package orbasec.secrep.gsskrb5;

import java.util.Vector;
import orbasec.SL2;
import orbasec.SecLev2.TrustedAuthority;
import orbasec.SecLev2.TrustedAuthorityPolicyHelper;
import orbasec.corba.CredUtil;
import orbasec.corba.LocalObject;
import orbasec.corba.MechUtil;
import orbasec.corba.MinorBadParam;
import orbasec.corba.MinorDataConversion;
import orbasec.corba.MinorNoPermission;
import orbasec.corba.Opaque;
import orbasec.corba.SecurityError;
import orbasec.corba.TrustedAuthorityPolicy;
import orbasec.krb5.Kerberos_Kinit;
import orbasec.krb5.gss;
import orbasec.krb5.gss_OID;
import orbasec.krb5.gss_buffer_holder;
import orbasec.krb5.gss_int_holder;
import orbasec.krb5.gss_name_t;
import orbasec.krb5.gss_string_holder;
import orbasec.util.List;
import orbasec.util.ListS;
import orbasec.util.Pred1;
import org.omg.CORBA.BAD_PARAM;
import org.omg.CORBA.COMM_FAILURE;
import org.omg.CORBA.CompletionStatus;
import org.omg.CORBA.DATA_CONVERSION;
import org.omg.CORBA.INV_POLICY;
import org.omg.CORBA.NO_IMPLEMENT;
import org.omg.CORBA.NO_PERMISSION;
import org.omg.CORBA.Object;
import org.omg.CORBA.Policy;
import org.omg.CORBA.StringHolder;
import org.omg.CORBA.SystemException;
import org.omg.CORBA.UNKNOWN;
import org.omg.Security.AssociationStatus;
import org.omg.Security.AuthenticationStatus;
import org.omg.Security.ChannelBindings;
import org.omg.Security.DelegationMode;
import org.omg.Security.MechandOptions;
import org.omg.Security.OpaqueBuffer;
import org.omg.Security.OpaqueBufferHolder;
import org.omg.Security.OpaqueHolder;
import org.omg.Security.OptionsDirectionPair;
import org.omg.Security.SecAttribute;
import org.omg.SecurityLevel2.Credentials;
import org.omg.SecurityLevel2.CredentialsHolder;
import org.omg.SecurityReplaceable.ClientSecurityContextHolder;
import org.omg.SecurityReplaceable.ServerSecurityContextHolder;
import org.omg.SecurityReplaceable.Vault;
import org.omg.TimeBase.UtcTHolder;

/* loaded from: input_file:orbasec/secrep/gsskrb5/Kerberos_Vault.class */
public class Kerberos_Vault extends LocalObject implements Vault {
    static Kerberos_Kinit kinit_ = new Kerberos_Kinit();
    static final String VAULT_MECHANISM = "Kerberos_MIT";
    boolean DELEGATION_SUPPORTED = true;
    private MechandOptions[] mech_types_and_options = new MechandOptions[1];
    private boolean use_session_ = false;
    byte[][] supported_oids_ = {new byte[]{43, 5, 1, 5, 2}, new byte[]{42, -122, 72, -9, 18, 1, 2, 2}, new byte[]{42, -122, 72, -122, -9, 18, 1, 2, 3}, new byte[]{42, -122, 72, -122, -9, 18, 1, 2, 2}};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:orbasec/secrep/gsskrb5/Kerberos_Vault$isAuthority.class */
    public static final class isAuthority implements Pred1 {
        byte[] issuer;

        isAuthority(Opaque opaque) {
            this.issuer = opaque.getEncoding();
        }

        isAuthority(byte[] bArr) {
            this.issuer = bArr;
        }

        public boolean pred(Object obj) {
            try {
                return CredUtil.equals(this.issuer, Opaque.encodeKerberosName(Kerberos_Vault.canonicalizeKerberosName(Opaque.decode(((TrustedAuthority) obj).security_name).toString())).getEncoding());
            } catch (Exception unused) {
                return false;
            }
        }
    }

    /* JADX WARN: Type inference failed for: r1v5, types: [byte[], byte[][]] */
    public Kerberos_Vault() {
        this.mech_types_and_options[0] = new MechandOptions(VAULT_MECHANISM, (short) 511);
    }

    Kerberos_Credentials[] find_creds(Credentials[] credentialsArr) {
        Credentials[] find_credentials = CredUtil.find_credentials(credentialsArr, VAULT_MECHANISM);
        if (find_credentials == null || find_credentials.length == 0) {
            if (orbasec.util.Debug.debug) {
                orbasec.util.Debug.println(Debug.SECIOP, "Kerberos_Vault:no_credentials");
            }
            throw new BAD_PARAM("No Kerberos credentials.", MinorBadParam.Credentials.value(), CompletionStatus.COMPLETED_NO);
        }
        Vector vector = new Vector();
        for (int i = 0; i < find_credentials.length; i++) {
            if (!find_credentials[i].is_valid((UtcTHolder) null) && !find_credentials[i].refresh(new byte[0])) {
                throw new BAD_PARAM("Kerberos Credentials expired.", MinorBadParam.Credentials.value(), CompletionStatus.COMPLETED_NO);
            }
            try {
                vector.addElement(((Kerberos_Credentials) find_credentials[i]).copy());
            } catch (ClassCastException unused) {
                throw new BAD_PARAM("Class Cast Exception on Kerberos Credentials.", MinorBadParam.Credentials.value(), CompletionStatus.COMPLETED_NO);
            }
        }
        Kerberos_Credentials[] kerberos_CredentialsArr = new Kerberos_Credentials[vector.size()];
        vector.copyInto(kerberos_CredentialsArr);
        return kerberos_CredentialsArr;
    }

    Kerberos_Credentials check_creds(Credentials credentials) {
        if (!MechUtil.mechSupportsMech(credentials.mechanism(), VAULT_MECHANISM)) {
            throw new BAD_PARAM("No Kerberos Credentials.", MinorBadParam.Credentials.value(), CompletionStatus.COMPLETED_NO);
        }
        if (!credentials.is_valid((UtcTHolder) null) && !credentials.refresh(new byte[0])) {
            throw new BAD_PARAM("Kerberos Credentials expired.", MinorBadParam.Credentials.value(), CompletionStatus.COMPLETED_NO);
        }
        try {
            return credentials.copy();
        } catch (ClassCastException unused) {
            throw new BAD_PARAM("Class Cast Exception on Kerberos Credentials.", MinorBadParam.Credentials.value(), CompletionStatus.COMPLETED_NO);
        }
    }

    short get_association_options(OptionsDirectionPair[] optionsDirectionPairArr) {
        if (optionsDirectionPairArr == null || optionsDirectionPairArr.length < 1) {
            throw new BAD_PARAM("Bad Options Direction Pair.", MinorBadParam.AssociationOptions.value(), CompletionStatus.COMPLETED_NO);
        }
        if (optionsDirectionPairArr.length == 1 && optionsDirectionPairArr[0].direction.value() == 0) {
            return optionsDirectionPairArr[0].options;
        }
        throw new BAD_PARAM("Only one set of association options supported, with designation SecDirectionBoth.", MinorBadParam.AssociationOptions.value(), CompletionStatus.COMPLETED_NO);
    }

    public AssociationStatus init_security_context(Credentials credentials, byte[] bArr, Object object, DelegationMode delegationMode, OptionsDirectionPair[] optionsDirectionPairArr, String str, byte[] bArr2, ChannelBindings channelBindings, OpaqueBufferHolder opaqueBufferHolder, ClientSecurityContextHolder clientSecurityContextHolder) {
        if (orbasec.util.Debug.debug) {
            orbasec.util.Debug.println(Debug.SECIOP, "Kerberos_Vault:init_security_context");
        }
        Kerberos_SecurityContext kerberos_SecurityContext = new Kerberos_SecurityContext(check_creds(credentials), bArr, delegationMode, get_association_options(optionsDirectionPairArr), str, bArr2, channelBindings);
        if (orbasec.util.Debug.debug) {
            orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("Kerberos_Vault: ").append(credentials).toString());
            orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("Kerberos_Vault:delegation value : ").append(delegationMode.value()).toString());
        }
        OpaqueHolder opaqueHolder = new OpaqueHolder();
        AssociationStatus associationStatus = AssociationStatus.SecAssocFailure;
        try {
            AssociationStatus init_context = kerberos_SecurityContext.init_context(bArr, optionsDirectionPairArr, delegationMode, opaqueHolder);
            opaqueBufferHolder.value = new OpaqueBuffer();
            opaqueBufferHolder.value.buffer = opaqueHolder.value;
            opaqueBufferHolder.value.startpos = 0;
            opaqueBufferHolder.value.endpos = opaqueHolder.value.length;
            clientSecurityContextHolder.value = kerberos_SecurityContext;
            return init_context;
        } catch (GSSError e) {
            throw new NO_PERMISSION(new StringBuffer("GSS Error: ").append(e.getMessage()).toString(), MinorNoPermission.InitSecurityContext.value(), CompletionStatus.COMPLETED_NO);
        } catch (Exception e2) {
            throw new UNKNOWN(new StringBuffer("Other Exception : ").append(e2.toString()).toString());
        } catch (SystemException e3) {
            throw e3;
        }
    }

    public AssociationStatus accept_security_context(Credentials[] credentialsArr, ChannelBindings channelBindings, byte[] bArr, OpaqueBufferHolder opaqueBufferHolder, ServerSecurityContextHolder serverSecurityContextHolder) {
        AssociationStatus accept_context;
        if (orbasec.util.Debug.debug) {
            orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("KerberosVault.accept_security_context: Number of Creds").append(credentialsArr.length).toString());
        }
        Kerberos_Credentials[] find_creds = find_creds(credentialsArr);
        StringBuffer stringBuffer = new StringBuffer("GSS Error:");
        for (int i = 0; i < find_creds.length; i++) {
            Kerberos_SecurityContext kerberos_SecurityContext = new Kerberos_SecurityContext(find_creds[i], channelBindings);
            OpaqueHolder opaqueHolder = new OpaqueHolder();
            try {
                accept_context = kerberos_SecurityContext.accept_context(bArr, opaqueHolder);
                if (orbasec.util.Debug.debug) {
                    orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("Kerberos.ctx_accept_context: returns ").append(accept_context.value()).toString());
                }
            } catch (COMM_FAILURE e) {
                stringBuffer.append("Credentials[");
                stringBuffer.append(i);
                stringBuffer.append("]: ");
                stringBuffer.append(e);
                stringBuffer.append("\n");
            } catch (GSSError e2) {
                if (orbasec.util.Debug.debug) {
                    orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("Kerberos.accept_security_context: GSS error : ").append(e2.getMessage()).toString());
                }
                stringBuffer.append("Credentials[");
                stringBuffer.append(i);
                stringBuffer.append("]: ");
                stringBuffer.append(e2.getMessage());
                stringBuffer.append("\n");
            }
            if (accept_context.value() != 1) {
                opaqueBufferHolder.value = new OpaqueBuffer();
                opaqueBufferHolder.value.buffer = opaqueHolder.value;
                opaqueBufferHolder.value.startpos = 0;
                opaqueBufferHolder.value.endpos = opaqueHolder.value.length;
                serverSecurityContextHolder.value = kerberos_SecurityContext;
                return accept_context;
            }
            stringBuffer.append(new StringBuffer("Credentials[").append(i).append("]: AssocFailure\n").toString());
        }
        throw new NO_PERMISSION(stringBuffer.toString(), MinorNoPermission.AcceptSecurityContext.value(), CompletionStatus.COMPLETED_NO);
    }

    public MechandOptions[] get_supported_mechs() {
        return this.mech_types_and_options;
    }

    public byte[][] supported_mech_oids() {
        return this.supported_oids_;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void use_session(boolean z) {
        this.use_session_ = z;
    }

    public AuthenticationStatus acquire_credentials(int i, String str, byte[] bArr, byte[] bArr2, SecAttribute[] secAttributeArr, CredentialsHolder credentialsHolder, OpaqueHolder opaqueHolder, OpaqueHolder opaqueHolder2) {
        AuthData authData = (bArr2 == null || bArr2.length == 0) ? new AuthData() : new AuthData(bArr2);
        String str2 = "";
        if (bArr != null && bArr.length != 0) {
            try {
                str2 = Opaque.decode(bArr).toString();
            } catch (Exception unused) {
                throw new DATA_CONVERSION("Opaque encoding error.", MinorDataConversion.OpaqueEncoding.value(), CompletionStatus.COMPLETED_NO);
            }
        }
        try {
            boolean z = false;
            String password = authData.getPassword();
            if (password != null && password.length() > 0) {
                z = authData.getEnableServer();
            }
            if (!Kerberos_Kinit.getCredentials(authData.getConfigFile(), authData.getKeytab(), authData.getCacheName(), str2, authData.getPassword(), z, authData.getDelegation(), authData.getLifetime(), authData.getRenewableLife())) {
                return AuthenticationStatus.SecAuthFailure;
            }
            Kerberos_Credentials kerberos_Credentials = new Kerberos_Credentials(authData.getConfigFile(), authData.getKeytab(), authData.getCacheName());
            kerberos_Credentials._A_acquire_credentials(str2);
            if (authData.getDelegation()) {
                kerberos_Credentials._A_set_simple_delegate();
            }
            kerberos_Credentials._A_setOwn();
            credentialsHolder.value = kerberos_Credentials;
            return AuthenticationStatus.SecAuthSuccess;
        } catch (SystemException e) {
            throw e;
        } catch (GSSError e2) {
            throw new NO_PERMISSION(e2.getMessage(), MinorNoPermission.GSSError.value(), CompletionStatus.COMPLETED_NO);
        } catch (Exception e3) {
            throw new UNKNOWN(new StringBuffer("Other Exception : ").append(e3.toString()).toString());
        }
    }

    public AuthenticationStatus continue_acquisition(byte[] bArr, Credentials credentials, OpaqueHolder opaqueHolder, OpaqueHolder opaqueHolder2) {
        throw new NO_IMPLEMENT("Continue_acquisition not implemented by this GSS Kerberos Vault.");
    }

    public int[] get_supported_authen_methods(String str) {
        try {
            int[] iArr = new int[1];
            if (MechUtil.mechSupportsMech(str, VAULT_MECHANISM)) {
                return iArr;
            }
            throw new BAD_PARAM(new StringBuffer("Unknown Mechanism for Kerberos Vault, ").append(str).toString(), MinorBadParam.BadValue.value(), CompletionStatus.COMPLETED_NO);
        } catch (SystemException e) {
            throw e;
        } catch (Exception e2) {
            throw new UNKNOWN(new StringBuffer("Other Exception : ").append(e2.toString()).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final List getOwnAuthorities() {
        Policy trustedAuthorityPolicy;
        try {
            trustedAuthorityPolicy = SL2.get_current().get_policy(1000);
        } catch (INV_POLICY unused) {
            trustedAuthorityPolicy = new TrustedAuthorityPolicy((TrustedAuthority[]) null, (TrustedAuthority[]) null, (TrustedAuthority[]) null);
        }
        return makeAuthoritiesList(TrustedAuthorityPolicyHelper.narrow(trustedAuthorityPolicy).own_trusted_authorities());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final List getServerPeerAuthorities() {
        Policy trustedAuthorityPolicy;
        try {
            trustedAuthorityPolicy = SL2.get_current().get_policy(1000);
        } catch (INV_POLICY unused) {
            trustedAuthorityPolicy = new TrustedAuthorityPolicy((TrustedAuthority[]) null, (TrustedAuthority[]) null, (TrustedAuthority[]) null);
        }
        return makeAuthoritiesList(TrustedAuthorityPolicyHelper.narrow(trustedAuthorityPolicy).server_peer_trusted_authorities());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final List getClientPeerAuthorities() {
        Policy trustedAuthorityPolicy;
        try {
            trustedAuthorityPolicy = SL2.get_current().get_policy(1000);
        } catch (INV_POLICY unused) {
            trustedAuthorityPolicy = new TrustedAuthorityPolicy((TrustedAuthority[]) null, (TrustedAuthority[]) null, (TrustedAuthority[]) null);
        }
        return makeAuthoritiesList(TrustedAuthorityPolicyHelper.narrow(trustedAuthorityPolicy).client_peer_trusted_authorities());
    }

    private static final List makeAuthoritiesList(TrustedAuthority[] trustedAuthorityArr) {
        List list = ListS.list();
        for (int i = 0; i < trustedAuthorityArr.length; i++) {
            if (trustedAuthorityArr[i].mechanism.startsWith("Kerberos")) {
                list = ListS.cons(trustedAuthorityArr[i], list);
            }
        }
        return list.reverse();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final boolean verifyAuthority(Opaque opaque, List list) {
        return verifyAuthority(opaque, list, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final boolean verifyAuthority(Opaque opaque, List list, StringHolder stringHolder) {
        if (list.isNil()) {
            return true;
        }
        String str = "Violation of Trusted Authority Policy.";
        try {
            if (((TrustedAuthority) list.lookup(new isAuthority(opaque))) != null) {
                return true;
            }
            str = new StringBuffer("Authority ").append(opaque).append(" is not trusted.").toString();
            throw new SecurityError(str);
        } catch (Error e) {
            if (orbasec.util.Debug.debug) {
                orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("   ").append(e).toString());
            }
            if (stringHolder == null) {
                return false;
            }
            stringHolder.value = str;
            return false;
        } catch (Exception e2) {
            if (orbasec.util.Debug.debug) {
                orbasec.util.Debug.println(Debug.SECIOP, new StringBuffer("   ").append(e2).toString());
            }
            if (stringHolder == null) {
                return false;
            }
            stringHolder.value = str;
            return false;
        }
    }

    static String canonicalizeKerberosName(String str) {
        gss_int_holder gss_int_holderVar = new gss_int_holder();
        gss_name_t gss_name_tVar = new gss_name_t();
        new gss_buffer_holder();
        new gss_int_holder();
        int import_name = gss.import_name(gss_int_holderVar, str, gss.gss_nt_user_name, gss_name_tVar);
        if (import_name != 0) {
            throw new GSSError("parsing target name", import_name, gss_int_holderVar.value);
        }
        gss_string_holder gss_string_holderVar = new gss_string_holder();
        int display_name = gss.display_name(gss_int_holderVar, gss_name_tVar, gss_string_holderVar, new gss_OID());
        if (display_name != 0) {
            throw new GSSError("displaying name", display_name, gss_int_holderVar.value);
        }
        return new String(gss_string_holderVar.buffer());
    }
}
