package com.ibm.disthubmq.impl.security;

import com.ibm.disthubmq.impl.client.BaseConfig;
import com.ibm.disthubmq.impl.client.DebugObject;
import com.ibm.disthubmq.impl.client.Security;
import com.ibm.disthubmq.impl.formats.ByteSequence;
import com.ibm.disthubmq.impl.formats.Framing;
import com.ibm.disthubmq.impl.formats.MessageEncrypter;
import com.ibm.disthubmq.impl.formats.SchemaCursor;
import com.ibm.disthubmq.impl.formats.TupleCursor;
import com.ibm.disthubmq.impl.net.ISocket;
import com.ibm.disthubmq.spi.ClientExceptionConstants;
import com.ibm.disthubmq.spi.ClientLogConstants;
import com.ibm.disthubmq.spi.ExceptionBuilder;
import com.ibm.disthubmq.spi.LogConstants;
import com.ibm.disthubmq.spi.Principal;
import com.ibm.disthubmq.spi.PrincipalDirectory;
import java.io.IOException;
import java.util.Hashtable;

/* loaded from: input_file:MQLib/com.ibm.mqjms.jar:com/ibm/disthubmq/impl/security/RealSecurity.class */
public final class RealSecurity implements Security, ClientExceptionConstants, ClientLogConstants {
    private String user;
    private String passwd;
    private SecurityContext sc;
    private Hashtable qopCache;
    private static final DebugObject debug = new DebugObject("RealSecurity");
    private static final MinCrypto crypto = new MinCrypto();
    private static final Byte QOP_MINTEGRITY = new Byte((byte) 6);
    private static final Byte QOP_PRIVACY = new Byte((byte) 14);

    /* loaded from: input_file:MQLib/com.ibm.mqjms.jar:com/ibm/disthubmq/impl/security/RealSecurity$RealSecUsername.class */
    public class RealSecUsername implements Principal {
        protected String m_login;
        private final RealSecurity this$0;

        public RealSecUsername(RealSecurity realSecurity, String str) {
            this.this$0 = realSecurity;
            this.m_login = str;
        }

        @Override // com.ibm.disthubmq.spi.Principal
        public String toString() {
            return this.m_login;
        }

        @Override // com.ibm.disthubmq.spi.Principal
        public int hashCode() {
            return this.m_login.hashCode();
        }

        @Override // com.ibm.disthubmq.spi.Principal
        public String getName() {
            return this.m_login;
        }

        @Override // com.ibm.disthubmq.spi.Principal
        public boolean equals(Object obj) {
            try {
                return this.m_login.equals(((RealSecUsername) obj).m_login);
            } catch (Exception e) {
                return false;
            }
        }
    }

    public RealSecurity(String str, String str2) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "RealSecurity", str, "********");
        }
        this.user = str == null ? "" : str;
        this.passwd = str2 == null ? "" : str2;
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "RealSecurity");
        }
    }

    @Override // com.ibm.disthubmq.impl.client.Security
    public int authorize(ISocket iSocket) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "authorize", iSocket);
        }
        try {
            if (BaseConfig.authProtocols == null) {
                BaseConfig.authProtocols = AuthProtocol.parseAuthProtocols(BaseConfig.AUTH_PROTOCOLS);
            }
            AuthProtocol authProtocol = new AuthProtocol(this.user, this.passwd, iSocket, (PrincipalDirectory) null, crypto);
            authProtocol.cfgProtos = BaseConfig.authProtocols;
            authProtocol.runClient();
            int remoteRelease = authProtocol.getRemoteRelease();
            if (authProtocol.getRequireQOP()) {
                BaseConfig.ENABLE_QOP_SECURITY = true;
            }
            this.sc = new SecurityContext(new RealSecUsername(this, this.user), authProtocol.sessionSecret, authProtocol.getRequireQOP());
            if (BaseConfig.ENABLE_QOP_SECURITY) {
                this.qopCache = new Hashtable();
                this.qopCache.put(BaseConfig.getClientToServerControlMessageTopic("subscribe"), QOP_PRIVACY);
                this.qopCache.put(BaseConfig.getClientToServerControlMessageTopic("unsubscribe"), QOP_MINTEGRITY);
                this.qopCache.put(BaseConfig.getClientToServerControlMessageTopic("startDelivery"), QOP_MINTEGRITY);
                this.qopCache.put(BaseConfig.getClientToServerControlMessageTopic("stopDelivery"), QOP_MINTEGRITY);
                this.qopCache.put(BaseConfig.getClientToServerControlMessageTopic("disconnect"), QOP_MINTEGRITY);
            }
            if (debug.debugIt(64)) {
                debug.debug(LogConstants.DEBUG_METHODEXIT, "authorize", new Integer(remoteRelease));
            }
            return remoteRelease;
        } catch (CryptoInstantiationException e) {
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_CPT_UNKEXC, new Object[]{e}));
        } catch (Exception e2) {
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_AUTHEXC, new Object[]{e2}));
        }
    }

    @Override // com.ibm.disthubmq.impl.client.Security
    public MessageEncrypter incoming(byte[] bArr) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "incoming", bArr);
        }
        MessageProtection messageProtection = null;
        if (BaseConfig.ENABLE_QOP_SECURITY) {
            Qop.checkIntegrity(bArr, this.sc, false);
            if (Framing.qop(bArr) == 14) {
                MessageProtection mp = this.sc.getMP();
                Qop.sessionDecrypt(bArr, mp, this.sc.getServerKey(), this.sc.getDecryptIV());
                messageProtection = mp;
            }
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "incoming", messageProtection);
        }
        return messageProtection;
    }

    @Override // com.ibm.disthubmq.impl.client.Security
    public byte[] outgoing(SchemaCursor schemaCursor, byte b) throws IOException {
        byte[] frameMessage;
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "outgoing", schemaCursor, new Byte(b));
        }
        if (!BaseConfig.ENABLE_QOP_SECURITY && b != 1) {
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_QOPDIS, null));
        }
        ByteSequence byteSequence = new ByteSequence();
        int i = 0;
        if (b == 14) {
            i = schemaCursor.encode(byteSequence, 0, this.sc.getMP());
        } else {
            schemaCursor.encode(byteSequence, 0, null);
        }
        if (b == 1) {
            frameMessage = Framing.frameMessage(byteSequence, schemaCursor.getInterpreterId(), schemaCursor.getSchema().getId());
        } else {
            byte[] bArr = null;
            if ((b & 6) == 6) {
                bArr = Qop.computeDigest(byteSequence.linearize(), i, byteSequence.length - i, this.sc.getMP());
            }
            frameMessage = Qop.frameMessage(byteSequence, schemaCursor.getInterpreterId(), schemaCursor.getSchema().getId(), b, b == 14 ? i : -1, this.sc, bArr, true);
            Qop.channelProtect(frameMessage, this.sc.getMP(), this.sc.getNextSendCount(), this.sc.getClientMAC());
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "outgoing", frameMessage);
        }
        return frameMessage;
    }

    @Override // com.ibm.disthubmq.impl.client.Security
    public byte[] framePropagationMessage(ByteSequence byteSequence) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "framePropagationMessage", byteSequence);
        }
        byte[] framePropagationMessage = BaseConfig.ENABLE_QOP_SECURITY ? Qop.framePropagationMessage(byteSequence, this.sc, true) : Framing.framePropagationMessage(byteSequence);
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "framePropagationMessage", framePropagationMessage);
        }
        return framePropagationMessage;
    }

    @Override // com.ibm.disthubmq.impl.client.Security
    public byte getQop(SchemaCursor schemaCursor) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "getQop", schemaCursor);
        }
        byte b = 1;
        if (BaseConfig.ENABLE_QOP_SECURITY) {
            TupleCursor contents = schemaCursor.getContents();
            int choice = contents.getChoice(7);
            if (choice == 10) {
                b = Qop.getSingleHopControlRequiredQop(contents.getContents(7).getChoice(1));
            } else if (choice != 1) {
                b = Qop.getPayloadRequiredQop(choice);
            } else {
                Byte b2 = (Byte) this.qopCache.get(contents.getString(5));
                if (b2 != null) {
                    b = b2.byteValue();
                } else {
                    contents.setBoolean(1, true);
                    b = 14;
                }
            }
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "qopUpdate", new Byte(b));
        }
        return b;
    }

    @Override // com.ibm.disthubmq.impl.client.Security
    public void qopUpdate(SchemaCursor schemaCursor) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "qopUpdate", schemaCursor);
        }
        if (this.qopCache == null) {
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_QOPDIS, null));
        }
        TupleCursor contents = schemaCursor.getContents().getContents(7);
        this.qopCache.put(contents.getString(1), new Byte(contents.getByte(0)));
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "qopUpdate");
        }
    }
}
