package com.huawei.security.krb5;

import com.huawei.security.krb5.internal.APOptions;
import com.huawei.security.krb5.internal.AuthorizationData;
import com.huawei.security.krb5.internal.HostAddresses;
import com.huawei.security.krb5.internal.KDCOptions;
import com.huawei.security.krb5.internal.KDCReqBody;
import com.huawei.security.krb5.internal.KdcErrException;
import com.huawei.security.krb5.internal.KerberosTime;
import com.huawei.security.krb5.internal.Krb5;
import com.huawei.security.krb5.internal.KrbApErrException;
import com.huawei.security.krb5.internal.PAData;
import com.huawei.security.krb5.internal.TGSReq;
import com.huawei.security.krb5.internal.Ticket;
import com.huawei.security.krb5.internal.crypto.ExEType;
import com.huawei.security.krb5.internal.crypto.Nonce;
import java.io.IOException;
import java.net.UnknownHostException;

/* loaded from: input_file:com/huawei/security/krb5/ExKrbTgsReq.class */
public class ExKrbTgsReq {
    private ExPrincipalName princName;
    private ExPrincipalName servName;
    private TGSReq tgsReqMessg;
    private KerberosTime ctime;
    private Ticket secondTicket;
    private boolean useSubkey;
    EncryptionKey tgsReqKey;
    private static final boolean DEBUG = Krb5.DEBUG;
    private byte[] obuf;
    private byte[] ibuf;
    private String confKey;

    public ExKrbTgsReq(ExCredentials exCredentials, ExPrincipalName exPrincipalName, String str) throws KrbException, IOException {
        this(new KDCOptions(str), exCredentials, exPrincipalName, null, null, null, null, null, null, null, null, str);
        this.confKey = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExKrbTgsReq(KDCOptions kDCOptions, ExCredentials exCredentials, ExPrincipalName exPrincipalName, KerberosTime kerberosTime, KerberosTime kerberosTime2, KerberosTime kerberosTime3, int[] iArr, HostAddresses hostAddresses, AuthorizationData authorizationData, Ticket[] ticketArr, EncryptionKey encryptionKey, String str) throws KrbException, IOException {
        this.secondTicket = null;
        this.useSubkey = false;
        this.princName = exCredentials.client;
        this.servName = exPrincipalName;
        this.confKey = str;
        this.ctime = new KerberosTime(true);
        if (kDCOptions.get(1) && !exCredentials.flags.get(1)) {
            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
        }
        if (kDCOptions.get(2) && !exCredentials.flags.get(1)) {
            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
        }
        if (kDCOptions.get(3) && !exCredentials.flags.get(3)) {
            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
        }
        if (kDCOptions.get(4) && !exCredentials.flags.get(3)) {
            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
        }
        if (kDCOptions.get(5) && !exCredentials.flags.get(5)) {
            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
        }
        if (kDCOptions.get(8) && !exCredentials.flags.get(8)) {
            throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
        }
        if (kDCOptions.get(6)) {
            if (!exCredentials.flags.get(6)) {
                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
            }
        } else if (kerberosTime != null) {
            kerberosTime = null;
        }
        if (kDCOptions.get(8)) {
            if (!exCredentials.flags.get(8)) {
                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
            }
        } else if (kerberosTime3 != null) {
            kerberosTime3 = null;
        }
        if (kDCOptions.get(28)) {
            if (ticketArr == null) {
                throw new KrbException(Krb5.KRB_AP_ERR_REQ_OPTIONS);
            }
            this.secondTicket = ticketArr[0];
        } else if (ticketArr != null) {
            ticketArr = null;
        }
        try {
            this.tgsReqMessg = createRequest(kDCOptions, exCredentials.ticket, exCredentials.key, this.ctime, this.princName, this.princName.getRealm(), this.servName, kerberosTime, kerberosTime2, kerberosTime3, iArr, hostAddresses, authorizationData, ticketArr, encryptionKey);
        } catch (KdcErrException e) {
            e.printStackTrace();
        }
        this.obuf = this.tgsReqMessg.asn1Encode();
        if (exCredentials.flags.get(2)) {
            kDCOptions.set(2, true);
        }
    }

    public void send() throws IOException, KrbException {
        if (this.servName != null) {
            this.servName.getRealmString();
        }
        this.ibuf = ExKdcComm.getKdcComm(this.confKey).send(this.obuf);
    }

    public ExKrbTgsRep getReply() throws KrbException, IOException {
        return new ExKrbTgsRep(this.ibuf, this, this.confKey);
    }

    public ExCredentials sendAndGetCreds() throws IOException, KrbException {
        send();
        return getReply().getCreds();
    }

    KerberosTime getCtime() {
        return this.ctime;
    }

    private TGSReq createRequest(KDCOptions kDCOptions, Ticket ticket, EncryptionKey encryptionKey, KerberosTime kerberosTime, ExPrincipalName exPrincipalName, Realm realm, ExPrincipalName exPrincipalName2, KerberosTime kerberosTime2, KerberosTime kerberosTime3, KerberosTime kerberosTime4, int[] iArr, HostAddresses hostAddresses, AuthorizationData authorizationData, Ticket[] ticketArr, EncryptionKey encryptionKey2) throws Asn1Exception, IOException, KdcErrException, KrbApErrException, UnknownHostException, KrbCryptoException {
        int[] iArr2;
        Checksum checksum;
        KerberosTime kerberosTime5 = kerberosTime3 == null ? new KerberosTime(0L) : kerberosTime3;
        this.tgsReqKey = encryptionKey;
        if (iArr == null) {
            iArr2 = ExEType.getDefaults("default_tgs_enctypes", this.confKey);
            if (iArr2 == null) {
                throw new KrbCryptoException("No supported encryption types listed in default_tgs_enctypes");
            }
        } else {
            iArr2 = iArr;
        }
        EncryptionKey encryptionKey3 = null;
        EncryptedData encryptedData = null;
        if (authorizationData != null) {
            byte[] asn1Encode = authorizationData.asn1Encode();
            if (encryptionKey2 != null) {
                encryptionKey3 = encryptionKey2;
                this.tgsReqKey = encryptionKey2;
                this.useSubkey = true;
                encryptedData = new EncryptedData(encryptionKey3, asn1Encode, 5);
            } else {
                encryptedData = new EncryptedData(encryptionKey, asn1Encode, 4);
            }
        }
        KDCReqBody kDCReqBody = new KDCReqBody(kDCOptions, exPrincipalName, exPrincipalName2.getRealm(), exPrincipalName2, kerberosTime2, kerberosTime5, kerberosTime4, Nonce.value(), iArr2, hostAddresses, encryptedData, ticketArr, this.confKey);
        byte[] asn1Encode2 = kDCReqBody.asn1Encode(12);
        new Checksum(this.confKey);
        switch (Checksum.CKSUMTYPE_DEFAULT) {
            case Checksum.CKSUMTYPE_HMAC_MD5_ARCFOUR /* -138 */:
            case 3:
            case 4:
            case 5:
            case 6:
            case 8:
            case 12:
            case 15:
            case 16:
                checksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, asn1Encode2, encryptionKey, 6, this.confKey);
                break;
            case 1:
            case 2:
            case 7:
            default:
                checksum = new Checksum(Checksum.CKSUMTYPE_DEFAULT, asn1Encode2, this.confKey);
                break;
        }
        return new TGSReq(new PAData[]{new PAData(1, new ExKrbApReq(new APOptions(), ticket, encryptionKey, realm, exPrincipalName, checksum, kerberosTime, encryptionKey3, null, null, this.confKey).getMessage())}, kDCReqBody, this.confKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TGSReq getMessage() {
        return this.tgsReqMessg;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Ticket getSecondTicket() {
        return this.secondTicket;
    }

    private static void debug(String str) {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean usedSubkey() {
        return this.useSubkey;
    }
}
