package io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.response;

import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.KrbErrorCode;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.KrbException;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.request.ApRequest;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ap.ApRep;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ap.ApReq;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ap.Authenticator;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ap.EncAPRepPart;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.KeyUsage;

/* loaded from: input_file:io/hops/hadoop/shaded/org/apache/kerby/kerberos/kerb/response/ApResponse.class */
public class ApResponse {
    private ApReq apReq;
    private ApRep apRep;
    EncryptionKey encryptionKey;

    public ApResponse(ApReq apReq, EncryptionKey encryptionKey) {
        this.apReq = apReq;
        this.encryptionKey = encryptionKey;
    }

    public ApResponse(ApReq apReq) {
        this.apReq = apReq;
    }

    public ApRep getApRep() throws KrbException {
        if (this.encryptionKey != null) {
            ApRequest.validate(this.encryptionKey, this.apReq);
        }
        if (this.apRep == null) {
            this.apRep = makeApRep();
        }
        return this.apRep;
    }

    public void setApRep(ApRep apRep) {
        this.apRep = apRep;
    }

    private ApRep makeApRep() throws KrbException {
        ApRep apRep = new ApRep();
        EncAPRepPart encAPRepPart = new EncAPRepPart();
        Authenticator authenticator = this.apReq.getAuthenticator();
        encAPRepPart.setCtime(authenticator.getCtime());
        encAPRepPart.setCusec(authenticator.getCusec());
        encAPRepPart.setSubkey(authenticator.getSubKey());
        encAPRepPart.setSeqNumber(0);
        apRep.setEncRepPart(encAPRepPart);
        apRep.setEncryptedEncPart(EncryptionUtil.seal(encAPRepPart, authenticator.getSubKey(), KeyUsage.AP_REP_ENCPART));
        return apRep;
    }

    public static void validate(EncryptionKey encryptionKey, ApRep apRep, ApReq apReq) throws KrbException {
        EncAPRepPart encAPRepPart = (EncAPRepPart) EncryptionUtil.unseal(apRep.getEncryptedEncPart(), encryptionKey, KeyUsage.AP_REP_ENCPART, EncAPRepPart.class);
        apRep.setEncRepPart(encAPRepPart);
        if (apReq != null) {
            Authenticator authenticator = apReq.getAuthenticator();
            if (!encAPRepPart.getCtime().equals(authenticator.getCtime()) || encAPRepPart.getCusec() != authenticator.getCusec()) {
                throw new KrbException(KrbErrorCode.KRB_AP_ERR_MUT_FAIL);
            }
        }
    }
}
