package com.huawei.security.krb5;

import com.huawei.security.jgss.krb5.ExKrb5Util;
import com.huawei.security.krb5.internal.ASRep;
import com.huawei.security.krb5.internal.ASReq;
import com.huawei.security.krb5.internal.EncASRepPart;
import com.huawei.security.krb5.internal.KRBError;
import com.huawei.security.krb5.internal.KdcErrException;
import com.huawei.security.krb5.internal.Krb5;
import com.huawei.security.krb5.internal.PAData;
import com.huawei.security.krb5.internal.ccache.Credentials;
import com.huawei.security.krb5.internal.crypto.ExEType;
import com.huawei.security.krb5.internal.ktab.KeyTab;
import com.huawei.security.util.DerValue;
import com.huawei.util.Objects;
import java.io.IOException;
import java.util.Map;

/* loaded from: input_file:com/huawei/security/krb5/ExKrbAsRep.class */
public class ExKrbAsRep extends KrbKdcRep {
    private ASRep rep;
    private ExCredentials creds;
    private Map<String, ?> props;
    private boolean DEBUG = Krb5.DEBUG;

    public ExKrbAsRep(byte[] bArr, Map<String, ?> map) throws KrbException, Asn1Exception, IOException {
        KrbException krbException;
        this.props = null;
        this.props = map;
        DerValue derValue = new DerValue(bArr);
        try {
            this.rep = new ASRep(derValue);
        } catch (Asn1Exception e) {
            this.rep = null;
            KRBError kRBError = new KRBError(derValue);
            String errorString = kRBError.getErrorString();
            String str = null;
            if (errorString != null && errorString.length() > 0) {
                str = errorString.charAt(errorString.length() - 1) == 0 ? errorString.substring(0, errorString.length() - 1) : errorString;
            }
            if (str == null) {
                krbException = new KrbException(kRBError);
            } else {
                if (this.DEBUG) {
                    System.out.println("KRBError received: " + str);
                }
                krbException = new KrbException(kRBError, str);
            }
            krbException.initCause(e);
            throw krbException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PAData[] getPA() {
        return this.rep.pAData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void decryptUsingKeyTab(KeyTab keyTab, ExKrbAsReq exKrbAsReq, ExPrincipalName exPrincipalName) throws KrbException, Asn1Exception, IOException {
        EncryptionKey encryptionKey = null;
        int eType = this.rep.encPart.getEType();
        Integer num = this.rep.encPart.kvno;
        try {
            encryptionKey = EncryptionKey.findKey(eType, num, ExKrb5Util.keysFromJavaxKeyTab(keyTab, exPrincipalName, (String) this.props.get("confKey")));
        } catch (KrbException e) {
            if (e.returnCode() == 44) {
                encryptionKey = EncryptionKey.findKey(eType, ExKrb5Util.keysFromJavaxKeyTab(keyTab, exPrincipalName, (String) this.props.get("confKey")));
            }
        }
        if (encryptionKey == null) {
            throw new KrbException(Krb5.API_INVALID_ARG, "Cannot find key for type/kvno to decrypt AS REP - " + ExEType.toString(eType) + ExPrincipalName.NAME_COMPONENT_SEPARATOR_STR + num);
        }
        decrypt(encryptionKey, exKrbAsReq);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void decryptUsingPassword(char[] cArr, ExKrbAsReq exKrbAsReq, ExPrincipalName exPrincipalName) throws KrbException, Asn1Exception, IOException {
        int eType = this.rep.encPart.getEType();
        decrypt(EncryptionKey.acquireSecretKey(exPrincipalName, cArr, eType, PAData.getSaltAndParams(eType, this.rep.pAData)), exKrbAsReq);
    }

    private void decrypt(EncryptionKey encryptionKey, ExKrbAsReq exKrbAsReq) throws KrbException, Asn1Exception, IOException {
        byte[] bArr = null;
        try {
            bArr = this.rep.encPart.decrypt(encryptionKey, 3);
        } catch (KdcErrException e) {
            e.printStackTrace();
        }
        EncASRepPart encASRepPart = new EncASRepPart(new DerValue(this.rep.encPart.reset(bArr)));
        this.rep.ticket.sname.setRealm(this.rep.ticket.realm);
        this.rep.encKDCRepPart = encASRepPart;
        ASReq message = exKrbAsReq.getMessage();
        check(message, this.rep, (String) this.props.get("confKey"));
        this.creds = new ExCredentials(this.rep.ticket, message.reqBody.cname, this.rep.ticket.sname, encASRepPart.key, encASRepPart.flags, encASRepPart.authtime, encASRepPart.starttime, encASRepPart.endtime, encASRepPart.renewTill, encASRepPart.caddr, null, (String) this.props.get("confKey"));
        if (this.DEBUG) {
            System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " + message.reqBody.cname.getNameString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ExCredentials getCreds() {
        return (ExCredentials) Objects.requireNonNull(this.creds, "Creds not available yet.");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Credentials getCCreds() {
        return new Credentials(this.rep);
    }
}
