package sun.security.jgss.krb5;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import sun.security.jgss.GSSHeader;
import sun.security.krb5.Confounder;
import sun.security.krb5.KrbException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:efixes/JDKiFix_solaris/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/jgss/krb5/WrapToken.class */
public class WrapToken extends MessageToken {
    public static int CONFOUNDER_SIZE = 8;
    private static byte[][] pads = {0, new byte[]{1}, new byte[]{2, 2}, new byte[]{3, 3, 3}, new byte[]{4, 4, 4, 4}, new byte[]{5, 5, 5, 5, 5}, new byte[]{6, 6, 6, 6, 6, 6}, new byte[]{7, 7, 7, 7, 7, 7, 7}, new byte[]{8, 8, 8, 8, 8, 8, 8, 8}};
    private boolean readTokenFromInputStream;
    private InputStream is;
    private byte[] tokenBytes;
    private int tokenOffset;
    private int tokenLen;
    private byte[] dataBytes;
    private int dataOffset;
    private int dataLen;
    private int dataSize;
    private byte[] encKey;
    private byte[] confounder;
    private byte[] padding;
    private boolean privacy;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:efixes/JDKiFix_solaris/components/prereq.jdk/update.jar:/java/jre/lib/rt.jar:sun/security/jgss/krb5/WrapToken$WrapTokenInputStream.class */
    public class WrapTokenInputStream extends InputStream {
        private InputStream is;
        private int length;
        private int remaining;
        private int temp;
        private final WrapToken this$0;

        @Override // java.io.InputStream
        public final int available() throws IOException {
            return Math.min(this.remaining, this.is.available());
        }

        @Override // java.io.InputStream
        public final int read() throws IOException {
            if (this.remaining == 0) {
                return -1;
            }
            this.temp = this.is.read();
            if (this.temp != -1) {
                this.remaining -= this.temp;
            }
            return this.temp;
        }

        @Override // java.io.InputStream
        public final void close() throws IOException {
            this.remaining = 0;
        }

        @Override // java.io.InputStream
        public final long skip(long j) throws IOException {
            if (this.remaining == 0) {
                return 0L;
            }
            this.temp = (int) Math.min(this.remaining, j);
            this.temp = (int) this.is.skip(this.temp);
            this.remaining -= this.temp;
            return this.temp;
        }

        @Override // java.io.InputStream
        public final int read(byte[] bArr) throws IOException {
            if (this.remaining == 0) {
                return -1;
            }
            this.temp = Math.min(this.remaining, bArr.length);
            this.temp = this.is.read(bArr, 0, this.temp);
            if (this.temp != -1) {
                this.remaining -= this.temp;
            }
            return this.temp;
        }

        @Override // java.io.InputStream
        public final int read(byte[] bArr, int i, int i2) throws IOException {
            if (this.remaining == 0) {
                return -1;
            }
            this.temp = Math.min(this.remaining, i2);
            this.temp = this.is.read(bArr, i, this.temp);
            if (this.temp != -1) {
                this.remaining -= this.temp;
            }
            return this.temp;
        }

        public WrapTokenInputStream(WrapToken wrapToken, InputStream inputStream, int i) {
            this.this$0 = wrapToken;
            this.is = inputStream;
            this.length = i;
            this.remaining = i;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // sun.security.jgss.krb5.MessageToken
    public int getKrb5TokenSize() {
        return super.getKrb5TokenSize() + this.dataSize;
    }

    public byte[] encode() throws IOException, GSSException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(this.dataSize + 50);
        encode(byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    public byte[] getData() throws GSSException {
        byte[] bArr = new byte[this.dataSize];
        getData(bArr, 0);
        byte[] bArr2 = new byte[(this.dataSize - this.confounder.length) - this.padding.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return bArr2;
    }

    private byte[] getPadding(int i) {
        return pads[8 - (i % 8)];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getSizeLimit(int i, boolean z, int i2) {
        return (GSSHeader.getMaxMechTokenSize(OID, i2) - (24 + CONFOUNDER_SIZE)) - 8;
    }

    @Override // sun.security.jgss.krb5.MessageToken
    protected int getSealAlg(boolean z) {
        return z ? 0 : 65535;
    }

    private byte[] getEncryptionKey(byte[] bArr) throws GSSException {
        if (bArr.length > 8) {
            throw new GSSException(11, -100, "Invalid DES Key!");
        }
        byte[] bArr2 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr2[i] = (byte) (bArr[i] ^ 240);
        }
        return bArr2;
    }

    public int encode(byte[] bArr, int i) throws IOException, GSSException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        super.encode(byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        System.arraycopy(byteArray, 0, bArr, i, byteArray.length);
        int length = i + byteArray.length;
        if (this.privacy) {
            this.encKey = getEncryptionKey(getContextKey());
            Cipher initializedDes = getInitializedDes(true, this.encKey, ZERO_IV);
            try {
                int update = length + initializedDes.update(this.confounder, 0, this.confounder.length, bArr, length);
                initializedDes.update(this.padding, 0, this.padding.length, bArr, update + initializedDes.update(this.dataBytes, this.dataOffset, this.dataLen, bArr, update));
                initializedDes.doFinal();
            } catch (GeneralSecurityException e) {
                throw new GSSException(11, -1, new StringBuffer().append("Could not use DES Cipher - ").append(e.getMessage()).toString());
            }
        } else {
            System.arraycopy(this.confounder, 0, bArr, length, this.confounder.length);
            int length2 = length + this.confounder.length;
            System.arraycopy(this.dataBytes, this.dataOffset, bArr, length2, this.dataLen);
            System.arraycopy(this.padding, 0, bArr, length2 + this.dataLen, this.padding.length);
        }
        return byteArray.length + this.confounder.length + this.dataLen + this.padding.length;
    }

    public int getData(byte[] bArr, int i) throws GSSException {
        if (this.readTokenFromInputStream) {
            getDataFromStream(bArr, i);
        } else {
            getDataFromBuffer(bArr, i);
        }
        return (this.dataSize - this.confounder.length) - this.padding.length;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v22, types: [int] */
    private void getDataFromBuffer(byte[] bArr, int i) throws GSSException {
        int length = this.tokenOffset + getGSSHeader().getLength() + 24;
        if (length + this.dataSize > this.tokenOffset + this.tokenLen) {
            throw new GSSException(10, -1, new StringBuffer().append("Insufficient data in ").append(getTokenName(getTokenId())).toString());
        }
        this.confounder = new byte[CONFOUNDER_SIZE];
        if (this.privacy) {
            this.encKey = getEncryptionKey(getContextKey());
            desCbcDecrypt(this.encKey, this.tokenBytes, length, this.dataSize, bArr, i);
        } else {
            System.arraycopy(this.tokenBytes, length, this.confounder, 0, CONFOUNDER_SIZE);
            byte b = this.tokenBytes[(length + this.dataSize) - 1];
            if (b < 0) {
                b = 0;
            }
            if (b > 8) {
                b %= 8;
            }
            this.padding = pads[b];
            System.arraycopy(this.tokenBytes, length + CONFOUNDER_SIZE, bArr, i, (this.dataSize - CONFOUNDER_SIZE) - b);
        }
        if (!verifySignAndSeqNumber(this.confounder, bArr, i, (this.dataSize - CONFOUNDER_SIZE) - this.padding.length, this.padding)) {
            throw new GSSException(6, -1, "Corrupt checksum or sequence number in Wrap token");
        }
    }

    private void getDataFromStream(byte[] bArr, int i) throws GSSException {
        getGSSHeader();
        this.confounder = new byte[CONFOUNDER_SIZE];
        try {
            if (this.privacy) {
                this.encKey = getEncryptionKey(getContextKey());
                desCbcDecrypt(this.encKey, this.is, this.dataSize, bArr, i);
            } else {
                readFully(this.is, this.confounder);
                int i2 = ((this.dataSize - CONFOUNDER_SIZE) / 8) - 1;
                int i3 = i;
                for (int i4 = 0; i4 < i2; i4++) {
                    readFully(this.is, bArr, i3, 8);
                    i3 += 8;
                }
                byte[] bArr2 = new byte[8];
                readFully(this.is, bArr2);
                byte b = bArr2[7];
                this.padding = pads[b];
                System.arraycopy(bArr2, 0, bArr, i3, bArr2.length - b);
            }
            if (!verifySignAndSeqNumber(this.confounder, bArr, i, (this.dataSize - CONFOUNDER_SIZE) - this.padding.length, this.padding)) {
                throw new GSSException(6, -1, "Corrupt checksum or sequence number in Wrap token");
            }
        } catch (IOException e) {
            throw new GSSException(10, -1, new StringBuffer().append(getTokenName(getTokenId())).append(": ").append(e.getMessage()).toString());
        }
    }

    private void desCbcDecrypt(byte[] bArr, byte[] bArr2, int i, int i2, byte[] bArr3, int i3) throws GSSException {
        try {
            Cipher initializedDes = getInitializedDes(false, bArr, ZERO_IV);
            initializedDes.update(bArr2, i, CONFOUNDER_SIZE, this.confounder);
            int i4 = i + CONFOUNDER_SIZE;
            int i5 = i2 - CONFOUNDER_SIZE;
            int blockSize = initializedDes.getBlockSize();
            int i6 = (i5 / blockSize) - 1;
            for (int i7 = 0; i7 < i6; i7++) {
                initializedDes.update(bArr2, i4, blockSize, bArr3, i3);
                i4 += blockSize;
                i3 += blockSize;
            }
            byte[] bArr4 = new byte[blockSize];
            initializedDes.update(bArr2, i4, blockSize, bArr4);
            initializedDes.doFinal();
            byte b = bArr4[blockSize - 1];
            this.padding = pads[b];
            System.arraycopy(bArr4, 0, bArr3, i3, blockSize - b);
        } catch (GeneralSecurityException e) {
            throw new GSSException(11, -1, new StringBuffer().append("Could not use DES cipher - ").append(e.getMessage()).toString());
        }
    }

    private void desCbcDecrypt(byte[] bArr, InputStream inputStream, int i, byte[] bArr2, int i2) throws GSSException, IOException {
        Cipher initializedDes = getInitializedDes(false, bArr, ZERO_IV);
        CipherInputStream cipherInputStream = new CipherInputStream(new WrapTokenInputStream(this, inputStream, i), initializedDes);
        int read = i - cipherInputStream.read(this.confounder);
        int blockSize = initializedDes.getBlockSize();
        int i3 = (read / blockSize) - 1;
        for (int i4 = 0; i4 < i3; i4++) {
            cipherInputStream.read(bArr2, i2, blockSize);
            i2 += blockSize;
        }
        byte[] bArr3 = new byte[blockSize];
        cipherInputStream.read(bArr3);
        try {
            initializedDes.doFinal();
            byte b = bArr3[blockSize - 1];
            if (b < 1 || b > 8) {
                throw new GSSException(10, -1, "Invalid padding on Wrap Token");
            }
            this.padding = pads[b];
            System.arraycopy(bArr3, 0, bArr2, i2, blockSize - b);
        } catch (GeneralSecurityException e) {
            throw new GSSException(11, -1, new StringBuffer().append("Could not use DES cipher - ").append(e.getMessage()).toString());
        }
    }

    @Override // sun.security.jgss.krb5.MessageToken
    public void encode(OutputStream outputStream) throws IOException, GSSException {
        super.encode(outputStream);
        if (!this.privacy) {
            outputStream.write(this.confounder);
            outputStream.write(this.dataBytes, this.dataOffset, this.dataLen);
            outputStream.write(this.padding);
        } else {
            this.encKey = getEncryptionKey(getContextKey());
            CipherOutputStream cipherOutputStream = new CipherOutputStream(outputStream, getInitializedDes(true, this.encKey, ZERO_IV));
            cipherOutputStream.write(this.confounder);
            cipherOutputStream.write(this.dataBytes, this.dataOffset, this.dataLen);
            cipherOutputStream.write(this.padding);
        }
    }

    public WrapToken(Krb5Context krb5Context, MessageProp messageProp, byte[] bArr, int i, int i2) throws GSSException {
        super(513, krb5Context);
        this.readTokenFromInputStream = true;
        this.is = null;
        this.tokenBytes = null;
        this.tokenOffset = 0;
        this.tokenLen = 0;
        this.dataBytes = null;
        this.dataOffset = 0;
        this.dataLen = 0;
        this.dataSize = 0;
        this.encKey = null;
        this.confounder = null;
        this.padding = null;
        this.privacy = false;
        try {
            new Confounder();
            this.confounder = Confounder.bytes(CONFOUNDER_SIZE);
            this.padding = getPadding(i2);
            this.dataSize = this.confounder.length + i2 + this.padding.length;
            this.dataBytes = bArr;
            this.dataOffset = i;
            this.dataLen = i2;
            genSignAndSeqNumber(messageProp, this.confounder, bArr, i, i2, this.padding);
            if (!krb5Context.getConfState()) {
                messageProp.setPrivacy(false);
            }
            this.privacy = messageProp.getPrivacy();
        } catch (KrbException e) {
            throw new GSSException(11, -1, e.getMessage());
        }
    }

    public WrapToken(Krb5Context krb5Context, byte[] bArr, int i, int i2, MessageProp messageProp) throws GSSException {
        super(513, krb5Context, bArr, i, i2, messageProp);
        this.readTokenFromInputStream = true;
        this.is = null;
        this.tokenBytes = null;
        this.tokenOffset = 0;
        this.tokenLen = 0;
        this.dataBytes = null;
        this.dataOffset = 0;
        this.dataLen = 0;
        this.dataSize = 0;
        this.encKey = null;
        this.confounder = null;
        this.padding = null;
        this.privacy = false;
        this.readTokenFromInputStream = false;
        this.tokenBytes = bArr;
        this.tokenOffset = i;
        this.tokenLen = i2;
        this.privacy = messageProp.getPrivacy();
        this.dataSize = getGSSHeader().getMechTokenLength() - 24;
    }

    public WrapToken(Krb5Context krb5Context, InputStream inputStream, MessageProp messageProp) throws GSSException {
        super(513, krb5Context, inputStream, messageProp);
        this.readTokenFromInputStream = true;
        this.is = null;
        this.tokenBytes = null;
        this.tokenOffset = 0;
        this.tokenLen = 0;
        this.dataBytes = null;
        this.dataOffset = 0;
        this.dataLen = 0;
        this.dataSize = 0;
        this.encKey = null;
        this.confounder = null;
        this.padding = null;
        this.privacy = false;
        this.is = inputStream;
        this.privacy = messageProp.getPrivacy();
        this.dataSize = getGSSHeader().getMechTokenLength() - 24;
    }
}
