package oracle.net.ano;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import jodd.util.StringPool;
import oracle.jdbc.OracleConnection;
import oracle.net.aso.b;
import oracle.net.ns.NetException;
import oracle.net.ns.SQLnetDef;
import oracle.net.ns.SessionAtts;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.internal.APReq;
import sun.security.krb5.internal.Authenticator;
import sun.security.krb5.internal.KRBCred;

/* loaded from: input_file:ojdbc8.jar:oracle/net/ano/AuthenticationService.class */
public class AuthenticationService extends Service implements PrivilegedExceptionAction, SQLnetDef {
    static final String[] o = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, "TCPS"};
    private static final String[] p = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, "tcps"};
    private static final byte[] q = {0, 1, 1, 2};
    private static Method r = null;
    private int status;
    private boolean t = false;
    private Subject u = null;
    private String v = null;
    private String w = null;
    private String x = null;
    private GSSCredential z = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int a(SessionAtts sessionAtts) {
        super.a(sessionAtts);
        this.N = 1;
        this.status = 64767;
        String[] authenticationServices = sessionAtts.profile.getAuthenticationServices();
        a(authenticationServices, o);
        this.L = new int[authenticationServices.length];
        for (int i = 0; i < this.L.length; i++) {
            this.L[i] = a(o, authenticationServices[i]);
        }
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void q() {
        h(3 + (this.L.length << 1));
        this.K.e();
        this.K.a(57569);
        this.K.b(this.status);
        for (int i = 0; i < this.L.length; i++) {
            this.K.a(q[this.L[i]]);
            this.K.a(p[this.L[i]]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int r() {
        int i = 20;
        for (int i2 = 0; i2 < this.L.length; i2++) {
            i = i + 5 + 4 + p[this.L[i2]].length();
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void g(int i) {
        this.s = this.K.l();
        this.sAtts.profile.setANOVersion(this.s);
        int k = this.K.k();
        if (k != 64255 || i <= 2) {
            if (k != 64511) {
                throw new NetException(323, "Authentication service received status failure");
            }
            this.t = false;
            return;
        }
        this.K.g();
        this.O = a(p, this.K.m());
        if (i > 4) {
            this.K.l();
            this.K.i();
            this.K.i();
        }
        this.t = true;
    }

    @Override // oracle.net.ano.Service
    public boolean isActive() {
        return this.t;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final byte[] b() {
        if (this.u == null) {
            return null;
        }
        return (byte[]) Subject.doAs(this.u, () -> {
            byte[] bArr = null;
            KerberosTicket J = J();
            if (J != null) {
                bArr = J.getSessionKey().getEncoded();
            }
            return bArr;
        });
    }

    private KerberosTicket J() {
        if (this.u == null) {
            return null;
        }
        for (Object obj : this.u.getPrivateCredentials()) {
            if (obj instanceof KerberosTicket) {
                KerberosTicket kerberosTicket = (KerberosTicket) obj;
                String name = kerberosTicket.getServer().getName();
                if (name.startsWith(this.v) || name.startsWith(this.w)) {
                    return kerberosTicket;
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int s() {
        if (!isActive()) {
            return 0;
        }
        if (this.O == 1) {
            return 32;
        }
        return this.O == 2 ? 37 : 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void t() {
        if (this.t) {
            if (this.O == 1) {
                h(3);
                this.K.e();
                this.K.a(2L);
                this.K.a(2L);
                return;
            }
            if (this.O == 2) {
                h(4);
                this.K.e();
                this.K.a(2L);
                this.K.a(2L);
                this.K.a((short) 0);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30 */
    /* JADX WARN: Type inference failed for: r0v41, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v61 */
    /* JADX WARN: Type inference failed for: r0v62 */
    /* JADX WARN: Type inference failed for: r0v63 */
    public final void a(GSSCredential gSSCredential) {
        NetException netException;
        if (this.t) {
            this.sAtts.ano.c();
            Service.a(this.K);
            if (this.O == 1) {
                this.K.readUB2();
                this.K.readUB2();
                return;
            }
            if (this.O == 2) {
                String m = this.K.m();
                String m2 = this.K.m();
                this.v = m + "/" + m2;
                this.w = m + StringPool.AT + m2;
                try {
                    InetAddress.getByName(m2).getCanonicalHostName().toLowerCase().startsWith(m2.toLowerCase() + ".");
                } catch (UnknownHostException unused) {
                    m2.toLowerCase();
                }
                this.x = (String) this.sAtts.profile.get(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB_REALM);
                if (this.x != null && this.x.indexOf(64) != -1) {
                    this.x = this.x.substring(this.x.indexOf(64));
                }
                this.z = gSSCredential;
                AccessControlContext context = AccessController.getContext();
                GSSCredential gSSCredential2 = this.z;
                PrivilegedActionException privilegedActionException = gSSCredential2;
                if (gSSCredential2 == null) {
                    if (context != null) {
                        this.u = Subject.getSubject(context);
                    }
                    Subject subject = this.u;
                    privilegedActionException = subject;
                    if (subject == null) {
                        AuthenticationService authenticationService = this;
                        authenticationService.u = u();
                        privilegedActionException = authenticationService;
                    }
                }
                try {
                    privilegedActionException = Subject.doAs(this.u, this);
                } catch (PrivilegedActionException e) {
                    Exception exception = privilegedActionException.getException();
                    if (exception instanceof NetException) {
                        netException = (NetException) exception;
                    } else {
                        NetException netException2 = new NetException(323, e.getMessage());
                        netException = netException2;
                        netException2.initCause(e);
                    }
                    throw netException;
                }
            }
        }
    }

    private final Subject u() {
        final Configuration configuration = Configuration.getConfiguration();
        Configuration.setConfiguration(new Configuration() { // from class: oracle.net.ano.AuthenticationService.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                HashMap hashMap = new HashMap();
                hashMap.put("useTicketCache", "true");
                hashMap.put("doNotPrompt", "true");
                String str2 = (String) AuthenticationService.this.sAtts.profile.get("oracle.net.kerberos5_cc_name");
                if (str2 != null && !str2.equals("")) {
                    hashMap.put("ticketCache", str2);
                }
                if (str.equalsIgnoreCase("kprb5module")) {
                    return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
                }
                if (configuration != null) {
                    return configuration.getAppConfigurationEntry(str);
                }
                return null;
            }

            public void refresh() {
            }
        });
        try {
            LoginContext loginContext = new LoginContext("kprb5module");
            loginContext.login();
            return loginContext.getSubject();
        } catch (Exception e) {
            NetException netException = new NetException(323, e.getMessage());
            netException.initCause(e);
            throw netException;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v20, types: [int] */
    @Override // java.security.PrivilegedExceptionAction
    public Object run() {
        byte[] bArr;
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            Oid oid2 = new Oid("1.2.840.113554.1.2.2.1");
            byte[] der = oid.getDER();
            KerberosPrincipal kerberosPrincipal = null;
            if (this.z == null) {
                Iterator<Principal> it = this.u.getPrincipals().iterator();
                if (it.hasNext()) {
                    Principal next = it.next();
                    if (next instanceof KerberosPrincipal) {
                        kerberosPrincipal = (KerberosPrincipal) next;
                    }
                }
                if (kerberosPrincipal == null) {
                    throw new NetException(323, "Unable to find valid kerberos principal for authentication");
                }
            }
            GSSContext createContext = gSSManager.createContext(this.x != null ? gSSManager.createName(this.v, oid2) : gSSManager.createName(this.w, GSSName.NT_HOSTBASED_SERVICE), oid, this.z == null ? gSSManager.createCredential(gSSManager.createName(kerberosPrincipal != null ? kerberosPrincipal.getName() : null, oid2), 0, oid, 1) : this.z, 0);
            boolean z = true;
            if (((String) this.sAtts.profile.get("oracle.net.kerberos5_mutual_authentication")) != "true") {
                z = false;
            }
            createContext.requestMutualAuth(z);
            createContext.requestConf(false);
            createContext.requestInteg(false);
            if (this.z == null) {
                createContext.requestCredDeleg(true);
            } else {
                createContext.requestCredDeleg(false);
            }
            byte[] initSecContext = createContext.initSecContext(new byte[0], 0, 0);
            byte[] bArr2 = new byte[initSecContext.length - 17];
            System.arraycopy(initSecContext, 17, bArr2, 0, bArr2.length);
            byte[] address = InetAddress.getLocalHost().getAddress();
            this.sAtts.ano.a(39 + address.length + 4 + bArr2.length, this.N, (short) 0);
            h(4);
            this.K.a(2);
            this.K.a(4L);
            this.K.d(address);
            this.K.d(bArr2);
            this.K.flush();
            this.sAtts.ano.c();
            int[] a = Service.a(this.K);
            this.K.g();
            if (z) {
                if (a[1] < 2) {
                    throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                }
                byte[] n = this.K.n();
                byte[] bArr3 = new byte[der.length + 2 + n.length];
                System.arraycopy(der, 0, bArr3, 0, der.length);
                bArr3[der.length] = 2;
                bArr3[der.length + 1] = 0;
                System.arraycopy(n, 0, bArr3, der.length + 2, n.length);
                int length = bArr3.length;
                if (length < 128) {
                    bArr = r0;
                    byte[] bArr4 = {(byte) length};
                } else if (length < 256) {
                    byte[] bArr5 = r0;
                    byte[] bArr6 = {-127};
                    bArr5[1] = (byte) length;
                    bArr = bArr5;
                } else if (length < 65536) {
                    byte[] bArr7 = r0;
                    byte[] bArr8 = {-126};
                    bArr7[1] = (byte) (length >> 8);
                    bArr7[2] = (byte) length;
                    bArr = bArr7;
                } else if (length < 16777216) {
                    byte[] bArr9 = new byte[4];
                    byte[] bArr10 = bArr9;
                    bArr9[0] = -125;
                    bArr10[1] = (byte) (length >> 16);
                    bArr10[2] = (byte) (length >> 8);
                    bArr10[3] = (byte) length;
                    bArr = bArr10;
                } else {
                    byte[] bArr11 = new byte[5];
                    byte[] bArr12 = bArr11;
                    bArr11[0] = -124;
                    bArr12[1] = length >> 24;
                    bArr12[2] = (byte) (length >> 16);
                    bArr12[3] = (byte) (length >> 8);
                    bArr12[4] = (byte) length;
                    bArr = bArr12;
                }
                byte[] bArr13 = bArr;
                byte[] bArr14 = new byte[1 + bArr13.length + bArr3.length];
                bArr14[0] = 96;
                System.arraycopy(bArr13, 0, bArr14, 1, bArr13.length);
                System.arraycopy(bArr3, 0, bArr14, bArr13.length + 1, bArr3.length);
                try {
                    createContext.initSecContext(bArr14, 0, bArr14.length);
                    if (!createContext.getMutualAuthState()) {
                        throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                    }
                } catch (GSSException e) {
                    NetException netException = new NetException(323, e.getMessage());
                    netException.initCause(e);
                    throw netException;
                }
            }
            if (!createContext.isEstablished()) {
                throw new NetException(323, "Kerberos5 adaptor couldn't create context");
            }
            byte[] a2 = this.z == null ? a(createContext, bArr2) : null;
            if (a2 == null) {
                a2 = new byte[0];
            }
            this.sAtts.ano.a(25 + a2.length, this.N, (short) 0);
            h(1);
            this.K.d(a2);
            this.K.flush();
            return null;
        } catch (GSSException e2) {
            NetException netException2 = new NetException(323, e2.getMessage());
            netException2.initCause(e2);
            throw netException2;
        }
    }

    private final byte[] a(GSSContext gSSContext, byte[] bArr) {
        byte[] decrypt;
        byte[] bArr2 = null;
        if (gSSContext.getCredDelegState() && this.u != null) {
            byte[] bArr3 = null;
            int i = -1;
            KerberosTicket J = J();
            if (J != null) {
                bArr3 = J.getSessionKey().getEncoded();
                i = J.getSessionKeyType();
            }
            APReq aPReq = new APReq(bArr);
            EncryptionKey encryptionKey = new EncryptionKey(i, bArr3);
            byte[] bytes = new Authenticator(a(aPReq.authenticator, aPReq.authenticator.decrypt(encryptionKey, 11), true)).getChecksum().getBytes();
            if (bytes.length >= 26) {
                int i2 = ((bytes[27] & 255) << 8) + (bytes[26] & 255);
                byte[] bArr4 = new byte[i2];
                System.arraycopy(bytes, 28, bArr4, 0, i2);
                KRBCred kRBCred = new KRBCred(bArr4);
                try {
                    decrypt = kRBCred.encPart.decrypt(EncryptionKey.NULL_KEY, 14);
                } catch (Exception unused) {
                    decrypt = kRBCred.encPart.decrypt(encryptionKey, 14);
                }
                bArr2 = new KRBCred(kRBCred.tickets, new EncryptedData(encryptionKey, a(kRBCred.encPart, decrypt, true), 14)).asn1Encode();
            }
        }
        return bArr2;
    }

    private static byte[] a(EncryptedData encryptedData, Object... objArr) {
        byte[] bArr = null;
        if (r == null) {
            r = v();
        }
        try {
            bArr = r.getParameterTypes().length == 1 ? (byte[]) r.invoke(encryptedData, objArr[0]) : (byte[]) r.invoke(encryptedData, objArr);
        } catch (IllegalAccessException unused) {
        } catch (InvocationTargetException unused2) {
        }
        return bArr;
    }

    private static Method v() {
        Method method = null;
        try {
            Class<?> cls = Class.forName("sun.security.krb5.EncryptedData");
            Class<?>[] clsArr = {byte[].class, Boolean.TYPE};
            try {
                method = cls.getDeclaredMethod("reset", clsArr);
            } catch (NoSuchMethodException unused) {
                method = cls.getDeclaredMethod("reset", clsArr[0]);
            }
        } catch (ClassNotFoundException unused2) {
        } catch (NoSuchMethodException unused3) {
        }
        return method;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void x() {
        boolean z = this.t;
    }

    public static final byte[] obfuscatePasswordForRadius(byte[] bArr) {
        return b.i(bArr);
    }

    static {
        try {
            Class.forName("javax.security.auth.kerberos.KerberosCredMessage");
        } catch (Exception unused) {
        }
    }
}
