package com.sun.security.sasl.gsskerb;

import com.ibm.security.krb5.PrincipalName;
import com.sun.security.sasl.preview.Sasl;
import com.sun.security.sasl.preview.SaslClient;
import com.sun.security.sasl.preview.SaslException;
import com.sun.security.sasl.util.SaslImpl;
import java.io.IOException;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import org.apache.xerces.impl.xs.SchemaSymbols;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;

/* loaded from: input_file:efixes/PQ87578_nd_linux_i386/components/prereq.jdk/update.jar:/java/jre/lib/ext/ldapsec.jar:com/sun/security/sasl/gsskerb/GssKerberosV5.class */
final class GssKerberosV5 extends SaslImpl implements SaslClient {
    private static final String KRB5_OID_STR = "1.2.840.113554.1.2.2";
    private static Oid KRB5_OID;
    private boolean finalHandshake;
    private boolean mutual;
    private int gssQop;
    private byte[] authzID;
    private GSSContext secCtx;
    private MessageProp msgProp;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssKerberosV5(String str, String str2, String str3, Map map, CallbackHandler callbackHandler) throws SaslException {
        super(map);
        String str4;
        this.finalHandshake = false;
        this.mutual = false;
        this.gssQop = 0;
        this.secCtx = null;
        String stringBuffer = new StringBuffer().append(str2).append(PrincipalName.NAME_REALM_SEPARATOR_STR).append(str3).toString();
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            this.secCtx = gSSManager.createContext(gSSManager.createName(stringBuffer, GSSName.NT_HOSTBASED_SERVICE, KRB5_OID), KRB5_OID, null, Integer.MAX_VALUE);
            if (map != null && (str4 = (String) map.get(Sasl.SERVER_AUTH)) != null) {
                this.mutual = SchemaSymbols.ATTVAL_TRUE.equalsIgnoreCase(str4);
            }
            this.secCtx.requestMutualAuth(this.mutual);
            this.secCtx.requestConf(true);
            this.secCtx.requestInteg(true);
            if (str == null || str.length() <= 0) {
                return;
            }
            try {
                this.authzID = str.getBytes("UTF8");
            } catch (IOException e) {
                throw new SaslException("Cannot encode authorization ID", e);
            }
        } catch (GSSException e2) {
            throw new SaslException("Failure to initialize security context", e2);
        }
    }

    @Override // com.sun.security.sasl.preview.SaslClient
    public boolean hasInitialResponse() {
        return true;
    }

    @Override // com.sun.security.sasl.preview.SaslClient
    public synchronized void dispose() throws SaslException {
        if (this.secCtx != null) {
            try {
                this.secCtx.dispose();
                this.secCtx = null;
            } catch (GSSException e) {
                throw new SaslException("Problem disposing GSS context", e);
            }
        }
    }

    protected void finalize() throws Throwable {
        dispose();
    }

    @Override // com.sun.security.sasl.preview.SaslClient
    public byte[] evaluateChallenge(byte[] bArr) throws SaslException {
        if (this.completed) {
            throw new SaslException("SASL authentication already complete");
        }
        if (this.finalHandshake) {
            return doFinalHandshake(bArr);
        }
        try {
            byte[] initSecContext = this.secCtx.initSecContext(bArr, 0, bArr.length);
            if (this.secCtx.isEstablished()) {
                this.finalHandshake = true;
                if (initSecContext == null) {
                    return new byte[0];
                }
            }
            return initSecContext;
        } catch (GSSException e) {
            throw new SaslException("GSS initiate failed", e);
        }
    }

    private byte[] doFinalHandshake(byte[] bArr) throws SaslException {
        try {
            if (bArr.length == 0) {
                return new byte[0];
            }
            byte[] unwrap = this.secCtx.unwrap(bArr, 0, bArr.length, new MessageProp(0, false));
            byte findPreferredMask = SaslImpl.findPreferredMask(unwrap[0], this.qop);
            if (findPreferredMask == 0) {
                throw new SaslException("No common protection layer between client and server");
            }
            if ((findPreferredMask & 4) != 0) {
                this.privacy = true;
                this.integrity = true;
            } else if ((findPreferredMask & 2) != 0) {
                this.integrity = true;
            }
            int networkByteOrderToInt = SaslImpl.networkByteOrderToInt(unwrap, 1, 3);
            this.sendMaxBufSize = this.sendMaxBufSize == 0 ? networkByteOrderToInt : Math.min(this.sendMaxBufSize, networkByteOrderToInt);
            this.rawSendSize = this.secCtx.getWrapSizeLimit(this.gssQop, this.privacy, this.sendMaxBufSize);
            int i = 4;
            if (this.authzID != null) {
                i = 4 + this.authzID.length;
            }
            byte[] bArr2 = new byte[i];
            bArr2[0] = findPreferredMask;
            SaslImpl.intToNetworkByteOrder(this.recvMaxBufSize, bArr2, 1, 3);
            if (this.authzID != null) {
                System.arraycopy(this.authzID, 0, bArr2, 4, this.authzID.length);
            }
            byte[] wrap = this.secCtx.wrap(bArr2, 0, bArr2.length, new MessageProp(0, false));
            this.completed = true;
            this.msgProp = new MessageProp(this.gssQop, this.privacy);
            return wrap;
        } catch (GSSException e) {
            throw new SaslException("Final handshake failed", e);
        }
    }

    @Override // com.sun.security.sasl.preview.SaslClient
    public String getMechanismName() {
        return "GSSAPI";
    }

    @Override // com.sun.security.sasl.preview.SaslClient
    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (!this.completed) {
            throw new SaslException("Not completed");
        }
        try {
            return this.secCtx.unwrap(bArr, i, i2, this.msgProp);
        } catch (GSSException e) {
            throw new SaslException("Problems unwrapping SASL buffer", e);
        }
    }

    @Override // com.sun.security.sasl.preview.SaslClient
    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (!this.completed) {
            throw new SaslException("Not completed");
        }
        try {
            return this.secCtx.wrap(bArr, i, i2, this.msgProp);
        } catch (GSSException e) {
            throw new SaslException("Problem performing GSS wrap", e);
        }
    }

    static {
        try {
            KRB5_OID = new Oid(KRB5_OID_STR);
        } catch (GSSException e) {
        }
    }
}
