package org.apache.kerby.kerberos.kerb.client;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.kerby.kerberos.kerb.KrbCodec;
import org.apache.kerby.kerberos.kerb.KrbErrorCode;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.client.preauth.PreauthHandler;
import org.apache.kerby.kerberos.kerb.client.request.KdcRequest;
import org.apache.kerby.kerberos.kerb.transport.KrbTransport;
import org.apache.kerby.kerberos.kerb.type.base.EtypeInfo2;
import org.apache.kerby.kerberos.kerb.type.base.EtypeInfo2Entry;
import org.apache.kerby.kerberos.kerb.type.base.KrbError;
import org.apache.kerby.kerberos.kerb.type.base.KrbMessage;
import org.apache.kerby.kerberos.kerb.type.base.KrbMessageType;
import org.apache.kerby.kerberos.kerb.type.base.MethodData;
import org.apache.kerby.kerberos.kerb.type.kdc.KdcRep;
import org.apache.kerby.kerberos.kerb.type.kdc.KdcReq;
import org.apache.kerby.kerberos.kerb.type.pa.PaDataType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/kerb-client-1.1.1.jar:org/apache/kerby/kerberos/kerb/client/KrbHandler.class */
public abstract class KrbHandler {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KrbHandler.class);
    private PreauthHandler preauthHandler;

    public void init(KrbContext krbContext) {
        this.preauthHandler = new PreauthHandler();
        this.preauthHandler.init(krbContext);
    }

    public void handleRequest(KdcRequest kdcRequest, boolean z) throws KrbException {
        ByteBuffer allocate;
        if (!z || kdcRequest.getKdcReq() == null) {
            kdcRequest.process();
        }
        KdcReq kdcReq = kdcRequest.getKdcReq();
        int encodingLength = kdcReq.encodingLength();
        if (((KrbTransport) kdcRequest.getSessionData()).isTcp()) {
            allocate = ByteBuffer.allocate(encodingLength + 4);
            allocate.putInt(encodingLength);
        } else {
            allocate = ByteBuffer.allocate(encodingLength);
        }
        KrbCodec.encode(kdcReq, allocate);
        allocate.flip();
        try {
            sendMessage(kdcRequest, allocate);
        } catch (IOException e) {
            throw new KrbException("sending message failed", e);
        }
    }

    public void onResponseMessage(KdcRequest kdcRequest, ByteBuffer byteBuffer) throws KrbException {
        try {
            KrbMessage decodeMessage = KrbCodec.decodeMessage(byteBuffer);
            KrbMessageType msgType = decodeMessage.getMsgType();
            if (msgType == KrbMessageType.AS_REP) {
                kdcRequest.processResponse((KdcRep) decodeMessage);
                return;
            }
            if (msgType == KrbMessageType.TGS_REP) {
                kdcRequest.processResponse((KdcRep) decodeMessage);
                return;
            }
            if (msgType == KrbMessageType.KRB_ERROR) {
                KrbError krbError = (KrbError) decodeMessage;
                LOG.info("KDC server response with message: " + krbError.getErrorCode().getMessage());
                if (krbError.getErrorCode() != KrbErrorCode.KDC_ERR_PREAUTH_REQUIRED) {
                    LOG.info(krbError.getErrorCode().getMessage());
                    throw new KrbException(krbError.getErrorCode(), krbError.getEtext());
                }
                List<T> elements = ((MethodData) KrbCodec.decode(krbError.getEdata(), MethodData.class)).getElements();
                ArrayList arrayList = new ArrayList();
                for (T t : elements) {
                    if (t.getPaDataType() == PaDataType.ETYPE_INFO2) {
                        Iterator it = ((EtypeInfo2) KrbCodec.decode(t.getPaDataValue(), EtypeInfo2.class)).getElements().iterator();
                        while (it.hasNext()) {
                            arrayList.add(((EtypeInfo2Entry) it.next()).getEtype());
                        }
                    }
                }
                kdcRequest.setEncryptionTypes(arrayList);
                kdcRequest.setPreauthRequired(true);
                kdcRequest.resetPrequthContxt();
                handleRequest(kdcRequest, false);
                LOG.info("Retry with the new kdc request including pre-authentication.");
            }
        } catch (IOException e) {
            throw new KrbException("Krb decoding message failed", e);
        }
    }

    protected abstract void sendMessage(KdcRequest kdcRequest, ByteBuffer byteBuffer) throws IOException;
}
