package org.apache.kerby.kerberos.kerb.client.request;

import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbContext;
import org.apache.kerby.kerberos.kerb.common.CheckSumUtil;
import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
import org.apache.kerby.kerberos.kerb.type.KerberosTime;
import org.apache.kerby.kerberos.kerb.type.ap.ApOptions;
import org.apache.kerby.kerberos.kerb.type.ap.ApReq;
import org.apache.kerby.kerberos.kerb.type.ap.Authenticator;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionKey;
import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
import org.apache.kerby.kerberos.kerb.type.base.PrincipalName;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
import org.apache.kerby.kerberos.kerb.type.ticket.TgtTicket;

/* loaded from: input_file:WEB-INF/lib/kerb-client-1.0.0-RC2.jar:org/apache/kerby/kerberos/kerb/client/request/TgsRequestWithTgt.class */
public class TgsRequestWithTgt extends TgsRequest {
    private TgtTicket tgt;
    private ApReq apReq;

    public TgsRequestWithTgt(KrbContext krbContext, TgtTicket tgtTicket) {
        super(krbContext);
        this.tgt = tgtTicket;
        setAllowedPreauth(PaDataType.TGS_REQ);
    }

    @Override // org.apache.kerby.kerberos.kerb.client.request.TgsRequest, org.apache.kerby.kerberos.kerb.client.request.KdcRequest
    public PrincipalName getClientPrincipal() {
        return this.tgt.getClientPrincipal();
    }

    @Override // org.apache.kerby.kerberos.kerb.client.request.TgsRequest, org.apache.kerby.kerberos.kerb.client.request.KdcRequest
    public EncryptionKey getClientKey() throws KrbException {
        return getSessionKey();
    }

    @Override // org.apache.kerby.kerberos.kerb.client.request.TgsRequest
    public EncryptionKey getSessionKey() {
        return this.tgt.getSessionKey();
    }

    private ApReq makeApReq() throws KrbException {
        ApReq apReq = new ApReq();
        Authenticator makeAuthenticator = makeAuthenticator();
        apReq.setEncryptedAuthenticator(EncryptionUtil.seal(makeAuthenticator, this.tgt.getSessionKey(), KeyUsage.TGS_REQ_AUTH));
        apReq.setAuthenticator(makeAuthenticator);
        apReq.setTicket(this.tgt.getTicket());
        apReq.setApOptions(new ApOptions());
        return apReq;
    }

    public ApReq getApReq() throws KrbException {
        if (this.apReq == null) {
            this.apReq = makeApReq();
        }
        return this.apReq;
    }

    private Authenticator makeAuthenticator() throws KrbException {
        Authenticator authenticator = new Authenticator();
        authenticator.setAuthenticatorVno(5);
        authenticator.setCname(this.tgt.getClientPrincipal());
        authenticator.setCrealm(this.tgt.getRealm());
        authenticator.setCtime(KerberosTime.now());
        authenticator.setCusec(0);
        authenticator.setSubKey(this.tgt.getSessionKey());
        authenticator.setCksum(CheckSumUtil.seal(getReqBody(), null, this.tgt.getSessionKey(), KeyUsage.TGS_REQ_AUTH_CKSUM));
        return authenticator;
    }
}
