package com.ibm.mqe.attributes;

import com.ibm.mqe.MQe;
import com.ibm.mqe.MQeAttribute;
import com.ibm.mqe.MQeAuthenticator;
import com.ibm.mqe.MQeException;
import com.ibm.mqe.MQeExceptionCodes;
import com.ibm.mqe.MQeFields;
import com.ibm.mqe.MQeKey;
import com.ibm.mqe.MQeTrace;
import com.ibm.mqe.communications.MQeChannel;
import com.ibm.mqe.registry.MQeRegistry;
import com.ibm.mqe.sslite.CL3;
import java.math.BigInteger;
import java.util.Date;

/* compiled from: DashoA8173 */
/* loaded from: input_file:archive/orderentry.jar:com.ibm.pvc.samples.orderentry.server/MQeBundle.jar:com/ibm/mqe/attributes/MQeWTLSCertAuthenticator.class */
public class MQeWTLSCertAuthenticator extends MQeAuthenticator {
    public static short[] version = {2, 0, 1, 8};
    private BigInteger[] a = null;
    private boolean b = true;
    private MQeRegistry c = null;
    private MQeRegistry d = null;
    public String e = null;
    private static final boolean f = false;

    @Override // com.ibm.mqe.MQeAuthenticator
    public byte[] activateMaster(MQeChannel mQeChannel, MQeAttribute mQeAttribute) throws Exception {
        if (mQeChannel == null) {
            MQeRegistry registry = mQeAttribute.getRegistry();
            if (registry == null) {
                throw new MQeException(MQeExceptionCodes.Except_S_RegistryNotAvailable, "initiator's Registry not available");
            }
            MQeFields read = registry.read(MQeRegistry.MiniCert, new StringBuffer().append(registry.getRegistryName()).append(MQeListCertificates.f).toString());
            if (read == null || !read.contains("WTLS")) {
                MQeTrace.trace(this, (short) -4200, MQeTrace.GROUP_SECURITY, registry.getRegistryName());
                throw new MQeException(MQeExceptionCodes.Except_S_MiniCertNotAvailable, new StringBuffer().append(registry.getRegistryName()).append("'s MiniCert not found").toString());
            }
            try {
                a(new MQeWTLSCertificate(read.getArrayOfByte("WTLS")), registry);
                return null;
            } catch (Exception e) {
                throw new Exception(new StringBuffer().append("activateMaster exception = ").append(e.toString()).toString());
            }
        }
        new MQeFields();
        if (mQeChannel.getAttribute().getRegistry() == null) {
            throw new MQeException(MQeExceptionCodes.Except_S_RegistryNotAvailable, "initiator's Registry not available");
        }
        this.c = mQeChannel.getAttribute().getRegistry();
        String registryName = this.c.getRegistryName();
        MQeTrace.trace(this, (short) -4201, MQeTrace.GROUP_SECURITY, "Master", registryName);
        MQeFields read2 = this.c.read(MQeRegistry.MiniCert, new StringBuffer().append(registryName).append(MQeListCertificates.f).toString());
        if (read2 == null) {
            MQeTrace.trace(this, (short) -4202, MQeTrace.GROUP_SECURITY, registryName);
            throw new MQeException(MQeExceptionCodes.Except_S_MiniCertNotAvailable, new StringBuffer().append(registryName).append("'s MiniCert not found").toString());
        }
        MQeTrace.trace(this, (short) -4203, MQeTrace.GROUP_SECURITY, registryName);
        return read2.contains("WTLS") ? read2.getArrayOfByte("WTLS") : read2.dump();
    }

    @Override // com.ibm.mqe.MQeAuthenticator
    public void slaveResponse(MQeChannel mQeChannel, MQeAttribute mQeAttribute, byte[] bArr) throws Exception {
        if (mQeChannel == null) {
            return;
        }
        try {
            MQeWTLSCertificate mQeWTLSCertificate = new MQeWTLSCertificate(bArr);
            a(mQeWTLSCertificate, this.c);
            BigInteger[] a = mQeWTLSCertificate.a();
            MQeKey key = mQeAttribute.getKey(false);
            if (key != null && (key instanceof MQeSharedKey)) {
                key.setPublicKey(a[0].toByteArray());
            }
        } catch (MQeException e) {
            throw new Exception(new StringBuffer().append("SlaveResponse exception = ").append(e.toString()).toString());
        }
    }

    @Override // com.ibm.mqe.MQeAuthenticator
    public byte[] activateSlave(MQeChannel mQeChannel, MQeAttribute mQeAttribute, byte[] bArr) throws Exception {
        if (mQeChannel == null) {
            return null;
        }
        try {
            MQeTrace.trace(this, (short) -4204, MQeTrace.GROUP_SECURITY, "Master", new Integer(bArr.length).toString());
            this.b = false;
            if (mQeChannel.getAttribute().getRegistry() == null) {
                throw new MQeException(MQeExceptionCodes.Except_S_RegistryNotAvailable, "recipient's Registry not available");
            }
            if (mQeChannel.getAttribute().getKey(false) != null) {
                throw new MQeException(MQeExceptionCodes.Except_S_InvalidAttribute, "invalid attribute");
            }
            this.d = mQeChannel.getAttribute().getRegistry();
            MQeTrace.trace(this, (short) -4205, MQeTrace.GROUP_SECURITY, "Slave", this.d.getRegistryName());
            MQeWTLSCertificate mQeWTLSCertificate = new MQeWTLSCertificate(bArr);
            a(mQeWTLSCertificate, this.d);
            this.a = mQeWTLSCertificate.a();
            MQeSharedKey mQeSharedKey = new MQeSharedKey();
            mQeSharedKey.setPublicKey(this.a[0].toByteArray());
            mQeChannel.getAttribute().setKey(mQeSharedKey);
            String registryName = this.d.getRegistryName();
            MQeFields read = this.d.read(MQeRegistry.MiniCert, new StringBuffer().append(registryName).append(MQeListCertificates.f).toString());
            if (read == null || !read.contains("WTLS")) {
                MQeTrace.trace(this, (short) -4206, MQeTrace.GROUP_SECURITY, registryName);
                throw new MQeException(MQeExceptionCodes.Except_S_MiniCertNotAvailable, new StringBuffer().append(registryName).append("'s MiniCert not found").toString());
            }
            MQeTrace.trace(this, (short) -4207, MQeTrace.GROUP_SECURITY, registryName);
            return read.getArrayOfByte("WTLS");
        } catch (MQeException e) {
            throw new Exception(new StringBuffer().append("ActivateSlave exception = ").append(e.toString()).toString());
        }
    }

    public void a(MQeWTLSCertificate mQeWTLSCertificate, MQeRegistry mQeRegistry) throws Exception {
        a(mQeWTLSCertificate, mQeRegistry, false);
    }

    public void a(MQeWTLSCertificate mQeWTLSCertificate, MQeRegistry mQeRegistry, boolean z) throws Exception {
        byte[] toBeSigned = mQeWTLSCertificate.getToBeSigned();
        MQeTrace.trace(this, (short) -4214, MQeTrace.GROUP_SECURITY, new Integer(toBeSigned.length).toString());
        byte[] bArr = new byte[20];
        CL3.sha(null, toBeSigned, 0, toBeSigned.length, bArr, 0);
        MQeFields read = mQeRegistry.read(MQeRegistry.MiniCert, "MiniCertificateServer_MiniCertificate");
        if (read == null || !read.contains("WTLS")) {
            MQeTrace.trace(this, (short) -4215, MQeTrace.GROUP_SECURITY, "Mini-Certificate Server");
            throw new MQeException(MQeExceptionCodes.Except_S_MiniCertNotAvailable, "Mini-Certificate Server's certificate not found");
        }
        MQeWTLSCertificate mQeWTLSCertificate2 = new MQeWTLSCertificate(read.getArrayOfByte("WTLS"));
        CL3 b = mQeWTLSCertificate2.b();
        byte[] signature = mQeWTLSCertificate.getSignature();
        String subjectString = mQeWTLSCertificate.getSubjectString();
        int indexOf = subjectString.indexOf("; ");
        if (indexOf > -1) {
            subjectString = subjectString.substring(0, indexOf);
        }
        MQe.log((byte) 4, 1010, new StringBuffer().append(" > validating ").append(subjectString).append(" MiniCert").toString());
        if (!CL3.rsaVerify(b, CL3.RSA_ISO9796, null, bArr, 0, bArr.length, signature, 0, signature.length)) {
            MQeTrace.trace(this, (short) -4217, MQeTrace.GROUP_SECURITY, subjectString);
            MQe.log((byte) 1, 1010, new StringBuffer().append(" > error validating").append(subjectString).toString());
            throw new MQeException(MQeExceptionCodes.Except_S_InvalidSignature, new StringBuffer().append("MiniCert = ").append(subjectString).toString());
        }
        MQeTrace.trace(this, (short) -4216, MQeTrace.GROUP_SECURITY, subjectString);
        this.e = subjectString;
        MQe.log((byte) 0, 1010, new StringBuffer().append(" > ").append(subjectString).append(" MiniCert validated OK").toString());
        long time = new Date().getTime() / 1000;
        long notBefore = mQeWTLSCertificate.getNotBefore();
        long notAfter = mQeWTLSCertificate.getNotAfter();
        if (time <= notBefore - 3600 || time >= notAfter) {
            MQeTrace.trace(this, (short) -4219, MQeTrace.GROUP_SECURITY, subjectString);
            throw new MQeException(MQeExceptionCodes.Except_S_CertificateExpired, new StringBuffer().append("MiniCert = ").append(subjectString).toString());
        }
        MQeTrace.trace(this, (short) -4218, MQeTrace.GROUP_SECURITY, subjectString);
        if (!z || mQeWTLSCertificate2 == null) {
            return;
        }
        a(mQeWTLSCertificate2, mQeRegistry, false);
    }

    @Override // com.ibm.mqe.MQeAuthenticator
    public String authenticatedID() {
        return this.e;
    }

    @Override // com.ibm.mqe.MQeAuthenticator
    public boolean isRegistryRequired() throws MQeException {
        return true;
    }
}
