package org.apache.directory.shared.kerberos;

import java.net.InetAddress;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.api.util.Strings;
import org.apache.directory.server.kerberos.protocol.codec.KerberosDecoder;
import org.apache.directory.server.kerberos.shared.crypto.encryption.CipherTextHandler;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.kerberos.shared.store.PrincipalStore;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.directory.shared.kerberos.codec.types.EncryptionType;
import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.apache.directory.shared.kerberos.components.HostAddress;
import org.apache.directory.shared.kerberos.components.PrincipalName;
import org.apache.directory.shared.kerberos.exceptions.ErrorType;
import org.apache.directory.shared.kerberos.exceptions.KerberosException;
import org.apache.directory.shared.kerberos.messages.ApReq;
import org.apache.directory.shared.kerberos.messages.Authenticator;
import org.apache.directory.shared.kerberos.messages.Ticket;
import org.apache.hadoop.hdfs.web.HftpFileSystem;

/* JADX WARN: Classes with same name are omitted:
  input_file:webhdfs.war:WEB-INF/lib/apacheds-kerberos-codec-2.0.0-M15.jar:org/apache/directory/shared/kerberos/KerberosUtils.class
  input_file:webhdfs/WEB-INF/lib/apacheds-kerberos-codec-2.0.0-M15.jar:org/apache/directory/shared/kerberos/KerberosUtils.class
 */
/* loaded from: input_file:hadoop-hdfs-httpfs-2.7.0-mapr-1707-beta/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/apacheds-kerberos-codec-2.0.0-M15.jar:org/apache/directory/shared/kerberos/KerberosUtils.class */
public class KerberosUtils {
    public static final int NULL = -1;
    public static final List<String> EMPTY_PRINCIPAL_NAME = new ArrayList();
    private static final Map<String, String> cipherAlgoMap = new LinkedHashMap();
    public static final TimeZone UTC_TIME_ZONE = TimeZone.getTimeZone(HftpFileSystem.HFTP_TIMEZONE);
    public static final SimpleDateFormat UTC_DATE_FORMAT = new SimpleDateFormat("yyyyMMddHHmmss'Z'");
    private static final Set<EncryptionType> oldEncTypes = new HashSet();

    public static List<String> getNames(KerberosPrincipal kerberosPrincipal) throws ParseException {
        if (kerberosPrincipal == null) {
            return EMPTY_PRINCIPAL_NAME;
        }
        String name = kerberosPrincipal.getName();
        return Strings.isEmpty(name) ? EMPTY_PRINCIPAL_NAME : getNames(name);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:10:0x0032. Please report as an issue. */
    /* JADX WARN: Removed duplicated region for block: B:31:0x00fc  */
    /* JADX WARN: Removed duplicated region for block: B:42:0x00bd A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.List<java.lang.String> getNames(java.lang.String r7) throws java.text.ParseException {
        /*
            Method dump skipped, instructions count: 324
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.directory.shared.kerberos.KerberosUtils.getNames(java.lang.String):java.util.List");
    }

    public static KerberosPrincipal getKerberosPrincipal(PrincipalName principalName, String str) {
        String nameString = principalName.getNameString();
        if (!Strings.isEmpty(str)) {
            nameString = nameString + '@' + str;
        }
        return new KerberosPrincipal(nameString, principalName.getNameType().getValue());
    }

    public static EncryptionType getBestEncryptionType(Set<EncryptionType> set, Set<EncryptionType> set2) {
        for (EncryptionType encryptionType : set2) {
            if (set.contains(encryptionType)) {
                return encryptionType;
            }
        }
        return null;
    }

    public static String getEncryptionTypesString(Set<EncryptionType> set) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (EncryptionType encryptionType : set) {
            if (z) {
                z = false;
            } else {
                sb.append(", ");
            }
            sb.append(encryptionType);
        }
        return sb.toString();
    }

    public static boolean isKerberosString(byte[] bArr) {
        if (bArr == null) {
            return false;
        }
        for (byte b : bArr) {
            if (b < 32 || b > 126) {
                return false;
            }
        }
        return true;
    }

    public static String getAlgoNameFromEncType(EncryptionType encryptionType) {
        String lowerCase = encryptionType.getName().toLowerCase();
        for (String str : cipherAlgoMap.keySet()) {
            if (lowerCase.startsWith(str)) {
                return cipherAlgoMap.get(str);
            }
        }
        throw new IllegalArgumentException("Unknown algorithm name for the encryption type " + encryptionType);
    }

    public static Set<EncryptionType> orderEtypesByStrength(Set<EncryptionType> set) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(set.size());
        for (String str : cipherAlgoMap.values()) {
            for (EncryptionType encryptionType : set) {
                if (str.equals(getAlgoNameFromEncType(encryptionType))) {
                    linkedHashSet.add(encryptionType);
                }
            }
        }
        return linkedHashSet;
    }

    public static PrincipalStoreEntry getEntry(KerberosPrincipal kerberosPrincipal, PrincipalStore principalStore, ErrorType errorType) throws KerberosException {
        try {
            PrincipalStoreEntry principal = principalStore.getPrincipal(kerberosPrincipal);
            if (principal == null) {
                throw new KerberosException(errorType);
            }
            if (principal.getKeyMap() == null || principal.getKeyMap().isEmpty()) {
                throw new KerberosException(ErrorType.KDC_ERR_NULL_KEY);
            }
            return principal;
        } catch (Exception e) {
            throw new KerberosException(errorType, e);
        }
    }

    public static Authenticator verifyAuthHeader(ApReq apReq, Ticket ticket, EncryptionKey encryptionKey, long j, ReplayCache replayCache, boolean z, InetAddress inetAddress, CipherTextHandler cipherTextHandler, KeyUsage keyUsage, boolean z2) throws KerberosException {
        if (apReq.getProtocolVersionNumber() != 5) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADVERSION);
        }
        if (apReq.getMessageType() != KerberosMessageType.AP_REQ) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_MSG_TYPE);
        }
        if (apReq.getTicket().getTktVno() != 5) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADVERSION);
        }
        EncryptionKey key = apReq.getOption(1) ? apReq.getTicket().getEncTicketPart().getKey() : encryptionKey;
        if (key == null) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_NOKEY);
        }
        ticket.setEncTicketPart(KerberosDecoder.decodeEncTicketPart(cipherTextHandler.decrypt(key, ticket.getEncPart(), KeyUsage.AS_OR_TGS_REP_TICKET_WITH_SRVKEY)));
        Authenticator decodeAuthenticator = KerberosDecoder.decodeAuthenticator(cipherTextHandler.decrypt(ticket.getEncTicketPart().getKey(), apReq.getAuthenticator(), keyUsage));
        if (!decodeAuthenticator.getCName().getNameString().equals(ticket.getEncTicketPart().getCName().getNameString())) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADMATCH);
        }
        if (ticket.getEncTicketPart().getClientAddresses() != null) {
            if (!ticket.getEncTicketPart().getClientAddresses().contains(new HostAddress(inetAddress))) {
                throw new KerberosException(ErrorType.KRB_AP_ERR_BADADDR);
            }
        } else if (!z) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADADDR);
        }
        KerberosPrincipal kerberosPrincipal = getKerberosPrincipal(ticket.getSName(), ticket.getRealm());
        KerberosPrincipal kerberosPrincipal2 = getKerberosPrincipal(decodeAuthenticator.getCName(), decodeAuthenticator.getCRealm());
        KerberosTime ctime = decodeAuthenticator.getCtime();
        int cusec = decodeAuthenticator.getCusec();
        if (replayCache != null) {
            if (replayCache.isReplay(kerberosPrincipal, kerberosPrincipal2, ctime, cusec)) {
                throw new KerberosException(ErrorType.KRB_AP_ERR_REPEAT);
            }
            replayCache.save(kerberosPrincipal, kerberosPrincipal2, ctime, cusec);
        }
        if (!decodeAuthenticator.getCtime().isInClockSkew(j)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_SKEW);
        }
        KerberosTime startTime = ticket.getEncTicketPart().getStartTime() != null ? ticket.getEncTicketPart().getStartTime() : ticket.getEncTicketPart().getAuthTime();
        KerberosTime kerberosTime = new KerberosTime();
        if (!startTime.lessThan(kerberosTime) || (ticket.getEncTicketPart().getFlags().isInvalid() && !z2)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_TKT_NYV);
        }
        if (!ticket.getEncTicketPart().getEndTime().greaterThan(kerberosTime)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_TKT_EXPIRED);
        }
        apReq.getApOptions().set(2);
        return decodeAuthenticator;
    }

    public static boolean isNewEncryptionType(EncryptionType encryptionType) {
        return !oldEncTypes.contains(encryptionType);
    }

    static {
        UTC_DATE_FORMAT.setTimeZone(UTC_TIME_ZONE);
        cipherAlgoMap.put("rc4", "ArcFourHmac");
        cipherAlgoMap.put("aes256", "AES256");
        cipherAlgoMap.put("aes128", "AES128");
        cipherAlgoMap.put("des3", "DESede");
        cipherAlgoMap.put("des", "DES");
        oldEncTypes.add(EncryptionType.DES_CBC_CRC);
        oldEncTypes.add(EncryptionType.DES_CBC_MD4);
        oldEncTypes.add(EncryptionType.DES_CBC_MD5);
        oldEncTypes.add(EncryptionType.DES_EDE3_CBC_ENV_OID);
        oldEncTypes.add(EncryptionType.DES3_CBC_MD5);
        oldEncTypes.add(EncryptionType.DES3_CBC_SHA1);
        oldEncTypes.add(EncryptionType.DES3_CBC_SHA1_KD);
        oldEncTypes.add(EncryptionType.DSAWITHSHA1_CMSOID);
        oldEncTypes.add(EncryptionType.MD5WITHRSAENCRYPTION_CMSOID);
        oldEncTypes.add(EncryptionType.SHA1WITHRSAENCRYPTION_CMSOID);
        oldEncTypes.add(EncryptionType.RC2CBC_ENVOID);
        oldEncTypes.add(EncryptionType.RSAENCRYPTION_ENVOID);
        oldEncTypes.add(EncryptionType.RSAES_OAEP_ENV_OID);
        oldEncTypes.add(EncryptionType.RC4_HMAC);
    }
}
