package com.teradata.tdgss.jgssp2td2;

import com.teradata.jdbc.Const;
import com.teradata.tdgss.jalgapi.AlgParcel;
import com.teradata.tdgss.jalgapi.AlgQop;
import com.teradata.tdgss.jalgapi.GCMParameterSpec;
import com.teradata.tdgss.jtdgss.TdgssException;
import com.teradata.tdgss.jtdgss.TdgssLogger;
import com.teradata.tdgss.jtdgss.TdgssUtil;
import com.teradata.tdgss.jtdgss.tdgssdefines;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;

/* loaded from: input_file:com/teradata/tdgss/jgssp2td2/Td2Crypto.class */
public final class Td2Crypto {
    private static final int ASN1OVERHEADBYTES = 48;
    private final TdgssLogger logger;
    private SecretKey secretKey;
    private byte[] key;
    private String encAlg;
    private String mode;
    private String padding;
    private String micAlg;
    private int peerCapabilities;
    private MessageDigest wrapDigest;
    private MessageDigest unwrapDigest;
    private MessageDigest getMicDigest;
    private MessageDigest verifyMicDigest;
    private Mac verifyMAC;
    private Mac getMAC;
    private Mac hMAC;
    private final int GCM_TAG_LENGTH = 16;
    private byte[] hSecretKey = null;

    public Td2Crypto(SecretKey secretKey, byte[] bArr, AlgQop algQop, int i, TdgssLogger tdgssLogger) throws GSSException {
        this.logger = tdgssLogger;
        this.secretKey = secretKey;
        this.key = bArr;
        this.encAlg = algQop.getConfidentialityAlgorithm();
        this.mode = algQop.getMode();
        this.padding = algQop.getPadding();
        this.micAlg = algQop.getIntegrityAlgorithm();
        this.peerCapabilities = i;
        try {
            if ((i & 16) == 16) {
                this.getMAC = Mac.getInstance("HMAC" + this.micAlg.replaceFirst("-", Const.URL_LSS_TYPE_DEFAULT));
                this.verifyMAC = Mac.getInstance("HMAC" + this.micAlg.replaceFirst("-", Const.URL_LSS_TYPE_DEFAULT));
                this.hMAC = Mac.getInstance("HMAC" + this.micAlg.replaceFirst("-", Const.URL_LSS_TYPE_DEFAULT));
            } else {
                this.wrapDigest = MessageDigest.getInstance(this.micAlg);
                this.unwrapDigest = MessageDigest.getInstance(this.micAlg);
                this.getMicDigest = MessageDigest.getInstance(this.micAlg);
                this.verifyMicDigest = MessageDigest.getInstance(this.micAlg);
            }
        } catch (Exception e) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_MIC_FAIL, e);
        }
    }

    public void computeKeyHash() throws GSSException {
        if ((this.peerCapabilities & 1) != 1 || (this.peerCapabilities & 16) == 16) {
            return;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.micAlg);
            messageDigest.update(this.key, 0, this.key.length);
            this.hSecretKey = messageDigest.digest();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(TdgssUtil.dump("The Secret Key hash is ************************", this.hSecretKey));
            }
        } catch (Exception e) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_MIC_FAIL, e);
        }
    }

    public byte[] wrap(byte[] bArr, int i, int i2, MessageProp messageProp, Td2Token td2Token) throws GSSException {
        byte[] bArr2;
        boolean z = false;
        byte[] bArr3 = new byte[0];
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Entering!");
        }
        if (i < 0 || i2 < 0) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Argument out of Range");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (bArr.length < i2 + i) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("INPUT BUFFER SIZE " + bArr.length + " IS SMALLER THAN LENGTH + OFFSET " + (i2 + i));
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (td2Token == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Token Header is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
        }
        if (this.wrapDigest == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Wrap digest argument is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_BAD_CONTEXT_STATE);
        }
        if ((td2Token.getFlags() & 4) == 4) {
            z = true;
        }
        if (this.hSecretKey == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Hash of the secret key is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_BAD_CONTEXT_STATE);
        }
        int length = i2 + this.hSecretKey.length;
        td2Token.setMsgLength(length + 16);
        byte[] bArr4 = new byte[length + 16];
        System.arraycopy(bArr, i, bArr4, 0, i2);
        System.arraycopy(this.hSecretKey, 0, bArr4, i2, this.hSecretKey.length);
        if (z) {
            String str = this.encAlg + "/" + this.mode + "/" + this.padding;
            int length2 = bArr4.length;
            td2Token.GetTokenBytes();
            try {
                Cipher cipher = Cipher.getInstance(str);
                if (this.padding.equalsIgnoreCase(tdgssdefines.PADDING_NOPADDING)) {
                    int blockSize = cipher.getBlockSize();
                    length2 = (bArr4.length / blockSize) * blockSize;
                }
                if (this.mode.equalsIgnoreCase(tdgssdefines.MODE_ECB)) {
                    cipher.init(1, this.secretKey);
                } else {
                    cipher.init(1, this.secretKey, new IvParameterSpec(td2Token.GetTokenBytes()));
                }
                int outputSize = cipher.getOutputSize(length2);
                td2Token.setMsgLength(outputSize);
                byte[] GetTokenBytes = td2Token.GetTokenBytes();
                System.arraycopy(GetTokenBytes, 0, bArr4, length, GetTokenBytes.length);
                this.wrapDigest.update(bArr4);
                byte[] digest = this.wrapDigest.digest();
                System.arraycopy(digest, 0, bArr4, i2, digest.length);
                if (!this.mode.equalsIgnoreCase(tdgssdefines.MODE_ECB)) {
                    GetTokenBytes = td2Token.GetTokenBytes();
                    cipher.init(1, this.secretKey, new IvParameterSpec(GetTokenBytes));
                }
                byte[] doFinal = cipher.doFinal(bArr4, 0, length2);
                bArr2 = new byte[outputSize + 16];
                System.arraycopy(doFinal, 0, bArr2, 0, doFinal.length);
                System.arraycopy(GetTokenBytes, 0, bArr2, doFinal.length, GetTokenBytes.length);
            } catch (InvalidKeyException e) {
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_KEYSIZE, e);
            } catch (Exception e2) {
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e2);
            }
        } else {
            byte[] GetTokenBytes2 = td2Token.GetTokenBytes();
            System.arraycopy(GetTokenBytes2, 0, bArr4, length, GetTokenBytes2.length);
            this.wrapDigest.update(bArr4);
            byte[] digest2 = this.wrapDigest.digest();
            System.arraycopy(digest2, 0, bArr4, i2, digest2.length);
            bArr2 = bArr4;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Leaving!");
        }
        return bArr2;
    }

    public byte[] newWrap(byte[] bArr, int i, int i2, MessageProp messageProp, Td2Token td2Token) throws GSSException {
        byte[] bArr2;
        AlgorithmParameterSpec gCMParameterSpec;
        boolean z = false;
        byte[] bArr3 = new byte[0];
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Entering newWrap!");
        }
        if (i < 0 || i2 < 0) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Argument out of Range");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (bArr.length < i2 + i) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("INPUT BUFFER SIZE " + bArr.length + " IS SMALLER THAN LENGTH + OFFSET " + (i2 + i));
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (td2Token == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Token Header is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
        }
        if (this.hMAC == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Wrap digest argument is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_BAD_CONTEXT_STATE);
        }
        if ((td2Token.getFlags() & 4) == 4) {
            z = true;
        }
        byte[] bArr4 = new byte[i2 + 16];
        System.arraycopy(bArr, i, bArr4, 0, i2);
        byte[] bArr5 = null;
        byte[] bArr6 = null;
        if (z) {
            String str = this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM) ? this.encAlg + "/" + this.mode + "/" + tdgssdefines.PADDING_NOPADDING : (this.mode.equalsIgnoreCase(tdgssdefines.MODE_AEADGCM) || this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96)) ? this.encAlg + "/GCM/NoPadding" : this.mode.equalsIgnoreCase(tdgssdefines.MODE_CTR) ? this.encAlg + "/" + this.mode + "/" + tdgssdefines.PADDING_NOPADDING : this.encAlg + "/" + this.mode + "/" + this.padding;
            int length = bArr4.length;
            try {
                Cipher cipher = Cipher.getInstance(str);
                if (((this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM) || this.mode.equalsIgnoreCase(tdgssdefines.MODE_AEADGCM)) && AlgParcel.isGCMsupported()) || (this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96) && AlgParcel.isGCM96supported())) {
                    try {
                        cipher.init(1, this.secretKey);
                        td2Token.setMsgLength(cipher.getOutputSize(length) + this.hMAC.getMacLength() + 16);
                        byte[] GetTokenBytes = td2Token.GetTokenBytes();
                        if (this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96)) {
                            byte[] bArr7 = new byte[12];
                            System.arraycopy(GetTokenBytes, 4, bArr4, i2, GetTokenBytes.length - 4);
                            System.arraycopy(GetTokenBytes, 4, bArr7, 0, GetTokenBytes.length - 4);
                            gCMParameterSpec = GCMParameterSpec.getInstance(128, bArr7);
                        } else {
                            System.arraycopy(GetTokenBytes, 0, bArr4, i2, GetTokenBytes.length);
                            gCMParameterSpec = GCMParameterSpec.getInstance(128, GetTokenBytes);
                        }
                        Cipher cipher2 = Cipher.getInstance(str);
                        cipher2.init(1, this.secretKey, gCMParameterSpec);
                        byte[] doFinal = cipher2.doFinal(bArr4, 0, length);
                        bArr2 = new byte[doFinal.length - 16];
                        bArr5 = new byte[16];
                        System.arraycopy(doFinal, doFinal.length - 16, bArr5, 0, 16);
                        System.arraycopy(doFinal, 0, bArr2, 0, bArr2.length);
                    } catch (Exception e) {
                        this.logger.debug("encrption wrap failed");
                        throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e);
                    }
                } else {
                    try {
                        cipher.init(1, this.secretKey);
                        td2Token.setMsgLength(cipher.getOutputSize(length) + this.hMAC.getMacLength() + 16);
                        byte[] GetTokenBytes2 = td2Token.GetTokenBytes();
                        IvParameterSpec ivParameterSpec = new IvParameterSpec(GetTokenBytes2);
                        Cipher cipher3 = Cipher.getInstance(str);
                        cipher3.init(1, this.secretKey, ivParameterSpec);
                        System.arraycopy(GetTokenBytes2, 0, bArr4, i2, GetTokenBytes2.length);
                        byte[] doFinal2 = cipher3.doFinal(bArr4, 0, length);
                        bArr2 = new byte[doFinal2.length];
                        System.arraycopy(doFinal2, 0, bArr2, 0, doFinal2.length);
                    } catch (Exception e2) {
                        this.logger.debug("encrption wrap failed");
                        throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e2);
                    }
                }
                if (!this.mode.equalsIgnoreCase(tdgssdefines.MODE_AEADGCM) && !this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96)) {
                    bArr6 = computeHMAC(bArr2, 0, bArr2.length);
                }
            } catch (Exception e3) {
                this.logger.debug("Encryption algorithm is not available");
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e3);
            }
        } else {
            td2Token.setMsgLength(i2 + this.getMAC.getMacLength() + 16);
            System.arraycopy(td2Token.GetTokenBytes(), 0, bArr4, i2, td2Token.GetTokenBytes().length);
            bArr6 = computeHMAC(bArr4, i, i2);
            bArr2 = new byte[i2];
            System.arraycopy(bArr, i, bArr2, 0, i2);
        }
        ASN1TokenHdr aSN1TokenHdr = new ASN1TokenHdr();
        aSN1TokenHdr.setFlag(td2Token.getFlags());
        aSN1TokenHdr.setMsgLength(td2Token.getMsgLength());
        aSN1TokenHdr.setMsgType(new byte[]{td2Token.getMsgType()});
        aSN1TokenHdr.setfQOP(Td2Util.inttobytearray(td2Token.getQOP()));
        aSN1TokenHdr.setSeqNum(td2Token.getSeqNumber());
        aSN1TokenHdr.setVersion(new byte[]{td2Token.getVersion()});
        ASN1Msg aSN1Msg = new ASN1Msg();
        aSN1Msg.setAsn1TokenHdr(aSN1TokenHdr);
        if (bArr5 != null) {
            aSN1Msg.setAuthTag(bArr5);
        }
        aSN1Msg.setInputMsg(bArr2);
        if (!this.mode.equalsIgnoreCase(tdgssdefines.MODE_AEADGCM) && !this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96)) {
            aSN1Msg.setComputedMac(bArr6);
        }
        return aSN1Msg.getDERObject().getEncodedValue();
    }

    public byte[] unwrap(byte[] bArr, int i, int i2, MessageProp messageProp, Td2Token td2Token) throws GSSException {
        byte[] bArr2;
        byte[] bArr3 = new byte[0];
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Entering!");
        }
        if (i < 0 || i2 < 0) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Argument out of Range");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (bArr == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Input argument is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
        }
        if (bArr.length < i2 + i) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("INPUT BUFFER SIZE " + bArr.length + " IS SMALLER THAN LENGTH + OFFSET " + (i2 + i));
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (td2Token == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Token Header is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
        }
        if (this.unwrapDigest == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Unwrap digest is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_BAD_CONTEXT_STATE);
        }
        boolean z = (td2Token.getFlags() & 4) == 4;
        int digestLength = this.unwrapDigest.getDigestLength();
        if (td2Token.getVersion() != 3 || td2Token.getMsgType() != 7) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_WRONG_MSGINFO);
        }
        if (z) {
            byte[] bArr4 = new byte[i2 - 16];
            byte[] bArr5 = new byte[16];
            String str = this.encAlg + "/" + this.mode + "/" + this.padding;
            System.arraycopy(bArr, i, bArr4, 0, i2 - 16);
            System.arraycopy(bArr, (i + i2) - 16, bArr5, 0, 16);
            try {
                Cipher cipher = Cipher.getInstance(str);
                cipher.init(2, this.secretKey, new IvParameterSpec(bArr5));
                byte[] doFinal = cipher.doFinal(bArr4, 0, bArr4.length);
                for (int i3 = 0; i3 < 16; i3++) {
                    if (doFinal[(doFinal.length - 16) + i3] != bArr5[i3]) {
                        throw new TdgssException(11, Td2MinorStatus.TD2_ERR_MIC_FAIL);
                    }
                }
                byte[] bArr6 = (byte[]) doFinal.clone();
                byte[] bArr7 = new byte[digestLength];
                int length = (doFinal.length - digestLength) - 16;
                System.arraycopy(this.hSecretKey, 0, bArr6, length, digestLength);
                System.arraycopy(doFinal, length, bArr7, 0, digestLength);
                if (!verifyHash(bArr6, bArr7, this.unwrapDigest)) {
                    throw new TdgssException(6, Td2MinorStatus.TD2_ERR_INVALID_DIGEST);
                }
                bArr2 = new byte[length];
                System.arraycopy(bArr6, 0, bArr2, 0, length);
            } catch (InvalidKeyException e) {
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_KEYSIZE, e);
            } catch (Exception e2) {
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e2);
            }
        } else {
            byte[] bArr8 = (byte[]) bArr.clone();
            byte[] bArr9 = new byte[digestLength];
            int i4 = (i2 - digestLength) - 16;
            System.arraycopy(this.hSecretKey, 0, bArr8, i4, this.hSecretKey.length);
            System.arraycopy(bArr, i + i4, bArr9, 0, digestLength);
            if (!verifyHash(bArr8, bArr9, this.unwrapDigest)) {
                throw new TdgssException(6, Td2MinorStatus.TD2_ERR_INVALID_DIGEST);
            }
            bArr2 = new byte[i4];
            System.arraycopy(bArr8, 0, bArr2, 0, i4);
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Leaving!");
        }
        return bArr2;
    }

    public byte[] newUnWrap(byte[] bArr, int i, int i2, byte[] bArr2, boolean z, Td2Token td2Token, byte[] bArr3) throws GSSException {
        byte[] bArr4;
        AlgorithmParameterSpec gCMParameterSpec;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Entering!");
        }
        if (i < 0 || i2 < 0) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Argument out of Range");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (bArr == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Input argument is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
        }
        if (bArr.length < i2 + i) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("INPUT BUFFER SIZE " + bArr.length + " IS SMALLER THAN LENGTH + OFFSET " + (i2 + i));
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (td2Token == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Token Header is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
        }
        byte[] GetTokenBytes = td2Token.GetTokenBytes();
        if (!z) {
            byte[] bArr5 = new byte[i2 + GetTokenBytes.length];
            System.arraycopy(bArr, i, bArr5, 0, i2);
            System.arraycopy(GetTokenBytes, 0, bArr5, i2, GetTokenBytes.length);
            if (bArr2 == null) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("mac is null");
                }
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
            }
            if (!verifyMac(bArr5, bArr2)) {
                this.logger.debug("MAC verification failed");
                throw new TdgssException(6, Td2MinorStatus.TD2_ERR_INVALID_DIGEST);
            }
            byte[] bArr6 = new byte[i2];
            System.arraycopy(bArr, i, bArr6, 0, i2);
            return bArr6;
        }
        if (!this.mode.equalsIgnoreCase(tdgssdefines.MODE_AEADGCM) && !this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96)) {
            if (bArr2 == null) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("mac is null");
                }
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
            }
            if (!verifyMac(bArr, bArr2)) {
                this.logger.debug("MAC verification failed");
                throw new TdgssException(6, Td2MinorStatus.TD2_ERR_INVALID_DIGEST);
            }
        }
        String str = this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM) ? this.encAlg + "/" + this.mode + "/" + tdgssdefines.PADDING_NOPADDING : (this.mode.equalsIgnoreCase(tdgssdefines.MODE_AEADGCM) || this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96)) ? this.encAlg + "/GCM/NoPadding" : this.mode.equalsIgnoreCase(tdgssdefines.MODE_CTR) ? this.encAlg + "/" + this.mode + "/" + tdgssdefines.PADDING_NOPADDING : this.encAlg + "/" + this.mode + "/" + this.padding;
        if (((!this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM) && !this.mode.equalsIgnoreCase(tdgssdefines.MODE_AEADGCM)) || !AlgParcel.isGCMsupported()) && (!this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96) || !AlgParcel.isGCM96supported())) {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(GetTokenBytes);
            try {
                Cipher cipher = Cipher.getInstance(str);
                cipher.init(2, this.secretKey, ivParameterSpec);
                bArr4 = cipher.doFinal(bArr, 0, bArr.length);
            } catch (Exception e) {
                this.logger.debug("Encryption failed");
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e);
            }
        } else {
            if (bArr3 == null) {
                this.logger.debug("authtag is null");
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
            }
            byte[] bArr7 = new byte[i2 + bArr3.length];
            System.arraycopy(bArr, i, bArr7, 0, i2);
            System.arraycopy(bArr3, i, bArr7, i2, bArr3.length);
            try {
                Cipher cipher2 = Cipher.getInstance(str);
                if (this.mode.equalsIgnoreCase(tdgssdefines.MODE_GCM96)) {
                    byte[] bArr8 = new byte[12];
                    System.arraycopy(GetTokenBytes, 4, bArr8, 0, GetTokenBytes.length - 4);
                    gCMParameterSpec = GCMParameterSpec.getInstance(128, bArr8);
                } else {
                    gCMParameterSpec = GCMParameterSpec.getInstance(128, GetTokenBytes);
                }
                cipher2.init(2, this.secretKey, gCMParameterSpec);
                bArr4 = cipher2.doFinal(bArr7, 0, bArr7.length);
            } catch (Exception e2) {
                this.logger.debug("Encryption failed");
                throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e2);
            }
        }
        int length = bArr4.length - 16;
        byte[] bArr9 = new byte[length];
        System.arraycopy(bArr4, 0, bArr9, 0, length);
        return bArr9;
    }

    public byte[] getMIC(byte[] bArr, int i, int i2, MessageProp messageProp, Td2Token td2Token) throws GSSException {
        byte[] bArr2;
        byte[] bArr3 = new byte[0];
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Entering!");
        }
        if (i < 0 || i2 < 0) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Argument out of Range");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (bArr.length < i2 + i) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("INPUT BUFFER SIZE " + bArr.length + " IS SMALLER THAN LENGTH + OFFSET " + (i2 + i));
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (td2Token == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Token Header is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_INPUT);
        }
        if (this.getMicDigest == null && this.getMAC == null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Get MIC/MAC digest is null");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_BAD_CONTEXT_STATE);
        }
        if ((this.peerCapabilities & 16) == 16) {
            byte[] bArr4 = new byte[i2 + 16];
            System.arraycopy(bArr, i, bArr4, 0, i2);
            td2Token.setMsgLength(this.getMAC.getMacLength() + 16);
            byte[] GetTokenBytes = td2Token.GetTokenBytes();
            System.arraycopy(GetTokenBytes, 0, bArr4, i2, GetTokenBytes.length);
            byte[] computeHMAC = computeHMAC(bArr4, i, bArr4.length);
            bArr2 = new byte[computeHMAC.length + 16];
            System.arraycopy(computeHMAC, 0, bArr2, 0, computeHMAC.length);
            System.arraycopy(GetTokenBytes, 0, bArr2, computeHMAC.length, 16);
        } else {
            int digestLength = this.getMicDigest.getDigestLength();
            int length = i2 + this.hSecretKey.length;
            td2Token.setMsgLength(digestLength);
            byte[] bArr5 = new byte[length + 16];
            System.arraycopy(bArr, i, bArr5, 0, i2);
            System.arraycopy(this.hSecretKey, 0, bArr5, i2, this.hSecretKey.length);
            byte[] GetTokenBytes2 = td2Token.GetTokenBytes();
            System.arraycopy(GetTokenBytes2, 0, bArr5, length, GetTokenBytes2.length);
            this.getMicDigest.update(bArr5);
            byte[] digest = this.getMicDigest.digest();
            bArr2 = new byte[digestLength + 16];
            System.arraycopy(digest, 0, bArr2, 0, digest.length);
            System.arraycopy(GetTokenBytes2, 0, bArr2, digest.length, 16);
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Leaving!");
        }
        return bArr2;
    }

    private byte[] computeHMAC(byte[] bArr, int i, int i2) throws GSSException {
        try {
            this.getMAC.init(this.secretKey);
            this.getMAC.update(bArr);
            return this.getMAC.doFinal();
        } catch (Exception e) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_MIC_FAIL, e);
        }
    }

    public void verifyMIC(byte[] bArr, int i, int i2, byte[] bArr2, int i3, int i4, MessageProp messageProp, Td2Token td2Token) throws GSSException {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Entering!");
        }
        if (i3 < 0 || i4 < 0 || i2 < 0 || i < 0) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Argument out of Range");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (i2 + i > bArr.length || i4 + i3 > bArr2.length) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Input length is larger than buffer size ");
            }
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_ARGUMENT);
        }
        if (td2Token.getVersion() != 3 || td2Token.getMsgType() != 8) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_WRONG_MSGINFO);
        }
        if ((this.peerCapabilities & 16) == 16) {
            int macLength = this.verifyMAC.getMacLength();
            byte[] bArr3 = new byte[macLength];
            byte[] bArr4 = new byte[i4 + 16];
            byte[] GetTokenBytes = td2Token.GetTokenBytes();
            System.arraycopy(bArr2, i3, bArr4, 0, i4);
            System.arraycopy(GetTokenBytes, 0, bArr4, i4, 16);
            System.arraycopy(bArr, i, bArr3, 0, macLength);
            if (!verifyMac(bArr4, bArr3)) {
                throw new TdgssException(6, Td2MinorStatus.TD2_ERR_INVALID_DIGEST);
            }
        } else {
            int digestLength = this.verifyMicDigest.getDigestLength();
            int i5 = i4 + digestLength + 16;
            byte[] bArr5 = new byte[digestLength];
            byte[] bArr6 = new byte[i5];
            byte[] GetTokenBytes2 = td2Token.GetTokenBytes();
            System.arraycopy(bArr, i, bArr5, 0, digestLength);
            System.arraycopy(bArr2, i3, bArr6, 0, i4);
            System.arraycopy(this.hSecretKey, 0, bArr6, i4, this.hSecretKey.length);
            System.arraycopy(GetTokenBytes2, 0, bArr6, i5 - 16, 16);
            if (!verifyHash(bArr6, bArr5, this.verifyMicDigest)) {
                throw new TdgssException(6, Td2MinorStatus.TD2_ERR_INVALID_DIGEST);
            }
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Leaving!");
        }
    }

    private boolean verifyMac(byte[] bArr, byte[] bArr2) throws GSSException {
        try {
            this.verifyMAC.init(this.secretKey);
            this.verifyMAC.update(bArr);
            byte[] doFinal = this.verifyMAC.doFinal();
            if (doFinal.length != bArr2.length) {
                return false;
            }
            for (int i = 0; i < doFinal.length; i++) {
                if (doFinal[i] != bArr2[i]) {
                    return false;
                }
            }
            return true;
        } catch (InvalidKeyException e) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_KEYSIZE, e);
        }
    }

    public int getWrapSizeLimit(int i, boolean z, int i2, boolean z2) throws GSSException {
        int i3;
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Entering!");
        }
        if (i2 < 16) {
            return 0;
        }
        if (z) {
            int maxInputLength = getMaxInputLength(i2 - 16);
            i3 = maxInputLength > 16 ? maxInputLength : 0;
            if (i3 > 16) {
                i3 -= 16;
            }
        } else {
            i3 = i2 - 16;
        }
        int macLength = (this.peerCapabilities & 16) == 16 ? this.hMAC.getMacLength() : this.wrapDigest.getDigestLength();
        if (i3 > macLength) {
            i3 -= macLength;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Leaving!");
        }
        return z2 ? i3 + 48 : i3;
    }

    private int getMaxInputLength(int i) throws GSSException {
        int i2;
        try {
            Cipher cipher = Cipher.getInstance(this.encAlg + "/" + this.mode + "/" + this.padding);
            if (this.mode.equalsIgnoreCase(tdgssdefines.MODE_ECB)) {
                cipher.init(1, this.secretKey);
            } else {
                byte[] bArr = new byte[cipher.getBlockSize()];
                for (int i3 = 0; i3 < bArr.length; i3++) {
                    bArr[i3] = 0;
                }
                cipher.init(1, this.secretKey, new IvParameterSpec(bArr));
            }
            int blockSize = cipher.getBlockSize();
            if (this.mode.equalsIgnoreCase(tdgssdefines.MODE_CBC)) {
                if (i < blockSize) {
                    i2 = 0;
                } else {
                    int i4 = i % blockSize;
                    i2 = this.padding.equalsIgnoreCase(tdgssdefines.PADDING_NOPADDING) ? i - i4 : this.padding.equalsIgnoreCase(tdgssdefines.PADDING_PKCS5PADDING) ? i - (blockSize + i4) : 0;
                }
            } else if (this.mode.equalsIgnoreCase(tdgssdefines.MODE_CFB) || this.mode.equalsIgnoreCase(tdgssdefines.MODE_OFB)) {
                i2 = this.padding.equalsIgnoreCase(tdgssdefines.PADDING_NOPADDING) ? i : this.padding.equalsIgnoreCase(tdgssdefines.PADDING_PKCS5PADDING) ? i >= blockSize ? i - ((i >= blockSize ? i % blockSize : 0) + 1) : 0 : 0;
            } else {
                i2 = 0;
            }
            return i2;
        } catch (InvalidKeyException e) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_INVALID_KEYSIZE, e);
        } catch (Exception e2) {
            throw new TdgssException(11, Td2MinorStatus.TD2_ERR_ENCRYPTION_FAIL, e2);
        }
    }

    private boolean verifyHash(byte[] bArr, byte[] bArr2, MessageDigest messageDigest) {
        messageDigest.update(bArr);
        byte[] digest = messageDigest.digest();
        if (digest.length != bArr2.length) {
            return false;
        }
        for (int i = 0; i < digest.length; i++) {
            if (digest[i] != bArr2[i]) {
                return false;
            }
        }
        return true;
    }
}
