package org.alfresco.jlan.server.auth.kerberos;

import java.io.IOException;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import org.alfresco.jlan.debug.Debug;
import org.alfresco.jlan.server.auth.AuthContext;
import org.alfresco.jlan.server.auth.asn.DER;
import org.alfresco.jlan.server.auth.asn.DERBuffer;
import org.alfresco.jlan.server.auth.asn.DERObject;
import org.alfresco.jlan.server.auth.asn.DEROid;
import org.alfresco.jlan.util.HexDump;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.EncryptionKey;

/* loaded from: input_file:WEB-INF/lib/alfresco-jlan-embed-3.2.jar:org/alfresco/jlan/server/auth/kerberos/KrbAuthContext.class */
public class KrbAuthContext extends AuthContext {
    private KerberosApReq m_apReq;
    private EncKrbTicket m_encTkt;
    private KrbAuthenticator m_krbAuth;
    private boolean m_debug;

    public final void parseKerberosApReq(Subject subject, KerberosApReq kerberosApReq) throws IOException {
        this.m_apReq = kerberosApReq;
        KrbTicket krbTicket = new KrbTicket(kerberosApReq.getTicket());
        if (hasDebug()) {
            Debug.println("Kerberos ticket - " + krbTicket);
        }
        for (KerberosKey kerberosKey : subject.getPrivateCredentials(KerberosKey.class)) {
            if (kerberosKey.getKeyType() == krbTicket.getEncryptedType()) {
                EncryptionKey encryptionKey = new EncryptionKey(kerberosKey.getEncoded(), kerberosKey.getKeyType(), new Integer(2));
                try {
                    byte[] decrypt = new EncryptedData(krbTicket.getEncryptedType(), krbTicket.getEncryptedPartKeyVersion() != -1 ? new Integer(krbTicket.getEncryptedPartKeyVersion()) : null, krbTicket.getEncryptedPart()).decrypt(encryptionKey, 2);
                    if (hasDebug()) {
                        Debug.println("Decrypted ticket = Len=" + decrypt.length + ", key=[Type=" + encryptionKey.getEType() + ", Kvno=" + encryptionKey.getKeyVersionNumber() + ", Key=" + HexDump.hexString(encryptionKey.getBytes()) + "]");
                    }
                    byte[] unpackApplicationSpecificBytes = new DERBuffer(decrypt).unpackApplicationSpecificBytes();
                    if (unpackApplicationSpecificBytes != null) {
                        this.m_encTkt = new EncKrbTicket(unpackApplicationSpecificBytes);
                        if (hasDebug()) {
                            Debug.println("Enc Krb Ticket Part = " + this.m_encTkt);
                        }
                    }
                } catch (Exception e) {
                    if (hasDebug()) {
                        Debug.println("Ticket Error: " + e);
                    }
                }
            }
        }
        if (this.m_encTkt == null) {
            throw new IOException("Failed to decrypt Kerberos ticket");
        }
        EncryptionKey encryptionKey2 = new EncryptionKey(this.m_encTkt.getEncryptionKeyType(), this.m_encTkt.getEncryptionKey());
        try {
            byte[] decrypt2 = new EncryptedData(kerberosApReq.getAuthenticatorEncType(), kerberosApReq.getAuthenticatorKeyVersion() != -1 ? new Integer(kerberosApReq.getAuthenticatorKeyVersion()) : null, kerberosApReq.getAuthenticator()).decrypt(encryptionKey2, 11);
            if (hasDebug()) {
                Debug.println("Decrypted authenticator = Len=" + decrypt2.length + ", key=[Type=" + encryptionKey2.getEType() + ", Kvno=" + encryptionKey2.getKeyVersionNumber() + ", Key=" + HexDump.hexString(encryptionKey2.getBytes()) + "]");
            }
            byte[] unpackApplicationSpecificBytes2 = new DERBuffer(decrypt2).unpackApplicationSpecificBytes();
            if (unpackApplicationSpecificBytes2 != null) {
                this.m_krbAuth = new KrbAuthenticator(unpackApplicationSpecificBytes2);
                if (hasDebug()) {
                    Debug.println("Krb Authenticator = " + this.m_krbAuth);
                }
            }
        } catch (Exception e2) {
            if (hasDebug()) {
                Debug.println("Auth Error: " + e2);
            }
        }
    }

    public final byte[] parseKerberosApRep(byte[] bArr) throws Exception {
        DERBuffer dERBuffer = new DERBuffer(bArr);
        byte[] bArr2 = null;
        DEROid dEROid = null;
        int i = 0;
        DERObject unpackApplicationSpecific = dERBuffer.unpackApplicationSpecific();
        if (unpackApplicationSpecific != null) {
            if (unpackApplicationSpecific instanceof DEROid) {
                dEROid = (DEROid) unpackApplicationSpecific;
            }
            i = dERBuffer.unpackByte() + (dERBuffer.unpackByte() >> 8);
            if (DER.isApplicationSpecific(dERBuffer.peekType())) {
                bArr2 = dERBuffer.unpackApplicationSpecificBytes();
            }
        }
        KerberosApRep kerberosApRep = new KerberosApRep(bArr2);
        if (hasDebug()) {
            Debug.println("Kerberos AP-REP - " + kerberosApRep);
        }
        EncryptionKey encryptionKey = new EncryptionKey(this.m_encTkt.getEncryptionKeyType(), this.m_encTkt.getEncryptionKey());
        byte[] bArr3 = null;
        byte[] decrypt = new EncryptedData(kerberosApRep.getEncryptionType(), kerberosApRep.getKeyVersion() != -1 ? new Integer(kerberosApRep.getKeyVersion()) : null, kerberosApRep.getEncryptedPart()).decrypt(encryptionKey, 12);
        if (hasDebug()) {
            Debug.println("Decrypted AP-REP Len=" + decrypt.length + ", key=[Type=" + encryptionKey.getEType() + ", Key=" + HexDump.hexString(encryptionKey.getBytes()) + "]");
        }
        byte[] unpackApplicationSpecificBytes = new DERBuffer(decrypt).unpackApplicationSpecificBytes();
        if (unpackApplicationSpecificBytes != null) {
            Debug.println("EncApRep bytes:");
            HexDump.Dump(decrypt, decrypt.length, 0, Debug.getDebugInterface());
            EncApRepPart encApRepPart = new EncApRepPart(unpackApplicationSpecificBytes);
            if (hasDebug()) {
                Debug.println("EncApRep = " + encApRepPart);
            }
            if (encApRepPart.getSubKey() == null) {
                encApRepPart.setSubkey(this.m_krbAuth.getSubKeyType(), this.m_krbAuth.getSubKey());
                if (hasDebug()) {
                    Debug.println("Using client sub-key, type=" + this.m_krbAuth.getSubKeyType() + ", key=" + HexDump.hexString(this.m_krbAuth.getSubKey()));
                }
                byte[] encodeApRep = encApRepPart.encodeApRep();
                Debug.println("Re-encoded EncapRep bytes:");
                HexDump.Dump(encodeApRep, encodeApRep.length, 0, Debug.getDebugInterface());
                kerberosApRep.setEncryptedPart(kerberosApRep.getEncryptionType(), new EncryptedData(encryptionKey, encodeApRep, 12).getBytes(), kerberosApRep.getKeyVersion());
                byte[] encodeApRep2 = kerberosApRep.encodeApRep();
                DERBuffer dERBuffer2 = new DERBuffer();
                dEROid.derEncode(dERBuffer2);
                byte[] bytes = dERBuffer2.getBytes();
                byte[] bArr4 = new byte[encodeApRep2.length + 2 + bytes.length];
                System.arraycopy(bytes, 0, bArr4, 0, bytes.length);
                int length = 0 + bytes.length;
                int i2 = length + 1;
                bArr4[length] = (byte) (i & 255);
                bArr4[i2] = (byte) ((i >> 8) & 255);
                System.arraycopy(encodeApRep2, 0, bArr4, i2 + 1, encodeApRep2.length);
                DERBuffer dERBuffer3 = new DERBuffer();
                dERBuffer3.packApplicationSpecific(bArr4);
                bArr3 = dERBuffer3.getBytes();
            }
        }
        return bArr3;
    }

    public final boolean hasDebug() {
        return this.m_debug;
    }

    public final void setDebug(boolean z) {
        this.m_debug = z;
    }

    public String toString() {
        return "[KrbAuthCtx:AP-REQ=" + this.m_apReq + ",EncTkt=" + this.m_encTkt + ",KrbAuth=" + this.m_krbAuth + "]";
    }
}
