package org.apache.directory.server.kerberos.shared;

import java.net.InetAddress;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
import org.apache.directory.server.kerberos.shared.messages.value.PrincipalName;
import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.shared.ldap.util.StringTools;

/* loaded from: input_file:WEB-INF/lib/apacheds-kerberos-shared-1.5.5.jar:org/apache/directory/server/kerberos/shared/KerberosUtils.class */
public class KerberosUtils {
    public static final int NULL = -1;
    public static final List<String> EMPTY_PRINCIPAL_NAME = new ArrayList();

    public static List<String> getNames(KerberosPrincipal kerberosPrincipal) throws ParseException {
        if (kerberosPrincipal == null) {
            return EMPTY_PRINCIPAL_NAME;
        }
        String name = kerberosPrincipal.getName();
        return StringTools.isEmpty(name) ? EMPTY_PRINCIPAL_NAME : getNames(name);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0032. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:36:0x00ec A[LOOP:0: B:7:0x0023->B:36:0x00ec, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:37:0x00f2 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:40:0x00f6  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x0102  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.List<java.lang.String> getNames(java.lang.String r7) throws java.text.ParseException {
        /*
            Method dump skipped, instructions count: 260
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.directory.server.kerberos.shared.KerberosUtils.getNames(java.lang.String):java.util.List");
    }

    public static KerberosPrincipal getKerberosPrincipal(PrincipalName principalName, String str) {
        String nameString = principalName.getNameString();
        if (!StringTools.isEmpty(str)) {
            nameString = nameString + '@' + str;
        }
        return new KerberosPrincipal(nameString, principalName.getNameType().getOrdinal());
    }

    public static EncryptionType getBestEncryptionType(Set<EncryptionType> set, Set<EncryptionType> set2) {
        for (EncryptionType encryptionType : set) {
            if (set2.contains(encryptionType)) {
                return encryptionType;
            }
        }
        return null;
    }

    public static String getEncryptionTypesString(Set<EncryptionType> set) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (EncryptionType encryptionType : set) {
            if (z) {
                z = false;
            } else {
                sb.append(", ");
            }
            sb.append(encryptionType);
        }
        return sb.toString();
    }

    public static PrincipalStoreEntry getEntry(KerberosPrincipal kerberosPrincipal, PrincipalStore principalStore, ErrorType errorType) throws KerberosException {
        try {
            PrincipalStoreEntry principal = principalStore.getPrincipal(kerberosPrincipal);
            if (principal == null) {
                throw new KerberosException(errorType);
            }
            if (principal.getKeyMap() == null || principal.getKeyMap().isEmpty()) {
                throw new KerberosException(ErrorType.KDC_ERR_NULL_KEY);
            }
            return principal;
        } catch (Exception e) {
            throw new KerberosException(errorType, e);
        }
    }

    public static Authenticator verifyAuthHeader(ApplicationRequest applicationRequest, Ticket ticket, EncryptionKey encryptionKey, long j, ReplayCache replayCache, boolean z, InetAddress inetAddress, CipherTextHandler cipherTextHandler, KeyUsage keyUsage, boolean z2) throws KerberosException {
        if (applicationRequest.getProtocolVersionNumber() != 5) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADVERSION);
        }
        if (applicationRequest.getMessageType() != KerberosMessageType.AP_REQ) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_MSG_TYPE);
        }
        if (applicationRequest.getTicket().getTktVno() != 5) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADVERSION);
        }
        EncryptionKey sessionKey = applicationRequest.getOption(1) ? applicationRequest.getTicket().getEncTicketPart().getSessionKey() : encryptionKey;
        if (sessionKey == null) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_NOKEY);
        }
        ticket.setEncTicketPart((EncTicketPart) cipherTextHandler.unseal(EncTicketPart.class, sessionKey, ticket.getEncPart(), KeyUsage.NUMBER2));
        Authenticator authenticator = (Authenticator) cipherTextHandler.unseal(Authenticator.class, ticket.getEncTicketPart().getSessionKey(), applicationRequest.getEncPart(), keyUsage);
        if (!authenticator.getClientPrincipal().getName().equals(ticket.getEncTicketPart().getClientPrincipal().getName())) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADMATCH);
        }
        if (ticket.getEncTicketPart().getClientAddresses() != null) {
            if (!ticket.getEncTicketPart().getClientAddresses().contains(new HostAddress(inetAddress))) {
                throw new KerberosException(ErrorType.KRB_AP_ERR_BADADDR);
            }
        } else if (!z) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADADDR);
        }
        KerberosPrincipal serverPrincipal = ticket.getServerPrincipal();
        KerberosPrincipal clientPrincipal = authenticator.getClientPrincipal();
        KerberosTime clientTime = authenticator.getClientTime();
        int clientMicroSecond = authenticator.getClientMicroSecond();
        if (replayCache.isReplay(serverPrincipal, clientPrincipal, clientTime, clientMicroSecond)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_REPEAT);
        }
        replayCache.save(serverPrincipal, clientPrincipal, clientTime, clientMicroSecond);
        if (!authenticator.getClientTime().isInClockSkew(j)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_SKEW);
        }
        KerberosTime startTime = ticket.getEncTicketPart().getStartTime() != null ? ticket.getEncTicketPart().getStartTime() : ticket.getEncTicketPart().getAuthTime();
        KerberosTime kerberosTime = new KerberosTime();
        if (!startTime.lessThan(kerberosTime) || (ticket.getEncTicketPart().getFlags().isInvalid() && !z2)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_TKT_NYV);
        }
        if (!ticket.getEncTicketPart().getEndTime().greaterThan(kerberosTime)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_TKT_EXPIRED);
        }
        applicationRequest.setOption(2);
        return authenticator;
    }
}
