package oracle.security.xmlsec.wss.kerberos;

import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosTicket;
import oracle.security.xmlsec.wss.impl.KrbDecryptor;
import oracle.security.xmlsec.wss.impl.KrbParser;
import org.ietf.jgss.GSSContext;
import sun.security.krb5.EncryptionKey;

/* loaded from: input_file:oracle/security/xmlsec/wss/kerberos/KerberosUtils.class */
public class KerberosUtils {
    private static final int AP_REQ_ID = 256;

    public static SecretKey getSessionKey(Subject subject, String str) {
        Subject subject2 = Subject.getSubject(AccessController.getContext());
        if (subject2 == null) {
            return null;
        }
        for (KerberosTicket kerberosTicket : subject2.getPrivateCredentials(KerberosTicket.class)) {
            if (kerberosTicket.getServer().getName().equals(str)) {
                return kerberosTicket.getSessionKey();
            }
        }
        return null;
    }

    public static SecretKey getSessionKey(GSSContext gSSContext) throws ClassNotFoundException, NoSuchFieldException, NoSuchMethodException, IllegalAccessException, InvocationTargetException {
        Class<?> cls = Class.forName("sun.security.jgss.GSSContextImpl");
        Class<?> cls2 = Class.forName("sun.security.jgss.krb5.Krb5Context");
        Field declaredField = cls.getDeclaredField("mechCtxt");
        Method declaredMethod = cls2.getDeclaredMethod("getKey", (Class[]) null);
        declaredField.setAccessible(true);
        Object obj = declaredField.get(gSSContext);
        declaredMethod.setAccessible(true);
        EncryptionKey encryptionKey = (EncryptionKey) declaredMethod.invoke(obj, (Object[]) null);
        byte[] bytes = encryptionKey.getBytes();
        int eType = encryptionKey.getEType();
        String str = "DES";
        if (eType == 5 || eType == 7 || eType == 15 || eType == 16) {
            str = "DESede";
        } else if (eType == 17 || eType == 18) {
            str = "AES";
        } else if (eType == 23 || eType == 24) {
            str = "RC4";
        }
        return new SecretKeySpec(bytes, str);
    }

    public static SecretKey getSessionKey(Subject subject, byte[] bArr) throws IOException {
        KrbParser.ApReq apReq = new KrbParser.ApReq(KrbParser.GSSUnwrap(bArr), KrbDecryptor.getEncryptionKeysForSubject(subject), KrbDecryptor.getTGTSessionKey(subject));
        return apReq.authenticator.subkey != null ? apReq.authenticator.subkey : apReq.ticket.key;
    }

    public static SecretKey getSessionKey(String str, char[] cArr, byte[] bArr) throws IOException {
        KrbParser.ApReq apReq = new KrbParser.ApReq(KrbParser.GSSUnwrap(bArr), new KrbDecryptor.EncryptionKey[]{KrbDecryptor.passwdToKey(cArr, str, new KrbParser.ApReq(KrbParser.GSSUnwrap(bArr), null, null).ticket.edata.etype)}, null);
        return apReq.authenticator.subkey != null ? apReq.authenticator.subkey : apReq.ticket.key;
    }
}
