package com.sun.xml.ws.security.kerb;

import com.sun.xml.ws.security.kerb.InitialToken;
import java.io.IOException;
import java.io.InputStream;
import org.ietf.jgss.GSSException;
import sun.security.krb5.Credentials;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.KrbApReq;
import sun.security.krb5.KrbException;
import sun.security.util.DerValue;

/* loaded from: input_file:spg-ui-war-2.1.9.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/kerb/InitSecContextToken.class */
class InitSecContextToken extends InitialToken {
    private KrbApReq apReq;

    /* JADX INFO: Access modifiers changed from: package-private */
    public InitSecContextToken(Krb5Context krb5Context, Credentials credentials, Credentials credentials2) throws KrbException, IOException, GSSException {
        this.apReq = null;
        boolean mutualAuthState = krb5Context.getMutualAuthState();
        this.apReq = new KrbApReq(credentials2, mutualAuthState, true, true, new InitialToken.OverloadedChecksum(krb5Context, credentials, credentials2).getChecksum());
        krb5Context.resetMySequenceNumber(this.apReq.getSeqNumber().intValue());
        EncryptionKey subKey = this.apReq.getSubKey();
        if (subKey != null) {
            krb5Context.setKey(subKey);
        } else {
            krb5Context.setKey(credentials2.getSessionKey());
        }
        if (mutualAuthState) {
            return;
        }
        krb5Context.resetPeerSequenceNumber(0);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public InitSecContextToken(Krb5Context krb5Context, EncryptionKey[] encryptionKeyArr, InputStream inputStream) throws IOException, GSSException, KrbException {
        this.apReq = null;
        if (((inputStream.read() << 8) | inputStream.read()) != 256) {
            throw new GSSException(10, -1, "AP_REQ token id does not match!");
        }
        this.apReq = new KrbApReq(new DerValue(inputStream).toByteArray(), encryptionKeyArr);
        EncryptionKey sessionKey = this.apReq.getCreds().getSessionKey();
        EncryptionKey subKey = this.apReq.getSubKey();
        if (subKey != null) {
            krb5Context.setKey(subKey);
        } else {
            krb5Context.setKey(sessionKey);
        }
        InitialToken.OverloadedChecksum overloadedChecksum = new InitialToken.OverloadedChecksum(krb5Context, this.apReq.getChecksum(), sessionKey);
        overloadedChecksum.setContextFlags(krb5Context);
        Credentials delegatedCreds = overloadedChecksum.getDelegatedCreds();
        if (delegatedCreds != null) {
            krb5Context.setDelegCred(Krb5InitCredential.getInstance((Krb5NameElement) krb5Context.getSrcName(), delegatedCreds));
        }
        Integer seqNumber = this.apReq.getSeqNumber();
        int intValue = seqNumber != null ? seqNumber.intValue() : 0;
        krb5Context.resetPeerSequenceNumber(intValue);
        if (krb5Context.getMutualAuthState()) {
            return;
        }
        krb5Context.resetMySequenceNumber(intValue);
    }

    public final KrbApReq getKrbApReq() {
        return this.apReq;
    }

    @Override // com.sun.xml.ws.security.kerb.InitialToken
    public final byte[] encode() throws IOException {
        byte[] message = this.apReq.getMessage();
        byte[] bArr = new byte[2 + message.length];
        writeInt(256, bArr, 0);
        System.arraycopy(message, 0, bArr, 2, message.length);
        return bArr;
    }
}
