0) {
                krb5Context.setReplayDetState(false);
            }
            if ((this.flags & 8) == 0) {
                krb5Context.setSequenceDetState(false);
            }
            if ((this.flags & 16) == 0) {
                krb5Context.setConfState(false);
            }
            if ((this.flags & 32) == 0) {
                krb5Context.setIntegState(false);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] computeChannelBinding(ChannelBinding channelBinding) throws GSSException {
        int i;
        int i2;
        InetAddress initiatorAddress = channelBinding.getInitiatorAddress();
        InetAddress acceptorAddress = channelBinding.getAcceptorAddress();
        byte[] bArr = null;
        int i3 = 255;
        byte[] bArr2 = null;
        int i4 = 255;
        int i5 = 20;
        if (initiatorAddress != null) {
            i3 = 2;
            bArr = initiatorAddress.getAddress();
            if (bArr.length != 4) {
                throw new GSSException(11, -1, "Cannot handle non AF-INET addresses in ChannelBinding.");
            }
            i5 = 20 + bArr.length;
        }
        if (acceptorAddress != null) {
            i4 = 2;
            bArr2 = acceptorAddress.getAddress();
            if (bArr2.length != 4) {
                throw new GSSException(11, -1, "Cannot handle non AF-INET addresses in ChannelBinding.");
            }
            i5 += bArr2.length;
        }
        byte[] applicationData = channelBinding.getApplicationData();
        if (applicationData != null) {
            i5 += applicationData.length;
        }
        byte[] bArr3 = new byte[i5];
        writeLittleEndian(i3, bArr3, 0);
        int i6 = 0 + 4;
        if (bArr != null) {
            writeLittleEndian(bArr.length, bArr3, i6);
            int i7 = i6 + 4;
            System.arraycopy(bArr, 0, bArr3, i7, bArr.length);
            i = i7 + bArr.length;
        } else {
            i = i6 + 4;
        }
        writeLittleEndian(i4, bArr3, i);
        int i8 = i + 4;
        if (bArr2 != null) {
            writeLittleEndian(bArr2.length, bArr3, i8);
            int i9 = i8 + 4;
            System.arraycopy(bArr2, 0, bArr3, i9, bArr2.length);
            i2 = i9 + bArr2.length;
        } else {
            i2 = i8 + 4;
        }
        if (applicationData != null) {
            writeLittleEndian(applicationData.length, bArr3, i2);
            int i10 = i2 + 4;
            System.arraycopy(applicationData, 0, bArr3, i10, applicationData.length);
            int length = i10 + applicationData.length;
        } else {
            int i11 = i2 + 4;
        }
        try {
            return MessageDigest.getInstance("MD5").digest(bArr3);
        } catch (NoSuchAlgorithmException e) {
            throw new GSSException(11, -1, "Could not get MD5 Message Digest - " + e.getMessage());
        }
    }

    public abstract byte[] encode() throws IOException;
}
