package com.ibm.mqe.attributes;

import com.ibm.mqe.MQe;
import com.ibm.mqe.MQeAttribute;
import com.ibm.mqe.MQeAttributeRule;
import com.ibm.mqe.MQeAuthenticator;
import com.ibm.mqe.MQeCompressor;
import com.ibm.mqe.MQeCryptor;
import com.ibm.mqe.MQeException;
import com.ibm.mqe.MQeFields;
import com.ibm.mqe.MQeKey;
import com.ibm.mqe.MQeTrace;
import com.ibm.mqe.communications.MQeChannel;
import com.ibm.mqe.registry.MQePrivateRegistry;
import com.ibm.mqe.registry.MQePublicRegistry;
import com.ibm.mqe.registry.MQeRegistry;
import java.math.BigInteger;
import java.util.Date;

/* compiled from: DashoA8173 */
/* loaded from: input_file:bundlefiles/MQeBundle.jar:com/ibm/mqe/attributes/MQeMTrustAttribute.class */
public class MQeMTrustAttribute extends MQeAttribute {
    public static final String c = "¨";
    public static final String d = "©";
    public static final String e = "ª";
    public static final String f = "«";
    public static final String g = "¬";
    public static final String h = "\u00ad";
    public static final String i = "®";
    public static short[] version = {2, 0, 0, 6};
    private static BigInteger[] m = null;
    protected MQePublicRegistry a = null;
    protected MQeRegistry b = null;
    protected String j = null;
    protected String k = null;
    private boolean l = true;

    public MQeMTrustAttribute(MQeAuthenticator mQeAuthenticator, MQeCryptor mQeCryptor, MQeCompressor mQeCompressor) throws MQeException {
        setAuthenticator(null);
        if (mQeCryptor == null) {
            throw new MQeException(2, "invalid cryptor");
        }
        if (!MQeAttribute.isValidCryptorForMsgAttr(mQeCryptor.type())) {
            throw new MQeException(2, "invalid cryptor");
        }
        setCryptor(mQeCryptor);
        setCompressor(mQeCompressor);
    }

    public void setPublicRegistry(MQePublicRegistry mQePublicRegistry) throws MQeException {
        if (this.a != null) {
            throw new MQeException(12, "illegal SetPublicRegistry");
        }
        this.a = mQePublicRegistry;
    }

    public void setPrivateRegistry(MQePrivateRegistry mQePrivateRegistry) throws MQeException {
        if (this.b != null) {
            throw new MQeException(12, "illegal SetPrivateRegistry");
        }
        this.b = mQePrivateRegistry;
    }

    public void setHomeServer(String str) {
        setHomeServer(str, "Network");
    }

    public void setHomeServer(String str, String str2) {
        this.j = str;
        this.k = str2;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void setTarget(String str) throws MQeException {
        super.setTarget(str);
    }

    @Override // com.ibm.mqe.MQeAttribute
    public byte[] encodeData(MQeChannel mQeChannel, byte[] bArr, int i2, int i3) throws Exception {
        if (bArr == null) {
            return bArr;
        }
        MQeFields mQeFields = new MQeFields();
        MQeFields mQeFields2 = new MQeFields();
        byte[] bArr2 = new byte[20];
        byte[] bArr3 = new byte[16];
        if (this.b == null || this.a == null) {
            MQeTrace.trace(this, (short) -3606, 131072L, "sender or recipient Registry not available");
            throw new MQeException(506, "cannot protect data, sender or recipient Registry not available");
        }
        CL.sha(null, bArr, 0, bArr.length, bArr2, 0);
        byte[] crtKeySign = this.b.crtKeySign(bArr2);
        mQeFields2.putArrayOfByte(c, bArr);
        mQeFields2.putArrayOfByte("©", bArr2);
        mQeFields2.putArrayOfByte("ª", crtKeySign);
        MQeKey.random(bArr3, 0, 16);
        MQeKey key = getKey(false);
        if (key == null) {
            key = new MQeKey();
            setKey(key);
        }
        key.setLocalKey(MQe.byteToAscii(bArr3));
        mQeFields.putArrayOfByte("«", getCryptor().encrypt(null, this, mQeFields2.dump()));
        if (getTarget() == null) {
            setTarget(this.b.getTargetRegistryName());
            if (getTarget() == null) {
                throw new MQeException(306, "target registry name not available");
            }
        }
        MQeTrace.trace(this, (short) -3600, 131072L, getTarget());
        MQeFields mQeFields3 = null;
        try {
            mQeFields3 = this.a.getCertificate(getTarget());
            if (mQeFields3 != null) {
                MQeTrace.trace(this, (short) -3601, 131072L, getTarget(), this.a.getRegistryName());
            } else {
                MQeTrace.trace(this, (short) -3602, 131072L, null);
                if (this.j != null) {
                    MQeTrace.trace(this, (short) -3603, 131072L, this.j);
                    mQeFields3 = this.a.requestCertificate(getTarget(), this.j, this.k);
                } else {
                    MQeTrace.trace(this, (short) -3604, 131072L, this.j);
                }
            }
        } catch (Exception e2) {
            MQeTrace.trace(this, (short) -3605, 131072L, "target (recipient) Mini Certificate not available");
        }
        if (mQeFields3 == null || !mQeFields3.contains("WTLS")) {
            throw new MQeException(505, "cannot protect data, target Mini Certificate not available");
        }
        MQeWTLSCertificate mQeWTLSCertificate = new MQeWTLSCertificate(mQeFields3.getArrayOfByte("WTLS"));
        a(getTarget(), mQeWTLSCertificate);
        mQeFields.putArrayOfByte("¬", MQeSharedKey.a(mQeWTLSCertificate.a(), bArr3));
        mQeFields.putAscii("\u00ad", this.b.getRegistryName());
        mQeFields.putAscii("®", getTarget());
        return mQeFields.dump();
    }

    @Override // com.ibm.mqe.MQeAttribute
    public byte[] decodeData(MQeChannel mQeChannel, byte[] bArr, int i2, int i3) throws Exception {
        if (bArr == null) {
            return bArr;
        }
        MQeFields mQeFields = new MQeFields();
        MQeFields mQeFields2 = new MQeFields();
        byte[] bArr2 = new byte[20];
        mQeFields.restore(bArr);
        String ascii = mQeFields.getAscii("\u00ad");
        if (this.b == null || this.a == null) {
            MQeTrace.trace(this, (short) -3618, 131072L, new StringBuffer().append(mQeFields.getAscii("®")).append("sender or recipient Registry not available").toString());
            throw new MQeException(506, "cannot recover data sender or recipient Registry not available");
        }
        if (!mQeFields.getAscii("®").equals(this.b.getRegistryName())) {
            MQeTrace.trace(this, (short) -3608, 131072L, mQeFields.getAscii("®"), this.b.getRegistryName());
            throw new MQeException(506, "intended recipient's PrivateRegistry not available");
        }
        MQeTrace.trace(this, (short) -3607, 131072L, this.b.getRegistryName());
        byte[] crtKeyDec = this.b.crtKeyDec(mQeFields.getArrayOfByte("¬"));
        MQeKey key = getKey(false);
        if (key == null) {
            key = new MQeKey();
            setKey(key);
        }
        key.setLocalKey(MQe.byteToAscii(crtKeyDec));
        mQeFields2.restore(getCryptor().decrypt(null, this, mQeFields.getArrayOfByte("«")));
        CL.sha(null, mQeFields2.getArrayOfByte(c), 0, mQeFields2.getArrayOfByte(c).length, bArr2, 0);
        if (!MQe.byteToHex(mQeFields2.getArrayOfByte("©")).equals(MQe.byteToHex(bArr2))) {
            MQeTrace.trace(this, (short) -3617, 131072L, ascii);
            throw new MQeException(507, new StringBuffer().append("validating data from ").append(ascii).append(", data tampering detected").toString());
        }
        MQeTrace.trace(this, (short) -3609, 131072L, ascii);
        MQeFields mQeFields3 = null;
        try {
            mQeFields3 = this.a.getCertificate(ascii);
            if (mQeFields3 != null) {
                MQeTrace.trace(this, (short) -3610, 131072L, ascii);
            } else {
                MQeTrace.trace(this, (short) -3611, 131072L, null);
                if (this.j != null) {
                    MQeTrace.trace(this, (short) -3612, 131072L, this.j);
                    mQeFields3 = this.a.requestCertificate(ascii, this.j, this.k);
                } else {
                    MQeTrace.trace(this, (short) -3613, 131072L, this.j);
                }
            }
        } catch (Exception e2) {
            MQeTrace.trace(this, (short) -3614, 131072L, new StringBuffer().append(ascii).append(" MiniCert not available").toString());
        }
        if (mQeFields3 == null || !mQeFields3.contains("WTLS")) {
            throw new MQeException(505, "cannot recover data, sender's MiniCert not available");
        }
        MQeWTLSCertificate mQeWTLSCertificate = new MQeWTLSCertificate(mQeFields3.getArrayOfByte("WTLS"));
        a(ascii, mQeWTLSCertificate);
        BigInteger[] a = mQeWTLSCertificate.a();
        byte[] arrayOfByte = mQeFields2.getArrayOfByte("ª");
        if (CL.verifyISO9796(a, bArr2, 0, bArr2.length, arrayOfByte, 0, arrayOfByte.length)) {
            MQeTrace.trace(this, (short) -3615, 131072L, ascii);
            return mQeFields2.getArrayOfByte(c);
        }
        MQeTrace.trace(this, (short) -3616, 131072L, ascii);
        throw new MQeException(502, new StringBuffer().append("validating data from ").append(ascii).append(",bad signature").toString());
    }

    public void validateCertificate(boolean z) {
        this.l = z;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void close(MQeChannel mQeChannel) {
        super.close(mQeChannel);
    }

    private void a(String str, MQeWTLSCertificate mQeWTLSCertificate) throws Exception {
        if (this.l) {
            MQeTrace.trace(this, (short) -3626, 131072L, str);
            b();
            byte[] toBeSigned = mQeWTLSCertificate.getToBeSigned();
            MQeTrace.trace(this, (short) -3627, 131072L, new Integer(toBeSigned.length).toString());
            byte[] bArr = new byte[20];
            CL.sha(null, toBeSigned, 0, toBeSigned.length, bArr, 0);
            byte[] signature = mQeWTLSCertificate.getSignature();
            String subjectString = mQeWTLSCertificate.getSubjectString();
            int indexOf = subjectString.indexOf("; ");
            if (indexOf > -1) {
                subjectString = subjectString.substring(0, indexOf);
            }
            MQe.log((byte) 4, 1010, new StringBuffer().append(" > validating ").append(subjectString).append(" MiniCert").toString());
            if (!CL.verifyISO9796(m, bArr, 0, bArr.length, signature, 0, signature.length)) {
                MQeTrace.trace(this, (short) -3629, 131072L, subjectString);
                MQe.log((byte) 1, 1010, new StringBuffer().append(" > error validating").append(subjectString).toString());
                throw new MQeException(502, new StringBuffer().append("MiniCert = ").append(subjectString).toString());
            }
            MQeTrace.trace(this, (short) -3628, 131072L, subjectString);
            MQe.log((byte) 0, 1010, new StringBuffer().append(" > ").append(subjectString).append(" MiniCert validated OK").toString());
            if (!str.equals(subjectString)) {
                MQeTrace.trace(this, (short) -3630, 131072L, str, subjectString);
                throw new MQeException(510, new StringBuffer().append("Bad subject name in certificate ").append(str).toString());
            }
            long time = new Date().getTime() / 1000;
            long notBefore = mQeWTLSCertificate.getNotBefore();
            long notAfter = mQeWTLSCertificate.getNotAfter();
            if (time <= notBefore - 3600 || time >= notAfter) {
                MQeTrace.trace(this, (short) -3632, 131072L, subjectString);
                throw new MQeException(503, new StringBuffer().append("MiniCert = ").append(subjectString).toString());
            }
            MQeTrace.trace(this, (short) -3631, 131072L, subjectString);
        }
    }

    private void b() throws Exception {
        if (m == null) {
            MQeFields read = this.b.read(MQeRegistry.MiniCert, "MiniCertificateServer_MiniCertificate");
            if (read == null || !read.contains("WTLS")) {
                MQeTrace.trace(this, (short) -3633, 1L, "Mini-Certificate Server's");
                throw new MQeException(505, "cannot validate msg, Mini-Cert Server's certificate not available");
            }
            m = new MQeWTLSCertificate(read.getArrayOfByte("WTLS")).a();
        }
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void activate(MQeAttributeRule mQeAttributeRule, MQeAuthenticator mQeAuthenticator, MQeCryptor mQeCryptor, MQeCompressor mQeCompressor) {
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void activateMaster(MQeChannel mQeChannel, MQeFields mQeFields) throws Exception {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void slaveResponse(MQeChannel mQeChannel, MQeFields mQeFields) throws Exception {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void activateSlave(MQeChannel mQeChannel, MQeFields mQeFields, MQeFields mQeFields2) throws Exception {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public boolean isAcceptable(MQeAttribute mQeAttribute) {
        return false;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public synchronized void change(MQeChannel mQeChannel, MQeAttributeRule mQeAttributeRule, MQeAttribute mQeAttribute) throws Exception {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public MQeFields processControl(MQeChannel mQeChannel, MQeFields mQeFields) throws Exception {
        throw new MQeException(2, "Not supported");
    }

    protected void a() throws Exception {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public MQeAttributeRule getRule() {
        return null;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public String authenticatedID() {
        return null;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public MQeFields query() throws Exception {
        throw new MQeException(2, "Not supported");
    }

    public static MQeAttribute queryReply(MQeFields mQeFields) throws Exception {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void setRegistry(MQeRegistry mQeRegistry) throws MQeException {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public MQeRegistry getRegistry() {
        return null;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public int channelState() {
        return 0;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void setChannelState(int i2) throws Exception {
        throw new MQeException(2, "Not supported");
    }

    @Override // com.ibm.mqe.MQeAttribute
    public int sequenceNumber(boolean z) {
        return 0;
    }

    @Override // com.ibm.mqe.MQeAttribute
    public void checkKey() throws MQeException {
        if (this.b == null || this.a == null) {
            throw new MQeException(508, "Private or public registry not set!");
        }
    }
}
