package org.apache.directory.server.kerberos.shared.service;

import java.net.InetAddress;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.MessageType;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.HostAddress;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
import org.apache.directory.server.kerberos.shared.replay.ReplayCache;
import org.apache.directory.server.protocol.shared.chain.impl.CommandBase;

/* loaded from: input_file:org/apache/directory/server/kerberos/shared/service/VerifyAuthHeader.class */
public abstract class VerifyAuthHeader extends CommandBase {
    static Class class$org$apache$directory$server$kerberos$shared$messages$components$EncTicketPart;
    static Class class$org$apache$directory$server$kerberos$shared$messages$components$Authenticator;

    public Authenticator verifyAuthHeader(ApplicationRequest applicationRequest, Ticket ticket, EncryptionKey encryptionKey, long j, ReplayCache replayCache, boolean z, InetAddress inetAddress, LockBox lockBox) throws KerberosException {
        Class cls;
        Class cls2;
        if (applicationRequest.getProtocolVersionNumber() != 5) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADVERSION);
        }
        if (applicationRequest.getMessageType() != MessageType.KRB_AP_REQ) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_MSG_TYPE);
        }
        if (applicationRequest.getTicket().getVersionNumber() != 5) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADVERSION);
        }
        EncryptionKey sessionKey = applicationRequest.getOption(1) ? applicationRequest.getTicket().getSessionKey() : encryptionKey;
        if (sessionKey == null) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_NOKEY);
        }
        if (class$org$apache$directory$server$kerberos$shared$messages$components$EncTicketPart == null) {
            cls = class$("org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart");
            class$org$apache$directory$server$kerberos$shared$messages$components$EncTicketPart = cls;
        } else {
            cls = class$org$apache$directory$server$kerberos$shared$messages$components$EncTicketPart;
        }
        ticket.setEncTicketPart((EncTicketPart) lockBox.unseal(cls, sessionKey, ticket.getEncPart()));
        if (class$org$apache$directory$server$kerberos$shared$messages$components$Authenticator == null) {
            cls2 = class$("org.apache.directory.server.kerberos.shared.messages.components.Authenticator");
            class$org$apache$directory$server$kerberos$shared$messages$components$Authenticator = cls2;
        } else {
            cls2 = class$org$apache$directory$server$kerberos$shared$messages$components$Authenticator;
        }
        Authenticator authenticator = (Authenticator) lockBox.unseal(cls2, ticket.getSessionKey(), applicationRequest.getEncPart());
        if (!authenticator.getClientPrincipal().getName().equals(ticket.getClientPrincipal().getName())) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADMATCH);
        }
        if (ticket.getClientAddresses() != null) {
            if (!ticket.getClientAddresses().contains(new HostAddress(inetAddress))) {
                throw new KerberosException(ErrorType.KRB_AP_ERR_BADADDR);
            }
        } else if (!z) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_BADADDR);
        }
        if (replayCache.isReplay(authenticator.getClientTime(), authenticator.getClientPrincipal())) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_REPEAT);
        }
        replayCache.save(authenticator.getClientTime(), authenticator.getClientPrincipal());
        if (!authenticator.getClientTime().isInClockSkew(j)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_SKEW);
        }
        if ((ticket.getStartTime() != null && !ticket.getStartTime().isInClockSkew(j)) || ticket.getFlag(7)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_TKT_NYV);
        }
        if (!ticket.getEndTime().greaterThan(new KerberosTime())) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_TKT_EXPIRED);
        }
        applicationRequest.setOption(2);
        return authenticator;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
