package org.apache.kerby.kerberos.kerb.client.preauth;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbContext;
import org.apache.kerby.kerberos.kerb.client.preauth.builtin.EncTsPreauth;
import org.apache.kerby.kerberos.kerb.client.preauth.builtin.TgtPreauth;
import org.apache.kerby.kerberos.kerb.client.preauth.pkinit.PkinitPreauth;
import org.apache.kerby.kerberos.kerb.client.preauth.token.TokenPreauth;
import org.apache.kerby.kerberos.kerb.client.request.KdcRequest;
import org.apache.kerby.kerberos.kerb.type.pa.PaData;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;

/* loaded from: input_file:WEB-INF/lib/kerb-client-1.0.1.jar:org/apache/kerby/kerberos/kerb/client/preauth/PreauthHandler.class */
public class PreauthHandler {
    private KrbContext krbContext;
    private List<KrbPreauth> preauths;

    public void init(KrbContext krbContext) {
        this.krbContext = krbContext;
        loadPreauthPlugins(krbContext);
    }

    private void loadPreauthPlugins(KrbContext krbContext) {
        this.preauths = new ArrayList();
        EncTsPreauth encTsPreauth = new EncTsPreauth();
        encTsPreauth.init(krbContext);
        this.preauths.add(encTsPreauth);
        TgtPreauth tgtPreauth = new TgtPreauth();
        tgtPreauth.init(krbContext);
        this.preauths.add(tgtPreauth);
        PkinitPreauth pkinitPreauth = new PkinitPreauth();
        pkinitPreauth.init(krbContext);
        this.preauths.add(pkinitPreauth);
        TokenPreauth tokenPreauth = new TokenPreauth();
        tokenPreauth.init(krbContext);
        this.preauths.add(tokenPreauth);
    }

    public PreauthContext preparePreauthContext(KdcRequest kdcRequest) {
        PreauthContext preauthContext = new PreauthContext();
        preauthContext.setPreauthRequired(this.krbContext.getConfig().isPreauthRequired());
        Iterator<KrbPreauth> it = this.preauths.iterator();
        while (it.hasNext()) {
            PreauthHandle preauthHandle = new PreauthHandle(it.next());
            preauthHandle.initRequestContext(kdcRequest);
            preauthContext.getHandles().add(preauthHandle);
        }
        return preauthContext;
    }

    public void preauth(KdcRequest kdcRequest) throws KrbException {
        PreauthContext preauthContext = kdcRequest.getPreauthContext();
        if (preauthContext.isPreauthRequired()) {
            setPreauthOptions(kdcRequest, kdcRequest.getPreauthOptions());
            if (!preauthContext.hasInputPaData()) {
                tryFirst(kdcRequest, preauthContext.getOutputPaData());
                return;
            }
            prepareUserResponses(kdcRequest, preauthContext.getInputPaData());
            preauthContext.getUserResponser().respondQuestions();
            if (kdcRequest.isRetrying()) {
                tryAgain(kdcRequest, preauthContext.getInputPaData(), preauthContext.getOutputPaData());
            } else {
                process(kdcRequest, preauthContext.getInputPaData(), preauthContext.getOutputPaData());
            }
        }
    }

    public void prepareUserResponses(KdcRequest kdcRequest, PaData paData) throws KrbException {
        PreauthHandle findHandle;
        PreauthContext preauthContext = kdcRequest.getPreauthContext();
        for (PaDataEntry paDataEntry : paData.getElements()) {
            if (preauthContext.isPaTypeAllowed(paDataEntry.getPaDataType()) && (findHandle = findHandle(kdcRequest, paDataEntry.getPaDataType())) != null) {
                findHandle.prepareQuestions(kdcRequest);
            }
        }
    }

    public void setPreauthOptions(KdcRequest kdcRequest, KOptions kOptions) throws KrbException {
        Iterator<PreauthHandle> it = kdcRequest.getPreauthContext().getHandles().iterator();
        while (it.hasNext()) {
            it.next().setPreauthOptions(kdcRequest, kOptions);
        }
    }

    public void tryFirst(KdcRequest kdcRequest, PaData paData) throws KrbException {
        findHandle(kdcRequest, kdcRequest.getPreauthContext().getAllowedPaType()).tryFirst(kdcRequest, paData);
    }

    public void process(KdcRequest kdcRequest, PaData paData, PaData paData2) throws KrbException {
        PreauthContext preauthContext = kdcRequest.getPreauthContext();
        for (int i = 0; i <= 1; i++) {
            for (PaDataEntry paDataEntry : paData.getElements()) {
                if (i <= 0 || preauthContext.isPaTypeAllowed(paDataEntry.getPaDataType())) {
                    PreauthHandle findHandle = findHandle(kdcRequest, preauthContext.getAllowedPaType());
                    if (findHandle != null && (i <= 0 || !preauthContext.checkAndPutTried(paDataEntry.getPaDataType()))) {
                        boolean process = findHandle.process(kdcRequest, paDataEntry, paData2);
                        if (i > 0 && process) {
                            return;
                        }
                    }
                }
            }
        }
    }

    public void tryAgain(KdcRequest kdcRequest, PaData paData, PaData paData2) {
        PreauthContext preauthContext = kdcRequest.getPreauthContext();
        for (PaDataEntry paDataEntry : paData.getElements()) {
            PreauthHandle findHandle = findHandle(kdcRequest, paDataEntry.getPaDataType());
            if (findHandle != null) {
                findHandle.tryAgain(kdcRequest, paDataEntry.getPaDataType(), preauthContext.getErrorPaData(), paData2);
            }
        }
    }

    public void destroy() {
        Iterator<KrbPreauth> it = this.preauths.iterator();
        while (it.hasNext()) {
            it.next().destroy();
        }
    }

    private PreauthHandle findHandle(KdcRequest kdcRequest, PaDataType paDataType) {
        for (PreauthHandle preauthHandle : kdcRequest.getPreauthContext().getHandles()) {
            for (PaDataType paDataType2 : preauthHandle.preauth.getPaTypes()) {
                if (paDataType2 == paDataType) {
                    return preauthHandle;
                }
            }
        }
        return null;
    }
}
