package sun.security.jgss.krb5;

import com.ibm.security.pkcs5.PKCS5;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import sun.security.jgss.GSSHeader;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:efixes/PQ87578_express_solaris/components/prereq.jdk/update.jar:/java/jre/lib/backup/rt.jar:sun/security/jgss/krb5/MessageToken.class
 */
/* loaded from: input_file:efixes/PQ87578_express_solaris/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/jgss/krb5/MessageToken.class */
public abstract class MessageToken extends Krb5Token {
    public static final byte[] ZERO_IV = new byte[8];
    public static final int TOKEN_SIZE = 24;
    public static final int FILLER = 65535;
    public static final int SIGN_DES_MAC_MD5 = 0;
    public static final int SIGN_DES_MAC = 512;
    public static final int SEAL_DES_CBC = 0;
    public static final int SEAL_NONE = 65535;
    private static final int TOKEN_ID_POS = 0;
    private static final int SIGN_ALG_POS = 2;
    private static final int SEAL_ALG_POS = 4;
    private byte[] contextKey;
    private int seqNumber;
    private boolean confState;
    private boolean initiator;
    private int tokenId;
    private GSSHeader gssHeader;
    private MessageTokenHeader tokenHeader;
    private byte[] checksum;
    private byte[] encSeqNumber;
    private byte[] seqNumberData;
    private Cipher desCipher;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:efixes/PQ87578_express_solaris/components/prereq.jdk/update.jar:/java/jre/lib/backup/rt.jar:sun/security/jgss/krb5/MessageToken$MessageTokenHeader.class
     */
    /* loaded from: input_file:efixes/PQ87578_express_solaris/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/jgss/krb5/MessageToken$MessageTokenHeader.class */
    public class MessageTokenHeader {
        private int tokenId;
        private int signAlg;
        private int sealAlg;
        private byte[] bytes;
        private final MessageToken this$0;

        public final int getSealAlg() {
            return this.sealAlg;
        }

        public final int getSignAlg() {
            return this.signAlg;
        }

        public final int getTokenId() {
            return this.tokenId;
        }

        public final byte[] getBytes() {
            return this.bytes;
        }

        public final void encode(OutputStream outputStream) throws IOException {
            outputStream.write(this.bytes);
        }

        public MessageTokenHeader(MessageToken messageToken, int i, boolean z, int i2) {
            this.this$0 = messageToken;
            this.tokenId = 0;
            this.signAlg = 512;
            this.sealAlg = 0;
            this.bytes = new byte[8];
            this.tokenId = i;
            switch (i2) {
                case 0:
                case 1:
                case 2:
                default:
                    this.signAlg = 0;
                    break;
                case 3:
                    this.signAlg = 512;
                    break;
            }
            this.sealAlg = messageToken.getSealAlg(z);
            this.bytes[0] = (byte) (i >>> 8);
            this.bytes[1] = (byte) i;
            this.bytes[2] = (byte) (this.signAlg >>> 8);
            this.bytes[3] = (byte) this.signAlg;
            this.bytes[4] = (byte) (this.sealAlg >>> 8);
            this.bytes[5] = (byte) this.sealAlg;
            this.bytes[6] = -1;
            this.bytes[7] = -1;
        }

        public MessageTokenHeader(MessageToken messageToken, InputStream inputStream, MessageProp messageProp) throws IOException {
            this.this$0 = messageToken;
            this.tokenId = 0;
            this.signAlg = 512;
            this.sealAlg = 0;
            this.bytes = new byte[8];
            Krb5Token.readFully(inputStream, this.bytes);
            this.tokenId = Krb5Token.readInt(this.bytes, 0);
            this.signAlg = Krb5Token.readInt(this.bytes, 2);
            this.sealAlg = Krb5Token.readInt(this.bytes, 4);
            Krb5Token.readInt(this.bytes, 6);
            if (this.signAlg == 512) {
                messageProp.setQOP(3);
            } else {
                this.signAlg = 0;
                messageProp.setQOP(2);
            }
            if (this.sealAlg == 0) {
                messageProp.setPrivacy(true);
            } else {
                messageProp.setPrivacy(false);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getKrb5TokenSize() {
        return 24;
    }

    public final int getSequenceNumber() {
        return readLittleEndian(this.seqNumberData, 0, 4);
    }

    public final int getTokenId() {
        return this.tokenId;
    }

    public final boolean getConfState() {
        return this.confState;
    }

    public final byte[] getContextKey() {
        return this.contextKey;
    }

    protected abstract int getSealAlg(boolean z);

    public final boolean verifySignAndSeqNumber(byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws GSSException {
        if (!MessageDigest.isEqual(this.checksum, getChecksum(bArr, bArr2, i, i2, bArr3))) {
            return false;
        }
        this.seqNumberData = new byte[8];
        try {
            Cipher initializedDes = getInitializedDes(false, this.contextKey, this.checksum);
            initializedDes.update(this.encSeqNumber, 0, 8, this.seqNumberData, 0);
            initializedDes.doFinal();
            byte b = 0;
            if (this.initiator) {
                b = -1;
            }
            return this.seqNumberData[4] == b && this.seqNumberData[5] == b && this.seqNumberData[6] == b && this.seqNumberData[7] == b;
        } catch (GeneralSecurityException e) {
            throw new GSSException(11, -1, new StringBuffer().append("Could not use DES Cipher while obtaining sequence number - ").append(e.getMessage()).toString());
        }
    }

    private byte[] getChecksum(byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws GSSException {
        byte[] bytes = this.tokenHeader.getBytes();
        byte[] bArr4 = bytes;
        if (bArr != null) {
            bArr4 = new byte[bytes.length + bArr.length];
            System.arraycopy(bytes, 0, bArr4, 0, bytes.length);
            System.arraycopy(bArr, 0, bArr4, bytes.length, bArr.length);
        }
        if (this.tokenHeader.getSignAlg() == 0) {
            try {
                MessageDigest messageDigest = MessageDigest.getInstance(PKCS5.MESSAGE_DIGEST_MD5);
                messageDigest.update(bArr4);
                messageDigest.update(bArr2, i, i2);
                if (bArr3 != null) {
                    messageDigest.update(bArr3);
                }
                bArr2 = messageDigest.digest();
                i = 0;
                i2 = bArr2.length;
                bArr4 = null;
            } catch (NoSuchAlgorithmException e) {
                throw new GSSException(11, -1, new StringBuffer().append("Could not get MD5 Message Digest - ").append(e.getMessage()).toString());
            }
        }
        byte[] desCbcChecksum = getDesCbcChecksum(this.contextKey, bArr4, bArr2, i, i2);
        byte[] bArr5 = new byte[8];
        System.arraycopy(desCbcChecksum, desCbcChecksum.length - 8, bArr5, 0, 8);
        return bArr5;
    }

    private byte[] getDesCbcChecksum(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) throws GSSException {
        Cipher initializedDes = getInitializedDes(true, bArr, ZERO_IV);
        int blockSize = initializedDes.getBlockSize();
        byte[] bArr4 = new byte[blockSize];
        int i3 = i2 / blockSize;
        int i4 = i2 % blockSize;
        if (i4 == 0) {
            i3--;
            System.arraycopy(bArr3, i + (i3 * blockSize), bArr4, 0, blockSize);
        } else {
            System.arraycopy(bArr3, i + (i3 * blockSize), bArr4, 0, i4);
        }
        try {
            byte[] bArr5 = new byte[blockSize];
            if (bArr2 != null) {
                initializedDes.update(bArr2, 0, bArr2.length, bArr5, 0);
            }
            for (int i5 = 0; i5 < i3; i5++) {
                initializedDes.update(bArr3, i, blockSize, bArr5, 0);
                i += blockSize;
            }
            byte[] bArr6 = new byte[blockSize];
            initializedDes.update(bArr4, 0, blockSize, bArr6, 0);
            initializedDes.doFinal();
            return bArr6;
        } catch (GeneralSecurityException e) {
            throw new GSSException(11, -1, new StringBuffer().append("Could not use DES Cipher - ").append(e.getMessage()).toString());
        }
    }

    public void encode(OutputStream outputStream) throws IOException, GSSException {
        this.gssHeader = new GSSHeader(OID, getKrb5TokenSize());
        this.gssHeader.encode(outputStream);
        this.tokenHeader.encode(outputStream);
        outputStream.write(this.encSeqNumber);
        outputStream.write(this.checksum);
    }

    public final Cipher getInitializedDes(boolean z, byte[] bArr, byte[] bArr2) throws GSSException {
        try {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, PKCS5.CIPHER_ALGORITHM_DES);
            if (this.desCipher == null) {
                throw new GSSException(11, -1, "Internal Error:Uninitialized desCipher");
            }
            this.desCipher.init(z ? 1 : 2, secretKeySpec, ivParameterSpec);
            return this.desCipher;
        } catch (GeneralSecurityException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    public void genSignAndSeqNumber(MessageProp messageProp, byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws GSSException {
        int qop = messageProp.getQOP();
        if (qop != 0 && qop != 2 && qop != 3) {
            qop = 0;
            messageProp.setQOP(0);
        }
        if (!this.confState) {
            messageProp.setPrivacy(false);
        }
        this.tokenHeader = new MessageTokenHeader(this, this.tokenId, messageProp.getPrivacy(), qop);
        this.checksum = getChecksum(bArr, bArr2, i, i2, bArr3);
        this.seqNumberData = new byte[8];
        writeLittleEndian(this.seqNumber, this.seqNumberData);
        if (!this.initiator) {
            this.seqNumberData[4] = -1;
            this.seqNumberData[5] = -1;
            this.seqNumberData[6] = -1;
            this.seqNumberData[7] = -1;
        }
        try {
            Cipher initializedDes = getInitializedDes(true, this.contextKey, this.checksum);
            this.encSeqNumber = new byte[8];
            initializedDes.update(this.seqNumberData, 0, 8, this.encSeqNumber, 0);
            initializedDes.doFinal();
        } catch (GeneralSecurityException e) {
            throw new GSSException(11, -1, new StringBuffer().append("Could not use DES Cipher while creating sequence number- ").append(e.getMessage()).toString());
        }
    }

    public final GSSHeader getGSSHeader() {
        return this.gssHeader;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken(int i, Krb5Context krb5Context) throws GSSException {
        this.contextKey = null;
        this.confState = true;
        this.initiator = true;
        this.tokenId = 0;
        this.gssHeader = null;
        this.tokenHeader = null;
        this.checksum = null;
        this.encSeqNumber = null;
        this.seqNumberData = null;
        this.desCipher = null;
        init(i, krb5Context);
        this.seqNumber = krb5Context.incrementMySequenceNumber();
    }

    private void init(int i, Krb5Context krb5Context) throws GSSException {
        this.tokenId = i;
        this.contextKey = krb5Context.getKey().getBytes();
        this.confState = krb5Context.getConfState();
        this.initiator = krb5Context.isInitiator();
        try {
            this.desCipher = krb5Context.getDesCipher();
        } catch (GeneralSecurityException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken(int i, Krb5Context krb5Context, byte[] bArr, int i2, int i3, MessageProp messageProp) throws GSSException {
        this(i, krb5Context, new ByteArrayInputStream(bArr, i2, i3), messageProp);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken(int i, Krb5Context krb5Context, InputStream inputStream, MessageProp messageProp) throws GSSException {
        this.contextKey = null;
        this.confState = true;
        this.initiator = true;
        this.tokenId = 0;
        this.gssHeader = null;
        this.tokenHeader = null;
        this.checksum = null;
        this.encSeqNumber = null;
        this.seqNumberData = null;
        this.desCipher = null;
        init(i, krb5Context);
        try {
            this.gssHeader = new GSSHeader(inputStream);
            if (!this.gssHeader.getOid().equals(OID)) {
                throw new GSSException(10, -1, getTokenName(i));
            }
            if (!this.confState) {
                messageProp.setPrivacy(false);
            }
            this.tokenHeader = new MessageTokenHeader(this, inputStream, messageProp);
            this.encSeqNumber = new byte[8];
            readFully(inputStream, this.encSeqNumber);
            this.checksum = new byte[8];
            readFully(inputStream, this.checksum);
        } catch (IOException e) {
            throw new GSSException(10, -1, getTokenName(i));
        }
    }
}
