package org.apache.directory.server.kerberos.kdc.ticketgrant;

import org.apache.directory.server.kerberos.shared.crypto.checksum.ChecksumType;
import org.apache.directory.server.kerberos.shared.crypto.checksum.RsaMd5Checksum;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.value.Checksum;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;

/* loaded from: input_file:BOOT-INF/lib/apacheds-protocol-kerberos-1.0.2.jar:org/apache/directory/server/kerberos/kdc/ticketgrant/VerifyBodyChecksum.class */
public class VerifyBodyChecksum implements IoHandlerCommand {
    private String contextKey = "context";

    @Override // org.apache.mina.handler.chain.IoHandlerCommand
    public void execute(IoHandlerCommand.NextCommand nextCommand, IoSession ioSession, Object obj) throws Exception {
        TicketGrantingContext ticketGrantingContext = (TicketGrantingContext) ioSession.getAttribute(getContextKey());
        verifyChecksum(ticketGrantingContext.getAuthenticator().getChecksum(), ticketGrantingContext.getRequest().getBodyBytes());
        nextCommand.execute(ioSession, obj);
    }

    public String getContextKey() {
        return this.contextKey;
    }

    private void verifyChecksum(Checksum checksum, byte[] bArr) throws KerberosException {
        if (checksum == null) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_INAPP_CKSUM);
        }
        if (!checksum.getChecksumType().equals(ChecksumType.RSA_MD5)) {
            throw new KerberosException(ErrorType.KDC_ERR_SUMTYPE_NOSUPP);
        }
        RsaMd5Checksum rsaMd5Checksum = new RsaMd5Checksum();
        if (!new Checksum(rsaMd5Checksum.checksumType(), rsaMd5Checksum.calculateChecksum(bArr)).equals(checksum)) {
            throw new KerberosException(ErrorType.KRB_AP_ERR_MODIFIED);
        }
    }
}
