package org.apache.directory.server.kerberos.kdc.authentication;

import javax.security.auth.kerberos.KerberosPrincipal;
import org.apache.directory.server.kerberos.kdc.KdcConfiguration;
import org.apache.directory.server.kerberos.shared.exceptions.ErrorType;
import org.apache.directory.server.kerberos.shared.exceptions.KerberosException;
import org.apache.directory.server.kerberos.shared.messages.KdcRequest;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPart;
import org.apache.directory.server.kerberos.shared.messages.components.EncTicketPartModifier;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.messages.value.KerberosTime;
import org.apache.directory.server.kerberos.shared.messages.value.TransitedEncoding;
import org.apache.directory.server.kerberos.shared.service.LockBox;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/apacheds-protocol-kerberos-1.0.2.jar:org/apache/directory/server/kerberos/kdc/authentication/GenerateTicket.class */
public class GenerateTicket implements IoHandlerCommand {
    private static final Logger log;
    private String contextKey = "context";
    static Class class$org$apache$directory$server$kerberos$kdc$authentication$GenerateTicket;

    @Override // org.apache.mina.handler.chain.IoHandlerCommand
    public void execute(IoHandlerCommand.NextCommand nextCommand, IoSession ioSession, Object obj) throws Exception {
        AuthenticationContext authenticationContext = (AuthenticationContext) ioSession.getAttribute(getContextKey());
        KdcRequest request = authenticationContext.getRequest();
        LockBox lockBox = authenticationContext.getLockBox();
        KerberosPrincipal serverPrincipal = request.getServerPrincipal();
        EncryptionKey encryptionKey = authenticationContext.getServerEntry().getEncryptionKey();
        KerberosPrincipal serverPrincipal2 = request.getServerPrincipal();
        EncTicketPartModifier encTicketPartModifier = new EncTicketPartModifier();
        KdcConfiguration config = authenticationContext.getConfig();
        EncryptionKey sessionKey = authenticationContext.getSessionKey();
        if (request.getKdcOptions().get(1)) {
            encTicketPartModifier.setFlag(1);
        }
        if (request.getKdcOptions().get(3)) {
            encTicketPartModifier.setFlag(3);
        }
        if (request.getKdcOptions().get(5)) {
            encTicketPartModifier.setFlag(5);
        }
        if (request.getKdcOptions().get(30) || request.getKdcOptions().get(31) || request.getKdcOptions().get(4) || request.getKdcOptions().get(2) || request.getKdcOptions().get(28)) {
            throw new KerberosException(ErrorType.KDC_ERR_BADOPTION);
        }
        encTicketPartModifier.setSessionKey(sessionKey);
        encTicketPartModifier.setClientPrincipal(request.getClientPrincipal());
        encTicketPartModifier.setTransitedEncoding(new TransitedEncoding());
        KerberosTime kerberosTime = new KerberosTime();
        encTicketPartModifier.setAuthTime(kerberosTime);
        if (request.getKdcOptions().get(6)) {
            if (!config.isPostdateAllowed()) {
                throw new KerberosException(ErrorType.KDC_ERR_POLICY);
            }
            encTicketPartModifier.setFlag(7);
            encTicketPartModifier.setStartTime(request.getFrom());
        }
        KerberosTime kerberosTime2 = new KerberosTime(Math.min(kerberosTime.getTime() + config.getMaximumTicketLifetime(), request.getTill().getTime() == 0 ? Long.MAX_VALUE : request.getTill().getTime()));
        encTicketPartModifier.setEndTime(kerberosTime2);
        long j = 0;
        if (request.getKdcOptions().get(27) && request.getTill().greaterThan(kerberosTime2)) {
            request.getKdcOptions().set(8);
            j = request.getTill().getTime();
        }
        long time = j == 0 ? Long.MAX_VALUE : request.getRtime().getTime();
        if (request.getKdcOptions().get(8)) {
            encTicketPartModifier.setFlag(8);
            KerberosTime from = request.getFrom();
            if (from == null) {
                from = new KerberosTime();
            }
            encTicketPartModifier.setRenewTill(new KerberosTime(Math.min(from.getTime() + config.getMaximumRenewableLifetime(), time)));
        }
        if (request.getAddresses() != null) {
            encTicketPartModifier.setClientAddresses(request.getAddresses());
        }
        EncTicketPart encTicketPart = encTicketPartModifier.getEncTicketPart();
        Ticket ticket = new Ticket(serverPrincipal2, lockBox.seal(encryptionKey, encTicketPart));
        ticket.setEncTicketPart(encTicketPart);
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Ticket will be issued for access to ").append(serverPrincipal.toString()).append(".").toString());
        }
        authenticationContext.setTicket(ticket);
        nextCommand.execute(ioSession, obj);
    }

    public String getContextKey() {
        return this.contextKey;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$directory$server$kerberos$kdc$authentication$GenerateTicket == null) {
            cls = class$("org.apache.directory.server.kerberos.kdc.authentication.GenerateTicket");
            class$org$apache$directory$server$kerberos$kdc$authentication$GenerateTicket = cls;
        } else {
            cls = class$org$apache$directory$server$kerberos$kdc$authentication$GenerateTicket;
        }
        log = LoggerFactory.getLogger(cls);
    }
}
