package net.sf.michaelo.tomcat.pac;

import java.math.BigInteger;
import java.security.Key;
import java.security.SignatureException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;

/* loaded from: input_file:net/sf/michaelo/tomcat/pac/Pac.class */
public class Pac {
    private static final BigInteger EIGHT = BigInteger.valueOf(8);
    private static final long KERB_VALIDATION_INFO = 1;
    private static final long PAC_CLIENT_INFO = 10;
    private static final long UPN_DNS_INFO = 12;
    private static final long SERVER_SIGNATURE = 6;
    private static final long KDC_SIGNATURE = 7;
    protected final Log logger = LogFactory.getLog(getClass());
    private KerbValidationInfo kerbValidationInfo;
    private UpnDnsInfo upnDnsInfo;
    private PacClientInfo pacClientInfo;
    private PacSignatureData serverSignature;
    private PacSignatureData kdcSignature;
    private final PacSignatureVerifier signatureVerifier;
    private final byte[] zeroedPacData;

    public Pac(byte[] bArr, PacSignatureVerifier pacSignatureVerifier) {
        Objects.requireNonNull(bArr, "pacDataBytes cannot be null");
        if (bArr.length == 0) {
            throw new IllegalArgumentException("pacDataBytes cannot be empty");
        }
        PacDataBuffer pacDataBuffer = new PacDataBuffer(bArr);
        this.signatureVerifier = (PacSignatureVerifier) Objects.requireNonNull(pacSignatureVerifier, "signatureVerifier cannot be null");
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Parsing PACTYPE structure...");
        }
        long unsignedInt = pacDataBuffer.getUnsignedInt();
        long unsignedInt2 = pacDataBuffer.getUnsignedInt();
        if (unsignedInt2 != 0) {
            throw new IllegalArgumentException("PAC must have version 0, but has " + unsignedInt2);
        }
        if (this.logger.isTraceEnabled()) {
            Log log = this.logger;
            log.trace("PAC has version " + unsignedInt2 + " and contains " + log + " buffers");
        }
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Parsing " + unsignedInt + " PAC_INFO_BUFFER structures...");
        }
        ArrayList<PacInfoBuffer> arrayList = new ArrayList();
        long j = 0;
        while (true) {
            long j2 = j;
            if (j2 >= unsignedInt) {
                this.zeroedPacData = Arrays.copyOf(bArr, bArr.length);
                for (PacInfoBuffer pacInfoBuffer : arrayList) {
                    long type = pacInfoBuffer.getType();
                    byte[] data = pacInfoBuffer.getData();
                    if (type == 1) {
                        if (this.kerbValidationInfo == null) {
                            if (this.logger.isTraceEnabled()) {
                                this.logger.trace("Parsing KERB_VALIDATION_INFO structure...");
                            }
                            this.kerbValidationInfo = new KerbValidationInfo(data);
                        } else if (this.logger.isTraceEnabled()) {
                            this.logger.trace("Ignoring additional KERB_VALIDATION_INFO structure");
                        }
                    } else if (type == UPN_DNS_INFO) {
                        if (this.upnDnsInfo == null) {
                            if (this.logger.isTraceEnabled()) {
                                this.logger.trace("Parsing UPN_DNS_INFO structure...");
                            }
                            this.upnDnsInfo = new UpnDnsInfo(data);
                        } else if (this.logger.isTraceEnabled()) {
                            this.logger.trace("Ignoring additional UPN_DNS_INFO structure");
                        }
                    } else if (type == PAC_CLIENT_INFO) {
                        if (this.upnDnsInfo == null) {
                            if (this.logger.isTraceEnabled()) {
                                this.logger.trace("Parsing PAC_CLIENT_INFO structure...");
                            }
                            this.pacClientInfo = new PacClientInfo(data);
                        } else if (this.logger.isTraceEnabled()) {
                            this.logger.trace("Ignoring additional PAC_CLIENT_INFO structure");
                        }
                    } else if (type == SERVER_SIGNATURE) {
                        if (this.serverSignature == null) {
                            if (this.logger.isTraceEnabled()) {
                                this.logger.trace("Parsing PAC_SIGNATURE_DATA (Server Signature) structure...");
                            }
                            this.serverSignature = new PacSignatureData(data);
                            int intValue = pacInfoBuffer.getOffset().intValue() + 4;
                            Arrays.fill(this.zeroedPacData, intValue, intValue + this.serverSignature.getType().getSize(), (byte) 0);
                        } else if (this.logger.isTraceEnabled()) {
                            this.logger.trace("Ignoring additional PAC_SIGNATURE_DATA (Server Signature) structure");
                        }
                    } else if (type == KDC_SIGNATURE) {
                        if (this.kdcSignature == null) {
                            if (this.logger.isTraceEnabled()) {
                                this.logger.trace("Parsing PAC_SIGNATURE_DATA (KDC Signature) structure...");
                            }
                            this.kdcSignature = new PacSignatureData(data);
                            int intValue2 = pacInfoBuffer.getOffset().intValue() + 4;
                            Arrays.fill(this.zeroedPacData, intValue2, intValue2 + this.kdcSignature.getType().getSize(), (byte) 0);
                        } else if (this.logger.isTraceEnabled()) {
                            this.logger.trace("Ignoring additional PAC_SIGNATURE_DATA (KDC Signature) structure");
                        }
                    } else if (this.logger.isTraceEnabled()) {
                        this.logger.trace("Ignoring unsupported structure type " + String.format("0x%08X", Long.valueOf(type)) + " with data " + Base64.getEncoder().encodeToString(data));
                    }
                }
                if (this.kerbValidationInfo == null) {
                    throw new IllegalArgumentException("PAC does not contain required KERB_VALIDATION_INFO structure");
                }
                if (this.pacClientInfo == null) {
                    throw new IllegalArgumentException("PAC does not contain required PAC_CLIENT_INFO structure");
                }
                if (this.serverSignature == null) {
                    throw new IllegalArgumentException("PAC does not contain required PAC_SIGNATURE_DATA (Server Signature) structure");
                }
                if (this.kdcSignature == null) {
                    throw new IllegalArgumentException("PAC does not contain required PAC_SIGNATURE_DATA (KDC Signature) structure");
                }
                return;
            }
            long unsignedInt3 = pacDataBuffer.getUnsignedInt();
            long unsignedInt4 = pacDataBuffer.getUnsignedInt();
            BigInteger unsignedLong = pacDataBuffer.getUnsignedLong();
            if (!unsignedLong.mod(EIGHT).equals(BigInteger.ZERO)) {
                throw new IllegalArgumentException("PAC_INFO_BUFFER offset must be multiple of 8, but is " + unsignedLong);
            }
            int position = pacDataBuffer.position();
            pacDataBuffer.position(unsignedLong.intValue());
            byte[] bArr2 = new byte[(int) unsignedInt4];
            pacDataBuffer.get(bArr2);
            pacDataBuffer.position(position);
            if (this.logger.isTraceEnabled()) {
                Log log2 = this.logger;
                String format = String.format("0x%08X", Long.valueOf(unsignedInt3));
                Base64.getEncoder().encodeToString(bArr2);
                log2.trace("PAC_INFO_BUFFER describes type " + format + " with size " + unsignedInt4 + " and offset " + log2 + " containing data " + unsignedLong);
            }
            arrayList.add(new PacInfoBuffer(unsignedInt3, unsignedInt4, unsignedLong, bArr2));
            j = j2 + 1;
        }
    }

    public KerbValidationInfo getKerbValidationInfo() {
        return this.kerbValidationInfo;
    }

    public UpnDnsInfo getUpnDnsInfo() {
        return this.upnDnsInfo;
    }

    public PacClientInfo getPacClientInfo() {
        return this.pacClientInfo;
    }

    public PacSignatureData getServerSignature() {
        return this.serverSignature;
    }

    public PacSignatureData getKdcSignature() {
        return this.kdcSignature;
    }

    public void verifySignature(Key[] keyArr) throws SignatureException {
        this.signatureVerifier.verify(this.serverSignature, this.zeroedPacData, keyArr);
    }
}
