package org.apache.kerby.kerberos.kerb.server.request;

import org.apache.hadoop.util.StringUtils;
import org.apache.kerby.kerberos.kerb.KrbErrorCode;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
import org.apache.kerby.kerberos.kerb.identity.KrbIdentity;
import org.apache.kerby.kerberos.kerb.server.KdcContext;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
import org.apache.kerby.kerberos.kerb.type.base.LastReq;
import org.apache.kerby.kerberos.kerb.type.base.LastReqEntry;
import org.apache.kerby.kerberos.kerb.type.base.LastReqType;
import org.apache.kerby.kerberos.kerb.type.base.NameType;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.kerberos.kerb.type.kdc.AsRep;
import org.apache.kerby.kerberos.kerb.type.kdc.AsReq;
import org.apache.kerby.kerberos.kerb.type.kdc.EncAsRepPart;
import org.apache.kerby.kerberos.kerb.type.kdc.EncKdcRepPart;
import org.apache.kerby.kerberos.kerb.type.kdc.KdcReq;
import org.apache.kerby.kerberos.kerb.type.ticket.Ticket;
import org.apache.kerby.kerberos.kerb.type.ticket.TicketFlag;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/server/request/AsRequest.class */
public class AsRequest extends KdcRequest {
    private static final Logger LOG = LoggerFactory.getLogger(AsRequest.class);

    public AsRequest(AsReq asReq, KdcContext kdcContext) {
        super(asReq, kdcContext);
    }

    @Override // org.apache.kerby.kerberos.kerb.server.request.KdcRequest
    protected void checkClient() throws KrbException {
        PrincipalName cname;
        KrbIdentity entry;
        KdcReq kdcReq = getKdcReq();
        if (isToken()) {
            LOG.info("The request has a token with subject: " + getToken().getSubject());
            cname = new PrincipalName(getToken().getSubject());
        } else {
            cname = kdcReq.getReqBody().getCname();
        }
        if (cname == null) {
            LOG.warn("Client principal name is null.");
            throw new KrbException(KrbErrorCode.KDC_ERR_C_PRINCIPAL_UNKNOWN);
        }
        String realm = kdcReq.getReqBody().getRealm();
        if (realm == null || realm.isEmpty()) {
            realm = getKdcContext().getKdcRealm();
        }
        cname.setRealm(realm);
        setClientPrincipal(cname);
        if (isToken()) {
            entry = new KrbIdentity(cname.getName());
            entry.setExpireTime(new KerberosTime(getToken().getExpiredTime().getTime()));
        } else {
            entry = getEntry(cname.getName());
        }
        if (entry == null) {
            LOG.warn("Can't get the client entry.");
            throw new KrbException(KrbErrorCode.KDC_ERR_C_PRINCIPAL_UNKNOWN);
        }
        if (isAnonymous()) {
            entry.setPrincipal(new PrincipalName(cname.getName(), NameType.NT_WELLKNOWN));
        }
        setClientEntry(entry);
        for (EncryptionType encryptionType : kdcReq.getReqBody().getEtypes()) {
            if (entry.getKeys().containsKey(encryptionType)) {
                setClientKey(entry.getKeys().get(encryptionType));
                return;
            }
        }
    }

    @Override // org.apache.kerby.kerberos.kerb.server.request.KdcRequest
    protected void issueTicket() throws KrbException {
        Ticket issueTicket = new TgtTicketIssuer(this).issueTicket();
        LOG.info("AS_REQ ISSUE: authtime " + issueTicket.getEncPart().getAuthTime().getTime() + StringUtils.COMMA_STR + issueTicket.getEncPart().getCname() + " for " + issueTicket.getSname());
        setTicket(issueTicket);
    }

    @Override // org.apache.kerby.kerberos.kerb.server.request.KdcRequest
    protected void makeReply() throws KrbException {
        Ticket ticket = getTicket();
        AsRep asRep = new AsRep();
        asRep.setTicket(ticket);
        asRep.setCname(getClientEntry().getPrincipal());
        asRep.setCrealm(getKdcContext().getKdcRealm());
        EncKdcRepPart makeEncKdcRepPart = makeEncKdcRepPart();
        asRep.setEncPart(makeEncKdcRepPart);
        EncryptionKey clientKey = getClientKey();
        if (clientKey == null) {
            throw new KrbException("Cant't get the client key to encrypt the kdc rep part.");
        }
        asRep.setEncryptedEncPart(EncryptionUtil.seal(makeEncKdcRepPart, clientKey, KeyUsage.AS_REP_ENCPART));
        if (isPkinit()) {
            asRep.setPaData(getPreauthContext().getOutputPaData());
        }
        setReply(asRep);
    }

    protected EncKdcRepPart makeEncKdcRepPart() {
        KdcReq kdcReq = getKdcReq();
        Ticket ticket = getTicket();
        EncAsRepPart encAsRepPart = new EncAsRepPart();
        encAsRepPart.setKey(ticket.getEncPart().getKey());
        LastReq lastReq = new LastReq();
        LastReqEntry lastReqEntry = new LastReqEntry();
        lastReqEntry.setLrType(LastReqType.THE_LAST_INITIAL);
        lastReqEntry.setLrValue(new KerberosTime());
        lastReq.add(lastReqEntry);
        encAsRepPart.setLastReq(lastReq);
        encAsRepPart.setNonce(kdcReq.getReqBody().getNonce());
        encAsRepPart.setFlags(ticket.getEncPart().getFlags());
        encAsRepPart.setAuthTime(ticket.getEncPart().getAuthTime());
        encAsRepPart.setStartTime(ticket.getEncPart().getStartTime());
        encAsRepPart.setEndTime(ticket.getEncPart().getEndTime());
        if (ticket.getEncPart().getFlags().isFlagSet(TicketFlag.RENEWABLE)) {
            encAsRepPart.setRenewTill(ticket.getEncPart().getRenewtill());
        }
        encAsRepPart.setSname(ticket.getSname());
        encAsRepPart.setSrealm(ticket.getRealm());
        encAsRepPart.setCaddr(ticket.getEncPart().getClientAddresses());
        return encAsRepPart;
    }
}
