package oracle.net.ano;

import com.sun.security.auth.module.Krb5LoginModule;
import java.io.IOException;
import java.net.InetAddress;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.kerberos.KerberosPrincipal;
import oracle.net.aso.a;
import oracle.net.ns.NetException;
import oracle.net.ns.SQLnetDef;
import oracle.net.ns.SessionAtts;
import org.hsqldb.Token;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.Oid;

/* loaded from: input_file:lib/ojdbc6.jar:oracle/net/ano/AuthenticationService.class */
public class AuthenticationService extends Service implements SQLnetDef, PrivilegedExceptionAction {
    static final String[] j = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, AnoServices.AUTHENTICATION_TCPS};
    private static final String[] k = {"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, "tcps"};
    private static final byte[] l = {0, 1, 1, 2};
    private boolean m = false;
    private Subject n = null;
    private String o = null;
    private int p;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int a(SessionAtts sessionAtts) throws NetException {
        super.a(sessionAtts);
        this.h = 1;
        this.p = 64767;
        String[] authenticationServices = sessionAtts.profile.getAuthenticationServices();
        a(authenticationServices, j);
        this.f = new int[authenticationServices.length];
        for (int i = 0; i < this.f.length; i++) {
            this.f[i] = a(j, authenticationServices[i]);
        }
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void b() throws NetException, IOException {
        b(3 + (this.f.length * 2));
        this.c.c();
        this.c.a(57569);
        this.c.b(this.p);
        for (int i = 0; i < this.f.length; i++) {
            this.c.a(l[this.f[i]]);
            this.c.a(k[this.f[i]]);
        }
    }

    @Override // oracle.net.ano.Service
    final int c() {
        int i = 20;
        for (int i2 = 0; i2 < this.f.length; i2++) {
            i = i + 5 + 4 + k[this.f[i2]].length();
        }
        return i;
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    @Override // oracle.net.ano.Service
    final void a(int i) throws NetException, IOException {
        this.c.j();
        int i2 = this.c.i();
        if (i2 != 64255 || i <= 2) {
            if (i2 != 64511) {
                throw new NetException(323, "Authentication service received status failure");
            }
            this.m = false;
            return;
        }
        this.c.e();
        this.i = a(k, this.c.k());
        if (i > 4) {
            this.c.j();
            this.c.g();
            this.c.g();
        }
        this.m = true;
    }

    @Override // oracle.net.ano.Service
    public boolean isActive() {
        return this.m;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int a() {
        if (!isActive()) {
            return 0;
        }
        if (this.i == 1) {
            return 32;
        }
        return this.i == 2 ? 37 : 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void g() throws NetException, IOException {
        if (this.m) {
            if (this.i == 1) {
                b(3);
                this.c.c();
                this.c.a(2L);
                this.c.a(2L);
                return;
            }
            if (this.i == 2) {
                b(4);
                this.c.c();
                this.c.a(2L);
                this.c.a(2L);
                this.c.a((short) 0);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v62 */
    /* JADX WARN: Type inference failed for: r0v74, types: [java.lang.Object] */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public final void h() throws NetException, IOException {
        NetException netException;
        NetException netException2;
        if (this.m) {
            this.d.ano.a();
            Service.a(this.c);
            if (this.i == 1) {
                this.c.n();
                this.c.n();
                return;
            }
            if (this.i == 2) {
                this.o = this.c.k() + Token.T_DIVIDE + this.c.k();
                AccessControlContext context = AccessController.getContext();
                if (context != null) {
                    this.n = Subject.getSubject(context);
                }
                if (this.n != null) {
                    try {
                        run();
                        return;
                    } catch (Exception e) {
                        if (e instanceof NetException) {
                            netException = (NetException) e;
                        } else {
                            if (e instanceof PrivilegedActionException) {
                                Exception exception = ((PrivilegedActionException) e).getException();
                                netException2 = exception instanceof NetException ? (NetException) exception : new NetException(323, e.getMessage());
                                throw netException2;
                            }
                            netException = new NetException(323, e.getMessage());
                        }
                        netException2 = netException;
                        throw netException2;
                    }
                }
                this.n = new Subject();
                Krb5LoginModule krb5LoginModule = new Krb5LoginModule();
                HashMap hashMap = new HashMap();
                HashMap hashMap2 = new HashMap();
                hashMap2.put("useTicketCache", "true");
                hashMap2.put("doNotPrompt", "true");
                String str = (String) this.d.profile.get("oracle.net.kerberos5_cc_name");
                if (str != null && !str.equals("")) {
                    hashMap2.put("ticketCache", str);
                }
                krb5LoginModule.initialize(this.n, (CallbackHandler) null, hashMap, hashMap2);
                try {
                    boolean login = krb5LoginModule.login();
                    krb5LoginModule.commit();
                    PrivilegedActionException privilegedActionException = login;
                    if (privilegedActionException == 0) {
                        throw new NetException(323, "Kerberos5 adaptor couldn't retrieve credentials (TGT) from the cache");
                    }
                    try {
                        privilegedActionException = Subject.doAs(this.n, this);
                    } catch (PrivilegedActionException e2) {
                        Exception exception2 = privilegedActionException.getException();
                        throw (exception2 instanceof NetException ? (NetException) exception2 : new NetException(323, e2.getMessage()));
                    }
                } catch (Exception e3) {
                    throw new NetException(323, e3.getMessage());
                }
            }
        }
    }

    @Override // java.security.PrivilegedExceptionAction
    public Object run() throws Exception {
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            byte[] der = oid.getDER();
            Oid oid2 = new Oid("1.2.840.113554.1.2.2.1");
            KerberosPrincipal kerberosPrincipal = null;
            Iterator<Principal> it = this.n.getPrincipals().iterator();
            if (it.hasNext()) {
                Principal next = it.next();
                if (next instanceof KerberosPrincipal) {
                    kerberosPrincipal = (KerberosPrincipal) next;
                }
            }
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.o + "@" + kerberosPrincipal.getRealm(), oid2), oid, gSSManager.createCredential(gSSManager.createName(kerberosPrincipal.getName(), oid2), 0, oid, 1), 0);
            boolean z = true;
            if (((String) this.d.profile.get("oracle.net.kerberos5_mutual_authentication")) != "true") {
                z = false;
            }
            createContext.requestMutualAuth(z);
            createContext.requestConf(false);
            createContext.requestInteg(false);
            byte[] bArr = new byte[0];
            byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
            byte[] bArr2 = new byte[initSecContext.length - 17];
            System.arraycopy(initSecContext, 17, bArr2, 0, bArr2.length);
            byte[] address = InetAddress.getLocalHost().getAddress();
            this.d.ano.a(39 + address.length + 4 + bArr2.length, this.h, (short) 0);
            b(4);
            this.c.a(2);
            this.c.a(4L);
            this.c.a(address);
            this.c.a(bArr2);
            this.c.b();
            this.d.ano.a();
            int[] a = Service.a(this.c);
            this.c.e();
            if (z) {
                if (a[1] < 2) {
                    throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                }
                byte[] l2 = this.c.l();
                byte[] bArr3 = new byte[l2.length + der.length + 5];
                bArr3[0] = 96;
                bArr3[1] = -127;
                bArr3[2] = 0;
                System.arraycopy(der, 0, bArr3, 3, der.length);
                bArr3[der.length + 3] = 2;
                bArr3[der.length + 4] = 0;
                System.arraycopy(l2, 0, bArr3, der.length + 5, l2.length);
                try {
                    createContext.initSecContext(bArr3, 0, bArr3.length);
                    if (!createContext.getMutualAuthState()) {
                        throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                    }
                } catch (GSSException e) {
                    throw new NetException(323, e.getMessage());
                }
            }
            if (!createContext.isEstablished()) {
                throw new NetException(323, "Kerberos5 adaptor couldn't create context");
            }
            byte[] bArr4 = new byte[0];
            this.d.ano.a(25 + bArr4.length, this.h, (short) 0);
            b(1);
            this.c.a(bArr4);
            this.c.b();
            return null;
        } catch (GSSException e2) {
            throw new NetException(323, e2.getMessage());
        }
    }

    @Override // oracle.net.ano.Service
    final void d() throws NetException, IOException {
    }

    public static final byte[] obfuscatePasswordForRadius(byte[] bArr) {
        return a.a(bArr);
    }
}
