package org.apache.directory.server.kerberos.kdc.preauthentication;

import javax.security.auth.kerberos.KerberosKey;
import org.apache.directory.server.kerberos.kdc.authentication.AuthenticationContext;
import org.apache.directory.server.kerberos.sam.SamException;
import org.apache.directory.server.kerberos.sam.SamSubsystem;
import org.apache.directory.server.kerberos.sam.TimestampChecker;
import org.apache.directory.server.kerberos.shared.crypto.encryption.EncryptionType;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationData;
import org.apache.directory.server.kerberos.shared.messages.value.PreAuthenticationDataType;
import org.apache.directory.server.kerberos.shared.store.PrincipalStoreEntry;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/apacheds-protocol-kerberos-1.0.2.jar:org/apache/directory/server/kerberos/kdc/preauthentication/VerifySam.class */
public class VerifySam extends VerifierBase {
    private static final Logger log;
    static Class class$org$apache$directory$server$kerberos$kdc$preauthentication$VerifySam;

    @Override // org.apache.mina.handler.chain.IoHandlerCommand
    public void execute(IoHandlerCommand.NextCommand nextCommand, IoSession ioSession, Object obj) throws Exception {
        log.debug("Verifying using SAM subsystem.");
        AuthenticationContext authenticationContext = (AuthenticationContext) ioSession.getAttribute(getContextKey());
        KdcRequest request = authenticationContext.getRequest();
        PrincipalStoreEntry clientEntry = authenticationContext.getClientEntry();
        String name = clientEntry.getPrincipal().getName();
        EncryptionKey encryptionKey = null;
        if (clientEntry.getSamType() != null) {
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("entry for client principal ").append(name).append(" has a valid SAM type: invoking SAM subsystem for pre-authentication").toString());
            }
            PreAuthenticationData[] preAuthData = request.getPreAuthData();
            if (preAuthData == null || preAuthData.length == 0) {
                throw new KerberosException(ErrorType.KDC_ERR_PREAUTH_REQUIRED, preparePreAuthenticationError());
            }
            for (int i = 0; i < preAuthData.length; i++) {
                try {
                    if (preAuthData[i].getDataType().equals(PreAuthenticationDataType.PA_ENC_TIMESTAMP)) {
                        KerberosKey verify = SamSubsystem.getInstance().verify(clientEntry, preAuthData[i].getDataValue());
                        encryptionKey = new EncryptionKey(EncryptionType.getTypeByOrdinal(verify.getKeyType()), verify.getEncoded());
                    }
                } catch (SamException e) {
                    throw new KerberosException(ErrorType.KRB_ERR_GENERIC, e.getMessage());
                }
            }
            authenticationContext.setClientKey(encryptionKey);
            if (log.isDebugEnabled()) {
                log.debug(new StringBuffer().append("Pre-authentication using SAM subsystem successful for ").append(name).append(".").toString());
            }
        }
        nextCommand.execute(ioSession, obj);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$directory$server$kerberos$kdc$preauthentication$VerifySam == null) {
            cls = class$("org.apache.directory.server.kerberos.kdc.preauthentication.VerifySam");
            class$org$apache$directory$server$kerberos$kdc$preauthentication$VerifySam = cls;
        } else {
            cls = class$org$apache$directory$server$kerberos$kdc$preauthentication$VerifySam;
        }
        log = LoggerFactory.getLogger(cls);
        log.debug("Initializing SAM subsystem");
        SamSubsystem.getInstance().setIntegrityChecker(new TimestampChecker());
    }
}
