package org.apache.kerby.kerberos.kerb.client.preauth.token;

import java.util.Collections;
import java.util.List;
import org.apache.kerby.KOption;
import org.apache.kerby.KOptions;
import org.apache.kerby.kerberos.kerb.KrbCodec;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.KrbContext;
import org.apache.kerby.kerberos.kerb.client.TokenOption;
import org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin;
import org.apache.kerby.kerberos.kerb.client.request.KdcRequest;
import org.apache.kerby.kerberos.kerb.common.EncryptionUtil;
import org.apache.kerby.kerberos.kerb.preauth.PaFlag;
import org.apache.kerby.kerberos.kerb.preauth.PaFlags;
import org.apache.kerby.kerberos.kerb.preauth.PluginRequestContext;
import org.apache.kerby.kerberos.kerb.preauth.token.TokenPreauthMeta;
import org.apache.kerby.kerberos.kerb.type.base.AuthToken;
import org.apache.kerby.kerberos.kerb.type.base.EncryptedData;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.apache.kerby.kerberos.kerb.type.base.KeyUsage;
import org.apache.kerby.kerberos.kerb.type.base.KrbToken;
import org.apache.kerby.kerberos.kerb.type.pa.PaData;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataEntry;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
import org.apache.kerby.kerberos.kerb.type.pa.token.PaTokenRequest;
import org.apache.kerby.kerberos.kerb.type.pa.token.TokenInfo;

/* loaded from: input_file:org/apache/kerby/kerberos/kerb/client/preauth/token/TokenPreauth.class */
public class TokenPreauth extends AbstractPreauthPlugin {
    private TokenContext tokenContext;

    public TokenPreauth() {
        super(new TokenPreauthMeta());
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public void init(KrbContext krbContext) {
        super.init(krbContext);
        this.tokenContext = new TokenContext();
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public PluginRequestContext initRequestContext(KdcRequest kdcRequest) {
        return new TokenRequestContext();
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public void prepareQuestions(KdcRequest kdcRequest, PluginRequestContext pluginRequestContext) {
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public List<EncryptionType> getEncTypes(KdcRequest kdcRequest, PluginRequestContext pluginRequestContext) {
        return Collections.emptyList();
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public void setPreauthOptions(KdcRequest kdcRequest, PluginRequestContext pluginRequestContext, KOptions kOptions) {
        this.tokenContext.setUsingIdToken(kOptions.getBooleanOption(TokenOption.USE_TOKEN, false));
        if (this.tokenContext.isUsingIdToken()) {
            if (kOptions.contains(TokenOption.USER_ID_TOKEN)) {
                this.tokenContext.setToken((AuthToken) kOptions.getOptionValue(TokenOption.USER_ID_TOKEN));
            }
        } else if (kOptions.contains(TokenOption.USER_AC_TOKEN)) {
            this.tokenContext.setToken((AuthToken) kOptions.getOptionValue(TokenOption.USER_AC_TOKEN));
        }
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public void tryFirst(KdcRequest kdcRequest, PluginRequestContext pluginRequestContext, PaData paData) throws KrbException {
        if (kdcRequest.getAsKey() == null) {
            kdcRequest.needAsKey();
        }
        paData.addElement(makeEntry(kdcRequest));
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public boolean process(KdcRequest kdcRequest, PluginRequestContext pluginRequestContext, PaDataEntry paDataEntry, PaData paData) throws KrbException {
        if (kdcRequest.getAsKey() == null) {
            kdcRequest.needAsKey();
        }
        paData.addElement(makeEntry(kdcRequest));
        return true;
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public boolean tryAgain(KdcRequest kdcRequest, PluginRequestContext pluginRequestContext, PaDataType paDataType, PaData paData, PaData paData2) {
        return false;
    }

    @Override // org.apache.kerby.kerberos.kerb.client.preauth.AbstractPreauthPlugin, org.apache.kerby.kerberos.kerb.client.preauth.KrbPreauth
    public PaFlags getFlags(PaDataType paDataType) {
        PaFlags paFlags = new PaFlags(0);
        paFlags.setFlag(PaFlag.PA_REAL);
        return paFlags;
    }

    private PaDataEntry makeEntry(KdcRequest kdcRequest) throws KrbException {
        KrbToken krbToken;
        KOptions preauthOptions = kdcRequest.getPreauthOptions();
        KOption option = preauthOptions.getOption(TokenOption.USER_ID_TOKEN);
        KOption option2 = preauthOptions.getOption(TokenOption.USER_AC_TOKEN);
        if (option != null) {
            krbToken = (KrbToken) option.getOptionInfo().getValue();
        } else {
            if (option2 == null) {
                throw new KrbException("missing token.");
            }
            krbToken = (KrbToken) option2.getOptionInfo().getValue();
        }
        PaTokenRequest paTokenRequest = new PaTokenRequest();
        paTokenRequest.setToken(krbToken);
        TokenInfo tokenInfo = new TokenInfo();
        tokenInfo.setTokenVendor(krbToken.getIssuer());
        paTokenRequest.setTokenInfo(tokenInfo);
        EncryptedData seal = EncryptionUtil.seal(paTokenRequest, kdcRequest.getAsKey(), KeyUsage.PA_TOKEN);
        PaDataEntry paDataEntry = new PaDataEntry();
        paDataEntry.setPaDataType(PaDataType.TOKEN_REQUEST);
        paDataEntry.setPaDataValue(KrbCodec.encode(seal));
        return paDataEntry;
    }
}
