package com.kerb4j.common.marshall.spnego;

import com.kerb4j.common.marshall.Kerb4JException;
import com.kerb4j.common.marshall.pac.Pac;
import com.kerb4j.common.marshall.pac.PacConstants;
import com.kerb4j.common.util.SpnegoProvider;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.List;
import javax.security.auth.kerberos.KerberosKey;
import org.apache.kerby.asn1.parse.Asn1Container;
import org.apache.kerby.asn1.parse.Asn1ParseResult;
import org.apache.kerby.asn1.parse.Asn1Parser;
import org.apache.kerby.asn1.type.Asn1ObjectIdentifier;
import org.apache.kerby.kerberos.kerb.KrbCodec;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationData;
import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationDataEntry;
import org.apache.kerby.kerberos.kerb.type.ad.AuthorizationType;
import org.apache.kerby.kerberos.kerb.type.ap.ApReq;
import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
import org.apache.kerby.kerberos.kerb.type.ticket.EncTicketPart;

/* loaded from: input_file:com/kerb4j/common/marshall/spnego/SpnegoKerberosMechToken.class */
public class SpnegoKerberosMechToken {
    private ApReq apRequest;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.kerb4j.common.marshall.spnego.SpnegoKerberosMechToken$1, reason: invalid class name */
    /* loaded from: input_file:com/kerb4j/common/marshall/spnego/SpnegoKerberosMechToken$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$kerby$kerberos$kerb$type$ad$AuthorizationType = new int[AuthorizationType.values().length];

        static {
            try {
                $SwitchMap$org$apache$kerby$kerberos$kerb$type$ad$AuthorizationType[AuthorizationType.AD_IF_RELEVANT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$kerby$kerberos$kerb$type$ad$AuthorizationType[AuthorizationType.AD_WIN2K_PAC.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public SpnegoKerberosMechToken(byte[] bArr) throws Kerb4JException {
        if (bArr.length <= 0) {
            throw new Kerb4JException("kerberos.token.empty", null, null);
        }
        try {
            Asn1Container parse = Asn1Parser.parse(ByteBuffer.wrap(bArr));
            Asn1ParseResult asn1ParseResult = (Asn1ParseResult) parse.getChildren().get(0);
            Asn1ObjectIdentifier asn1ObjectIdentifier = new Asn1ObjectIdentifier();
            asn1ObjectIdentifier.decode(asn1ParseResult);
            if (!((String) asn1ObjectIdentifier.getValue()).equals(SpnegoProvider.KERBEROS_MECHANISM)) {
                throw new Kerb4JException("kerberos.token.malformed", null, null);
            }
            Asn1ParseResult asn1ParseResult2 = (Asn1ParseResult) parse.getChildren().get(1);
            if (((asn1ParseResult2.getBodyBuffer().get(asn1ParseResult2.getOffset() + 1) & 255) << 8) + (asn1ParseResult2.getBodyBuffer().get(asn1ParseResult2.getOffset()) & 255) != 1) {
                throw new Kerb4JException("kerberos.token.malformed", null, null);
            }
            Asn1ParseResult asn1ParseResult3 = (Asn1ParseResult) parse.getChildren().get(2);
            ApReq apReq = new ApReq();
            apReq.decode(asn1ParseResult3);
            this.apRequest = apReq;
        } catch (IOException e) {
            throw new Kerb4JException("kerberos.token.malformed", null, e);
        }
    }

    public ApReq getApRequest() {
        return this.apRequest;
    }

    public KerberosKey getKerberosKey(EncryptionType encryptionType, KerberosKey[] kerberosKeyArr) throws KrbException {
        for (KerberosKey kerberosKey : kerberosKeyArr) {
            if (kerberosKey.getKeyType() == encryptionType.getValue()) {
                return kerberosKey;
            }
        }
        return null;
    }

    public EncTicketPart getEncryptedTicketPart(byte[] bArr, KerberosKey kerberosKey) throws KrbException {
        return KrbCodec.decode(EncryptionHandler.getEncHandler(kerberosKey.getKeyType()).decrypt(bArr, kerberosKey.getEncoded(), KeyUsage.KDC_REP_TICKET.getValue()), EncTicketPart.class);
    }

    public Pac getPac(KerberosKey[] kerberosKeyArr) throws KrbException, Kerb4JException {
        EncryptedData encryptedEncPart = getApRequest().getTicket().getEncryptedEncPart();
        KerberosKey kerberosKey = getKerberosKey(encryptedEncPart.getEType(), kerberosKeyArr);
        AuthorizationData authorizationData = getEncryptedTicketPart(encryptedEncPart.getCipher(), kerberosKey).getAuthorizationData();
        if (null == authorizationData) {
            return null;
        }
        return extractPac(authorizationData.getElements(), kerberosKey);
    }

    private Pac extractPac(List<AuthorizationDataEntry> list, KerberosKey kerberosKey) throws Kerb4JException {
        for (AuthorizationDataEntry authorizationDataEntry : list) {
            switch (AnonymousClass1.$SwitchMap$org$apache$kerby$kerberos$kerb$type$ad$AuthorizationType[authorizationDataEntry.getAuthzType().ordinal()]) {
                case PacConstants.LOGON_INFO /* 1 */:
                    Pac extractPac = extractPac(authorizationDataEntry.getAuthzDataAs(AuthorizationData.class).getElements(), kerberosKey);
                    if (null != extractPac) {
                        return extractPac;
                    }
                    break;
                case PacConstants.CREDENTIAL_TYPE /* 2 */:
                    return new Pac(authorizationDataEntry.getAuthzData(), kerberosKey);
            }
        }
        return null;
    }
}
