package com.ibm.security.jgss.mech.spnego;

import com.ibm.security.jgss.Debug;
import com.ibm.security.jgss.GSSCredentialImpl;
import com.ibm.security.jgss.GSSManagerImpl;
import com.ibm.security.jgss.GSSNameImpl;
import com.ibm.security.jgss.TokenHeader;
import com.ibm.security.jgss.spi.GSSContextSpi;
import com.ibm.security.jgss.spi.GSSCredentialSpi;
import com.ibm.security.jgss.spi.GSSNameSpi;
import com.ibm.security.util.DerValue;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.ietf.jgss.ChannelBinding;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: input_file:efixes/PQ87500_win/components/prereq.jdk/update.jar:/java/jre/lib/ext/ibmspnego.jar:com/ibm/security/jgss/mech/spnego/SPNEGOContext.class */
public class SPNEGOContext implements GSSContextSpi {
    private Provider provider;
    private GSSNameSpi target;
    private GSSCredentialSpi cred;
    private int desiredLifetime;
    private long starttime;
    private boolean initiator;
    private boolean disposed;
    private boolean established;
    private boolean beforeCallSecContext;
    private static Debug debug = new Debug();
    private final String msKrbOid = "1.2.840.48018.1.2.2";
    private final String mitKrbOid = "1.2.840.113554.1.2.2";
    private boolean[] reqFlagsState;
    private boolean[] origFlagsState;
    private Oid[] mechTypes;
    private MechTypeList list;
    private GSSCredential negCreds;
    private GSSManagerImpl manager;
    private GSSContextSpi context;
    private Oid supportedMech;
    private boolean msToken;

    public SPNEGOContext(GSSCredentialSpi gSSCredentialSpi) throws GSSException {
        this.beforeCallSecContext = true;
        this.msKrbOid = "1.2.840.48018.1.2.2";
        this.mitKrbOid = "1.2.840.113554.1.2.2";
        this.reqFlagsState = new boolean[7];
        this.origFlagsState = new boolean[7];
        this.msToken = false;
        if (gSSCredentialSpi == null) {
            throw new GSSException(13);
        }
        if (gSSCredentialSpi.getAcceptLifetime() <= 0) {
            throw new GSSException(8);
        }
        if (gSSCredentialSpi.isInitiatorCredential()) {
            throw new GSSException(13, 0, "Not an acceptor credential");
        }
        this.cred = gSSCredentialSpi;
        this.initiator = false;
        this.desiredLifetime = gSSCredentialSpi.getAcceptLifetime();
        this.starttime = System.currentTimeMillis() / 1000;
    }

    public SPNEGOContext(GSSNameSpi gSSNameSpi, GSSCredentialSpi gSSCredentialSpi, int i) throws GSSException {
        this.beforeCallSecContext = true;
        this.msKrbOid = "1.2.840.48018.1.2.2";
        this.mitKrbOid = "1.2.840.113554.1.2.2";
        this.reqFlagsState = new boolean[7];
        this.origFlagsState = new boolean[7];
        this.msToken = false;
        if (gSSNameSpi == null) {
            throw new GSSException(3, 0, "GSS peer name can not be null");
        }
        if (gSSCredentialSpi == null) {
            throw new GSSException(13);
        }
        this.cred = gSSCredentialSpi;
        if (gSSCredentialSpi.getInitLifetime() <= 0) {
            throw new GSSException(8);
        }
        if (!this.cred.isInitiatorCredential()) {
            throw new GSSException(13, 0, "Not an initiator credential");
        }
        this.target = gSSNameSpi;
        this.desiredLifetime = i;
        this.starttime = System.currentTimeMillis() / 1000;
        this.initiator = true;
    }

    public SPNEGOContext(byte[] bArr) throws GSSException {
        this.beforeCallSecContext = true;
        this.msKrbOid = "1.2.840.48018.1.2.2";
        this.mitKrbOid = "1.2.840.113554.1.2.2";
        this.reqFlagsState = new boolean[7];
        this.origFlagsState = new boolean[7];
        this.msToken = false;
        throw new GSSException(16, 0, "Not implemented");
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public Provider getProvider() {
        return this.provider;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestMutualAuth(boolean z) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(16);
        }
        this.reqFlagsState[4] = z;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestReplayDet(boolean z) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(16);
        }
        this.reqFlagsState[5] = z;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestSequenceDet(boolean z) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(16);
        }
        this.reqFlagsState[6] = z;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestCredDeleg(boolean z) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(16);
        }
        this.reqFlagsState[2] = z;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestAnonymity(boolean z) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(16);
        }
        this.reqFlagsState[0] = z;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestConf(boolean z) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(16);
        }
        this.reqFlagsState[1] = z;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestInteg(boolean z) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(16);
        }
        this.reqFlagsState[3] = z;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void requestLifetime(int i) throws GSSException {
        if (!this.initiator || !this.beforeCallSecContext) {
            throw new GSSException(15);
        }
        this.desiredLifetime = i;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void setChannelBinding(ChannelBinding channelBinding) throws GSSException {
        if (!this.established) {
            throw new GSSException(16, 0, "Not implemented");
        }
        this.context.setChannelBinding(channelBinding);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void setNegMechs(Oid[] oidArr, GSSCredential gSSCredential) throws GSSException {
        this.mechTypes = (Oid[]) oidArr.clone();
        this.negCreds = gSSCredential;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean getCredDelegState() {
        return !this.established ? this.reqFlagsState[2] : this.context.getCredDelegState();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean getMutualAuthState() {
        return !this.established ? this.reqFlagsState[4] : this.context.getMutualAuthState();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean getReplayDetState() {
        return !this.established ? this.reqFlagsState[5] : this.context.getReplayDetState();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean getSequenceDetState() {
        return !this.established ? this.reqFlagsState[6] : this.context.getSequenceDetState();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean getAnonymityState() {
        return !this.established ? this.reqFlagsState[0] : this.context.getAnonymityState();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean isTransferable() throws GSSException {
        if (this.established) {
            return this.context.isTransferable();
        }
        return false;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean isProtReady() {
        if (this.established) {
            return this.context.isProtReady();
        }
        return false;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean getConfState() {
        return !this.established ? this.reqFlagsState[1] : this.context.getConfState();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean getIntegState() {
        return !this.established ? this.reqFlagsState[3] : this.context.getIntegState();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public int getLifetime() {
        return !this.established ? this.desiredLifetime : Math.min(this.context.getLifetime(), (int) ((this.starttime + this.desiredLifetime) - (System.currentTimeMillis() / 1000)));
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public boolean isEstablished() {
        return this.established;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public GSSNameSpi getSrcName() throws GSSException {
        if (this.established) {
            return this.context.getSrcName();
        }
        if (this.initiator) {
            return this.cred.getName();
        }
        throw new GSSException(11);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public GSSNameSpi getTargName() throws GSSException {
        return this.established ? this.context.getTargName() : this.initiator ? this.target : this.cred.getName();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public Oid getMech() throws GSSException {
        return this.established ? this.supportedMech : GSSManagerImpl.MECH_TYPE_SPNEGO;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public GSSCredentialSpi getDelegCred() throws GSSException {
        if (!this.established || this.initiator) {
            throw new GSSException(16);
        }
        return this.context.getDelegCred();
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public byte[] initSecContext(InputStream inputStream, int i) throws GSSException {
        this.beforeCallSecContext = false;
        if (inputStream == null) {
            if (!this.initiator || this.disposed) {
                throw new GSSException(12);
            }
            try {
                return createInitToken();
            } catch (IOException e) {
                throw new GSSException(12, 0, e.getMessage());
            } catch (GSSException e2) {
                throw e2;
            }
        }
        try {
            byte[] totalBytes = getTotalBytes(inputStream);
            if (totalBytes.length < i) {
                throw new GSSException(11, 0, "Length of input stream read does not match size of the inner context token");
            }
            try {
                return processTargToken(totalBytes);
            } catch (IOException e3) {
                throw new GSSException(11, 0, "Error reading input stream");
            } catch (GSSException e4) {
                throw e4;
            }
        } catch (IOException e5) {
            throw new GSSException(11, 0, "Error reading input stream");
        }
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public byte[] acceptSecContext(InputStream inputStream, int i) throws GSSException {
        this.beforeCallSecContext = false;
        if (this.initiator || this.disposed) {
            throw new GSSException(12);
        }
        try {
            byte[] totalBytes = getTotalBytes(inputStream);
            if (totalBytes.length < i) {
                throw new GSSException(11, 0, "Length of input stream read does not match size of the inner context token");
            }
            try {
                DerValue derValue = new DerValue(totalBytes);
                if ((derValue.getTag() & 31) == 0) {
                    return processInitToken(new InitNegToken(derValue.getData()));
                }
                throw new GSSException(11, 0, "Invalid token tag");
            } catch (IOException e) {
                throw new GSSException(11, 0, "Error reading input stream");
            } catch (GSSException e2) {
                throw e2;
            }
        } catch (IOException e3) {
            throw new GSSException(11, 0, "Error reading input stream");
        }
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public int getWrapSizeLimit(int i, boolean z, int i2) throws GSSException {
        if (this.established) {
            return this.context.getWrapSizeLimit(i, z, i2);
        }
        throw new GSSException(16);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void wrap(InputStream inputStream, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        this.context.wrap(inputStream, outputStream, messageProp);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public byte[] wrap(byte[] bArr, int i, int i2, MessageProp messageProp) throws GSSException {
        if (this.established) {
            return this.context.wrap(bArr, i, i2, messageProp);
        }
        throw new GSSException(16);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public int wrap(byte[] bArr, int i, int i2, byte[] bArr2, int i3, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16, 0, "Not implemented");
        }
        debug.out(4, "SPNEGO: message wrap");
        byte[] wrap = this.context.wrap(bArr, i, i2, messageProp);
        if (wrap == null || bArr2 == null) {
            debug.out(4, "SPNEGO: wrap result is null");
            return 0;
        }
        if (bArr2.length - i3 < wrap.length) {
            throw new GSSException(11, 0, new StringBuffer().append("Result (len=").append(wrap).append(") will not fit ").append("into provided buffer").toString());
        }
        System.arraycopy(wrap, 0, bArr2, i3, wrap.length);
        return wrap.length;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void wrap(byte[] bArr, int i, int i2, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        byte[] wrap = this.context.wrap(bArr, i, i2, messageProp);
        if (wrap == null || outputStream == null) {
            return;
        }
        try {
            outputStream.write(wrap);
            outputStream.flush();
        } catch (IOException e) {
            throw new GSSException(11, 0, new StringBuffer().append("Error in wrap: ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void unwrap(InputStream inputStream, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        this.context.unwrap(inputStream, outputStream, messageProp);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public byte[] unwrap(byte[] bArr, int i, int i2, MessageProp messageProp) throws GSSException {
        if (this.established) {
            return this.context.unwrap(bArr, i, i2, messageProp);
        }
        throw new GSSException(16);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public int unwrap(byte[] bArr, int i, int i2, byte[] bArr2, int i3, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        byte[] unwrap = this.context.unwrap(bArr, i, i2, messageProp);
        if (unwrap == null || bArr2 == null) {
            return 0;
        }
        if (bArr2.length - i3 < unwrap.length) {
            throw new GSSException(11, 0, new StringBuffer().append("Result (len=").append(unwrap).append(") will not fit ").append("into provided buffer").toString());
        }
        System.arraycopy(unwrap, 0, bArr2, i3, unwrap.length);
        return unwrap.length;
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public int unwrap(InputStream inputStream, byte[] bArr, int i, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        try {
            byte[] totalBytes = getTotalBytes(inputStream);
            return unwrap(totalBytes, 0, totalBytes.length, bArr, i, messageProp);
        } catch (IOException e) {
            throw new GSSException(11, 0, "Error parsing input stream");
        }
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void getMIC(InputStream inputStream, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        this.context.getMIC(inputStream, outputStream, messageProp);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public byte[] getMIC(byte[] bArr, int i, int i2, MessageProp messageProp) throws GSSException {
        if (this.established) {
            return this.context.getMIC(bArr, i, i2, messageProp);
        }
        throw new GSSException(16);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void verifyMIC(InputStream inputStream, InputStream inputStream2, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        this.context.verifyMIC(inputStream, inputStream2, messageProp);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void verifyMIC(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4, MessageProp messageProp) throws GSSException {
        if (!this.established) {
            throw new GSSException(16);
        }
        this.context.verifyMIC(bArr, i, i2, bArr2, i3, i4, messageProp);
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public byte[] export() throws GSSException {
        if (this.established) {
            return this.context.export();
        }
        throw new GSSException(16, 0, "Unsupported function");
    }

    @Override // com.ibm.security.jgss.spi.GSSContextSpi
    public void dispose() throws GSSException {
        this.disposed = true;
        this.cred = null;
        this.target = null;
        this.established = false;
        if (this.context != null) {
            this.context.dispose();
            this.context = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setProvider(Provider provider) {
        this.provider = provider;
    }

    private byte[] getTotalBytes(InputStream inputStream) throws IOException {
        byte[] bArr = new byte[8192];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(2048);
        byteArrayOutputStream.reset();
        while (true) {
            int read = inputStream.read(bArr, 0, bArr.length);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private void createContext(Oid oid) throws GSSException {
        GSSCredentialSpi gSSCredentialSpi;
        GSSCredentialSpi cred;
        if (this.manager == null) {
            try {
                this.manager = (GSSManagerImpl) GSSManager.getInstance();
            } catch (ClassCastException e) {
                throw new GSSException(11, 0, "IBM GSSManager not found");
            } catch (Exception e2) {
                throw new GSSException(11, 0, "IBM GSSManager not found");
            }
        }
        if (this.context != null) {
            this.context.dispose();
            this.context = null;
        }
        try {
            GSSCredentialImpl gSSCredentialImpl = (GSSCredentialImpl) this.negCreds;
            GSSNameImpl gSSNameImpl = null;
            if (this.initiator) {
                try {
                    gSSNameImpl = this.manager.createName(this.target);
                    if (gSSNameImpl.getMechName(oid) == null) {
                        gSSNameImpl.canonicalize(oid);
                    }
                    try {
                        gSSCredentialSpi = gSSCredentialImpl.getCred(oid, 1);
                    } catch (GSSException e3) {
                        gSSCredentialSpi = null;
                    }
                    if (gSSCredentialSpi != null) {
                        this.context = this.manager.createMechContext(gSSNameImpl.getMechName(oid), gSSCredentialSpi, getLifetime(), oid);
                        return;
                    } else if (gSSCredentialSpi == null) {
                        try {
                            GSSCredentialSpi cred2 = gSSCredentialImpl.getCred(oid, 0);
                            gSSCredentialSpi = cred2;
                            if (cred2 != null) {
                                this.context = this.manager.createMechContext(gSSNameImpl.getMechName(oid), gSSCredentialSpi, getLifetime(), oid);
                                return;
                            }
                        } catch (GSSException e4) {
                            gSSCredentialSpi = null;
                        }
                    }
                } catch (GSSException e5) {
                    throw new GSSException(11, 1, "Can not create target name for specified mechanism");
                }
            } else {
                try {
                    cred = gSSCredentialImpl.getCred(oid, 2);
                    gSSCredentialSpi = cred;
                } catch (GSSException e6) {
                    gSSCredentialSpi = null;
                }
                if (cred != null) {
                    this.context = this.manager.createMechContext(gSSCredentialSpi, oid);
                    return;
                } else if (gSSCredentialSpi == null) {
                    try {
                        GSSCredentialSpi cred3 = gSSCredentialImpl.getCred(oid, 0);
                        gSSCredentialSpi = cred3;
                        if (cred3 != null) {
                            this.context = this.manager.createMechContext(gSSCredentialSpi, oid);
                            return;
                        }
                    } catch (GSSException e7) {
                        gSSCredentialSpi = null;
                    }
                }
            }
            if (gSSCredentialSpi == null) {
                gSSCredentialSpi = createCredSpi(this.manager, oid);
            }
            if (gSSCredentialSpi == null) {
                throw new GSSException(11, 0, "Unable to create context");
            }
            if (this.initiator) {
                this.context = this.manager.createMechContext(gSSNameImpl.getMechName(oid), gSSCredentialSpi, getLifetime(), oid);
            } else {
                this.context = this.manager.createMechContext(gSSCredentialSpi, oid);
            }
        } catch (ClassCastException e8) {
            throw new GSSException(11, 0, "IBM GSSCredential not found");
        }
    }

    private GSSCredentialSpi createCredSpi(GSSManagerImpl gSSManagerImpl, Oid oid) throws GSSException {
        try {
            try {
                return createCredSpi(gSSManagerImpl, ((GSSNameImpl) this.negCreds.getName(oid)).getMechName(oid), oid);
            } catch (GSSException e) {
                if (0 == 0) {
                    for (Oid oid2 : this.negCreds.getMechs()) {
                        try {
                            return createCredSpi(gSSManagerImpl, ((GSSNameImpl) this.negCreds.getName(oid2).canonicalize(oid)).getMechName(oid), oid);
                        } catch (GSSException e2) {
                        }
                    }
                }
                throw new GSSException(11, 0, "Unable to create mechanism credential element");
            }
        } catch (ClassCastException e3) {
            throw new GSSException(11, 0, "IBM GSSName not found");
        }
    }

    private GSSCredentialSpi createCredSpi(GSSManagerImpl gSSManagerImpl, GSSNameSpi gSSNameSpi, Oid oid) throws GSSException {
        int lifetime = getLifetime();
        int lifetime2 = getLifetime();
        return this.initiator ? gSSManagerImpl.createMechCredential(gSSNameSpi, lifetime, lifetime2, 1, oid) : gSSManagerImpl.createMechCredential(gSSNameSpi, lifetime, lifetime2, 2, oid);
    }

    private void createMechContext(GSSManagerImpl gSSManagerImpl, Oid oid, GSSCredentialSpi gSSCredentialSpi) throws GSSException {
        if (!this.initiator) {
            try {
                this.context = gSSManagerImpl.createMechContext(gSSCredentialSpi, oid);
                return;
            } catch (GSSException e) {
                throw new GSSException(11, 0, "Failed to create context");
            }
        }
        try {
            GSSNameImpl createName = gSSManagerImpl.createName(this.target);
            if (createName.getMechName(oid) == null) {
                createName.canonicalize(oid);
            }
            try {
                this.context = gSSManagerImpl.createMechContext(createName.getMechName(oid), gSSCredentialSpi, getLifetime(), oid);
            } catch (GSSException e2) {
                throw new GSSException(11, 0, "Failed to create context");
            }
        } catch (GSSException e3) {
            throw new GSSException(11, 1, "Can not create target name for specified mechanism");
        }
    }

    private byte[] createInitToken() throws GSSException, IOException {
        boolean z;
        byte[] bArr = null;
        byte[] bArr2 = null;
        DerValue derValue = null;
        int i = -1;
        this.origFlagsState = (boolean[]) this.reqFlagsState.clone();
        boolean z2 = false;
        do {
            z = false;
            if (z2) {
                this.reqFlagsState = (boolean[]) this.origFlagsState.clone();
            }
            i = getPreferredMech(i + 1);
            if (i == -1) {
                throw new GSSException(11, 0, "Failed to set up context");
            }
            if (i > 0) {
                Oid oid = this.mechTypes[i];
                this.mechTypes[i] = this.mechTypes[0];
                this.mechTypes[0] = oid;
            }
            z2 = checkFlags(this.reqFlagsState);
            try {
                bArr2 = this.context.initSecContext(null, 0);
            } catch (GSSException e) {
                z = true;
            }
            ContextFlags contextFlags = new ContextFlags(this.reqFlagsState);
            MechTypeList mechTypeList = new MechTypeList(this.mechTypes);
            if (this.context.isEstablished() && getIntegState()) {
                bArr = getMIC();
            }
            try {
                derValue = new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), new InitNegToken(mechTypeList, contextFlags, bArr2, bArr).encode());
            } catch (IOException e2) {
                z = true;
            }
        } while (z);
        if (debug.on(4)) {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("Negotiation mech list: ");
            for (int i2 = 0; i2 < this.mechTypes.length; i2++) {
                stringBuffer.append(new StringBuffer().append("\n\t\t").append(this.mechTypes[i2].toString()).toString());
            }
            debug.out(4, stringBuffer.toString());
        }
        return derValue.toByteArray();
    }

    private int getPreferredMech(int i) {
        int i2 = -1;
        for (int i3 = i; i3 < this.mechTypes.length; i3++) {
            try {
                createContext(this.mechTypes[i3]);
                i2 = i3;
                break;
            } catch (GSSException e) {
                if (debug.on(4)) {
                    e.printStackTrace();
                }
            }
        }
        return i2;
    }

    private byte[] processInitToken(InitNegToken initNegToken) throws IOException, GSSException {
        byte[] acceptSecContext;
        int i;
        byte[] bArr;
        byte[] mechToken = initNegToken.getMechToken();
        byte[] mechListMIC = initNegToken.getMechListMIC();
        ContextFlags reqFlags = initNegToken.getReqFlags();
        MechTypeList mechTypes = initNegToken.getMechTypes();
        if (reqFlags != null) {
            for (int i2 = 0; i2 < this.reqFlagsState.length; i2++) {
                this.reqFlagsState[i2] = reqFlags.get(i2);
            }
        }
        if (mechTypes == null) {
            if (this.supportedMech == null) {
                throw new GSSException(11, 0, "Initial token does not include required data");
            }
            byte[] bArr2 = null;
            if (this.msToken) {
                byte[] mechToken2 = new TokenHeader(mechToken, true).getMechToken();
                acceptSecContext = new TokenHeader(new Oid("1.2.840.113554.1.2.2"), this.context.acceptSecContext(new ByteArrayInputStream(mechToken2), mechToken2.length)).asn1Encode();
            } else {
                acceptSecContext = this.context.acceptSecContext(new ByteArrayInputStream(mechToken), mechToken.length);
            }
            if (this.context.isEstablished()) {
                if (this.context.getIntegState()) {
                    if (mechListMIC != null) {
                        byte[] encode = this.list.encode();
                        this.context.verifyMIC(mechListMIC, 0, mechListMIC.length, encode, 0, encode.length, new MessageProp(true));
                        this.established = true;
                        return null;
                    }
                    byte[] encode2 = this.list.encode();
                    bArr2 = this.context.getMIC(encode2, 0, encode2.length, null);
                }
                this.established = true;
            }
            if (acceptSecContext == null && bArr2 == null) {
                return null;
            }
            return new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), new TargNegToken(null, null, acceptSecContext, bArr2).encode()).toByteArray();
        }
        this.list = mechTypes;
        Oid[] mechs = mechTypes.getMechs();
        if (debug.on(4)) {
            debug.out(4, "SPNEGO: Acceptor side's mech list");
            for (int i3 = 0; i3 < this.mechTypes.length; i3++) {
                debug.out(4, this.mechTypes[i3].toString());
            }
        }
        int i4 = -1;
        while (i4 < mechs.length) {
            int i5 = i4 + 1;
            i4 = -1;
            List asList = Arrays.asList(this.mechTypes);
            if (!mechs[0].toString().equals("1.2.840.48018.1.2.2")) {
                int i6 = i5;
                while (true) {
                    if (i6 >= mechs.length) {
                        break;
                    }
                    if (asList.contains(mechs[i6]) && !mechs[i6].equals(GSSManagerImpl.MECH_TYPE_SPNEGO)) {
                        i4 = i6;
                        break;
                    }
                    i6++;
                }
            } else {
                if (debug.on(4)) {
                    debug.out(4, "SPNEGO: Get krb v5 legacy oid");
                }
                i4 = 0;
            }
            if (i4 == 0) {
                byte[] bArr3 = null;
                byte[] bArr4 = null;
                try {
                    if (mechs[0].toString().equals("1.2.840.48018.1.2.2")) {
                        debug.out(4, "SPNEGO: Map to standard krb oid");
                        this.msToken = true;
                        createContext(new Oid("1.2.840.113554.1.2.2"));
                    } else {
                        createContext(mechs[0]);
                    }
                    if (mechToken == null) {
                        try {
                            bArr3 = this.context.acceptSecContext(null, 0);
                            if (bArr3 != null && this.msToken) {
                                bArr3 = new TokenHeader(new Oid("1.2.840.113554.1.2.2"), bArr3).asn1Encode();
                            }
                        } catch (GSSException e) {
                            if (debug.on(4)) {
                                e.printStackTrace();
                            }
                            bArr3 = null;
                        }
                    } else if (this.msToken) {
                        byte[] mechToken3 = new TokenHeader(mechToken, true).getMechToken();
                        debug.out(4, "SPNEGO: convert the gss token to the mech specific token");
                        byte[] acceptSecContext2 = this.context.acceptSecContext(new ByteArrayInputStream(mechToken3), mechToken3.length);
                        debug.out(4, "SPNEGO: wrap the response data to a gss token");
                        bArr3 = new TokenHeader(new Oid("1.2.840.113554.1.2.2"), acceptSecContext2).asn1Encode();
                    } else {
                        bArr3 = this.context.acceptSecContext(new ByteArrayInputStream(mechToken), mechToken.length);
                    }
                    this.supportedMech = mechs[0];
                } catch (GSSException e2) {
                    if (debug.on(4)) {
                        e2.printStackTrace();
                    }
                    if (e2.getMajor() == 10) {
                        i4 = -1;
                    } else {
                        continue;
                    }
                }
                if (this.context.isEstablished()) {
                    if (this.context.getIntegState()) {
                        debug.out(4, "SPNEGO: integState flag is on.");
                        byte[] encode3 = mechTypes.encode();
                        if (mechListMIC != null) {
                            try {
                                this.context.verifyMIC(mechListMIC, 0, mechListMIC.length, encode3, 0, encode3.length, new MessageProp(true));
                            } catch (GSSException e3) {
                                if (debug.on(4)) {
                                    e3.printStackTrace();
                                }
                            }
                        } else {
                            try {
                                bArr4 = this.context.getMIC(encode3, 0, encode3.length, null);
                            } catch (Exception e4) {
                                if (debug.on(4)) {
                                    e4.printStackTrace();
                                }
                            }
                        }
                    }
                    this.established = true;
                }
                if (this.established) {
                    debug.out(4, "SPNEGO: target accept completd");
                    i = 0;
                } else {
                    debug.out(4, "SPNEGO: target accept incomplete");
                    i = 1;
                }
                try {
                    DerValue derValue = new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), new TargNegToken(new Integer(i), mechs[0], bArr3, bArr4).encode());
                    debug.out(4, "SPNEGO: target select preferred mechanism");
                    return derValue.toByteArray();
                } catch (IOException e5) {
                }
            } else if (i4 > 0) {
                try {
                    createContext(mechs[i4]);
                    try {
                        bArr = this.context.acceptSecContext(null, 0);
                        if (bArr != null && this.msToken) {
                            bArr = new TokenHeader(new Oid("1.2.840.113554.1.2.2"), bArr).asn1Encode();
                        }
                    } catch (GSSException e6) {
                        bArr = null;
                    }
                    DerValue derValue2 = new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), new TargNegToken(new Integer(1), mechs[i4], bArr, null).encode());
                    this.supportedMech = mechs[i4];
                    debug.out(4, new StringBuffer().append("SPNEGO: acceptor chooses mechanism ").append(mechs[i4]).toString());
                    return derValue2.toByteArray();
                } catch (Exception e7) {
                }
            } else if (i4 == -1) {
                DerValue derValue3 = new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 1), new TargNegToken(new Integer(2), null, null, null).encode());
                this.supportedMech = null;
                if (this.context != null) {
                    this.context.dispose();
                    this.context = null;
                }
                this.established = false;
                debug.out(4, "SPNEGO: target rejects all mechanism");
                return derValue3.toByteArray();
            }
        }
        return null;
    }

    private byte[] processTargToken(byte[] bArr) throws IOException, GSSException {
        byte[] initSecContext;
        DerValue derValue = new DerValue(bArr);
        if ((derValue.getTag() & 31) != 1) {
            throw new IOException("Invalid tag. Failed to parse data");
        }
        TargNegToken targNegToken = new TargNegToken(derValue.getData());
        byte[] response = targNegToken.getResponse();
        byte[] bArr2 = null;
        Integer result = targNegToken.getResult();
        if (result == null) {
            if (response == null) {
                verifyMIC(targNegToken.getMIC());
                this.established = true;
                return null;
            }
            byte[] initSecContext2 = this.context.initSecContext(new ByteArrayInputStream(response), response.length);
            if (initSecContext2 != null) {
                if (this.context.isEstablished() && getIntegState()) {
                    bArr2 = getMIC();
                }
                return new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), new InitNegToken(null, null, initSecContext2, bArr2).encode()).toByteArray();
            }
            if (!this.context.isEstablished()) {
                throw new GSSException(11, 0, "Unable to set up the context");
            }
            if (getIntegState()) {
                byte[] mic = targNegToken.getMIC();
                if (mic == null) {
                    throw new GSSException(11, 0, "Data integrity can not be determined");
                }
                verifyMIC(mic);
            }
            this.established = true;
            return null;
        }
        switch (result.intValue()) {
            case 0:
                checkSupportedMech(targNegToken.getSelectedMech());
                if (!this.supportedMech.equals(this.mechTypes[0])) {
                    throw new GSSException(11, 0, "Invalid result from target");
                }
                if (response == null) {
                    this.established = true;
                    return null;
                }
                this.context.initSecContext(new ByteArrayInputStream(response), response.length);
                if (!this.context.isEstablished()) {
                    throw new GSSException(11, 0, "Unable to set up the context");
                }
                if (getIntegState()) {
                    debug.out(4, "SPNEGO: verifying MIC from target");
                    verifyMIC(targNegToken.getMIC());
                }
                debug.out(4, "SPNEGO: target accept completed, initiator context established");
                this.established = true;
                return null;
            case 1:
                ContextFlags contextFlags = null;
                checkSupportedMech(targNegToken.getSelectedMech());
                if (this.supportedMech.equals(this.mechTypes[0])) {
                    initSecContext = this.context.initSecContext(new ByteArrayInputStream(response), response.length);
                } else {
                    createContext(this.supportedMech);
                    this.reqFlagsState = (boolean[]) this.origFlagsState.clone();
                    if (checkFlags(this.origFlagsState)) {
                        contextFlags = new ContextFlags(this.reqFlagsState);
                    }
                    initSecContext = this.context.initSecContext(null, 0);
                }
                if (this.context.isEstablished() && getIntegState()) {
                    bArr2 = getMIC();
                }
                return new DerValue(DerValue.createTag(Byte.MIN_VALUE, true, (byte) 0), new InitNegToken(null, contextFlags, initSecContext, bArr2).encode()).toByteArray();
            case 2:
                throw new GSSException(11, 0, "Target rejects all the proposed mechanisms");
            default:
                throw new GSSException(5, 0, "Invalid response from target");
        }
    }

    private void verifyMIC(byte[] bArr) throws GSSException {
        if (bArr == null) {
            throw new GSSException(11, 0, "Result of getMIC is null");
        }
        try {
            byte[] encode = new MechTypeList(this.mechTypes).encode();
            this.context.verifyMIC(bArr, 0, bArr.length, encode, 0, encode.length, new MessageProp(true));
        } catch (IOException e) {
            throw new GSSException(11, 0, e.toString());
        }
    }

    private byte[] getMIC() throws GSSException {
        try {
            byte[] encode = new MechTypeList(this.mechTypes).encode();
            return this.context.getMIC(encode, 0, encode.length, null);
        } catch (IOException e) {
            throw new GSSException(11, 0, e.toString());
        }
    }

    private boolean checkFlags(boolean[] zArr) {
        boolean z = false;
        try {
            this.context.requestAnonymity(zArr[0]);
        } catch (GSSException e) {
            if (zArr[0]) {
                zArr[0] = false;
                z = true;
            }
        }
        try {
            this.context.requestConf(zArr[1]);
        } catch (GSSException e2) {
            if (zArr[1]) {
                zArr[1] = false;
                z = true;
            }
        }
        try {
            this.context.requestCredDeleg(zArr[2]);
        } catch (GSSException e3) {
            if (zArr[2]) {
                zArr[2] = false;
                z = true;
            }
        }
        try {
            this.context.requestInteg(zArr[3]);
        } catch (GSSException e4) {
            if (zArr[3]) {
                zArr[3] = false;
                z = true;
            }
        }
        try {
            this.context.requestMutualAuth(zArr[4]);
        } catch (GSSException e5) {
            if (zArr[4]) {
                zArr[4] = false;
                z = true;
            }
        }
        try {
            this.context.requestReplayDet(zArr[5]);
        } catch (GSSException e6) {
            if (zArr[5]) {
                zArr[5] = false;
                z = true;
            }
        }
        try {
            this.context.requestSequenceDet(zArr[6]);
        } catch (GSSException e7) {
            if (zArr[6]) {
                zArr[6] = false;
                z = true;
            }
        }
        return z;
    }

    private void checkSupportedMech(Oid oid) throws GSSException {
        this.supportedMech = oid;
        if (this.supportedMech == null) {
            throw new GSSException(11, 0, "Returned token did not specify supported mechanism");
        }
        if (!new ArrayList(Arrays.asList(this.mechTypes)).contains(this.supportedMech)) {
            throw new GSSException(2, 0, "Invalid selected mechanism from target");
        }
    }
}
