package oracle.net.ano;

import com.sun.security.jgss.ExtendedGSSContext;
import com.sun.security.jgss.InquireType;
import java.lang.reflect.Executable;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.Iterator;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosCredMessage;
import javax.security.auth.kerberos.KerberosPrincipal;
import javax.security.auth.kerberos.KerberosTicket;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import oracle.jdbc.OracleConnection;
import oracle.net.aso.b;
import oracle.net.ns.NetException;
import oracle.net.ns.SQLnetDef;
import oracle.net.ns.SessionAtts;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:oracle/net/ano/AuthenticationService.class */
public class AuthenticationService extends Service implements PrivilegedExceptionAction, SQLnetDef {
    static final String[] o;
    private static final String[] p;
    private static final byte[] q;
    private int z;
    private static Executable $$$methodRef$$$0;
    private static Logger $$$loggerRef$$$0;
    private static Executable $$$methodRef$$$1;
    private static Logger $$$loggerRef$$$1;
    private static Executable $$$methodRef$$$2;
    private static Logger $$$loggerRef$$$2;
    private static Executable $$$methodRef$$$3;
    private static Logger $$$loggerRef$$$3;
    private static Executable $$$methodRef$$$4;
    private static Logger $$$loggerRef$$$4;
    private static Executable $$$methodRef$$$5;
    private static Logger $$$loggerRef$$$5;
    private static Executable $$$methodRef$$$6;
    private static Logger $$$loggerRef$$$6;
    private static Executable $$$methodRef$$$7;
    private static Logger $$$loggerRef$$$7;
    private static Executable $$$methodRef$$$8;
    private static Logger $$$loggerRef$$$8;
    private static Executable $$$methodRef$$$9;
    private static Logger $$$loggerRef$$$9;
    private static Executable $$$methodRef$$$10;
    private static Logger $$$loggerRef$$$10;
    private static Executable $$$methodRef$$$11;
    private static Logger $$$loggerRef$$$11;
    private static Executable $$$methodRef$$$12;
    private static Logger $$$loggerRef$$$12;
    private static Executable $$$methodRef$$$13;
    private static Logger $$$loggerRef$$$13;
    private static Executable $$$methodRef$$$14;
    private static Logger $$$loggerRef$$$14;
    private static Executable $$$methodRef$$$15;
    private static Logger $$$loggerRef$$$15;
    private boolean t = false;
    private Subject u = null;
    private String v = null;
    private String w = null;
    private String x = null;
    private GSSCredential A = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int a(SessionAtts sessionAtts) {
        super.a(sessionAtts);
        this.P = 1;
        this.z = 64767;
        String[] authenticationServices = sessionAtts.profile.getAuthenticationServices();
        a(authenticationServices, o);
        this.N = new int[authenticationServices.length];
        for (int i = 0; i < this.N.length; i++) {
            this.N[i] = a(o, authenticationServices[i]);
        }
        return 1;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void q() {
        h(3 + (this.N.length << 1));
        this.L.e();
        this.L.a(57569);
        this.L.b(this.z);
        for (int i = 0; i < this.N.length; i++) {
            this.L.a(q[this.N[i]]);
            this.L.a(p[this.N[i]]);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final int r() {
        int i = 20;
        for (int i2 = 0; i2 < this.N.length; i2++) {
            i = i + 5 + 4 + p[this.N[i2]].length();
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void g(int i) {
        this.Q = this.L.l();
        this.sAtts.profile.setANOVersion(this.Q);
        int k = this.L.k();
        if (k != 64255 || i <= 2) {
            if (k != 64511) {
                throw new NetException(323, "Authentication service received status failure");
            }
            this.t = false;
            return;
        }
        this.L.g();
        this.R = a(p, this.L.m());
        if (i > 4) {
            this.L.l();
            this.L.i();
            this.L.i();
        }
        this.t = true;
    }

    @Override // oracle.net.ano.Service
    public boolean isActive() {
        return this.t;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final byte[] b() {
        if (this.u == null) {
            return null;
        }
        return (byte[]) Subject.doAs(this.u, () -> {
            KerberosTicket kerberosTicket;
            if (this.u != null) {
                for (Object obj : this.u.getPrivateCredentials()) {
                    if (obj instanceof KerberosTicket) {
                        KerberosTicket kerberosTicket2 = (KerberosTicket) obj;
                        String name = kerberosTicket2.getServer().getName();
                        if (name.startsWith(this.v) || name.startsWith(this.w)) {
                            kerberosTicket = kerberosTicket2;
                            break;
                        }
                    }
                }
            }
            kerberosTicket = null;
            return kerberosTicket != null ? kerberosTicket.getSessionKey().getEncoded() : null;
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final int s() {
        if (!isActive()) {
            return 0;
        }
        if (this.R == 1) {
            return 32;
        }
        return this.R == 2 ? 37 : 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final void t() {
        if (this.t) {
            if (this.R == 1) {
                h(3);
                this.L.e();
                this.L.a(2L);
                this.L.a(2L);
                return;
            }
            if (this.R == 2) {
                h(4);
                this.L.e();
                this.L.a(2L);
                this.L.a(2L);
                this.L.a((short) 0);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30 */
    /* JADX WARN: Type inference failed for: r0v41, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v61 */
    /* JADX WARN: Type inference failed for: r0v62 */
    /* JADX WARN: Type inference failed for: r0v63 */
    public final void a(GSSCredential gSSCredential) {
        NetException netException;
        if (this.t) {
            this.sAtts.ano.c();
            Service.a(this.L);
            if (this.R == 1) {
                this.L.readUB2();
                this.L.readUB2();
                return;
            }
            if (this.R == 2) {
                String m = this.L.m();
                String m2 = this.L.m();
                this.v = m + "/" + m2;
                this.w = m + "@" + m2;
                try {
                    InetAddress.getByName(m2).getCanonicalHostName().toLowerCase().startsWith(m2.toLowerCase() + ".");
                } catch (UnknownHostException unused) {
                    m2.toLowerCase();
                }
                this.x = (String) this.sAtts.profile.get(OracleConnection.CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_KRB_REALM);
                if (this.x != null && this.x.indexOf(64) != -1) {
                    this.x = this.x.substring(this.x.indexOf(64));
                }
                this.A = gSSCredential;
                AccessControlContext context = AccessController.getContext();
                GSSCredential gSSCredential2 = this.A;
                PrivilegedActionException privilegedActionException = gSSCredential2;
                if (gSSCredential2 == null) {
                    if (context != null) {
                        this.u = Subject.getSubject(context);
                    }
                    Subject subject = this.u;
                    privilegedActionException = subject;
                    if (subject == null) {
                        AuthenticationService authenticationService = this;
                        authenticationService.u = authenticationService.u();
                        privilegedActionException = authenticationService;
                    }
                }
                try {
                    privilegedActionException = Subject.doAs(this.u, this);
                } catch (PrivilegedActionException e) {
                    Exception exception = privilegedActionException.getException();
                    if (exception instanceof NetException) {
                        netException = (NetException) exception;
                    } else {
                        NetException netException2 = new NetException(323, e.getMessage());
                        netException = netException2;
                        netException2.initCause(e);
                    }
                    throw netException;
                }
            }
        }
    }

    private final Subject u() {
        final Configuration configuration = Configuration.getConfiguration();
        Configuration.setConfiguration(new Configuration() { // from class: oracle.net.ano.AuthenticationService.1
            private static Executable $$$methodRef$$$0;
            private static Logger $$$loggerRef$$$0;
            private static Executable $$$methodRef$$$1;
            private static Logger $$$loggerRef$$$1;
            private static Executable $$$methodRef$$$2;
            private static Logger $$$loggerRef$$$2;

            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                HashMap hashMap = new HashMap();
                hashMap.put("useTicketCache", "true");
                hashMap.put("doNotPrompt", "true");
                String str2 = (String) AuthenticationService.this.sAtts.profile.get("oracle.net.kerberos5_cc_name");
                if (str2 != null && !str2.equals("")) {
                    hashMap.put("ticketCache", str2);
                }
                if (str.equalsIgnoreCase("kprb5module")) {
                    return new AppConfigurationEntry[]{new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule", AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
                }
                if (configuration != null) {
                    return configuration.getAppConfigurationEntry(str);
                }
                return null;
            }

            public void refresh() {
            }

            static {
                try {
                    $$$methodRef$$$2 = AnonymousClass1.class.getDeclaredConstructor(AuthenticationService.class, Configuration.class);
                } catch (Throwable unused) {
                }
                $$$loggerRef$$$2 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
                try {
                    $$$methodRef$$$1 = AnonymousClass1.class.getDeclaredMethod("refresh", new Class[0]);
                } catch (Throwable unused2) {
                }
                $$$loggerRef$$$1 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
                try {
                    $$$methodRef$$$0 = AnonymousClass1.class.getDeclaredMethod("getAppConfigurationEntry", String.class);
                } catch (Throwable unused3) {
                }
                $$$loggerRef$$$0 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
            }
        });
        try {
            LoginContext loginContext = new LoginContext("kprb5module");
            loginContext.login();
            return loginContext.getSubject();
        } catch (Exception e) {
            NetException netException = new NetException(323, e.getMessage());
            netException.initCause(e);
            throw netException;
        }
    }

    @Override // java.security.PrivilegedExceptionAction
    public Object run() {
        byte[] bArr;
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            Oid oid2 = new Oid("1.2.840.113554.1.2.2.1");
            byte[] der = oid.getDER();
            KerberosPrincipal kerberosPrincipal = null;
            if (this.A == null) {
                Iterator<Principal> it = this.u.getPrincipals().iterator();
                if (it.hasNext()) {
                    Principal next = it.next();
                    if (next instanceof KerberosPrincipal) {
                        kerberosPrincipal = (KerberosPrincipal) next;
                    }
                }
                if (kerberosPrincipal == null) {
                    throw new NetException(323, "Unable to find valid kerberos principal for authentication");
                }
            }
            GSSContext createContext = gSSManager.createContext(this.x != null ? gSSManager.createName(this.v, oid2) : gSSManager.createName(this.w, GSSName.NT_HOSTBASED_SERVICE), oid, this.A == null ? gSSManager.createCredential(gSSManager.createName(kerberosPrincipal != null ? kerberosPrincipal.getName() : null, oid2), 0, oid, 1) : this.A, 0);
            boolean z = true;
            if (((String) this.sAtts.profile.get("oracle.net.kerberos5_mutual_authentication")) != "true") {
                z = false;
            }
            createContext.requestMutualAuth(z);
            createContext.requestConf(false);
            createContext.requestInteg(false);
            if (this.A == null) {
                createContext.requestCredDeleg(true);
            } else {
                createContext.requestCredDeleg(false);
            }
            byte[] initSecContext = createContext.initSecContext(new byte[0], 0, 0);
            byte[] bArr2 = new byte[initSecContext.length - 17];
            System.arraycopy(initSecContext, 17, bArr2, 0, bArr2.length);
            byte[] address = InetAddress.getLocalHost().getAddress();
            this.sAtts.ano.a(39 + address.length + 4 + bArr2.length, this.P, (short) 0);
            h(4);
            this.L.a(2);
            this.L.a(4L);
            this.L.d(address);
            this.L.d(bArr2);
            this.L.flush();
            this.sAtts.ano.c();
            int[] a = Service.a(this.L);
            this.L.g();
            if (z) {
                if (a[1] < 2) {
                    throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                }
                byte[] n = this.L.n();
                byte[] bArr3 = new byte[der.length + 2 + n.length];
                System.arraycopy(der, 0, bArr3, 0, der.length);
                bArr3[der.length] = 2;
                bArr3[der.length + 1] = 0;
                System.arraycopy(n, 0, bArr3, der.length + 2, n.length);
                int length = bArr3.length;
                if (length < 128) {
                    bArr = r0;
                    byte[] bArr4 = {(byte) length};
                } else if (length < 256) {
                    bArr = r0;
                    byte[] bArr5 = {-127};
                    bArr[1] = (byte) length;
                } else if (length < 65536) {
                    bArr = r0;
                    byte[] bArr6 = {-126};
                    bArr[1] = (byte) (length >> 8);
                    bArr[2] = (byte) length;
                } else if (length < 16777216) {
                    byte[] bArr7 = new byte[4];
                    bArr = bArr7;
                    bArr7[0] = -125;
                    bArr[1] = (byte) (length >> 16);
                    bArr[2] = (byte) (length >> 8);
                    bArr[3] = (byte) length;
                } else {
                    byte[] bArr8 = new byte[5];
                    bArr = bArr8;
                    bArr8[0] = -124;
                    bArr[1] = (byte) (length >> 24);
                    bArr[2] = (byte) (length >> 16);
                    bArr[3] = (byte) (length >> 8);
                    bArr[4] = (byte) length;
                }
                byte[] bArr9 = bArr;
                byte[] bArr10 = new byte[1 + bArr9.length + bArr3.length];
                bArr10[0] = 96;
                System.arraycopy(bArr9, 0, bArr10, 1, bArr9.length);
                System.arraycopy(bArr3, 0, bArr10, bArr9.length + 1, bArr3.length);
                try {
                    createContext.initSecContext(bArr10, 0, bArr10.length);
                    if (!createContext.getMutualAuthState()) {
                        throw new NetException(323, "Mutual authentication failed during Kerberos5 authentication");
                    }
                } catch (GSSException e) {
                    NetException netException = new NetException(323, e.getMessage());
                    netException.initCause(e);
                    throw netException;
                }
            }
            if (!createContext.isEstablished()) {
                throw new NetException(323, "Kerberos5 adaptor couldn't create context");
            }
            byte[] a2 = this.A == null ? a(createContext) : null;
            if (a2 == null) {
                a2 = new byte[0];
            }
            this.sAtts.ano.a(25 + a2.length, this.P, (short) 0);
            h(1);
            this.L.d(a2);
            this.L.flush();
            return null;
        } catch (GSSException e2) {
            NetException netException2 = new NetException(323, e2.getMessage());
            netException2.initCause(e2);
            throw netException2;
        }
    }

    /* JADX WARN: Type inference failed for: r0v11, types: [java.lang.Throwable, byte[]] */
    private final byte[] a(GSSContext gSSContext) {
        ?? encoded;
        try {
            byte[] bArr = null;
            if (gSSContext.getCredDelegState() && this.u != null) {
                encoded = ((KerberosCredMessage) ((ExtendedGSSContext) gSSContext).inquireSecContext(InquireType.valueOf("KRB5_GET_KRB_CRED"))).getEncoded();
                bArr = encoded;
            }
            return bArr;
        } catch (GSSException e) {
            throw encoded;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // oracle.net.ano.Service
    public final void x() {
    }

    public static final byte[] obfuscatePasswordForRadius(byte[] bArr) {
        return b.i(bArr);
    }

    static {
        try {
            $$$methodRef$$$15 = AuthenticationService.class.getDeclaredConstructor(new Class[0]);
        } catch (Throwable unused) {
        }
        $$$loggerRef$$$15 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$14 = AuthenticationService.class.getDeclaredMethod("w", new Class[0]);
        } catch (Throwable unused2) {
        }
        $$$loggerRef$$$14 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$13 = AuthenticationService.class.getDeclaredMethod("obfuscatePasswordForRadius", byte[].class);
        } catch (Throwable unused3) {
        }
        $$$loggerRef$$$13 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$12 = AuthenticationService.class.getDeclaredMethod("x", new Class[0]);
        } catch (Throwable unused4) {
        }
        $$$loggerRef$$$12 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$11 = AuthenticationService.class.getDeclaredMethod("a", GSSContext.class);
        } catch (Throwable unused5) {
        }
        $$$loggerRef$$$11 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$10 = AuthenticationService.class.getDeclaredMethod("run", new Class[0]);
        } catch (Throwable unused6) {
        }
        $$$loggerRef$$$10 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$9 = AuthenticationService.class.getDeclaredMethod("u", new Class[0]);
        } catch (Throwable unused7) {
        }
        $$$loggerRef$$$9 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$8 = AuthenticationService.class.getDeclaredMethod("a", GSSCredential.class);
        } catch (Throwable unused8) {
        }
        $$$loggerRef$$$8 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$7 = AuthenticationService.class.getDeclaredMethod("t", new Class[0]);
        } catch (Throwable unused9) {
        }
        $$$loggerRef$$$7 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$6 = AuthenticationService.class.getDeclaredMethod("s", new Class[0]);
        } catch (Throwable unused10) {
        }
        $$$loggerRef$$$6 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$5 = AuthenticationService.class.getDeclaredMethod("b", new Class[0]);
        } catch (Throwable unused11) {
        }
        $$$loggerRef$$$5 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$4 = AuthenticationService.class.getDeclaredMethod("isActive", new Class[0]);
        } catch (Throwable unused12) {
        }
        $$$loggerRef$$$4 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$3 = AuthenticationService.class.getDeclaredMethod("g", Integer.TYPE);
        } catch (Throwable unused13) {
        }
        $$$loggerRef$$$3 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$2 = AuthenticationService.class.getDeclaredMethod("r", new Class[0]);
        } catch (Throwable unused14) {
        }
        $$$loggerRef$$$2 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$1 = AuthenticationService.class.getDeclaredMethod("q", new Class[0]);
        } catch (Throwable unused15) {
        }
        $$$loggerRef$$$1 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        try {
            $$$methodRef$$$0 = AuthenticationService.class.getDeclaredMethod("a", SessionAtts.class);
        } catch (Throwable unused16) {
        }
        $$$loggerRef$$$0 = (Logger) Logger.class.getDeclaredMethod("getLogger", String.class).invoke(null, "oracle.jdbc");
        o = new String[]{"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, "TCPS"};
        p = new String[]{"", AnoServices.AUTHENTICATION_RADIUS, AnoServices.AUTHENTICATION_KERBEROS5, "tcps"};
        q = new byte[]{0, 1, 1, 2};
        try {
            Class.forName("javax.security.auth.kerberos.KerberosCredMessage");
        } catch (Exception unused17) {
        }
    }
}
