package com.ibm.ws.security.krb5;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import java.util.Arrays;
import java.util.StringTokenizer;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/krb5/SpnegoUtil.class */
public class SpnegoUtil {
    public static final TraceComponent tc = Tr.register(SpnegoUtil.class, (String) null, (String) null);
    public static final byte[] SPNEGO_OID = {6, 6, 43, 6, 1, 5, 5, 2};
    public static final byte[] KRB5_OID = {6, 9, 42, -122, 72, -122, -9, 18, 1, 2, 2};
    static final long serialVersionUID = -7992149343083703160L;

    public String extractAuthzTokenString(String str) {
        StringTokenizer stringTokenizer;
        String str2 = null;
        if (str != null && (stringTokenizer = new StringTokenizer(str)) != null) {
            stringTokenizer.nextToken();
            if (stringTokenizer.hasMoreTokens()) {
                str2 = stringTokenizer.nextToken();
            }
        }
        return str2;
    }

    public boolean isSpnegoOrKrb5Token(String str) {
        if (str == null || !str.startsWith("Negotiate ")) {
            return false;
        }
        return isSpnegoOrKrb5Token(Base64Coder.base64Decode(Base64Coder.getBytes(extractAuthzTokenString(str))));
    }

    public boolean isSpnegoOrKrb5Token(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            return false;
        }
        return isSpnegoOrKrb5Oid(bArr, SPNEGO_OID) || isSpnegoOrKrb5Oid(bArr, KRB5_OID);
    }

    private boolean isSpnegoOrKrb5Oid(byte[] bArr, byte[] bArr2) {
        byte[] mechOidFromToken = getMechOidFromToken(bArr, bArr2.length);
        return (mechOidFromToken == null || mechOidFromToken.length == 0 || !Arrays.equals(mechOidFromToken, bArr2)) ? false : true;
    }

    private byte[] getMechOidFromToken(@Sensitive byte[] bArr, int i) {
        if (bArr == null || bArr.length < i + 4) {
            return null;
        }
        byte[] bArr2 = new byte[i];
        for (int i2 = 0; i2 < i; i2++) {
            bArr2[i2] = bArr[i2 + 4];
        }
        return bArr2;
    }
}
