package sun.security.jgss.wrapper;

import com.sun.security.jgss.InquireType;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Provider;
import javax.security.auth.kerberos.DelegationPermission;
import org.ietf.jgss.ChannelBinding;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;
import sun.security.jgss.GSSExceptionImpl;
import sun.security.jgss.GSSHeader;
import sun.security.jgss.GSSUtil;
import sun.security.jgss.spi.GSSContextSpi;
import sun.security.jgss.spi.GSSCredentialSpi;
import sun.security.jgss.spi.GSSNameSpi;
import sun.security.jgss.spnego.NegTokenInit;
import sun.security.jgss.spnego.NegTokenTarg;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import sun.security.util.SecurityConstants;

/* loaded from: input_file:jre/lib/rt.jar:sun/security/jgss/wrapper/NativeGSSContext.class */
class NativeGSSContext implements GSSContextSpi {
    private static final int GSS_C_DELEG_FLAG = 1;
    private static final int GSS_C_MUTUAL_FLAG = 2;
    private static final int GSS_C_REPLAY_FLAG = 4;
    private static final int GSS_C_SEQUENCE_FLAG = 8;
    private static final int GSS_C_CONF_FLAG = 16;
    private static final int GSS_C_INTEG_FLAG = 32;
    private static final int GSS_C_ANON_FLAG = 64;
    private static final int GSS_C_PROT_READY_FLAG = 128;
    private static final int GSS_C_TRANS_FLAG = 256;
    private static final int NUM_OF_INQUIRE_VALUES = 6;
    private long pContext;
    private GSSNameElement srcName;
    private GSSNameElement targetName;
    private GSSCredElement cred;
    private boolean isInitiator;
    private boolean isEstablished;
    private Oid actualMech;
    private ChannelBinding cb;
    private GSSCredElement delegatedCred;
    private int flags;
    private int lifetime;
    private final GSSLibStub cStub;
    private boolean skipDelegPermCheck;
    private boolean skipServicePermCheck;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static Oid getMechFromSpNegoToken(byte[] bArr, boolean z) throws GSSException {
        Oid oid = null;
        if (z) {
            try {
                int mechTokenLength = new GSSHeader(new ByteArrayInputStream(bArr)).getMechTokenLength();
                byte[] bArr2 = new byte[mechTokenLength];
                System.arraycopy(bArr, bArr.length - mechTokenLength, bArr2, 0, bArr2.length);
                NegTokenInit negTokenInit = new NegTokenInit(bArr2);
                if (negTokenInit.getMechToken() != null) {
                    oid = negTokenInit.getMechTypeList()[0];
                }
            } catch (IOException e) {
                throw new GSSExceptionImpl(11, e);
            }
        } else {
            oid = new NegTokenTarg(bArr).getSupportedMech();
        }
        return oid;
    }

    private void doServicePermCheck() throws GSSException {
        if (System.getSecurityManager() != null) {
            String str = this.isInitiator ? "initiate" : SecurityConstants.SOCKET_ACCEPT_ACTION;
            if (GSSUtil.isSpNegoMech(this.cStub.getMech()) && this.isInitiator && !this.isEstablished) {
                if (this.srcName == null) {
                    new GSSCredElement(null, this.lifetime, 1, GSSLibStub.getInstance(GSSUtil.GSS_KRB5_MECH_OID)).dispose();
                } else {
                    Krb5Util.checkServicePermission(Krb5Util.getTGSName(this.srcName), str);
                }
            }
            Krb5Util.checkServicePermission(this.targetName.getKrbName(), str);
            this.skipServicePermCheck = true;
        }
    }

    private void doDelegPermCheck() throws GSSException {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            String krbName = this.targetName.getKrbName();
            String tGSName = Krb5Util.getTGSName(this.targetName);
            StringBuffer stringBuffer = new StringBuffer("\"");
            stringBuffer.append(krbName).append("\" \"");
            stringBuffer.append(tGSName).append('\"');
            String stringBuffer2 = stringBuffer.toString();
            SunNativeProvider.debug("Checking DelegationPermission (" + stringBuffer2 + ")");
            securityManager.checkPermission(new DelegationPermission(stringBuffer2));
            this.skipDelegPermCheck = true;
        }
    }

    private byte[] retrieveToken(InputStream inputStream, int i) throws GSSException {
        byte[] byteArray;
        try {
            if (i != -1) {
                SunNativeProvider.debug("Precomputed mechToken length: " + i);
                GSSHeader gSSHeader = new GSSHeader(new ObjectIdentifier(this.cStub.getMech().toString()), i);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(600);
                byte[] bArr = new byte[i];
                int read = inputStream.read(bArr);
                if (!$assertionsDisabled && i != read) {
                    throw new AssertionError();
                }
                gSSHeader.encode(byteArrayOutputStream);
                byteArrayOutputStream.write(bArr);
                byteArray = byteArrayOutputStream.toByteArray();
            } else {
                if (!$assertionsDisabled && i != -1) {
                    throw new AssertionError();
                }
                byteArray = new DerValue(inputStream).toByteArray();
            }
            SunNativeProvider.debug("Complete Token length: " + byteArray.length);
            return byteArray;
        } catch (IOException e) {
            throw new GSSExceptionImpl(11, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NativeGSSContext(GSSNameElement gSSNameElement, GSSCredElement gSSCredElement, int i, GSSLibStub gSSLibStub) throws GSSException {
        this.pContext = 0L;
        this.lifetime = 0;
        if (gSSNameElement == null) {
            throw new GSSException(11, 1, "null peer");
        }
        this.cStub = gSSLibStub;
        this.cred = gSSCredElement;
        this.targetName = gSSNameElement;
        this.isInitiator = true;
        this.lifetime = i;
        if (GSSUtil.isKerberosMech(this.cStub.getMech())) {
            doServicePermCheck();
            if (this.cred == null) {
                this.cred = new GSSCredElement(null, this.lifetime, 1, this.cStub);
            }
            this.srcName = this.cred.getName();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public NativeGSSContext(GSSCredElement gSSCredElement, GSSLibStub gSSLibStub) throws GSSException {
        this.pContext = 0L;
        this.lifetime = 0;
        this.cStub = gSSLibStub;
        this.cred = gSSCredElement;
        if (this.cred != null) {
            this.targetName = this.cred.getName();
        }
        this.isInitiator = false;
        if (!GSSUtil.isKerberosMech(this.cStub.getMech()) || this.targetName == null) {
            return;
        }
        doServicePermCheck();
    }

    NativeGSSContext(long j, GSSLibStub gSSLibStub) throws GSSException {
        this.pContext = 0L;
        this.lifetime = 0;
        if (!$assertionsDisabled && this.pContext == 0) {
            throw new AssertionError();
        }
        this.pContext = j;
        this.cStub = gSSLibStub;
        long[] inquireContext = this.cStub.inquireContext(this.pContext);
        if (inquireContext.length != 6) {
            throw new RuntimeException("Bug w/ GSSLibStub.inquireContext()");
        }
        this.srcName = new GSSNameElement(inquireContext[0], this.cStub);
        this.targetName = new GSSNameElement(inquireContext[1], this.cStub);
        this.isInitiator = inquireContext[2] != 0;
        this.isEstablished = inquireContext[3] != 0;
        this.flags = (int) inquireContext[4];
        this.lifetime = (int) inquireContext[5];
        Oid mech = this.cStub.getMech();
        if (GSSUtil.isSpNegoMech(mech) || GSSUtil.isKerberosMech(mech)) {
            doServicePermCheck();
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public Provider getProvider() {
        return SunNativeProvider.INSTANCE;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public byte[] initSecContext(InputStream inputStream, int i) throws GSSException {
        byte[] bArr = null;
        if (!this.isEstablished && this.isInitiator) {
            byte[] bArr2 = null;
            if (this.pContext != 0) {
                bArr2 = retrieveToken(inputStream, i);
                SunNativeProvider.debug("initSecContext=> inToken len=" + bArr2.length);
            }
            if (!getCredDelegState()) {
                this.skipDelegPermCheck = true;
            }
            if (GSSUtil.isKerberosMech(this.cStub.getMech()) && !this.skipDelegPermCheck) {
                doDelegPermCheck();
            }
            bArr = this.cStub.initContext(this.cred == null ? 0L : this.cred.pCred, this.targetName.pName, this.cb, bArr2, this);
            SunNativeProvider.debug("initSecContext=> outToken len=" + (bArr == null ? 0 : bArr.length));
            if (GSSUtil.isSpNegoMech(this.cStub.getMech()) && bArr != null) {
                this.actualMech = getMechFromSpNegoToken(bArr, true);
                if (GSSUtil.isKerberosMech(this.actualMech)) {
                    if (!this.skipServicePermCheck) {
                        doServicePermCheck();
                    }
                    if (!this.skipDelegPermCheck) {
                        doDelegPermCheck();
                    }
                }
            }
            if (this.isEstablished) {
                if (this.srcName == null) {
                    this.srcName = new GSSNameElement(this.cStub.getContextName(this.pContext, true), this.cStub);
                }
                if (this.cred == null) {
                    this.cred = new GSSCredElement(this.srcName, this.lifetime, 1, this.cStub);
                }
            }
        }
        return bArr;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public byte[] acceptSecContext(InputStream inputStream, int i) throws GSSException {
        byte[] bArr = null;
        if (!this.isEstablished && !this.isInitiator) {
            byte[] retrieveToken = retrieveToken(inputStream, i);
            SunNativeProvider.debug("acceptSecContext=> inToken len=" + retrieveToken.length);
            bArr = this.cStub.acceptContext(this.cred == null ? 0L : this.cred.pCred, this.cb, retrieveToken, this);
            SunNativeProvider.debug("acceptSecContext=> outToken len=" + (bArr == null ? 0 : bArr.length));
            if (this.targetName == null) {
                this.targetName = new GSSNameElement(this.cStub.getContextName(this.pContext, false), this.cStub);
                if (this.cred != null) {
                    this.cred.dispose();
                }
                this.cred = new GSSCredElement(this.targetName, this.lifetime, 2, this.cStub);
            }
            if (GSSUtil.isSpNegoMech(this.cStub.getMech()) && bArr != null && !this.skipServicePermCheck && GSSUtil.isKerberosMech(getMechFromSpNegoToken(bArr, false))) {
                doServicePermCheck();
            }
        }
        return bArr;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean isEstablished() {
        return this.isEstablished;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void dispose() throws GSSException {
        this.srcName = null;
        this.targetName = null;
        this.cred = null;
        this.delegatedCred = null;
        if (this.pContext != 0) {
            this.pContext = this.cStub.deleteContext(this.pContext);
            this.pContext = 0L;
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public int getWrapSizeLimit(int i, boolean z, int i2) throws GSSException {
        return this.cStub.wrapSizeLimit(this.pContext, z ? 1 : 0, i, i2);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public byte[] wrap(byte[] bArr, int i, int i2, MessageProp messageProp) throws GSSException {
        byte[] bArr2 = bArr;
        if (i != 0 || i2 != bArr.length) {
            bArr2 = new byte[i2];
            System.arraycopy(bArr, i, bArr2, 0, i2);
        }
        return this.cStub.wrap(this.pContext, bArr2, messageProp);
    }

    public void wrap(byte[] bArr, int i, int i2, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        try {
            outputStream.write(wrap(bArr, i, i2, messageProp));
        } catch (IOException e) {
            throw new GSSExceptionImpl(11, e);
        }
    }

    public int wrap(byte[] bArr, int i, int i2, byte[] bArr2, int i3, MessageProp messageProp) throws GSSException {
        byte[] wrap = wrap(bArr, i, i2, messageProp);
        System.arraycopy(wrap, 0, bArr2, i3, wrap.length);
        return wrap.length;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void wrap(InputStream inputStream, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        try {
            byte[] bArr = new byte[inputStream.available()];
            outputStream.write(wrap(bArr, 0, inputStream.read(bArr), messageProp));
        } catch (IOException e) {
            throw new GSSExceptionImpl(11, e);
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public byte[] unwrap(byte[] bArr, int i, int i2, MessageProp messageProp) throws GSSException {
        if (i == 0 && i2 == bArr.length) {
            return this.cStub.unwrap(this.pContext, bArr, messageProp);
        }
        byte[] bArr2 = new byte[i2];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        return this.cStub.unwrap(this.pContext, bArr2, messageProp);
    }

    public int unwrap(byte[] bArr, int i, int i2, byte[] bArr2, int i3, MessageProp messageProp) throws GSSException {
        byte[] unwrap;
        if (i == 0 && i2 == bArr.length) {
            unwrap = this.cStub.unwrap(this.pContext, bArr, messageProp);
        } else {
            byte[] bArr3 = new byte[i2];
            System.arraycopy(bArr, i, bArr3, 0, i2);
            unwrap = this.cStub.unwrap(this.pContext, bArr3, messageProp);
        }
        System.arraycopy(unwrap, 0, bArr2, i3, unwrap.length);
        return unwrap.length;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void unwrap(InputStream inputStream, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        try {
            byte[] bArr = new byte[inputStream.available()];
            outputStream.write(unwrap(bArr, 0, inputStream.read(bArr), messageProp));
            outputStream.flush();
        } catch (IOException e) {
            throw new GSSExceptionImpl(11, e);
        }
    }

    public int unwrap(InputStream inputStream, byte[] bArr, int i, MessageProp messageProp) throws GSSException {
        try {
            byte[] bArr2 = new byte[inputStream.available()];
            int read = inputStream.read(bArr2);
            unwrap(bArr2, 0, read, messageProp);
            byte[] unwrap = unwrap(bArr2, 0, read, messageProp);
            System.arraycopy(unwrap, 0, bArr, i, unwrap.length);
            return unwrap.length;
        } catch (IOException e) {
            throw new GSSExceptionImpl(11, e);
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public byte[] getMIC(byte[] bArr, int i, int i2, MessageProp messageProp) throws GSSException {
        int qop = messageProp == null ? 0 : messageProp.getQOP();
        byte[] bArr2 = bArr;
        if (i != 0 || i2 != bArr.length) {
            bArr2 = new byte[i2];
            System.arraycopy(bArr, i, bArr2, 0, i2);
        }
        return this.cStub.getMic(this.pContext, qop, bArr2);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void getMIC(InputStream inputStream, OutputStream outputStream, MessageProp messageProp) throws GSSException {
        try {
            byte[] bArr = new byte[inputStream.available()];
            byte[] mic = getMIC(bArr, 0, inputStream.read(bArr), messageProp);
            if (mic != null && mic.length != 0) {
                outputStream.write(mic);
            }
        } catch (IOException e) {
            throw new GSSExceptionImpl(11, e);
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void verifyMIC(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4, MessageProp messageProp) throws GSSException {
        byte[] bArr3 = bArr;
        byte[] bArr4 = bArr2;
        if (i != 0 || i2 != bArr.length) {
            bArr3 = new byte[i2];
            System.arraycopy(bArr, i, bArr3, 0, i2);
        }
        if (i3 != 0 || i4 != bArr2.length) {
            bArr4 = new byte[i4];
            System.arraycopy(bArr2, i3, bArr4, 0, i4);
        }
        this.cStub.verifyMic(this.pContext, bArr3, bArr4, messageProp);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void verifyMIC(InputStream inputStream, InputStream inputStream2, MessageProp messageProp) throws GSSException {
        try {
            byte[] bArr = new byte[inputStream2.available()];
            int read = inputStream2.read(bArr);
            byte[] bArr2 = new byte[inputStream.available()];
            verifyMIC(bArr2, 0, inputStream.read(bArr2), bArr, 0, read, messageProp);
        } catch (IOException e) {
            throw new GSSExceptionImpl(11, e);
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public byte[] export() throws GSSException {
        byte[] exportContext = this.cStub.exportContext(this.pContext);
        this.pContext = 0L;
        return exportContext;
    }

    private void changeFlags(int i, boolean z) {
        if (this.isInitiator && this.pContext == 0) {
            if (z) {
                this.flags |= i;
            } else {
                this.flags &= i ^ (-1);
            }
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestMutualAuth(boolean z) throws GSSException {
        changeFlags(2, z);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestReplayDet(boolean z) throws GSSException {
        changeFlags(4, z);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestSequenceDet(boolean z) throws GSSException {
        changeFlags(8, z);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestCredDeleg(boolean z) throws GSSException {
        changeFlags(1, z);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestAnonymity(boolean z) throws GSSException {
        changeFlags(64, z);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestConf(boolean z) throws GSSException {
        changeFlags(16, z);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestInteg(boolean z) throws GSSException {
        changeFlags(32, z);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestDelegPolicy(boolean z) throws GSSException {
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void requestLifetime(int i) throws GSSException {
        if (this.isInitiator && this.pContext == 0) {
            this.lifetime = i;
        }
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public void setChannelBinding(ChannelBinding channelBinding) throws GSSException {
        if (this.pContext == 0) {
            this.cb = channelBinding;
        }
    }

    private boolean checkFlags(int i) {
        return (this.flags & i) != 0;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getCredDelegState() {
        return checkFlags(1);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getMutualAuthState() {
        return checkFlags(2);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getReplayDetState() {
        return checkFlags(4);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getSequenceDetState() {
        return checkFlags(8);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getAnonymityState() {
        return checkFlags(64);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean isTransferable() throws GSSException {
        return checkFlags(256);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean isProtReady() {
        return checkFlags(128);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getConfState() {
        return checkFlags(16);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getIntegState() {
        return checkFlags(32);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean getDelegPolicyState() {
        return false;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public int getLifetime() {
        return this.cStub.getContextTime(this.pContext);
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public GSSNameSpi getSrcName() throws GSSException {
        return this.srcName;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public GSSNameSpi getTargName() throws GSSException {
        return this.targetName;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public Oid getMech() throws GSSException {
        return (!this.isEstablished || this.actualMech == null) ? this.cStub.getMech() : this.actualMech;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public GSSCredentialSpi getDelegCred() throws GSSException {
        return this.delegatedCred;
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public boolean isInitiator() {
        return this.isInitiator;
    }

    protected void finalize() throws Throwable {
        dispose();
    }

    @Override // sun.security.jgss.spi.GSSContextSpi
    public Object inquireSecContext(InquireType inquireType) throws GSSException {
        throw new GSSException(16, -1, "Inquire type not supported.");
    }

    static {
        $assertionsDisabled = !NativeGSSContext.class.desiredAssertionStatus();
    }
}
