package oracle.net.ano;

import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import oracle.jdbc.OracleConnection;
import oracle.net.aso.e;
import oracle.net.ns.NetException;
import oracle.net.ns.SQLnetDef;
import oracle.net.ns.SessionAtts;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import sun.security.krb5.EncryptedData;
import sun.security.krb5.EncryptionKey;
import sun.security.krb5.internal.APReq;
import sun.security.krb5.internal.Authenticator;
import sun.security.krb5.internal.KRBCred;

/* JADX WARN: Classes with same name are omitted:
  input_file:BOOT-INF/classes/lib/ojdbc6.jar:oracle/net/ano/AuthenticationService.class
  input_file:BOOT-INF/classes/lib/ojdbc8.jar:oracle/net/ano/AuthenticationService.class
 */
/* loaded from: input_file:BOOT-INF/lib/ojdbc8-8.jar:oracle/net/ano/AuthenticationService.class */
public class AuthenticationService extends Service implements PrivilegedExceptionAction, SQLnetDef {
    static final String[] a = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, AnoServices.AUTHENTICATION_TCPS};
    private static final String[] k = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, "tcps"};
    private static final byte[] l = {0, 1, 1, 2};
    private static Method m = null;
    private static Method n = null;
    private boolean o = false;
    private Subject p = null;
    private String q = null;
    private String r = null;
    private String s = null;
    private static boolean t;
    private int u;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int a(SessionAtts sessionAtts) {
        super.a(sessionAtts);
        this.i = 1;
        this.u = 64767;
        String[] authenticationServices = sessionAtts.profile.getAuthenticationServices();
        a(authenticationServices, a);
        this.g = new int[authenticationServices.length];
        for (int i = 0; i < this.g.length; i++) {
            this.g[i] = a(a, authenticationServices[i]);
        }
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void a() {
        b(3 + (this.g.length << 1));
        this.d.b();
        this.d.a(57569);
        this.d.b(this.u);
        for (int i = 0; i < this.g.length; i++) {
            this.d.a(l[this.g[i]]);
            this.d.a(k[this.g[i]]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int b() {
        int i = 20;
        for (int i2 = 0; i2 < this.g.length; i2++) {
            i = i + 5 + 4 + k[this.g[i2]].length();
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void a(int i) {
        this.d.j();
        int i2 = this.d.i();
        if (i2 != 64255 || i <= 2) {
            if (i2 != 64511) {
                throw new NetException(323, "Authentication service received status failure");
            }
            this.o = false;
            return;
        }
        this.d.e();
        this.j = a(k, this.d.k());
        if (i > 4) {
            this.d.j();
            this.d.g();
            this.d.g();
        }
        this.o = true;
    }

    @Override // oracle.net.ano.Service
    public boolean isActive() {
        return this.o;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int a_() {
        if (!isActive()) {
            return 0;
        }
        if (this.j == 1) {
            return 32;
        }
        return this.j == 2 ? 37 : 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void d() {
        if (this.o) {
            if (this.j == 1) {
                b(3);
                this.d.b();
                this.d.a(2L);
                this.d.a(2L);
                return;
            }
            if (this.j == 2) {
                b(4);
                this.d.b();
                this.d.a(2L);
                this.d.a(2L);
                this.d.a((short) 0);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v29 */
    /* JADX WARN: Type inference failed for: r0v40, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v57 */
    /* JADX WARN: Type inference failed for: r0v58 */
    public final void e() {
        NetException netException;
        if (this.o) {
            this.e.ano.c();
            Service.a(this.d);
            if (this.j == 1) {
                this.d.n();
                this.d.n();
                return;
            }
            if (this.j == 2) {
                String k2 = this.d.k();
                String k3 = this.d.k();
                this.q = k2 + "/" + k3;
                this.r = k2 + "@" + k3;
                try {
                    InetAddress.getByName(k3).getCanonicalHostName().toLowerCase().startsWith(k3.toLowerCase() + ".");
                } catch (UnknownHostException unused) {
                    k3.toLowerCase();
                }
                this.s = (String) this.e.profile.get(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB_REALM);
                if (this.s != null && this.s.indexOf(64) != -1) {
                    this.s = this.s.substring(this.s.indexOf(64));
                }
                AccessControlContext context = AccessController.getContext();
                if (context != null) {
                    this.p = Subject.getSubject(context);
                }
                Subject subject = this.p;
                PrivilegedActionException privilegedActionException = subject;
                if (subject == null) {
                    AuthenticationService authenticationService = this;
                    authenticationService.p = g();
                    privilegedActionException = authenticationService;
                }
                try {
                    privilegedActionException = Subject.doAs(this.p, this);
                } catch (PrivilegedActionException e) {
                    Exception exception = privilegedActionException.getException();
                    if (exception instanceof NetException) {
                        netException = (NetException) exception;
                    } else {
                        NetException netException2 = new NetException(323, e.getMessage());
                        netException = netException2;
                        netException2.initCause(e);
                    }
                    throw netException;
                }
            }
        }
    }

    private final Subject g() {
        Configuration.setConfiguration(new Configuration() { // from class: oracle.net.ano.AuthenticationService.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                HashMap hashMap = new HashMap();
                hashMap.put("useTicketCache", "true");
                hashMap.put("doNotPrompt", "true");
                String str2 = (String) AuthenticationService.this.e.profile.get("oracle.net.kerberos5_cc_name");
                if (str2 != null && !str2.equals("")) {
                    hashMap.put("ticketCache", str2);
                }
                if (str.equalsIgnoreCase("kprb5module")) {
                    return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
                }
                return null;
            }

            public void refresh() {
            }
        });
        try {
            LoginContext loginContext = new LoginContext("kprb5module");
            loginContext.login();
            return loginContext.getSubject();
        } catch (Exception e) {
            NetException netException = new NetException(323, e.getMessage());
            netException.initCause(e);
            throw netException;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v22, types: [int] */
    @Override // java.security.PrivilegedExceptionAction
    public Object run() {
        byte[] bArr;
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            Oid oid2 = new Oid("1.2.840.113554.1.2.2.1");
            byte[] der = oid.getDER();
            KerberosPrincipal kerberosPrincipal = null;
            Iterator<Principal> it = this.p.getPrincipals().iterator();
            if (it.hasNext()) {
                Principal next = it.next();
                if (next instanceof KerberosPrincipal) {
                    kerberosPrincipal = (KerberosPrincipal) next;
                }
            }
            if (kerberosPrincipal == null) {
                throw new NetException(323, "Unable to find valid kerberos principal for authentication");
            }
            GSSContext createContext = gSSManager.createContext(this.s != null ? gSSManager.createName(this.q, oid2) : gSSManager.createName(this.r, GSSName.NT_HOSTBASED_SERVICE), oid, gSSManager.createCredential(gSSManager.createName(kerberosPrincipal.getName(), oid2), 0, oid, 1), 0);
            boolean z = true;
            if (((String) this.e.profile.get("oracle.net.kerberos5_mutual_authentication")) != "true") {
                z = false;
            }
            createContext.requestMutualAuth(z);
            createContext.requestConf(false);
            createContext.requestInteg(false);
            createContext.requestCredDeleg(true);
            byte[] initSecContext = createContext.initSecContext(new byte[0], 0, 0);
            byte[] bArr2 = new byte[initSecContext.length - 17];
            System.arraycopy(initSecContext, 17, bArr2, 0, bArr2.length);
            byte[] address = InetAddress.getLocalHost().getAddress();
            this.e.ano.a(39 + address.length + 4 + bArr2.length, this.i);
            b(4);
            this.d.a(2);
            this.d.a(4L);
            this.d.a(address);
            this.d.a(bArr2);
            this.d.a();
            this.e.ano.c();
            int[] a2 = Service.a(this.d);
            this.d.e();
            if (z) {
                if (a2[1] < 2) {
                    throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                }
                byte[] l2 = this.d.l();
                byte[] bArr3 = new byte[der.length + 2 + l2.length];
                System.arraycopy(der, 0, bArr3, 0, der.length);
                bArr3[der.length] = 2;
                bArr3[der.length + 1] = 0;
                System.arraycopy(l2, 0, bArr3, der.length + 2, l2.length);
                int length = bArr3.length;
                if (length < 128) {
                    bArr = r0;
                    byte[] bArr4 = {(byte) length};
                } else if (length < 256) {
                    byte[] bArr5 = r0;
                    byte[] bArr6 = {-127};
                    bArr5[1] = (byte) length;
                    bArr = bArr5;
                } else if (length < 65536) {
                    byte[] bArr7 = r0;
                    byte[] bArr8 = {-126};
                    bArr7[1] = (byte) (length >> 8);
                    bArr7[2] = (byte) length;
                    bArr = bArr7;
                } else if (length < 16777216) {
                    byte[] bArr9 = new byte[4];
                    byte[] bArr10 = bArr9;
                    bArr9[0] = -125;
                    bArr10[1] = (byte) (length >> 16);
                    bArr10[2] = (byte) (length >> 8);
                    bArr10[3] = (byte) length;
                    bArr = bArr10;
                } else {
                    byte[] bArr11 = new byte[5];
                    byte[] bArr12 = bArr11;
                    bArr11[0] = -124;
                    bArr12[1] = length >> 24;
                    bArr12[2] = (byte) (length >> 16);
                    bArr12[3] = (byte) (length >> 8);
                    bArr12[4] = (byte) length;
                    bArr = bArr12;
                }
                byte[] bArr13 = bArr;
                byte[] bArr14 = new byte[1 + bArr13.length + bArr3.length];
                bArr14[0] = 96;
                System.arraycopy(bArr13, 0, bArr14, 1, bArr13.length);
                System.arraycopy(bArr3, 0, bArr14, bArr13.length + 1, bArr3.length);
                try {
                    createContext.initSecContext(bArr14, 0, bArr14.length);
                    if (!createContext.getMutualAuthState()) {
                        throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                    }
                } catch (GSSException e) {
                    NetException netException = new NetException(323, e.getMessage());
                    netException.initCause(e);
                    throw netException;
                }
            }
            if (!createContext.isEstablished()) {
                throw new NetException(323, "Kerberos5 adaptor couldn't create context");
            }
            byte[] a3 = t ? a(createContext) : a(createContext, bArr2);
            if (a3 == null) {
                a3 = new byte[0];
            }
            this.e.ano.a(25 + a3.length, this.i);
            b(1);
            this.d.a(a3);
            this.d.a();
            return null;
        } catch (GSSException e2) {
            NetException netException2 = new NetException(323, e2.getMessage());
            netException2.initCause(e2);
            throw netException2;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:6:?, code lost:
    
        throw r0;
     */
    /* JADX WARN: Not initialized variable reg: 0, insn: 0x0013: THROW (r0 I:java.lang.Throwable), block:B:7:0x0013 */
    /* JADX WARN: Type inference failed for: r0v4, types: [byte[], java.lang.Throwable] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static byte[] a(org.ietf.jgss.GSSContext r3) {
        /*
            r0 = r3
            com.sun.security.jgss.ExtendedGSSContext r0 = (com.sun.security.jgss.ExtendedGSSContext) r0     // Catch: org.ietf.jgss.GSSException -> L13
            java.lang.String r1 = "KRB5_GET_KRB_CRED"
            com.sun.security.jgss.InquireType r1 = com.sun.security.jgss.InquireType.valueOf(r1)     // Catch: org.ietf.jgss.GSSException -> L13
            java.lang.Object r0 = r0.inquireSecContext(r1)     // Catch: org.ietf.jgss.GSSException -> L13
            byte[] r0 = a(r0)     // Catch: org.ietf.jgss.GSSException -> L13
            return r0
        L13:
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: oracle.net.ano.AuthenticationService.a(org.ietf.jgss.GSSContext):byte[]");
    }

    private final byte[] a(GSSContext gSSContext, byte[] bArr) {
        byte[] decrypt;
        byte[] bArr2 = null;
        if (gSSContext.getCredDelegState()) {
            Object[] array = this.p.getPrivateCredentials().toArray();
            byte[] bArr3 = null;
            int i = -1;
            for (int i2 = 0; i2 < array.length; i2++) {
                if (array[i2] instanceof KerberosTicket) {
                    KerberosTicket kerberosTicket = (KerberosTicket) array[i2];
                    String name = kerberosTicket.getServer().getName();
                    byte[] encoded = kerberosTicket.getSessionKey().getEncoded();
                    int sessionKeyType = kerberosTicket.getSessionKeyType();
                    if (!name.startsWith("krbtgt")) {
                        bArr3 = encoded;
                        i = sessionKeyType;
                    }
                }
            }
            APReq aPReq = new APReq(bArr);
            EncryptionKey encryptionKey = new EncryptionKey(i, bArr3);
            byte[] bytes = new Authenticator(a(aPReq.authenticator, aPReq.authenticator.decrypt(encryptionKey, 11), true)).getChecksum().getBytes();
            if (bytes.length >= 26) {
                int i3 = ((bytes[27] & 255) << 8) + (bytes[26] & 255);
                byte[] bArr4 = new byte[i3];
                System.arraycopy(bytes, 28, bArr4, 0, i3);
                KRBCred kRBCred = new KRBCred(bArr4);
                try {
                    decrypt = kRBCred.encPart.decrypt(EncryptionKey.NULL_KEY, 14);
                } catch (Exception unused) {
                    decrypt = kRBCred.encPart.decrypt(encryptionKey, 14);
                }
                bArr2 = new KRBCred(kRBCred.tickets, new EncryptedData(encryptionKey, a(kRBCred.encPart, decrypt, true), 14)).asn1Encode();
            }
        }
        return bArr2;
    }

    private static byte[] a(EncryptedData encryptedData, Object... objArr) {
        byte[] bArr = null;
        if (m == null) {
            m = h();
        }
        try {
            bArr = m.getParameterTypes().length == 1 ? (byte[]) m.invoke(encryptedData, objArr[0]) : (byte[]) m.invoke(encryptedData, objArr);
        } catch (IllegalAccessException unused) {
        } catch (InvocationTargetException unused2) {
        }
        return bArr;
    }

    private static Method h() {
        Method method = null;
        try {
            Class<?> cls = Class.forName("sun.security.krb5.EncryptedData");
            Class<?>[] clsArr = {byte[].class, Boolean.TYPE};
            try {
                method = cls.getDeclaredMethod("reset", clsArr);
            } catch (NoSuchMethodException unused) {
                method = cls.getDeclaredMethod("reset", clsArr[0]);
            }
        } catch (ClassNotFoundException unused2) {
        } catch (NoSuchMethodException unused3) {
        }
        return method;
    }

    private static byte[] a(Object obj) {
        if (n == null) {
            n = i();
        }
        try {
            return (byte[]) n.invoke(obj, null);
        } catch (IllegalAccessException | IllegalArgumentException | InvocationTargetException unused) {
            return null;
        }
    }

    private static Method i() {
        Method method = null;
        try {
            method = Class.forName("javax.security.auth.kerberos.KerberosCredMessage").getDeclaredMethod("getEncoded", null);
        } catch (ClassNotFoundException unused) {
        } catch (NoSuchMethodException unused2) {
        }
        return method;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void f() {
    }

    public static final byte[] obfuscatePasswordForRadius(byte[] bArr) {
        return e.c(bArr);
    }

    static {
        t = false;
        try {
            Class.forName("javax.security.auth.kerberos.KerberosCredMessage");
            t = true;
        } catch (Exception unused) {
            t = false;
        }
    }
}
