package org.apache.wss4j.common.kerberos;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.shared.kerberos.codec.KerberosDecoder;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.components.EncTicketPart;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.apache.directory.shared.kerberos.exceptions.KerberosException;
import org.apache.directory.shared.kerberos.messages.ApReq;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERApplicationSpecific;

/* loaded from: input_file:WEB-INF/lib/wss4j-ws-security-common-2.1.9.jar:org/apache/wss4j/common/kerberos/KerberosTokenDecoderImpl.class */
public class KerberosTokenDecoderImpl implements KerberosTokenDecoder {
    private static final String KERBEROS_OID = "1.2.840.113554.1.2.2";
    private byte[] serviceTicket;
    private Subject subject;
    private boolean decoded = false;
    private EncTicketPart encTicketPart;

    @Override // org.apache.wss4j.common.kerberos.KerberosTokenDecoder
    public void clear() {
        this.serviceTicket = null;
        this.subject = null;
        this.decoded = false;
        this.encTicketPart = null;
    }

    @Override // org.apache.wss4j.common.kerberos.KerberosTokenDecoder
    public void setToken(byte[] bArr) {
        this.serviceTicket = bArr;
    }

    @Override // org.apache.wss4j.common.kerberos.KerberosTokenDecoder
    public void setSubject(Subject subject) {
        this.subject = subject;
    }

    @Override // org.apache.wss4j.common.kerberos.KerberosTokenDecoder
    public byte[] getSessionKey() throws KerberosTokenDecoderException {
        if (!this.decoded) {
            decodeServiceTicket();
        }
        if (this.encTicketPart == null || this.encTicketPart.getKey() == null) {
            return null;
        }
        return this.encTicketPart.getKey().getKeyValue();
    }

    public String getClientPrincipalName() throws KerberosTokenDecoderException {
        if (!this.decoded) {
            decodeServiceTicket();
        }
        return this.encTicketPart.getCName().toString();
    }

    private synchronized void decodeServiceTicket() throws KerberosTokenDecoderException {
        parseServiceTicket(this.serviceTicket);
        this.decoded = true;
    }

    private void parseServiceTicket(byte[] bArr) throws KerberosTokenDecoderException {
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(new ByteArrayInputStream(bArr));
            DERApplicationSpecific dERApplicationSpecific = (DERApplicationSpecific) aSN1InputStream.readObject();
            if (dERApplicationSpecific == null || !dERApplicationSpecific.isConstructed()) {
                aSN1InputStream.close();
                throw new KerberosTokenDecoderException("invalid kerberos token");
            }
            aSN1InputStream.close();
            ASN1InputStream aSN1InputStream2 = new ASN1InputStream(new ByteArrayInputStream(dERApplicationSpecific.getContents()));
            if (!((ASN1ObjectIdentifier) aSN1InputStream2.readObject()).getId().equals(KERBEROS_OID)) {
                aSN1InputStream2.close();
                throw new KerberosTokenDecoderException("invalid kerberos token");
            }
            if (((aSN1InputStream2.read() & 255) << 8) + (aSN1InputStream2.read() & 255) != 1) {
                throw new KerberosTokenDecoderException("invalid kerberos token");
            }
            ApReq decodeApReq = KerberosDecoder.decodeApReq(toByteArray(aSN1InputStream2));
            int value = decodeApReq.getTicket().getEncPart().getEType().getValue();
            this.encTicketPart = KerberosDecoder.decodeEncTicketPart(new CipherTextHandler().decrypt(new EncryptionKey(EncryptionType.getTypeByValue(value), getKrbKey(this.subject, value).getEncoded()), decodeApReq.getTicket().getEncPart(), KeyUsage.getTypeByOrdinal(2)));
        } catch (KerberosException | IOException e) {
            throw new KerberosTokenDecoderException((Throwable) e);
        }
    }

    private KerberosKey getKrbKey(Subject subject, int i) {
        for (Object obj : subject.getPrivateCredentials(Object.class)) {
            if ((obj instanceof KerberosKey) && ((KerberosKey) obj).getKeyType() == i) {
                return (KerberosKey) obj;
            }
        }
        return null;
    }

    private static byte[] toByteArray(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Throwable th = null;
        try {
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            return byteArray;
        } catch (Throwable th3) {
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th3;
        }
    }
}
