package sun.security.jgss.krb5;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.MessageDigest;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import sun.security.jgss.GSSHeader;
import sun.security.jgss.GSSToken;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public abstract class MessageToken extends Krb5Token {
    private static final int FILLER = 65535;
    static final int SEAL_ALG_ARCFOUR_HMAC = 4096;
    static final int SEAL_ALG_DES = 0;
    static final int SEAL_ALG_DES3_KD = 512;
    static final int SEAL_ALG_NONE = 65535;
    private static final int SEAL_ALG_POS = 4;
    static final int SGN_ALG_DES_MAC = 512;
    static final int SGN_ALG_DES_MAC_MD5 = 0;
    static final int SGN_ALG_HMAC_MD5_ARCFOUR = 4352;
    static final int SGN_ALG_HMAC_SHA1_DES3_KD = 1024;
    private static final int SIGN_ALG_POS = 2;
    private static final int TOKEN_ID_POS = 0;
    private static final int TOKEN_NO_CKSUM_SIZE = 16;
    private byte[] checksum;
    CipherHelper cipherHelper;
    private boolean confState;
    private byte[] encSeqNumber;
    private GSSHeader gssHeader;
    private boolean initiator;
    private int seqNumber;
    private byte[] seqNumberData;
    private MessageTokenHeader tokenHeader;
    private int tokenId;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class MessageTokenHeader {
        private byte[] bytes;
        private int sealAlg;
        private int signAlg;
        private int tokenId;

        public MessageTokenHeader(int i, boolean z, int i2) throws GSSException {
            this.bytes = new byte[8];
            this.tokenId = i;
            this.signAlg = MessageToken.this.getSgnAlg(i2);
            int sealAlg = MessageToken.this.getSealAlg(z, i2);
            this.sealAlg = sealAlg;
            byte[] bArr = this.bytes;
            bArr[0] = (byte) (i >>> 8);
            bArr[1] = (byte) i;
            int i3 = this.signAlg;
            bArr[2] = (byte) (i3 >>> 8);
            bArr[3] = (byte) i3;
            bArr[4] = (byte) (sealAlg >>> 8);
            bArr[5] = (byte) sealAlg;
            bArr[6] = -1;
            bArr[7] = -1;
        }

        public MessageTokenHeader(InputStream inputStream, MessageProp messageProp) throws IOException {
            byte[] bArr = new byte[8];
            this.bytes = bArr;
            GSSToken.readFully(inputStream, bArr);
            this.tokenId = GSSToken.readInt(this.bytes, 0);
            this.signAlg = GSSToken.readInt(this.bytes, 2);
            this.sealAlg = GSSToken.readInt(this.bytes, 4);
            GSSToken.readInt(this.bytes, 6);
            int i = this.sealAlg;
            if (i == 0 || i == 512 || i == 4096) {
                messageProp.setPrivacy(true);
            } else {
                messageProp.setPrivacy(false);
            }
            messageProp.setQOP(0);
        }

        public final void encode(OutputStream outputStream) throws IOException {
            outputStream.write(this.bytes);
        }

        public final byte[] getBytes() {
            return this.bytes;
        }

        public final int getSealAlg() {
            return this.sealAlg;
        }

        public final int getSignAlg() {
            return this.signAlg;
        }

        public final int getTokenId() {
            return this.tokenId;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken(int i, Krb5Context krb5Context) throws GSSException {
        this.confState = true;
        this.initiator = true;
        this.tokenId = 0;
        this.gssHeader = null;
        this.tokenHeader = null;
        this.checksum = null;
        this.encSeqNumber = null;
        this.seqNumberData = null;
        this.cipherHelper = null;
        init(i, krb5Context);
        this.seqNumber = krb5Context.incrementMySequenceNumber();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken(int i, Krb5Context krb5Context, InputStream inputStream, MessageProp messageProp) throws GSSException {
        this.confState = true;
        this.initiator = true;
        this.tokenId = 0;
        this.gssHeader = null;
        this.tokenHeader = null;
        this.checksum = null;
        this.encSeqNumber = null;
        this.seqNumberData = null;
        this.cipherHelper = null;
        init(i, krb5Context);
        try {
            GSSHeader gSSHeader = new GSSHeader(inputStream);
            this.gssHeader = gSSHeader;
            if (!gSSHeader.getOid().equals(OID)) {
                throw new GSSException(10, -1, getTokenName(i));
            }
            if (!this.confState) {
                messageProp.setPrivacy(false);
            }
            this.tokenHeader = new MessageTokenHeader(inputStream, messageProp);
            byte[] bArr = new byte[8];
            this.encSeqNumber = bArr;
            readFully(inputStream, bArr);
            byte[] bArr2 = new byte[this.cipherHelper.getChecksumLength()];
            this.checksum = bArr2;
            readFully(inputStream, bArr2);
        } catch (IOException e) {
            throw new GSSException(10, -1, getTokenName(i) + ":" + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public MessageToken(int i, Krb5Context krb5Context, byte[] bArr, int i2, int i3, MessageProp messageProp) throws GSSException {
        this(i, krb5Context, new ByteArrayInputStream(bArr, i2, i3), messageProp);
    }

    private byte[] getChecksum(byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws GSSException {
        byte[] bArr4;
        byte[] bytes = this.tokenHeader.getBytes();
        if (bArr != null) {
            byte[] bArr5 = new byte[bytes.length + bArr.length];
            System.arraycopy(bytes, 0, bArr5, 0, bytes.length);
            System.arraycopy(bArr, 0, bArr5, bytes.length, bArr.length);
            bArr4 = bArr5;
        } else {
            bArr4 = bytes;
        }
        return this.cipherHelper.calculateChecksum(this.tokenHeader.getSignAlg(), bArr4, bArr3, bArr2, i, i2, this.tokenId);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final int getTokenSize(CipherHelper cipherHelper) throws GSSException {
        return cipherHelper.getChecksumLength() + 16;
    }

    private void init(int i, Krb5Context krb5Context) throws GSSException {
        this.tokenId = i;
        this.confState = krb5Context.getConfState();
        this.initiator = krb5Context.isInitiator();
        this.cipherHelper = krb5Context.getCipherHelper(null);
    }

    public void encode(OutputStream outputStream) throws IOException, GSSException {
        GSSHeader gSSHeader = new GSSHeader(OID, getKrb5TokenSize());
        this.gssHeader = gSSHeader;
        gSSHeader.encode(outputStream);
        this.tokenHeader.encode(outputStream);
        outputStream.write(this.encSeqNumber);
        outputStream.write(this.checksum);
    }

    public void genSignAndSeqNumber(MessageProp messageProp, byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws GSSException {
        int qop = messageProp.getQOP();
        if (qop != 0) {
            messageProp.setQOP(0);
            qop = 0;
        }
        if (!this.confState) {
            messageProp.setPrivacy(false);
        }
        this.tokenHeader = new MessageTokenHeader(this.tokenId, messageProp.getPrivacy(), qop);
        this.checksum = getChecksum(bArr, bArr2, i, i2, bArr3);
        this.seqNumberData = new byte[8];
        if (this.cipherHelper.isArcFour()) {
            writeBigEndian(this.seqNumber, this.seqNumberData);
        } else {
            writeLittleEndian(this.seqNumber, this.seqNumberData);
        }
        if (!this.initiator) {
            byte[] bArr4 = this.seqNumberData;
            bArr4[4] = -1;
            bArr4[5] = -1;
            bArr4[6] = -1;
            bArr4[7] = -1;
        }
        this.encSeqNumber = this.cipherHelper.encryptSeq(this.checksum, this.seqNumberData, 0, 8);
    }

    public final byte[] getChecksum() {
        return this.checksum;
    }

    public final boolean getConfState() {
        return this.confState;
    }

    public final byte[] getEncSeqNumber() {
        return this.encSeqNumber;
    }

    public final GSSHeader getGSSHeader() {
        return this.gssHeader;
    }

    protected int getKrb5TokenSize() throws GSSException {
        return getTokenSize();
    }

    protected abstract int getSealAlg(boolean z, int i) throws GSSException;

    public final int getSequenceNumber() {
        return this.cipherHelper.isArcFour() ? readBigEndian(this.seqNumberData, 0, 4) : readLittleEndian(this.seqNumberData, 0, 4);
    }

    protected int getSgnAlg(int i) throws GSSException {
        return this.cipherHelper.getSgnAlg();
    }

    public final int getTokenId() {
        return this.tokenId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final int getTokenSize() throws GSSException {
        return this.cipherHelper.getChecksumLength() + 16;
    }

    public final boolean verifySignAndSeqNumber(byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3) throws GSSException {
        if (MessageDigest.isEqual(this.checksum, getChecksum(bArr, bArr2, i, i2, bArr3))) {
            byte[] decryptSeq = this.cipherHelper.decryptSeq(this.checksum, this.encSeqNumber, 0, 8);
            this.seqNumberData = decryptSeq;
            byte b = this.initiator ? (byte) -1 : (byte) 0;
            if (decryptSeq[4] == b && decryptSeq[5] == b && decryptSeq[6] == b && decryptSeq[7] == b) {
                return true;
            }
        }
        return false;
    }
}
