package com.ibm.security.krb5;

import com.ibm.security.krb5.internal.APOptions;
import com.ibm.security.krb5.internal.AuthorizationData;
import com.ibm.security.krb5.internal.Config;
import com.ibm.security.krb5.internal.KDCReqBody;
import com.ibm.security.krb5.internal.KdcErrException;
import com.ibm.security.krb5.internal.KerberosTime;
import com.ibm.security.krb5.internal.KrbApErrException;
import com.ibm.security.krb5.internal.PAData;
import com.ibm.security.krb5.internal.RealmException;
import com.ibm.security.krb5.internal.TGSReq;
import com.ibm.security.krb5.internal.Ticket;
import com.ibm.security.krb5.internal.crypto.KrbCryptoException;
import com.ibm.security.krb5.internal.crypto.bb;
import com.ibm.security.krb5.internal.crypto.p;
import java.io.IOException;
import java.net.UnknownHostException;

/* loaded from: input_file:jre/lib/ibmjgssprovider.jar:com/ibm/security/krb5/KrbTgsReq.class */
public class KrbTgsReq {
    private PrincipalName a;
    private PrincipalName b;
    private TGSReq c;
    private KerberosTime d;
    private Ticket e;
    private boolean f;
    EncryptionKey g;
    private byte[] h;
    private byte[] i;
    private static final String[] z = null;

    public KrbTgsReq(Credentials credentials, PrincipalName principalName, int i) throws KrbException, IOException {
        this(new KDCOptions(), credentials, principalName, null, null, null, null, null, null, null, null);
    }

    public KrbTgsReq(KDCOptions kDCOptions, Credentials credentials, PrincipalName principalName, KerberosTime kerberosTime, KerberosTime kerberosTime2, KerberosTime kerberosTime3, int[] iArr, HostAddresses hostAddresses, AuthorizationData authorizationData, Ticket[] ticketArr, EncryptionKey encryptionKey) throws KrbException, IOException {
        this.e = null;
        this.f = false;
        this.a = credentials.b;
        this.b = principalName;
        this.d = new KerberosTime(true);
        Krb5Debug krb5Debug = new Krb5Debug(z[6] + Thread.currentThread().getName() + z[1]);
        krb5Debug.out(11, z[8] + credentials.e.toString());
        if (kDCOptions.get(1) && !credentials.e.get(1)) {
            krb5Debug.out(11, z[9]);
            throw new KrbException(101);
        }
        if (kDCOptions.get(2) && !credentials.e.get(1)) {
            krb5Debug.out(11, z[17]);
            throw new KrbException(101);
        }
        if (kDCOptions.get(3) && !credentials.e.get(3)) {
            krb5Debug.out(11, z[12]);
            throw new KrbException(101);
        }
        if (kDCOptions.get(4) && !credentials.e.get(3)) {
            krb5Debug.out(11, z[14]);
            throw new KrbException(101);
        }
        if (kDCOptions.get(5) && !credentials.e.get(5)) {
            krb5Debug.out(11, z[16]);
            throw new KrbException(101);
        }
        if (kDCOptions.get(8) && !credentials.e.get(8)) {
            krb5Debug.out(11, z[13]);
            throw new KrbException(101);
        }
        if (kDCOptions.get(6)) {
            if (!credentials.e.get(6)) {
                krb5Debug.out(11, z[11]);
                throw new KrbException(101);
            }
        } else if (kerberosTime != null) {
            kerberosTime = null;
        }
        if (kDCOptions.get(8)) {
            if (!credentials.e.get(8)) {
                krb5Debug.out(11, z[10]);
                throw new KrbException(101);
            }
        } else if (kerberosTime3 != null) {
            kerberosTime3 = null;
        }
        if (kDCOptions.get(28)) {
            if (ticketArr == null) {
                krb5Debug.out(11, z[15]);
                throw new KrbException(101);
            }
            this.e = ticketArr[0];
        } else if (ticketArr != null) {
            ticketArr = null;
        }
        this.c = a(kDCOptions, credentials.a, credentials.d, this.d, this.a, this.a.getRealm(), this.b, kerberosTime, kerberosTime2, kerberosTime3, iArr, hostAddresses, authorizationData, ticketArr, encryptionKey);
        this.h = this.c.asn1Encode();
        if (credentials.e.get(2)) {
            kDCOptions.set(2, true);
        }
    }

    public void send() throws IOException, KrbException {
        String str = null;
        if (this.b != null) {
            str = this.b.getRealmString();
        }
        this.i = new KdcComm(str).send(this.h);
    }

    public KrbTgsRep getReply() throws KrbException, IOException {
        return new KrbTgsRep(this.i, this);
    }

    KerberosTime a() {
        return this.d;
    }

    public Credentials sendAndGetCreds() throws IOException, KrbException {
        send();
        return getReply().getCreds();
    }

    TGSReq a(KDCOptions kDCOptions, Ticket ticket, EncryptionKey encryptionKey, KerberosTime kerberosTime, PrincipalName principalName, Realm realm, PrincipalName principalName2, KerberosTime kerberosTime2, KerberosTime kerberosTime3, KerberosTime kerberosTime4, int[] iArr, HostAddresses hostAddresses, AuthorizationData authorizationData, Ticket[] ticketArr, EncryptionKey encryptionKey2) throws Asn1Exception, IOException, KdcErrException, KrbApErrException, UnknownHostException, KrbCryptoException {
        int[] d;
        Checksum checksum;
        KerberosTime kerberosTime5 = kerberosTime3 == null ? new KerberosTime(0L) : kerberosTime3;
        this.g = encryptionKey;
        if (iArr == null) {
            try {
                d = Config.getInstance().defaultEtype(z[3]);
            } catch (KrbException e) {
                d = p.d();
            }
        } else {
            d = iArr;
        }
        if (Krb5Debug.on(11)) {
            Krb5Debug krb5Debug = new Krb5Debug(z[6] + Thread.currentThread().getName() + z[1]);
            String str = null;
            int i = 0;
            while (i < d.length) {
                str = i == 0 ? EncryptedData.encTypeToString(d[i]) : str + z[5] + EncryptedData.encTypeToString(d[i]);
                i++;
            }
            krb5Debug.out(11, z[7] + str);
        }
        int eType = encryptionKey.getEType();
        boolean isDesEncType = EncryptedData.isDesEncType(eType);
        EncryptedData encryptedData = null;
        if (authorizationData != null) {
            byte[] asn1Encode = authorizationData.asn1Encode();
            encryptedData = EncryptedData.isDesEncType(eType) ? new EncryptedData(encryptionKey, asn1Encode, 4) : EncryptedData.isAES128EncType(encryptionKey.getEType()) ? new EncryptedData(encryptionKey, asn1Encode, 4) : EncryptedData.isAES256EncType(encryptionKey.getEType()) ? new EncryptedData(encryptionKey, asn1Encode, 4) : new EncryptedData(encryptionKey, asn1Encode, 4);
        }
        KDCReqBody kDCReqBody = new KDCReqBody(kDCOptions, principalName, principalName2.getRealm(), principalName2, kerberosTime2, kerberosTime5, kerberosTime4, bb.a(), d, hostAddresses, encryptedData, ticketArr);
        byte[] asn1Encode2 = kDCReqBody.asn1Encode(12);
        int i2 = Checksum.CKSUMTYPE_DEFAULT;
        if (eType == 16) {
            i2 = 12;
        } else if (!isDesEncType) {
            i2 = eType == 17 ? 15 : eType == 18 ? 16 : -138;
        } else if (i2 == 12 || i2 == -138) {
            i2 = 7;
        }
        if (Krb5Debug.on(11)) {
            new Krb5Debug(z[6] + Thread.currentThread().getName() + z[1]).out(11, z[2] + Checksum.checksumTypeToString(i2) + z[4] + EncryptedData.encTypeToString(eType));
        }
        switch (i2) {
            case -138:
                checksum = new Checksum(i2, asn1Encode2, encryptionKey, 6);
                break;
            case 1:
            case 2:
            default:
                checksum = new Checksum(i2, asn1Encode2);
                break;
            case 3:
            case 4:
            case 5:
            case 6:
                checksum = new Checksum(i2, asn1Encode2, encryptionKey);
                break;
            case 7:
                checksum = new Checksum(i2, asn1Encode2);
                break;
            case 8:
                checksum = new Checksum(i2, asn1Encode2, encryptionKey);
                break;
            case 12:
                checksum = new Checksum(i2, asn1Encode2, encryptionKey, 6);
                break;
            case 15:
                checksum = new Checksum(i2, asn1Encode2, encryptionKey, 6);
                break;
            case 16:
                checksum = new Checksum(i2, asn1Encode2, encryptionKey, 6);
                break;
        }
        boolean isRc4HMacEncType = EncryptedData.isRc4HMacEncType(eType);
        Realm realm2 = realm;
        if (realm == null) {
            String str2 = null;
            try {
                str2 = Config.getInstance().getDefaultRealm();
                realm2 = new Realm(str2);
            } catch (RealmException e2) {
                if (Krb5Debug.on(11)) {
                    new Krb5Debug(z[6] + Thread.currentThread().getName() + z[1]).out(11, z[0] + str2);
                }
            } catch (KrbException e3) {
                if (Krb5Debug.on(11)) {
                    new Krb5Debug(z[6] + Thread.currentThread().getName() + z[1]).out(11, z[0] + str2);
                }
            }
        }
        return new TGSReq(new PAData[]{new PAData(1, new KrbApReq(new APOptions(), ticket, encryptionKey, realm2, principalName, checksum, kerberosTime, encryptionKey2, null, null, isRc4HMacEncType ? 7 : 7).getMessage())}, kDCReqBody);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TGSReq b() {
        return this.c;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Ticket c() {
        return this.e;
    }

    public byte[] getOutgoingMessage() {
        return this.h;
    }

    public PrincipalName getPrincName() {
        return this.a;
    }

    public PrincipalName getServName() {
        return this.b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean d() {
        return this.f;
    }
}
