package sun.security.krb5;

import java.io.IOException;
import java.util.Objects;
import javax.security.auth.kerberos.KeyTab;
import sun.security.jgss.krb5.Krb5Util;
import sun.security.krb5.internal.ASRep;
import sun.security.krb5.internal.ASReq;
import sun.security.krb5.internal.EncASRepPart;
import sun.security.krb5.internal.KRBError;
import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.PAData;
import sun.security.krb5.internal.crypto.EType;
import sun.security.util.DerValue;

/* JADX WARN: Classes with same name are omitted:
  input_file:uab-bootstrap-1.2.10/bin/java/unix/1.8.0_265/lib/rt.jar:sun/security/krb5/KrbAsRep.class
 */
/* loaded from: input_file:uab-bootstrap-1.2.10/bin/java/win/1.8.0_265/lib/rt.jar:sun/security/krb5/KrbAsRep.class */
class KrbAsRep extends KrbKdcRep {
    private ASRep rep;
    private Credentials creds;
    private boolean DEBUG = Krb5.DEBUG;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KrbAsRep(byte[] bArr) throws KrbException, Asn1Exception, IOException {
        KrbException krbException;
        DerValue derValue = new DerValue(bArr);
        try {
            this.rep = new ASRep(derValue);
        } catch (Asn1Exception e) {
            this.rep = null;
            KRBError kRBError = new KRBError(derValue);
            String errorString = kRBError.getErrorString();
            String str = null;
            if (errorString != null && errorString.length() > 0) {
                str = errorString.charAt(errorString.length() - 1) == 0 ? errorString.substring(0, errorString.length() - 1) : errorString;
            }
            if (str == null) {
                krbException = new KrbException(kRBError);
            } else {
                if (this.DEBUG) {
                    System.out.println("KRBError received: " + str);
                }
                krbException = new KrbException(kRBError, str);
            }
            krbException.initCause(e);
            throw krbException;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PAData[] getPA() {
        return this.rep.pAData;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void decryptUsingKeyTab(KeyTab keyTab, KrbAsReq krbAsReq, PrincipalName principalName) throws KrbException, Asn1Exception, IOException {
        EncryptionKey encryptionKey = null;
        int eType = this.rep.encPart.getEType();
        Integer num = this.rep.encPart.kvno;
        try {
            encryptionKey = EncryptionKey.findKey(eType, num, Krb5Util.keysFromJavaxKeyTab(keyTab, principalName));
        } catch (KrbException e) {
            if (e.returnCode() == 44) {
                encryptionKey = EncryptionKey.findKey(eType, Krb5Util.keysFromJavaxKeyTab(keyTab, principalName));
            }
        }
        if (encryptionKey == null) {
            throw new KrbException(400, "Cannot find key for type/kvno to decrypt AS REP - " + EType.toString(eType) + "/" + ((Object) num));
        }
        decrypt(encryptionKey, krbAsReq, principalName);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void decryptUsingPassword(char[] cArr, KrbAsReq krbAsReq, PrincipalName principalName) throws KrbException, Asn1Exception, IOException {
        int eType = this.rep.encPart.getEType();
        decrypt(EncryptionKey.acquireSecretKey(principalName, cArr, eType, PAData.getSaltAndParams(eType, this.rep.pAData)), krbAsReq, principalName);
    }

    private void decrypt(EncryptionKey encryptionKey, KrbAsReq krbAsReq, PrincipalName principalName) throws KrbException, Asn1Exception, IOException {
        EncASRepPart encASRepPart = new EncASRepPart(new DerValue(this.rep.encPart.reset(this.rep.encPart.decrypt(encryptionKey, 3))));
        this.rep.encKDCRepPart = encASRepPart;
        ASReq message = krbAsReq.getMessage();
        check(true, message, this.rep, encryptionKey);
        PrincipalName principalName2 = principalName;
        if (principalName2.equals(this.rep.cname)) {
            principalName2 = null;
        }
        this.creds = new Credentials(this.rep.ticket, this.rep.cname, principalName2, encASRepPart.sname, null, encASRepPart.key, encASRepPart.flags, encASRepPart.authtime, encASRepPart.starttime, encASRepPart.endtime, encASRepPart.renewTill, encASRepPart.caddr);
        if (this.DEBUG) {
            System.out.println(">>> KrbAsRep cons in KrbAsReq.getReply " + message.reqBody.cname.getNameString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Credentials getCreds() {
        return (Credentials) Objects.requireNonNull(this.creds, "Creds not available yet.");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public sun.security.krb5.internal.ccache.Credentials getCCreds() {
        return new sun.security.krb5.internal.ccache.Credentials(this.rep);
    }
}
