package org.wildfly.security.sasl.gssapi;

import java.util.Collections;
import java.util.Map;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.MessageProp;
import org.wildfly.common.Assert;
import org.wildfly.security.mechanism._private.ElytronMessages;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.sasl.util.AbstractSaslParticipant;
import org.wildfly.security.sasl.util.SaslWrapper;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/sasl/gssapi/AbstractGssapiMechanism.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-sasl-gssapi-1.15.5.Final.jar:org/wildfly/security/sasl/gssapi/AbstractGssapiMechanism.class */
abstract class AbstractGssapiMechanism extends AbstractSaslParticipant {
    private static final String AUTH = "auth";
    private static final String AUTH_INT = "auth-int";
    private static final String AUTH_CONF = "auth-conf";
    private static final byte NO_SECURITY_LAYER = 1;
    private static final byte INTEGRITY_PROTECTION = 2;
    private static final byte CONFIDENTIALITY_PROTECTION = 4;
    protected static final int DEFAULT_MAX_BUFFER_SIZE = 16777215;
    protected GSSContext gssContext;
    protected final int configuredMaxReceiveBuffer;
    protected int actualMaxReceiveBuffer;
    protected int maxBuffer;
    protected final boolean relaxComplianceChecks;
    protected final QOP[] orderedQops;
    protected QOP selectedQop;

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/sasl/gssapi/AbstractGssapiMechanism$GssapiWrapper.class
     */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-sasl-gssapi-1.15.5.Final.jar:org/wildfly/security/sasl/gssapi/AbstractGssapiMechanism$GssapiWrapper.class */
    protected class GssapiWrapper implements SaslWrapper {
        private final boolean confidential;

        /* JADX INFO: Access modifiers changed from: protected */
        public GssapiWrapper(boolean z) {
            this.confidential = z;
        }

        @Override // org.wildfly.security.sasl.util.SaslWrapper
        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            try {
                byte[] wrap = AbstractGssapiMechanism.this.gssContext.wrap(bArr, i, i2, new MessageProp(0, this.confidential));
                ElytronMessages.saslGssapi.tracef("Wrapping message of length '%d' resulting message of length '%d'", i2, wrap.length);
                return wrap;
            } catch (GSSException e) {
                throw ElytronMessages.saslGssapi.mechUnableToWrapMessage(e).toSaslException();
            }
        }

        @Override // org.wildfly.security.sasl.util.SaslWrapper
        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            try {
                byte[] unwrap = AbstractGssapiMechanism.this.gssContext.unwrap(bArr, i, i2, new MessageProp(0, this.confidential));
                ElytronMessages.saslGssapi.tracef("Unwrapping message of length '%d' resulting message of length '%d'", i2, unwrap.length);
                return unwrap;
            } catch (GSSException e) {
                throw ElytronMessages.saslGssapi.mechUnableToUnwrapMessage(e).toSaslException();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/sasl/gssapi/AbstractGssapiMechanism$QOP.class
     */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-sasl-gssapi-1.15.5.Final.jar:org/wildfly/security/sasl/gssapi/AbstractGssapiMechanism$QOP.class */
    public enum QOP {
        AUTH("auth", (byte) 1),
        AUTH_INT("auth-int", (byte) 2),
        AUTH_CONF("auth-conf", (byte) 4);

        private final String name;
        private final byte value;

        QOP(String str, byte b) {
            this.name = str;
            this.value = b;
        }

        public String getName() {
            return this.name;
        }

        public byte getValue() {
            return this.value;
        }

        public boolean includedBy(byte b) {
            return (b & this.value) == this.value;
        }

        public static QOP mapFromValue(byte b) {
            switch (b) {
                case 1:
                    return AUTH;
                case 2:
                    return AUTH_INT;
                case 3:
                default:
                    return null;
                case 4:
                    return AUTH_CONF;
            }
        }

        public static QOP mapFromName(String str) {
            boolean z = -1;
            switch (str.hashCode()) {
                case 3005864:
                    if (str.equals("auth")) {
                        z = false;
                        break;
                    }
                    break;
                case 1414216745:
                    if (str.equals("auth-conf")) {
                        z = 2;
                        break;
                    }
                    break;
                case 1431098954:
                    if (str.equals("auth-int")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return AUTH;
                case true:
                    return AUTH_INT;
                case true:
                    return AUTH_CONF;
                default:
                    return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractGssapiMechanism(String str, String str2, String str3, Map<String, ?> map, CallbackHandler callbackHandler) throws SaslException {
        super(str, str2, str3, callbackHandler, ElytronMessages.saslGssapi);
        Assert.checkNotNullParam("callbackHandler", callbackHandler);
        map = map == null ? Collections.emptyMap() : map;
        if (map.containsKey("javax.security.sasl.maxbuffer")) {
            this.configuredMaxReceiveBuffer = Integer.parseInt((String) map.get("javax.security.sasl.maxbuffer"));
            if (this.configuredMaxReceiveBuffer > 16777215) {
                throw ElytronMessages.saslGssapi.mechReceiveBufferIsGreaterThanMaximum(this.configuredMaxReceiveBuffer, 16777215).toSaslException();
            }
        } else {
            this.configuredMaxReceiveBuffer = 16777215;
        }
        if (map.containsKey(WildFlySasl.RELAX_COMPLIANCE)) {
            this.relaxComplianceChecks = Boolean.parseBoolean((String) map.get(WildFlySasl.RELAX_COMPLIANCE));
        } else {
            this.relaxComplianceChecks = false;
        }
        this.orderedQops = parsePreferredQop((String) map.get("javax.security.sasl.qop"));
        if (ElytronMessages.saslGssapi.isTraceEnabled()) {
            ElytronMessages.saslGssapi.tracef("configuredMaxReceiveBuffer=%d", this.configuredMaxReceiveBuffer);
            ElytronMessages.saslGssapi.tracef("relaxComplianceChecks=%b", Boolean.valueOf(this.relaxComplianceChecks));
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < this.orderedQops.length; i++) {
                if (i > 0) {
                    sb.append(", ");
                }
                sb.append(this.orderedQops[i]);
            }
            ElytronMessages.saslGssapi.tracef("QOP={%s}", sb.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int networkOrderBytesToInt(byte[] bArr, int i, int i2) {
        int i3 = 0;
        for (int i4 = i; i4 < i2 + i; i4++) {
            i3 = (i3 << 8) | (bArr[i4] & 255);
        }
        return i3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] intToNetworkOrderBytes(int i) {
        byte[] bArr = new byte[3];
        int i2 = i;
        for (int length = bArr.length - 1; length >= 0; length--) {
            bArr[length] = (byte) (i2 & 255);
            i2 >>>= 8;
        }
        return bArr;
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public void dispose() throws SaslException {
        try {
            try {
                ElytronMessages.saslGssapi.trace("dispose");
                this.gssContext.dispose();
                this.gssContext = null;
            } catch (GSSException e) {
                throw ElytronMessages.saslGssapi.mechUnableToDisposeGssContext(e).toSaslException();
            }
        } catch (Throwable th) {
            this.gssContext = null;
            throw th;
        }
    }

    protected QOP[] parsePreferredQop(String str) throws SaslException {
        if (str != null) {
            String[] split = str.trim().split("\\s*,\\s*");
            if (split.length > 0) {
                QOP[] qopArr = new QOP[split.length];
                for (int i = 0; i < split.length; i++) {
                    QOP mapFromName = QOP.mapFromName(split[i]);
                    if (mapFromName == null) {
                        throw ElytronMessages.saslGssapi.mechUnexpectedQop(split[i]).toSaslException();
                    }
                    qopArr[i] = mapFromName;
                }
                return qopArr;
            }
        }
        return new QOP[]{QOP.AUTH};
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public Object getNegotiatedProperty(String str) {
        assertComplete();
        boolean z = -1;
        switch (str.hashCode()) {
            case -2079432448:
                if (str.equals("javax.security.sasl.rawsendsize")) {
                    z = 2;
                    break;
                }
                break;
            case -1548608927:
                if (str.equals("javax.security.sasl.qop")) {
                    z = false;
                    break;
                }
                break;
            case 1495157683:
                if (str.equals("javax.security.sasl.maxbuffer")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return this.selectedQop.getName();
            case true:
                return Integer.toString(this.actualMaxReceiveBuffer != 0 ? this.actualMaxReceiveBuffer : this.configuredMaxReceiveBuffer);
            case true:
                return Integer.toString(this.maxBuffer);
            default:
                return null;
        }
    }
}
