package org.apache.directory.server.changepw.service;

import org.apache.directory.server.changepw.exceptions.ChangePasswordException;
import org.apache.directory.server.changepw.exceptions.ErrorType;
import org.apache.directory.server.changepw.messages.ChangePasswordRequest;
import org.apache.directory.server.kerberos.shared.crypto.encryption.KeyUsage;
import org.apache.directory.server.kerberos.shared.messages.ApplicationRequest;
import org.apache.directory.server.kerberos.shared.messages.components.Authenticator;
import org.apache.directory.server.kerberos.shared.messages.components.Ticket;
import org.apache.directory.server.kerberos.shared.messages.value.EncryptionKey;
import org.apache.directory.server.kerberos.shared.service.VerifyAuthHeader;
import org.apache.mina.common.IoSession;
import org.apache.mina.handler.chain.IoHandlerCommand;

/* loaded from: input_file:org/apache/directory/server/changepw/service/VerifyServiceTicketAuthHeader.class */
public class VerifyServiceTicketAuthHeader extends VerifyAuthHeader {
    private String contextKey = "context";

    public void execute(IoHandlerCommand.NextCommand nextCommand, IoSession ioSession, Object obj) throws Exception {
        ChangePasswordContext changePasswordContext = (ChangePasswordContext) ioSession.getAttribute(getContextKey());
        ApplicationRequest authHeader = changePasswordContext.getAuthHeader();
        Ticket ticket = changePasswordContext.getTicket();
        Authenticator verifyAuthHeader = verifyAuthHeader(authHeader, ticket, (EncryptionKey) changePasswordContext.getServerEntry().getKeyMap().get(ticket.getEncPart().getEncryptionType()), changePasswordContext.getConfig().getAllowableClockSkew(), changePasswordContext.getReplayCache(), changePasswordContext.getConfig().isEmptyAddressesAllowed(), changePasswordContext.getClientAddress(), changePasswordContext.getCipherTextHandler(), KeyUsage.NUMBER11, false);
        if (((ChangePasswordRequest) changePasswordContext.getRequest()).getVersionNumber() == 1 && !ticket.getFlag(9)) {
            throw new ChangePasswordException(ErrorType.KRB5_KPASSWD_INITIAL_FLAG_NEEDED);
        }
        changePasswordContext.setAuthenticator(verifyAuthHeader);
        nextCommand.execute(ioSession, obj);
    }

    public String getContextKey() {
        return this.contextKey;
    }
}
