package com.sun.xml.ws.security.kerb;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import sun.security.jgss.GSSToken;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:spg-ui-war-2.1.19.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/kerb/MessageToken_v2.class */
public abstract class MessageToken_v2 extends Krb5Token {
    private static final int TOKEN_ID_POS = 0;
    private static final int TOKEN_FLAG_POS = 2;
    private static final int TOKEN_EC_POS = 4;
    private static final int TOKEN_RRC_POS = 6;
    static final int TOKEN_HEADER_SIZE = 16;
    private int tokenId;
    private int seqNumber;
    private int ec;
    private int rrc;
    private boolean confState;
    private boolean initiator;
    byte[] confounder;
    byte[] checksum;
    private int key_usage;
    private byte[] seqNumberData;
    private MessageTokenHeader tokenHeader;
    CipherHelper cipherHelper;
    static final int KG_USAGE_ACCEPTOR_SEAL = 22;
    static final int KG_USAGE_ACCEPTOR_SIGN = 23;
    static final int KG_USAGE_INITIATOR_SEAL = 24;
    static final int KG_USAGE_INITIATOR_SIGN = 25;
    private static final int FLAG_SENDER_IS_ACCEPTOR = 1;
    private static final int FLAG_WRAP_CONFIDENTIAL = 2;
    private static final int FLAG_ACCEPTOR_SUBKEY = 4;
    private static final int FILLER = 255;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:spg-ui-war-2.1.19.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/kerb/MessageToken_v2$MessageTokenHeader.class */
    public class MessageTokenHeader {
        private int tokenId;
        private byte[] bytes;

        public MessageTokenHeader(int i, boolean z, boolean z2) throws GSSException {
            this.bytes = new byte[16];
            this.tokenId = i;
            this.bytes[0] = (byte) (i >>> 8);
            this.bytes[1] = (byte) i;
            this.bytes[2] = (byte) ((MessageToken_v2.this.initiator ? 0 : 1) | ((!z || i == 1028) ? 0 : 2) | (z2 ? 4 : 0));
            this.bytes[3] = -1;
            if (i == 1284) {
                this.bytes[4] = 0;
                this.bytes[5] = 0;
                this.bytes[6] = 0;
                this.bytes[7] = 0;
            } else if (i == 1028) {
                for (int i2 = 4; i2 < 8; i2++) {
                    this.bytes[i2] = -1;
                }
            }
            MessageToken_v2.this.seqNumberData = new byte[8];
            GSSToken.writeBigEndian(MessageToken_v2.this.seqNumber, MessageToken_v2.this.seqNumberData, 4);
            System.arraycopy(MessageToken_v2.this.seqNumberData, 0, this.bytes, 8, 8);
        }

        public MessageTokenHeader(InputStream inputStream, MessageProp messageProp, int i) throws IOException, GSSException {
            this.bytes = new byte[16];
            GSSToken.readFully(inputStream, this.bytes, 0, 16);
            this.tokenId = GSSToken.readInt(this.bytes, 0);
            if ((this.bytes[2] & 1) != (MessageToken_v2.this.initiator)) {
                throw new GSSException(10, -1, Krb5Token.getTokenName(this.tokenId) + ":Acceptor Flag Missing!");
            }
            if ((this.bytes[2] & 2) == 2 && this.tokenId == 1284) {
                messageProp.setPrivacy(true);
            } else {
                messageProp.setPrivacy(false);
            }
            if (this.tokenId != i) {
                throw new GSSException(10, -1, Krb5Token.getTokenName(this.tokenId) + ":Defective Token ID!");
            }
            if ((this.bytes[3] & 255) != 255) {
                throw new GSSException(10, -1, Krb5Token.getTokenName(this.tokenId) + ":Defective Token Filler!");
            }
            if (this.tokenId == 1028) {
                for (int i2 = 4; i2 < 8; i2++) {
                    if ((this.bytes[i2] & 255) != 255) {
                        throw new GSSException(10, -1, Krb5Token.getTokenName(this.tokenId) + ":Defective Token Filler!");
                    }
                }
            }
            MessageToken_v2.this.ec = GSSToken.readBigEndian(this.bytes, 4, 2);
            MessageToken_v2.this.rrc = GSSToken.readBigEndian(this.bytes, 6, 2);
            messageProp.setQOP(0);
            MessageToken_v2.this.seqNumberData = new byte[8];
            System.arraycopy(this.bytes, 8, MessageToken_v2.this.seqNumberData, 0, 8);
        }

        public final void encode(OutputStream outputStream) throws IOException {
            outputStream.write(this.bytes);
        }

        public final int getTokenId() {
            return this.tokenId;
        }

        public final byte[] getBytes() {
            return this.bytes;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken_v2(int i, Krb5Context krb5Context, byte[] bArr, int i2, int i3, MessageProp messageProp) throws GSSException {
        this(i, krb5Context, new ByteArrayInputStream(bArr, i2, i3), messageProp);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken_v2(int i, Krb5Context krb5Context, InputStream inputStream, MessageProp messageProp) throws GSSException {
        this.tokenId = 0;
        this.ec = 0;
        this.rrc = 0;
        this.confState = true;
        this.initiator = true;
        this.confounder = null;
        this.checksum = null;
        this.key_usage = 0;
        this.seqNumberData = null;
        this.tokenHeader = null;
        this.cipherHelper = null;
        init(i, krb5Context);
        try {
            if (!this.confState) {
                messageProp.setPrivacy(false);
            }
            this.tokenHeader = new MessageTokenHeader(inputStream, messageProp, i);
            if (i == 1284) {
                this.key_usage = !this.initiator ? 24 : 22;
            } else if (i == 1028) {
                this.key_usage = !this.initiator ? 25 : 23;
            }
            int available = inputStream.available();
            byte[] bArr = new byte[available];
            readFully(inputStream, bArr);
            this.checksum = new byte[this.cipherHelper.getChecksumLength()];
            System.arraycopy(bArr, available - this.cipherHelper.getChecksumLength(), this.checksum, 0, this.cipherHelper.getChecksumLength());
            if (messageProp.getPrivacy() || i != 1284 || this.checksum.length == this.ec) {
            } else {
                throw new GSSException(10, -1, getTokenName(i) + ":EC incorrect!");
            }
        } catch (IOException e) {
            throw new GSSException(10, -1, getTokenName(i) + ":" + e.getMessage());
        }
    }

    public final int getTokenId() {
        return this.tokenId;
    }

    public final int getKeyUsage() {
        return this.key_usage;
    }

    public final boolean getConfState() {
        return this.confState;
    }

    public void genSignAndSeqNumber(MessageProp messageProp, byte[] bArr, int i, int i2) throws GSSException {
        if (messageProp.getQOP() != 0) {
            messageProp.setQOP(0);
        }
        if (!this.confState) {
            messageProp.setPrivacy(false);
        }
        this.tokenHeader = new MessageTokenHeader(this.tokenId, messageProp.getPrivacy(), true);
        if (this.tokenId == 1284) {
            this.key_usage = this.initiator ? 24 : 22;
        } else if (this.tokenId == 1028) {
            this.key_usage = this.initiator ? 25 : 23;
        }
        if (this.tokenId == 1028 || (!messageProp.getPrivacy() && this.tokenId == 1284)) {
            this.checksum = getChecksum(bArr, i, i2);
        }
        if (messageProp.getPrivacy() || this.tokenId != 1284) {
            return;
        }
        byte[] bytes = this.tokenHeader.getBytes();
        bytes[4] = (byte) (this.checksum.length >>> 8);
        bytes[5] = (byte) this.checksum.length;
    }

    public final boolean verifySign(byte[] bArr, int i, int i2) throws GSSException {
        return MessageDigest.isEqual(this.checksum, getChecksum(bArr, i, i2));
    }

    public boolean rotate_left(byte[] bArr, int i, byte[] bArr2, int i2) {
        int i3 = 0;
        if (this.rrc <= 0 || i2 == 0) {
            return false;
        }
        this.rrc %= i2 - 16;
        if (this.rrc == 0) {
            return false;
        }
        if (i > 0) {
            i3 = 0 + i;
        }
        System.arraycopy(bArr, i3, bArr2, 0, 16);
        int i4 = i3 + 16;
        System.arraycopy(bArr, i4 + this.rrc, bArr2, 16, (i2 - 16) - this.rrc);
        System.arraycopy(bArr, i4, bArr2, (i2 - 16) - this.rrc, this.rrc);
        return true;
    }

    public final int getSequenceNumber() {
        return readBigEndian(this.seqNumberData, 0, 4);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getChecksum(byte[] bArr, int i, int i2) throws GSSException {
        byte[] bytes = this.tokenHeader.getBytes();
        if ((bytes[2] & 2) == 0 && this.tokenId == 1284) {
            bytes[4] = 0;
            bytes[5] = 0;
        }
        return this.cipherHelper.calculateChecksum(bytes, bArr, i, i2, this.key_usage);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken_v2(int i, Krb5Context krb5Context) throws GSSException {
        this.tokenId = 0;
        this.ec = 0;
        this.rrc = 0;
        this.confState = true;
        this.initiator = true;
        this.confounder = null;
        this.checksum = null;
        this.key_usage = 0;
        this.seqNumberData = null;
        this.tokenHeader = null;
        this.cipherHelper = null;
        init(i, krb5Context);
        this.seqNumber = krb5Context.incrementMySequenceNumber();
    }

    private void init(int i, Krb5Context krb5Context) throws GSSException {
        this.tokenId = i;
        this.confState = krb5Context.getConfState();
        this.initiator = krb5Context.isInitiator();
        this.cipherHelper = krb5Context.getCipherHelper(null);
        this.tokenId = i;
    }

    public void encode(OutputStream outputStream) throws IOException, GSSException {
        this.tokenHeader.encode(outputStream);
        if (this.tokenId == 1028) {
            outputStream.write(this.checksum);
        }
    }

    protected int getKrb5TokenSize() throws GSSException {
        return getTokenSize();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final int getTokenSize() throws GSSException {
        return 16 + this.cipherHelper.getChecksumLength();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final int getTokenSize(CipherHelper cipherHelper) throws GSSException {
        return 16 + cipherHelper.getChecksumLength();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] getTokenHeader() {
        return this.tokenHeader.getBytes();
    }
}
