package oracle.net.ano;

import com.sun.security.auth.module.Krb5LoginModule;
import java.io.IOException;
import java.net.InetAddress;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import oracle.net.aso.a;
import oracle.net.ns.NetException;
import oracle.net.ns.SQLnetDef;
import oracle.net.ns.SessionAtts;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;
import sun.security.krb5.Asn1Exception;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbCryptoException;
import sun.security.krb5.RealmException;
import sun.security.krb5.internal.APReq;
import sun.security.krb5.internal.Authenticator;
import sun.security.krb5.internal.KRBCred;
import sun.security.krb5.internal.KdcErrException;
import sun.security.krb5.internal.KrbApErrException;
import sun.security.util.DerValue;

/* loaded from: input_file:spg-admin-ui-war-3.0.23.war:WEB-INF/lib/ojdbc6-11.2.0.3.jar:oracle/net/ano/AuthenticationService.class */
public class AuthenticationService extends Service implements SQLnetDef, PrivilegedExceptionAction {
    static final String[] j = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, AnoServices.AUTHENTICATION_TCPS};
    private static final String[] k = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, "tcps"};
    private static final byte[] l = {0, 1, 1, 2};
    private boolean m = false;
    private Subject n = null;
    private String o = null;
    private int p;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int a(SessionAtts sessionAtts) throws NetException {
        super.a(sessionAtts);
        this.h = 1;
        this.p = 64767;
        String[] authenticationServices = sessionAtts.profile.getAuthenticationServices();
        a(authenticationServices, j);
        this.f = new int[authenticationServices.length];
        for (int i = 0; i < this.f.length; i++) {
            this.f[i] = a(j, authenticationServices[i]);
        }
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void b() throws NetException, IOException {
        b(3 + (this.f.length * 2));
        this.c.c();
        this.c.a(57569);
        this.c.b(this.p);
        for (int i = 0; i < this.f.length; i++) {
            this.c.a(l[this.f[i]]);
            this.c.a(k[this.f[i]]);
        }
    }

    @Override // oracle.net.ano.Service
    final int c() {
        int i = 20;
        for (int i2 = 0; i2 < this.f.length; i2++) {
            i = i + 5 + 4 + k[this.f[i2]].length();
        }
        return i;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // oracle.net.ano.Service
    final void a(int i) throws NetException, IOException {
        this.c.j();
        int i2 = this.c.i();
        if (i2 != 64255 || i <= 2) {
            if (i2 != 64511) {
                throw new NetException(323, "Authentication service received status failure");
            }
            this.m = false;
            return;
        }
        this.c.e();
        this.i = a(k, this.c.k());
        if (i > 4) {
            this.c.j();
            this.c.g();
            this.c.g();
        }
        this.m = true;
    }

    @Override // oracle.net.ano.Service
    public boolean isActive() {
        return this.m;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int a() {
        if (!isActive()) {
            return 0;
        }
        if (this.i == 1) {
            return 32;
        }
        return this.i == 2 ? 37 : 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void g() throws NetException, IOException {
        if (this.m) {
            if (this.i == 1) {
                b(3);
                this.c.c();
                this.c.a(2L);
                this.c.a(2L);
                return;
            }
            if (this.i == 2) {
                b(4);
                this.c.c();
                this.c.a(2L);
                this.c.a(2L);
                this.c.a((short) 0);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v23 */
    /* JADX WARN: Type inference failed for: r0v36, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v44 */
    /* JADX WARN: Type inference failed for: r0v45 */
    public final void h() throws NetException, IOException {
        NetException netException;
        if (this.m) {
            this.d.ano.a();
            Service.a(this.c);
            if (this.i == 1) {
                this.c.n();
                this.c.n();
                return;
            }
            if (this.i == 2) {
                this.o = this.c.k() + "/" + this.c.k();
                AccessControlContext context = AccessController.getContext();
                if (context != null) {
                    this.n = Subject.getSubject(context);
                }
                Subject subject = this.n;
                PrivilegedActionException privilegedActionException = subject;
                if (subject == null) {
                    AuthenticationService authenticationService = this;
                    authenticationService.n = i();
                    privilegedActionException = authenticationService;
                }
                try {
                    privilegedActionException = Subject.doAs(this.n, this);
                } catch (PrivilegedActionException e) {
                    Exception exception = privilegedActionException.getException();
                    if (exception instanceof NetException) {
                        netException = (NetException) exception;
                    } else {
                        NetException netException2 = new NetException(323, e.getMessage());
                        netException = netException2;
                        netException2.initCause(e);
                    }
                    throw netException;
                }
            }
        }
    }

    private final Subject i() throws NetException {
        Subject subject = new Subject();
        Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        hashMap2.put("useTicketCache", "true");
        hashMap2.put("doNotPrompt", "true");
        String str = (String) this.d.profile.get("oracle.net.kerberos5_cc_name");
        if (str != null && !str.equals("")) {
            hashMap2.put("ticketCache", str);
        }
        krb5LoginModule.initialize(subject, (CallbackHandler) null, hashMap, hashMap2);
        try {
            boolean login = krb5LoginModule.login();
            krb5LoginModule.commit();
            if (login) {
                return subject;
            }
            throw new NetException(323, "Kerberos5 adaptor couldn't retrieve credentials (TGT) from the cache");
        } catch (Exception e) {
            NetException netException = new NetException(323, e.getMessage());
            netException.initCause(e);
            throw netException;
        }
    }

    @Override // java.security.PrivilegedExceptionAction
    public Object run() throws Exception {
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            Oid oid2 = new Oid("1.2.840.113554.1.2.2.1");
            byte[] der = oid.getDER();
            KerberosPrincipal kerberosPrincipal = null;
            Iterator<Principal> it = this.n.getPrincipals().iterator();
            if (it.hasNext()) {
                Principal next = it.next();
                if (next instanceof KerberosPrincipal) {
                    kerberosPrincipal = (KerberosPrincipal) next;
                }
            }
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.o + "@" + kerberosPrincipal.getRealm(), oid2), oid, gSSManager.createCredential(gSSManager.createName(kerberosPrincipal.getName(), oid2), 0, oid, 1), 0);
            boolean z = true;
            if (((String) this.d.profile.get("oracle.net.kerberos5_mutual_authentication")) != "true") {
                z = false;
            }
            createContext.requestMutualAuth(z);
            createContext.requestConf(false);
            createContext.requestInteg(false);
            createContext.requestCredDeleg(true);
            byte[] initSecContext = createContext.initSecContext(new byte[0], 0, 0);
            byte[] bArr = new byte[initSecContext.length - 17];
            System.arraycopy(initSecContext, 17, bArr, 0, bArr.length);
            byte[] address = InetAddress.getLocalHost().getAddress();
            this.d.ano.a(39 + address.length + 4 + bArr.length, this.h, (short) 0);
            b(4);
            this.c.a(2);
            this.c.a(4L);
            this.c.a(address);
            this.c.a(bArr);
            this.c.b();
            this.d.ano.a();
            int[] a = Service.a(this.c);
            this.c.e();
            if (z) {
                if (a[1] < 2) {
                    throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                }
                byte[] l2 = this.c.l();
                byte[] bArr2 = new byte[der.length + 2 + l2.length];
                System.arraycopy(der, 0, bArr2, 0, der.length);
                bArr2[der.length] = 2;
                bArr2[der.length + 1] = 0;
                System.arraycopy(l2, 0, bArr2, der.length + 2, l2.length);
                byte[] byteArray = new DerValue(DerValue.createTag((byte) 64, true, (byte) 0), bArr2).toByteArray();
                try {
                    createContext.initSecContext(byteArray, 0, byteArray.length);
                    if (!createContext.getMutualAuthState()) {
                        throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                    }
                } catch (GSSException e) {
                    NetException netException = new NetException(323, e.getMessage());
                    netException.initCause(e);
                    throw netException;
                }
            }
            if (!createContext.isEstablished()) {
                throw new NetException(323, "Kerberos5 adaptor couldn't create context");
            }
            byte[] a2 = a(createContext, bArr);
            byte[] bArr3 = a2;
            if (a2 == null) {
                bArr3 = new byte[0];
            }
            this.d.ano.a(25 + bArr3.length, this.h, (short) 0);
            b(1);
            this.c.a(bArr3);
            this.c.b();
            return null;
        } catch (GSSException e2) {
            NetException netException2 = new NetException(323, e2.getMessage());
            netException2.initCause(e2);
            throw netException2;
        }
    }

    private final byte[] a(GSSContext gSSContext, byte[] bArr) throws KdcErrException, KrbApErrException, KrbCryptoException, Asn1Exception, RealmException, IOException {
        byte[] bArr2 = null;
        if (gSSContext.getCredDelegState()) {
            byte[] bArr3 = null;
            int i = -1;
            for (Object obj : this.n.getPrivateCredentials().toArray()) {
                KerberosTicket kerberosTicket = (KerberosTicket) obj;
                String name = kerberosTicket.getServer().getName();
                byte[] encoded = kerberosTicket.getSessionKey().getEncoded();
                int sessionKeyType = kerberosTicket.getSessionKeyType();
                if (!name.startsWith("krbtgt")) {
                    bArr3 = encoded;
                    i = sessionKeyType;
                }
            }
            APReq aPReq = new APReq(bArr);
            EncryptionKey encryptionKey = new EncryptionKey(i, bArr3);
            byte[] bytes = new Authenticator(aPReq.authenticator.reset(aPReq.authenticator.decrypt(encryptionKey, 11), true)).getChecksum().getBytes();
            if (bytes.length >= 26) {
                int i2 = ((bytes[27] & 255) << 8) + (bytes[26] & 255);
                byte[] bArr4 = new byte[i2];
                System.arraycopy(bytes, 28, bArr4, 0, i2);
                KRBCred kRBCred = new KRBCred(bArr4);
                bArr2 = new KRBCred(kRBCred.tickets, new EncryptedData(encryptionKey, kRBCred.encPart.reset(kRBCred.encPart.decrypt(EncryptionKey.NULL_KEY, 14), true), 14)).asn1Encode();
            }
        }
        return bArr2;
    }

    @Override // oracle.net.ano.Service
    final void d() throws NetException, IOException {
    }

    public static final byte[] obfuscatePasswordForRadius(byte[] bArr) {
        return a.a(bArr);
    }
}
