package io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.request;

import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.KrbErrorCode;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.KrbException;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.ccache.CredentialCache;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.KrbContext;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.PkinitOption;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.TokenOption;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.common.KrbUtil;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.HostAddress;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.HostAddresses;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.kdc.AsReq;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.kdc.EncAsRepPart;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.kdc.KdcRep;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.kdc.KdcReqBody;
import io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/hadoop-client-runtime-3.2.0.9-SNAPSHOT.jar:io/hops/hadoop/shaded/org/apache/kerby/kerberos/kerb/client/request/AsRequest.class */
public class AsRequest extends KdcRequest {
    private PrincipalName clientPrincipal;
    private EncryptionKey clientKey;

    public AsRequest(KrbContext krbContext) {
        super(krbContext);
        setServerPrincipal(makeTgsPrincipal());
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.request.KdcRequest
    public PrincipalName getClientPrincipal() {
        return this.clientPrincipal;
    }

    public void setClientPrincipal(PrincipalName principalName) {
        this.clientPrincipal = principalName;
    }

    public void setClientKey(EncryptionKey encryptionKey) {
        this.clientKey = encryptionKey;
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.request.KdcRequest
    public EncryptionKey getClientKey() throws KrbException {
        return this.clientKey;
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.request.KdcRequest
    public void process() throws KrbException {
        super.process();
        KdcReqBody reqBody = getReqBody(null);
        AsReq asReq = new AsReq();
        asReq.setReqBody(reqBody);
        asReq.setPaData(getPreauthContext().getOutputPaData());
        setKdcReq(asReq);
    }

    @Override // io.hops.hadoop.shaded.org.apache.kerby.kerberos.kerb.client.request.KdcRequest
    public void processResponse(KdcRep kdcRep) throws KrbException {
        setKdcRep(kdcRep);
        PrincipalName cname = getKdcRep().getCname();
        cname.setRealm(getKdcRep().getCrealm());
        if ((!getRequestOptions().contains(PkinitOption.USE_ANONYMOUS) || !KrbUtil.pricipalCompareIgnoreRealm(cname, getClientPrincipal())) && !getRequestOptions().contains(TokenOption.USER_ID_TOKEN) && !cname.equals(getClientPrincipal())) {
            throw new KrbException(KrbErrorCode.KDC_ERR_CLIENT_NAME_MISMATCH);
        }
        byte[] decryptWithClientKey = decryptWithClientKey(getKdcRep().getEncryptedEncPart(), KeyUsage.AS_REP_ENCPART);
        if ((decryptWithClientKey[0] & 31) == 26) {
            decryptWithClientKey[0] = (byte) (decryptWithClientKey[0] - 1);
        }
        EncAsRepPart encAsRepPart = new EncAsRepPart();
        try {
            encAsRepPart.decode(decryptWithClientKey);
            getKdcRep().setEncPart(encAsRepPart);
            if (getChosenNonce() != encAsRepPart.getNonce()) {
                throw new KrbException("Nonce didn't match");
            }
            PrincipalName sname = encAsRepPart.getSname();
            sname.setRealm(encAsRepPart.getSrealm());
            PrincipalName serverPrincipal = getServerPrincipal();
            if (serverPrincipal.getRealm() == null) {
                serverPrincipal.setRealm(getContext().getKrbSetting().getKdcRealm());
            }
            if (!sname.equals(serverPrincipal)) {
                throw new KrbException(KrbErrorCode.KDC_ERR_SERVER_NOMATCH);
            }
            HostAddresses hostAddresses = getHostAddresses();
            if (hostAddresses != null) {
                List<T> elements = hostAddresses.getElements();
                if (elements.isEmpty()) {
                    return;
                }
                List<T> elements2 = encAsRepPart.getCaddr().getElements();
                Iterator it = elements.iterator();
                while (it.hasNext()) {
                    if (!elements2.contains((HostAddress) it.next())) {
                        throw new KrbException("Unexpected client host");
                    }
                }
            }
        } catch (IOException e) {
            throw new KrbException("Failed to decode EncAsRepPart", e);
        }
    }

    public TgtTicket getTicket() {
        return new TgtTicket(getKdcRep().getTicket(), (EncAsRepPart) getKdcRep().getEncPart(), getKdcRep().getCname());
    }

    private PrincipalName makeTgsPrincipal() {
        return KrbUtil.makeTgsPrincipal(getContext().getKrbSetting().getKdcRealm());
    }

    protected CredentialCache resolveCredCache(File file) throws IOException {
        CredentialCache credentialCache = new CredentialCache();
        credentialCache.load(file);
        return credentialCache;
    }
}
