package sun.security.krb5;

import sun.security.krb5.internal.KDCRep;
import sun.security.krb5.internal.KDCReq;
import sun.security.krb5.internal.Krb5;
import sun.security.krb5.internal.KrbApErrException;
import sun.security.krb5.internal.PAData;
import sun.security.util.DerInputStream;

/* loaded from: input_file:sun/security/krb5/KrbKdcRep.class */
abstract class KrbKdcRep {
    /* JADX INFO: Access modifiers changed from: package-private */
    public static void check(boolean z, KDCReq kDCReq, KDCRep kDCRep, EncryptionKey encryptionKey) throws KrbApErrException {
        if (z && !kDCReq.reqBody.cname.equals(kDCRep.cname) && ((!kDCReq.reqBody.kdcOptions.get(15) && kDCReq.reqBody.cname.getNameType() != 10) || !kDCRep.encKDCRepPart.flags.get(15))) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(41);
        }
        if (!kDCReq.reqBody.sname.equals(kDCRep.encKDCRepPart.sname)) {
            String[] nameStrings = kDCRep.encKDCRepPart.sname.getNameStrings();
            if (z || !kDCReq.reqBody.kdcOptions.get(15) || nameStrings == null || nameStrings.length != 2 || !nameStrings[0].equals(PrincipalName.TGS_DEFAULT_SRV_NAME) || !kDCRep.encKDCRepPart.sname.getRealmString().equals(kDCReq.reqBody.sname.getRealmString())) {
                kDCRep.encKDCRepPart.key.destroy();
                throw new KrbApErrException(41);
            }
        }
        if (kDCReq.reqBody.getNonce() != kDCRep.encKDCRepPart.nonce) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(41);
        }
        if (kDCReq.reqBody.addresses != null && kDCRep.encKDCRepPart.caddr != null && !kDCReq.reqBody.addresses.equals(kDCRep.encKDCRepPart.caddr)) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(41);
        }
        for (int i = 2; i < 6; i++) {
            if (kDCReq.reqBody.kdcOptions.get(i) != kDCRep.encKDCRepPart.flags.get(i)) {
                if (Krb5.DEBUG) {
                    System.out.println("> KrbKdcRep.check: at #" + i + ". request for " + kDCReq.reqBody.kdcOptions.get(i) + ", received " + kDCRep.encKDCRepPart.flags.get(i));
                }
                throw new KrbApErrException(41);
            }
        }
        if (kDCReq.reqBody.kdcOptions.get(8) && !kDCRep.encKDCRepPart.flags.get(8)) {
            throw new KrbApErrException(41);
        }
        if ((kDCReq.reqBody.from == null || kDCReq.reqBody.from.isZero()) && kDCRep.encKDCRepPart.starttime != null && !kDCRep.encKDCRepPart.starttime.inClockSkew()) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(37);
        }
        if (kDCReq.reqBody.from != null && !kDCReq.reqBody.from.isZero() && kDCRep.encKDCRepPart.starttime != null && !kDCReq.reqBody.from.equals(kDCRep.encKDCRepPart.starttime)) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(41);
        }
        if (!kDCReq.reqBody.till.isZero() && kDCRep.encKDCRepPart.endtime.greaterThan(kDCReq.reqBody.till)) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(41);
        }
        if (kDCReq.reqBody.kdcOptions.get(8) && kDCReq.reqBody.rtime != null && !kDCReq.reqBody.rtime.isZero() && (kDCRep.encKDCRepPart.renewTill == null || kDCRep.encKDCRepPart.renewTill.greaterThan(kDCReq.reqBody.rtime))) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(41);
        }
        if (kDCReq.reqBody.kdcOptions.get(27) && kDCRep.encKDCRepPart.flags.get(8) && !kDCReq.reqBody.till.isZero() && (kDCRep.encKDCRepPart.renewTill == null || kDCRep.encKDCRepPart.renewTill.greaterThan(kDCReq.reqBody.till))) {
            kDCRep.encKDCRepPart.key.destroy();
            throw new KrbApErrException(41);
        }
        if (kDCRep.encKDCRepPart.flags.get(15)) {
            boolean z2 = false;
            boolean z3 = false;
            if (kDCReq.pAData != null) {
                PAData[] pADataArr = kDCReq.pAData;
                int length = pADataArr.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        break;
                    }
                    if (pADataArr[i2].getType() == 149) {
                        z2 = true;
                        break;
                    }
                    i2++;
                }
            }
            if (kDCRep.encKDCRepPart.pAData != null) {
                PAData[] pADataArr2 = kDCRep.encKDCRepPart.pAData;
                int length2 = pADataArr2.length;
                int i3 = 0;
                while (true) {
                    if (i3 >= length2) {
                        break;
                    }
                    PAData pAData = pADataArr2[i3];
                    if (pAData.getType() == 149) {
                        try {
                            z3 = new Checksum(new DerInputStream(pAData.getValue()).getDerValue()).verifyAnyChecksum(kDCReq.asn1Encode(), encryptionKey, 56);
                            break;
                        } catch (Exception e) {
                            if (Krb5.DEBUG) {
                                e.printStackTrace();
                            }
                        }
                    } else {
                        i3++;
                    }
                }
            }
            if (z2 && !z3) {
                throw new KrbApErrException(41);
            }
        }
    }
}
