package org.globus.mds.gsi.common;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Map;
import java.util.StringTokenizer;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.naming.ResourceRef;
import org.globus.gsi.gssapi.GSSConstants;
import org.gridforum.jgss.ExtendedGSSManager;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.MessageProp;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/cog-jglobus-4.0.4.jar:org/globus/mds/gsi/common/GSIMechanism.class
 */
/* loaded from: input_file:WEB-INF/lib/ghn-core-runtime-1.0.0.jar:org/globus/mds/gsi/common/GSIMechanism.class */
public class GSIMechanism {
    private static Log logger;
    public static final String SECURITY_CREDENTIALS = "org.globus.gsi.credentials";
    public static final String NAME2 = "GSS-GSI";
    public static final String NAME = "GSS-OWNYQ6NTEOAUVGWG";
    public static final String MAX_SEND_BUF = "javax.security.sasl.sendmaxbuffer";
    public static final String MAX_BUFFER = "javax.security.sasl.maxbuffer";
    public static final String STRENGTH = "javax.security.sasl.strength";
    public static final String QOP = "javax.security.sasl.qop";
    public static final String PROXY = "org.globus.mds.gsi.proxy";
    protected static final byte NO_PROTECTION = 1;
    protected static final byte INTEGRITY_ONLY_PROTECTION = 2;
    protected static final byte PRIVACY_PROTECTION = 4;
    protected static final byte LOW_STRENGTH = 1;
    protected static final byte MEDIUM_STRENGTH = 2;
    protected static final byte HIGH_STRENGTH = 4;
    private static final byte[] DEFAULT_QOP;
    private static final String[] QOP_TOKENS;
    private static final byte[] QOP_MASKS;
    private static final byte[] DEFAULT_STRENGTH;
    private static final String[] STRENGTH_TOKENS;
    private static final byte[] STRENGTH_MASKS;
    protected byte[] qop;
    protected byte allQop;
    protected byte[] strength;
    static Class class$org$globus$mds$gsi$common$GSIMechanism;
    protected GSSContext context = null;
    protected boolean completed = false;
    protected boolean privacy = false;
    protected boolean integrity = false;
    protected int sendMaxBufSize = 0;
    protected int recvMaxBufSize = 65536;

    public String getMechanismName() {
        return NAME;
    }

    public boolean isComplete() {
        return this.completed;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(String str, Map map) throws Exception {
        GSSCredential gSSCredential = null;
        Object obj = map.get("org.globus.gsi.credentials");
        if (obj != null) {
            if (!(obj instanceof GSSCredential)) {
                throw new Exception("Invalid credential type passed");
            }
            gSSCredential = (GSSCredential) obj;
        }
        GSSManager extendedGSSManager = ExtendedGSSManager.getInstance();
        this.context = extendedGSSManager.createContext(extendedGSSManager.createName(new StringBuffer().append("ldap@").append(str).toString(), GSSName.NT_HOSTBASED_SERVICE), GSSConstants.MECH_OID, gSSCredential, 0);
        this.context.requestCredDeleg(false);
        init(map);
    }

    private void init(Map map) throws Exception {
        if (map == null) {
            return;
        }
        this.qop = parseQop((String) map.get(QOP));
        this.allQop = combineMasks(this.qop);
        if (logger.isDebugEnabled()) {
            logger.debug("client protections: ");
            for (int i = 0; i < this.qop.length; i++) {
                logger.debug(new StringBuffer().append(" ").append((int) this.qop[i]).toString());
            }
        }
        setQOP(this.qop);
        this.strength = parseStrength((String) map.get(STRENGTH));
        if (logger.isDebugEnabled()) {
            logger.debug("cipher strengths: ");
            for (int i2 = 0; i2 < this.strength.length; i2++) {
                logger.debug(new StringBuffer().append(" ").append((int) this.strength[i2]).toString());
            }
        }
        logger.debug(new StringBuffer().append("client allQop: ").append((int) this.allQop).toString());
    }

    private void initContext() {
        logger.debug(new StringBuffer().append("client allQop: ").append((int) this.allQop).toString());
        if ((this.allQop & 2) != 0) {
            logger.debug("client requested integrity protection");
        }
        if ((this.allQop & 4) != 0) {
            logger.debug("client requested privacy protection");
        }
    }

    protected static byte combineMasks(byte[] bArr) {
        byte b = 0;
        for (byte b2 : bArr) {
            b = (byte) (b | b2);
        }
        return b;
    }

    protected byte[] parseQop(String str) throws Exception {
        return parseQop(str, null, false);
    }

    protected byte[] parseQop(String str, String[] strArr, boolean z) throws Exception {
        return str == null ? DEFAULT_QOP : parseProp(QOP, str, QOP_TOKENS, QOP_MASKS, strArr, z);
    }

    protected byte[] parseStrength(String str) throws Exception {
        return str == null ? DEFAULT_STRENGTH : parseProp(STRENGTH, str, STRENGTH_TOKENS, STRENGTH_MASKS, null, false);
    }

    protected byte[] parseProp(String str, String str2, String[] strArr, byte[] bArr, String[] strArr2, boolean z) throws Exception {
        StringTokenizer stringTokenizer = new StringTokenizer(str2, ", \t\n");
        byte[] bArr2 = new byte[strArr.length];
        int i = 0;
        while (stringTokenizer.hasMoreTokens() && i < bArr2.length) {
            String nextToken = stringTokenizer.nextToken();
            boolean z2 = false;
            for (int i2 = 0; !z2 && i2 < strArr.length; i2++) {
                if (nextToken.equalsIgnoreCase(strArr[i2])) {
                    z2 = true;
                    int i3 = i;
                    i++;
                    bArr2[i3] = bArr[i2];
                    if (strArr2 != null) {
                        strArr2[i2] = nextToken;
                    }
                }
            }
            if (!z2 && !z) {
                throw new Exception(new StringBuffer().append("Invalid token in ").append(str).append(": ").append(str2).toString());
            }
        }
        for (int i4 = i; i4 < bArr2.length; i4++) {
            bArr2[i4] = 0;
        }
        return bArr2;
    }

    public static byte findPreferredMask(byte b, byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            if ((bArr[i] & b) != 0) {
                return bArr[i];
            }
        }
        return (byte) 0;
    }

    public static void intToNetworkByteOrder(int i, byte[] bArr, int i2, int i3) {
        if (i3 > 4) {
            throw new IllegalArgumentException("Cannot handle more than 4 bytes");
        }
        for (int i4 = i3 - 1; i4 >= 0; i4--) {
            bArr[i2 + i4] = (byte) (i & 255);
            i >>>= 8;
        }
    }

    public static int networkByteOrderToInt(byte[] bArr, int i, int i2) {
        if (i2 > 4) {
            throw new IllegalArgumentException("Cannot handle more than 4 bytes");
        }
        int i3 = 0;
        for (int i4 = 0; i4 < i2; i4++) {
            i3 = (i3 << 8) | (bArr[i + i4] & 255);
        }
        return i3;
    }

    public OutputStream getOutputStream(OutputStream outputStream) throws IOException {
        if (!isComplete()) {
            throw new IOException("Not completed.");
        }
        if (isNotProtected()) {
            logger.debug("getOutputStream - current");
            return outputStream;
        }
        logger.debug("getOutputStream - new");
        return new SaslOutputStream(outputStream, this.context);
    }

    public InputStream getInputStream(InputStream inputStream) throws IOException {
        if (!isComplete()) {
            throw new IOException("Not completed.");
        }
        if (isNotProtected()) {
            logger.debug("getInputStream - current");
            return inputStream;
        }
        logger.debug("getInputStream - new");
        return new SaslInputStream(inputStream, this.context);
    }

    public byte[] exchangeData(byte[] bArr) throws GSSException, Exception {
        byte[] initSecContext;
        logger.debug("exchangeData");
        if (this.context.isEstablished()) {
            byte[] unwrap = this.context.unwrap(bArr, 0, bArr.length, (MessageProp) null);
            if (unwrap.length != 4) {
                throw new Exception("Invalid protection buffer");
            }
            negotiateProtections(unwrap);
            initSecContext = this.context.wrap(unwrap, 0, unwrap.length, (MessageProp) null);
            this.completed = true;
        } else {
            initSecContext = this.context.initSecContext(bArr, 0, bArr.length);
        }
        return initSecContext;
    }

    public void setQOP(byte[] bArr) throws GSSException {
        this.context.requestConf(true);
        if ((bArr[0] & 2) != 0) {
            logger.debug("Requested integrity protection");
            this.context.requestConf(false);
        }
        if ((bArr[0] & 4) != 0) {
            logger.debug("Requested privacy protection");
            this.context.requestConf(true);
        }
        logger.debug(new StringBuffer().append("Requested encryption: ").append(this.context.getConfState()).toString());
    }

    public byte[] negotiateProtections(byte[] bArr) throws Exception {
        logger.debug(new StringBuffer().append("Server protections: ").append((int) bArr[0]).toString());
        byte findPreferredMask = findPreferredMask(bArr[0], this.qop);
        if (findPreferredMask == 0) {
            throw new Exception("No common protection layer between client and server");
        }
        if ((findPreferredMask & 4) != 0) {
            this.privacy = true;
            this.integrity = true;
        } else if ((findPreferredMask & 2) != 0) {
            this.privacy = false;
            this.integrity = true;
        }
        int networkByteOrderToInt = networkByteOrderToInt(bArr, 1, 3);
        this.sendMaxBufSize = this.sendMaxBufSize == 0 ? networkByteOrderToInt : Math.min(this.sendMaxBufSize, networkByteOrderToInt);
        logger.debug(new StringBuffer().append("client max recv size: ").append(this.recvMaxBufSize).toString());
        logger.debug(new StringBuffer().append("server max recv size: ").append(networkByteOrderToInt).toString());
        bArr[0] = findPreferredMask;
        logger.debug(new StringBuffer().append("Client selected protection: ").append((int) findPreferredMask).toString());
        logger.debug(new StringBuffer().append("Privacy: ").append(this.privacy).toString());
        logger.debug(new StringBuffer().append("Integrity: ").append(this.integrity).toString());
        intToNetworkByteOrder(this.recvMaxBufSize, bArr, 1, 3);
        return bArr;
    }

    public boolean isPrivacyQop() {
        return this.privacy;
    }

    public boolean isIntegrityQop() {
        return this.integrity;
    }

    public boolean isNotProtected() {
        return (this.privacy || this.integrity) ? false : true;
    }

    public int getSendMaxBufSize() {
        return this.sendMaxBufSize;
    }

    public int getRecvMaxBufSize() {
        return this.recvMaxBufSize;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$globus$mds$gsi$common$GSIMechanism == null) {
            cls = class$("org.globus.mds.gsi.common.GSIMechanism");
            class$org$globus$mds$gsi$common$GSIMechanism = cls;
        } else {
            cls = class$org$globus$mds$gsi$common$GSIMechanism;
        }
        logger = LogFactory.getLog(cls.getName());
        DEFAULT_QOP = new byte[]{1};
        QOP_TOKENS = new String[]{"auth-conf", "auth-int", ResourceRef.AUTH};
        QOP_MASKS = new byte[]{4, 2, 1};
        DEFAULT_STRENGTH = new byte[]{4, 2, 1};
        STRENGTH_TOKENS = new String[]{"low", "medium", "high"};
        STRENGTH_MASKS = new byte[]{1, 2, 4};
    }
}
