package com.huawei.security.jgss.krb5;

import com.huawei.security.jgss.AuthorizationDataEntry;
import com.huawei.security.jgss.krb5.ExInitialToken;
import com.huawei.security.krb5.Checksum;
import com.huawei.security.krb5.EncryptionKey;
import com.huawei.security.krb5.ExCredentials;
import com.huawei.security.krb5.ExKrbApReq;
import com.huawei.security.krb5.KrbException;
import com.huawei.security.krb5.internal.AuthorizationData;
import com.huawei.security.krb5.internal.KerberosTime;
import com.huawei.security.util.DerValue;
import java.io.IOException;
import java.io.InputStream;
import java.util.Map;
import org.ietf.jgss.GSSException;

/* loaded from: input_file:com/huawei/security/jgss/krb5/ExInitSecContextToken.class */
public class ExInitSecContextToken extends ExInitialToken {
    private ExKrbApReq apReq;
    private Map<String, ?> props;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExInitSecContextToken(ExKrb5Context exKrb5Context, ExCredentials exCredentials, ExCredentials exCredentials2, Map<String, ?> map) throws KrbException, IOException, GSSException {
        this.apReq = null;
        boolean mutualAuthState = exKrb5Context.getMutualAuthState();
        this.props = map;
        Checksum checksum = new ExInitialToken.OverloadedChecksum(exKrb5Context, exCredentials, exCredentials2, map).getChecksum();
        exKrb5Context.setTktFlags(exCredentials2.getFlags());
        exKrb5Context.setAuthTime(new KerberosTime(exCredentials2.getAuthTime()).toString());
        this.apReq = new ExKrbApReq(exCredentials2, mutualAuthState, true, true, checksum, (String) this.props.get("confKey"));
        exKrb5Context.resetMySequenceNumber(this.apReq.getSeqNumber().intValue());
        EncryptionKey subKey = this.apReq.getSubKey();
        if (subKey != null) {
            exKrb5Context.setKey(1, subKey);
        } else {
            exKrb5Context.setKey(0, exCredentials2.getSessionKey());
        }
        if (mutualAuthState) {
            return;
        }
        exKrb5Context.resetPeerSequenceNumber(0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExInitSecContextToken(ExKrb5Context exKrb5Context, EncryptionKey[] encryptionKeyArr, InputStream inputStream, Map<String, ?> map) throws IOException, GSSException, KrbException {
        this.apReq = null;
        int read = (inputStream.read() << 8) | inputStream.read();
        this.props = map;
        if (read != 256) {
            throw new GSSException(10, -1, "AP_REQ token id does not match!");
        }
        this.apReq = new ExKrbApReq(new DerValue(inputStream).toByteArray(), encryptionKeyArr, exKrb5Context.getChannelBinding() != null ? exKrb5Context.getChannelBinding().getInitiatorAddress() : null, (String) this.props.get("confKey"));
        EncryptionKey sessionKey = this.apReq.getCreds().getSessionKey();
        EncryptionKey subKey = this.apReq.getSubKey();
        if (subKey != null) {
            exKrb5Context.setKey(1, subKey);
        } else {
            exKrb5Context.setKey(0, sessionKey);
        }
        ExInitialToken.OverloadedChecksum overloadedChecksum = new ExInitialToken.OverloadedChecksum(exKrb5Context, this.apReq.getChecksum(), sessionKey, subKey, map);
        overloadedChecksum.setContextFlags(exKrb5Context);
        ExCredentials delegatedCreds = overloadedChecksum.getDelegatedCreds();
        if (delegatedCreds != null) {
            exKrb5Context.setDelegCred(ExKrb5InitCredential.getInstance((ExKrb5NameElement) exKrb5Context.getSrcName(), delegatedCreds, map));
        }
        Integer seqNumber = this.apReq.getSeqNumber();
        int intValue = seqNumber != null ? seqNumber.intValue() : 0;
        exKrb5Context.resetPeerSequenceNumber(intValue);
        if (!exKrb5Context.getMutualAuthState()) {
            exKrb5Context.resetMySequenceNumber(intValue);
        }
        exKrb5Context.setAuthTime(new KerberosTime(this.apReq.getCreds().getAuthTime()).toString());
        exKrb5Context.setTktFlags(this.apReq.getCreds().getFlags());
        AuthorizationData authzData = this.apReq.getCreds().getAuthzData();
        if (authzData == null) {
            exKrb5Context.setAuthzData(null);
            return;
        }
        AuthorizationDataEntry[] authorizationDataEntryArr = new AuthorizationDataEntry[authzData.count()];
        for (int i = 0; i < authzData.count(); i++) {
            authorizationDataEntryArr[i] = new AuthorizationDataEntry(authzData.item(i).adType, authzData.item(i).adData);
        }
        exKrb5Context.setAuthzData(authorizationDataEntryArr);
    }

    public final ExKrbApReq getKrbApReq() {
        return this.apReq;
    }

    @Override // com.huawei.security.jgss.krb5.ExInitialToken
    public final byte[] encode() throws IOException {
        byte[] message = this.apReq.getMessage();
        byte[] bArr = new byte[2 + message.length];
        writeInt(256, bArr, 0);
        System.arraycopy(message, 0, bArr, 2, message.length);
        return bArr;
    }
}
