package javatunnel;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.util.Collections;
import java.util.HashSet;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosPrincipal;
import org.ietf.jgss.ChannelBinding;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;
import org.ietf.jgss.Oid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:javatunnel/GssTunnel.class */
class GssTunnel extends TunnelConverter {
    private static final Logger _log = LoggerFactory.getLogger(GssTunnel.class);
    private GSSManager _gManager;
    protected GSSContext _context;
    private GSSCredential _myCredential;
    private GSSCredential _userCredential;
    protected GSSName _userPrincipal;
    protected GSSName _myPrincipal;
    protected GSSName _peerPrincipal;
    private boolean _authDone;
    private String _principalStr;
    MessageProp _prop = new MessageProp(true);
    private boolean _useChannelBinding = true;

    /* JADX INFO: Access modifiers changed from: protected */
    public GssTunnel() {
    }

    public GssTunnel(String str) {
        this._principalStr = str;
    }

    public GssTunnel(String str, boolean z) throws GSSException {
        if (z) {
            Oid oid = new Oid("1.2.840.113554.1.2.2");
            this._gManager = GSSManager.getInstance();
            this._myPrincipal = this._gManager.createName(str, (Oid) null);
            this._myCredential = this._gManager.createCredential(this._myPrincipal, Integer.MAX_VALUE, oid, 2);
            this._context = this._gManager.createContext(this._myCredential);
        }
    }

    public GssTunnel(String str, String str2) throws GSSException {
        Oid oid = new Oid("1.2.840.113554.1.2.2");
        this._gManager = GSSManager.getInstance();
        this._myPrincipal = this._gManager.createName(str, (Oid) null);
        this._myCredential = this._gManager.createCredential(this._myPrincipal, 0, oid, 1);
        this._peerPrincipal = this._gManager.createName(str2, (Oid) null);
        this._context = this._gManager.createContext(this._peerPrincipal, oid, this._myCredential, 0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void useChannelBinding(boolean z) {
        this._useChannelBinding = z;
    }

    @Override // javatunnel.TunnelConverter, javatunnel.Convertable
    public byte[] decode(InputStream inputStream) throws IOException {
        byte[] decode = super.decode(inputStream);
        if (this._authDone) {
            try {
                decode = this._context.unwrap(decode, 0, decode.length, this._prop);
            } catch (GSSException e) {
                throw new IOException("Failed to unwrap message: " + e.getMessage());
            }
        }
        return decode;
    }

    @Override // javatunnel.TunnelConverter, javatunnel.Convertable
    public void encode(byte[] bArr, int i, OutputStream outputStream) throws IOException {
        byte[] wrap;
        int length;
        if (this._authDone) {
            try {
                wrap = this._context.wrap(bArr, 0, i, this._prop);
                length = wrap.length;
            } catch (GSSException e) {
                throw new IOException(e.getMessage());
            }
        } else {
            wrap = bArr;
            length = i;
        }
        super.encode(wrap, length, outputStream);
    }

    @Override // javatunnel.TunnelConverter, javatunnel.Convertable
    public boolean auth(InputStream inputStream, OutputStream outputStream, Object obj) {
        boolean z = false;
        try {
            byte[] bArr = new byte[0];
            Socket socket = (Socket) obj;
            this._context.requestMutualAuth(true);
            if (this._useChannelBinding) {
                this._context.setChannelBinding(new ChannelBinding(socket.getInetAddress(), InetAddress.getLocalHost(), (byte[]) null));
            }
            while (!z) {
                byte[] initSecContext = this._context.initSecContext(bArr, 0, bArr.length);
                if (initSecContext != null) {
                    encode(initSecContext, initSecContext.length, outputStream);
                }
                if (this._context.isEstablished()) {
                    z = true;
                } else {
                    bArr = decode(inputStream);
                }
            }
        } catch (Exception e) {
            _log.error("Failed to authenticate", e);
        }
        this._authDone = z;
        return z;
    }

    @Override // javatunnel.TunnelConverter, javatunnel.Convertable
    public boolean verify(InputStream inputStream, OutputStream outputStream, Object obj) {
        try {
            Socket socket = (Socket) obj;
            if (this._useChannelBinding) {
                this._context.setChannelBinding(new ChannelBinding(socket.getInetAddress(), InetAddress.getLocalHost(), (byte[]) null));
            }
            while (!this._context.isEstablished()) {
                byte[] decode = decode(inputStream);
                byte[] acceptSecContext = this._context.acceptSecContext(decode, 0, decode.length);
                if (acceptSecContext != null) {
                    encode(acceptSecContext, acceptSecContext.length, outputStream);
                }
            }
            this._userPrincipal = this._context.getSrcName();
        } catch (EOFException e) {
            _log.debug("connection closed");
        } catch (IOException | GSSException e2) {
            _log.error("Failed to verify: {}", e2.toString());
        }
        this._authDone = this._context.isEstablished();
        return this._authDone;
    }

    @Override // javatunnel.TunnelConverter, javatunnel.Convertable, javatunnel.UserBindible
    public Subject getSubject() {
        HashSet hashSet = new HashSet();
        try {
            hashSet.add(new KerberosPrincipal(this._context.getSrcName().toString()));
        } catch (GSSException e) {
            _log.error("Failed to create a kerberos principal:", e);
        }
        return new Subject(false, hashSet, Collections.emptySet(), Collections.emptySet());
    }

    @Override // javatunnel.TunnelConverter, javatunnel.Convertable
    public Convertable makeCopy() throws IOException {
        try {
            return new GssTunnel(this._principalStr, true);
        } catch (GSSException e) {
            throw new IOException((Throwable) e);
        }
    }
}
