package io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.request;

import io.hops.hadoop.shaded.org.apache.kerby.KOptions;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.KrbCodec;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.KrbException;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.ccache.Credential;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.KrbOption;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.preauth.KrbFastRequestState;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.common.CheckSumUtil;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.crypto.EncryptionHandler;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.crypto.fast.FastUtil;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.KerberosTime;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ap.ApOptions;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ap.ApReq;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ap.Authenticator;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.CheckSumType;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.fast.ArmorType;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.fast.KrbFastArmor;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.fast.KrbFastArmoredReq;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.fast.KrbFastReq;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.fast.PaFxFastRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.kdc.AsReq;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.kdc.KdcReq;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import java.io.File;
import java.io.IOException;

/* loaded from: input_file:io/hops/hadoop/shaded/org/apache/kerby/kerberos/kerb/client/request/ArmoredRequest.class */
public class ArmoredRequest {
    private Credential credential;
    private EncryptionKey subKey;
    private EncryptionKey armorCacheKey;
    private KdcRequest kdcRequest;

    public ArmoredRequest(KdcRequest kdcRequest) {
        this.kdcRequest = kdcRequest;
    }

    public void process() throws KrbException {
        KdcReq kdcReq = this.kdcRequest.getKdcReq();
        KrbFastRequestState fastRequestState = this.kdcRequest.getFastRequestState();
        fastAsArmor(fastRequestState, this.kdcRequest.getArmorKey(), this.subKey, this.credential, kdcReq);
        this.kdcRequest.setFastRequestState(fastRequestState);
        this.kdcRequest.setOuterRequestBody(KrbCodec.encode(fastRequestState.getFastOuterRequest().getReqBody()));
        kdcReq.getPaData().addElement(makeFastEntry(fastRequestState, kdcReq, this.kdcRequest.getOuterRequestBody()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void preauth() throws KrbException {
        getCredential(getPreauthOptions());
        this.armorCacheKey = getArmorCacheKey(this.credential);
        this.subKey = getSubKey(this.armorCacheKey.getKeyType());
        this.kdcRequest.getFastRequestState().setArmorKey(makeArmorKey(this.subKey, this.armorCacheKey));
    }

    private void getCredential(KOptions kOptions) throws KrbException {
        if (kOptions.contains(KrbOption.ARMOR_CACHE)) {
            this.credential = getCredentialFromFile(kOptions.getStringOption(KrbOption.ARMOR_CACHE));
        } else if (kOptions.contains(KrbOption.TGT)) {
            this.credential = new Credential((TgtTicket) kOptions.getOptionValue(KrbOption.TGT));
        }
    }

    public KOptions getPreauthOptions() {
        KOptions kOptions = new KOptions();
        KOptions requestOptions = this.kdcRequest.getRequestOptions();
        if (requestOptions.contains(KrbOption.ARMOR_CACHE)) {
            kOptions.add(requestOptions.getOption(KrbOption.ARMOR_CACHE));
        } else if (requestOptions.contains(KrbOption.TGT)) {
            kOptions.add(requestOptions.getOption(KrbOption.TGT));
        }
        return kOptions;
    }

    public EncryptionKey getClientKey() throws KrbException {
        return this.kdcRequest.getFastRequestState().getArmorKey();
    }

    public EncryptionKey getArmorCacheKey() {
        return this.armorCacheKey;
    }

    private Credential getCredentialFromFile(String str) throws KrbException {
        try {
            return resolveCredCache(new File(str)).getCredentials().iterator().next();
        } catch (IOException e) {
            throw new KrbException("Failed to load armor cache file");
        }
    }

    private static CredentialCache resolveCredCache(File file) throws IOException {
        CredentialCache credentialCache = new CredentialCache();
        credentialCache.load(file);
        return credentialCache;
    }

    private void fastAsArmor(KrbFastRequestState krbFastRequestState, EncryptionKey encryptionKey, EncryptionKey encryptionKey2, Credential credential, KdcReq kdcReq) throws KrbException {
        krbFastRequestState.setArmorKey(encryptionKey);
        krbFastRequestState.setFastArmor(fastArmorApRequest(encryptionKey2, credential));
        AsReq asReq = new AsReq();
        asReq.setReqBody(kdcReq.getReqBody());
        asReq.setPaData(null);
        krbFastRequestState.setFastOuterRequest(asReq);
    }

    private PaDataEntry makeFastEntry(KrbFastRequestState krbFastRequestState, KdcReq kdcReq, byte[] bArr) throws KrbException {
        KrbFastReq krbFastReq = new KrbFastReq();
        krbFastReq.setKdcReqBody(kdcReq.getReqBody());
        krbFastReq.setFastOptions(krbFastRequestState.getFastOptions());
        PaFxFastRequest paFxFastRequest = new PaFxFastRequest();
        KrbFastArmoredReq krbFastArmoredReq = new KrbFastArmoredReq();
        krbFastArmoredReq.setArmor(krbFastRequestState.getFastArmor());
        krbFastArmoredReq.setReqChecksum(CheckSumUtil.makeCheckSumWithKey(CheckSumType.NONE, bArr, krbFastRequestState.getArmorKey(), KeyUsage.FAST_REQ_CHKSUM));
        krbFastArmoredReq.setEncryptedFastReq(EncryptionUtil.seal(krbFastReq, krbFastRequestState.getArmorKey(), KeyUsage.FAST_ENC));
        paFxFastRequest.setFastArmoredReq(krbFastArmoredReq);
        PaDataEntry paDataEntry = new PaDataEntry();
        paDataEntry.setPaDataType(PaDataType.FX_FAST);
        paDataEntry.setPaDataValue(KrbCodec.encode(paFxFastRequest));
        return paDataEntry;
    }

    private KrbFastArmor fastArmorApRequest(EncryptionKey encryptionKey, Credential credential) throws KrbException {
        KrbFastArmor krbFastArmor = new KrbFastArmor();
        krbFastArmor.setArmorType(ArmorType.ARMOR_AP_REQUEST);
        krbFastArmor.setArmorValue(KrbCodec.encode(makeApReq(encryptionKey, credential)));
        return krbFastArmor;
    }

    private ApReq makeApReq(EncryptionKey encryptionKey, Credential credential) throws KrbException {
        ApReq apReq = new ApReq();
        apReq.setApOptions(new ApOptions());
        apReq.setTicket(credential.getTicket());
        Authenticator makeAuthenticator = makeAuthenticator(credential, encryptionKey);
        apReq.setAuthenticator(makeAuthenticator);
        apReq.setEncryptedAuthenticator(EncryptionUtil.seal(makeAuthenticator, credential.getKey(), KeyUsage.AP_REQ_AUTH));
        return apReq;
    }

    private EncryptionKey makeArmorKey(EncryptionKey encryptionKey, EncryptionKey encryptionKey2) throws KrbException {
        return FastUtil.makeArmorKey(encryptionKey, encryptionKey2);
    }

    private EncryptionKey getSubKey(EncryptionType encryptionType) throws KrbException {
        return EncryptionHandler.random2Key(encryptionType);
    }

    private EncryptionKey getArmorCacheKey(Credential credential) throws KrbException {
        return credential.getKey();
    }

    protected Authenticator makeAuthenticator(Credential credential, EncryptionKey encryptionKey) throws KrbException {
        Authenticator authenticator = new Authenticator();
        authenticator.setAuthenticatorVno(5);
        authenticator.setCname(credential.getClientName());
        authenticator.setCrealm(credential.getClientRealm());
        authenticator.setCtime(KerberosTime.now());
        authenticator.setCusec(0);
        authenticator.setSubKey(encryptionKey);
        authenticator.setCksum(CheckSumUtil.seal(this.kdcRequest.getReqBody(null), null, encryptionKey, KeyUsage.TGS_REQ_AUTH_CKSUM));
        return authenticator;
    }
}
