package com.huawei.security.krb5;

import com.huawei.security.krb5.internal.EncKrbCredPart;
import com.huawei.security.krb5.internal.HostAddresses;
import com.huawei.security.krb5.internal.KDCOptions;
import com.huawei.security.krb5.internal.KRBCred;
import com.huawei.security.krb5.internal.KdcErrException;
import com.huawei.security.krb5.internal.KerberosTime;
import com.huawei.security.krb5.internal.Krb5;
import com.huawei.security.krb5.internal.KrbCredInfo;
import com.huawei.security.krb5.internal.Ticket;
import com.huawei.security.krb5.internal.TicketFlags;
import com.huawei.security.util.DerValue;
import java.io.IOException;
import java.util.Map;

/* loaded from: input_file:com/huawei/security/krb5/ExKrbCred.class */
public class ExKrbCred {
    private static boolean DEBUG = Krb5.DEBUG;
    private byte[] obuf;
    private KRBCred credMessg;
    private Ticket ticket;
    private ExCredentials creds;
    private KerberosTime timeStamp;
    private Map<String, ?> props;

    public ExKrbCred(ExCredentials exCredentials, ExCredentials exCredentials2, EncryptionKey encryptionKey, Map<String, ?> map) throws KrbException, IOException {
        this.obuf = null;
        this.credMessg = null;
        this.ticket = null;
        this.creds = null;
        this.timeStamp = null;
        this.props = null;
        this.props = map;
        ExPrincipalName client = exCredentials.getClient();
        ExPrincipalName server = exCredentials.getServer();
        ExPrincipalName server2 = exCredentials2.getServer();
        if (!exCredentials2.getClient().equals(client)) {
            throw new KrbException(60, "Client principal does not match");
        }
        KDCOptions kDCOptions = new KDCOptions((String) map.get("confKey"));
        kDCOptions.set(2, true);
        kDCOptions.set(1, true);
        this.credMessg = createMessage(new ExKrbTgsReq(kDCOptions, exCredentials, server, null, null, null, null, server2.getNameType() == 3 ? new HostAddresses(server2) : null, null, null, null, (String) map.get("confKey")).sendAndGetCreds(), encryptionKey);
        this.obuf = this.credMessg.asn1Encode();
    }

    KRBCred createMessage(ExCredentials exCredentials, EncryptionKey encryptionKey) throws KrbException, IOException {
        EncryptionKey sessionKey = exCredentials.getSessionKey();
        ExPrincipalName client = exCredentials.getClient();
        Realm realm = client.getRealm();
        ExPrincipalName server = exCredentials.getServer();
        KrbCredInfo krbCredInfo = new KrbCredInfo(sessionKey, realm, client, exCredentials.flags, exCredentials.authTime, exCredentials.startTime, exCredentials.endTime, exCredentials.renewTill, server.getRealm(), server, exCredentials.cAddr);
        this.timeStamp = new KerberosTime(true);
        EncryptedData encryptedData = null;
        try {
            encryptedData = new EncryptedData(encryptionKey, new EncKrbCredPart(new KrbCredInfo[]{krbCredInfo}, this.timeStamp, null, null, null, null).asn1Encode(), 14);
        } catch (KdcErrException e) {
            e.printStackTrace();
        }
        this.credMessg = new KRBCred(new Ticket[]{exCredentials.ticket}, encryptedData);
        return this.credMessg;
    }

    public ExKrbCred(byte[] bArr, EncryptionKey encryptionKey, Map<String, ?> map) throws KrbException, IOException {
        this.obuf = null;
        this.credMessg = null;
        this.ticket = null;
        this.creds = null;
        this.timeStamp = null;
        this.props = null;
        this.props = map;
        this.credMessg = new KRBCred(bArr);
        this.ticket = this.credMessg.tickets[0];
        byte[] bArr2 = null;
        try {
            bArr2 = this.credMessg.encPart.decrypt(encryptionKey, 14);
        } catch (KdcErrException e) {
            e.printStackTrace();
        }
        EncKrbCredPart encKrbCredPart = new EncKrbCredPart(new DerValue(this.credMessg.encPart.reset(bArr2)));
        this.timeStamp = encKrbCredPart.timeStamp;
        KrbCredInfo krbCredInfo = encKrbCredPart.ticketInfo[0];
        EncryptionKey encryptionKey2 = krbCredInfo.key;
        Realm realm = krbCredInfo.prealm;
        ExPrincipalName exPrincipalName = krbCredInfo.pname;
        exPrincipalName.setRealm(realm);
        TicketFlags ticketFlags = krbCredInfo.flags;
        KerberosTime kerberosTime = krbCredInfo.authtime;
        KerberosTime kerberosTime2 = krbCredInfo.starttime;
        KerberosTime kerberosTime3 = krbCredInfo.endtime;
        KerberosTime kerberosTime4 = krbCredInfo.renewTill;
        Realm realm2 = krbCredInfo.srealm;
        ExPrincipalName exPrincipalName2 = krbCredInfo.sname;
        exPrincipalName2.setRealm(realm2);
        HostAddresses hostAddresses = krbCredInfo.caddr;
        if (DEBUG) {
            System.out.println(">>>Delegated Creds have pname=" + exPrincipalName + " sname=" + exPrincipalName2 + " authtime=" + kerberosTime + " starttime=" + kerberosTime2 + " endtime=" + kerberosTime3 + "renewTill=" + kerberosTime4);
        }
        this.creds = new ExCredentials(this.ticket, exPrincipalName, exPrincipalName2, encryptionKey2, ticketFlags, kerberosTime, kerberosTime2, kerberosTime3, kerberosTime4, hostAddresses, null, (String) map.get("confKey"));
    }

    public ExCredentials[] getDelegatedCreds() {
        return new ExCredentials[]{this.creds};
    }

    public byte[] getMessage() {
        return this.obuf;
    }
}
