package com.ibm.mq.jms;

import com.ibm.disthub2.impl.client.BaseConfig;
import com.ibm.disthub2.impl.client.DebugObject;
import com.ibm.disthub2.impl.client.Logger;
import com.ibm.disthub2.impl.client.Security;
import com.ibm.disthub2.impl.formats.Envelop;
import com.ibm.disthub2.impl.formats.Framing;
import com.ibm.disthub2.impl.formats.MessageEncrypter;
import com.ibm.disthub2.impl.formats.MessageHandle;
import com.ibm.disthub2.impl.security.CryptoInstantiationException;
import com.ibm.disthub2.impl.security.MessageProtection;
import com.ibm.disthub2.impl.security.Qop;
import com.ibm.disthub2.impl.security.SecurityContext;
import com.ibm.disthub2.impl.util.ExceptionWrapper;
import com.ibm.disthub2.impl.util.Hex;
import com.ibm.disthub2.impl.util.Release;
import com.ibm.disthub2.spi.AuthException;
import com.ibm.disthub2.spi.AuthResult;
import com.ibm.disthub2.spi.ClientExceptionConstants;
import com.ibm.disthub2.spi.ClientLogConstants;
import com.ibm.disthub2.spi.ExceptionBuilder;
import com.ibm.disthub2.spi.ExceptionConstants;
import com.ibm.disthub2.spi.LogConstants;
import com.ibm.disthub2.spi.Principal;
import com.ibm.mq.jms.services.Trace;
import java.io.IOException;
import java.net.Socket;
import java.util.Hashtable;
import java.util.Properties;

/* loaded from: input_file:MQLib/com.ibm.mqjms.jar:com/ibm/mq/jms/SxaSecurityImpl.class */
public class SxaSecurityImpl implements Security, ClientExceptionConstants, ClientLogConstants {
    private static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-L82, 5724-L26 (c) Copyright IBM Corp. 1999, 2005 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final String sccsid = "@(#) jms/com/ibm/mq/jms/SxaSecurityImpl.java, disthub, j600, j600-200-060630 1.9.1.1 05/05/25 15:51:01";
    protected ISSL issl;
    protected Object isslCreds;
    protected SecurityContext sc;
    protected Hashtable qopCache;
    protected Socket toAuth = null;
    BaseConfig baseConfig;
    private static final DebugObject debug = new DebugObject("SxaSecurityImpl");
    protected static final Byte QOP_MINTEGRITY = new Byte((byte) 6);
    protected static final Byte QOP_PRIVACY = new Byte((byte) 14);

    /* loaded from: input_file:MQLib/com.ibm.mqjms.jar:com/ibm/mq/jms/SxaSecurityImpl$AuthTimer.class */
    static class AuthTimer implements Runnable {
        private SxaSecurityImpl instance;
        private long time;

        public AuthTimer(SxaSecurityImpl sxaSecurityImpl, long j) {
            this.instance = sxaSecurityImpl;
            this.time = j;
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                synchronized (this.instance) {
                    this.instance.wait(this.time);
                    if (this.instance.toAuth != null) {
                        try {
                            this.instance.toAuth.shutdownInput();
                        } catch (Throwable th) {
                        }
                        try {
                            this.instance.toAuth.shutdownOutput();
                        } catch (Throwable th2) {
                        }
                        this.instance.toAuth.close();
                    }
                }
            } catch (Throwable th3) {
                if (Logger.logIt(LogConstants.LOG_MIN_TMFAIL)) {
                    Logger.log(LogConstants.LOG_MIN_TMFAIL, "SxaSecurityImpl", new Object[]{new ExceptionWrapper(th3)});
                }
            }
        }
    }

    /* loaded from: input_file:MQLib/com.ibm.mqjms.jar:com/ibm/mq/jms/SxaSecurityImpl$RealSecUsername.class */
    public class RealSecUsername implements Principal, AuthPrincipal {
        protected String m_login;
        protected String m_passwd;
        private final SxaSecurityImpl this$0;

        public RealSecUsername(SxaSecurityImpl sxaSecurityImpl, String str, String str2) {
            this.this$0 = sxaSecurityImpl;
            this.m_login = str;
            this.m_passwd = str2;
        }

        @Override // com.ibm.disthub2.spi.Principal
        public String toString() {
            return this.m_login;
        }

        @Override // com.ibm.disthub2.spi.Principal
        public int hashCode() {
            return this.m_login.hashCode();
        }

        @Override // com.ibm.disthub2.spi.Principal
        public String getName() {
            return this.m_login;
        }

        @Override // com.ibm.mq.jms.AuthPrincipal
        public String getPassword() {
            return this.m_passwd;
        }

        @Override // com.ibm.mq.jms.AuthPrincipal
        public Object getSSLCredentials() {
            return this.this$0.isslCreds;
        }

        @Override // com.ibm.disthub2.spi.Principal
        public boolean equals(Object obj) {
            try {
                return this.m_login.equals(((RealSecUsername) obj).m_login);
            } catch (Exception e) {
                return false;
            }
        }
    }

    public SxaSecurityImpl(BaseConfig baseConfig) throws AuthException {
        this.issl = null;
        this.isslCreds = null;
        if (Trace.isOn) {
            Trace.entry(this, "SxaSecurityImpl");
        }
        this.baseConfig = baseConfig;
        if (AuthBase.SSLrequired(AuthBase.parseAuthProtocols(this.baseConfig.AUTH_PROTOCOLS))) {
            try {
                this.issl = new JsseImpl();
                if (Trace.isOn()) {
                    Trace.trace(this, "Instantiated JsseImpl");
                }
                this.issl.setEnabledCipherSuites(this.baseConfig.SSL_CIPHER_SUITES);
                if (Trace.isOn()) {
                    Trace.trace(this, "Set cipherSuites");
                }
                JsseCredsImpl jsseCredsImpl = new JsseCredsImpl(this.baseConfig.SSL_SOCKET_FACTORY, this.baseConfig.SSL_PEER_NAME, this.baseConfig.SSL_CERT_STORES);
                if (Trace.isOn()) {
                    Trace.trace(this, "Created JsseCredsImpl object");
                }
                this.isslCreds = this.issl.createCredentials(jsseCredsImpl);
            } catch (ISSLException e) {
                if (Trace.isOn) {
                    Trace.exit(this, "sxaSecurity");
                }
                throw new AuthException(1, new RuntimeException(ExceptionBuilder.buildReasonString(ExceptionConstants.ERR_MIN_SSLINST, new Object[]{new ExceptionWrapper(e)})), null);
            }
        }
        if (Trace.isOn) {
            Trace.exit(this, "SxaSecurityImpl");
        }
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public Principal createPrincipal(String str, String str2) {
        return new RealSecUsername(this, str == null ? "" : str, str2 == null ? "" : str2);
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public int authorize(Socket socket, Principal principal) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "authorize", socket);
        }
        try {
            Properties properties = new Properties();
            properties.put("release", "1.2");
            short[] parseAuthProtocols = AuthBase.parseAuthProtocols(this.baseConfig.AUTH_PROTOCOLS);
            if (this.baseConfig.AUTH_TIMEOUT > 0) {
                synchronized (this) {
                    this.toAuth = socket;
                    if (this.baseConfig.THREADER != null) {
                        this.baseConfig.THREADER.schedule(new AuthTimer(this, this.baseConfig.AUTH_TIMEOUT));
                    } else {
                        new Thread(new AuthTimer(this, this.baseConfig.AUTH_TIMEOUT)).start();
                    }
                }
            }
            AuthResult authenticate = new AuthClient(socket, (AuthPrincipal) principal, properties, parseAuthProtocols, this.issl).authenticate();
            if (this.baseConfig.AUTH_TIMEOUT > 0) {
                synchronized (this) {
                    this.toAuth = null;
                    notifyAll();
                }
            }
            int remoteRelease = Release.getRemoteRelease(authenticate.authMetaData.getProperty("release"));
            if (Boolean.valueOf(authenticate.authMetaData.getProperty("qop", "false")).booleanValue()) {
                this.baseConfig.ENABLE_QOP_SECURITY = true;
            }
            this.sc = new SecurityContext(principal, authenticate.sharedSecret, this.baseConfig.ENABLE_QOP_SECURITY);
            if (this.baseConfig.ENABLE_QOP_SECURITY) {
                this.qopCache = new Hashtable();
            }
            if (debug.debugIt(64)) {
                debug.debug(LogConstants.DEBUG_METHODEXIT, "authorize", new Integer(remoteRelease));
            }
            return remoteRelease;
        } catch (CryptoInstantiationException e) {
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "authorize", new StringBuffer().append("Failed with exception: ").append(new ExceptionWrapper(e)).toString());
            }
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_CPT_UNKEXC, new Object[]{e}));
        } catch (Exception e2) {
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "authorize", new StringBuffer().append("Failed with exception: ").append(new ExceptionWrapper(e2)).toString());
            }
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_AUTHEXC, new Object[]{e2}));
        }
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public MessageEncrypter incoming(byte[] bArr) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "incoming", bArr);
        }
        MessageProtection messageProtection = null;
        if (this.baseConfig.ENABLE_QOP_SECURITY) {
            Qop.checkIntegrity(bArr, this.sc, false, this.baseConfig.ENABLE_QOP_SECURITY);
            if (Framing.qop(bArr) == 14) {
                MessageProtection mp = this.sc.getMP();
                Qop.sessionDecrypt(bArr, mp, this.sc.getServerKey(), this.sc.getDecryptIV());
                messageProtection = mp;
            }
        }
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "incoming", Hex.toString(bArr));
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "incoming", messageProtection);
        }
        return messageProtection;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public byte[] outgoing(MessageHandle messageHandle, byte b) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "outgoing", messageHandle, new Byte(b));
        }
        if (!this.baseConfig.ENABLE_QOP_SECURITY && b != 1) {
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_QOPDIS, null));
        }
        MessageProtection mp = b == 14 ? this.sc.getMP() : null;
        int overhead = Framing.overhead(b, this.sc.getMP(), false);
        int encodedLength = messageHandle.getEncodedLength(mp);
        byte[] bArr = new byte[overhead + encodedLength];
        int byteArray = messageHandle.toByteArray(bArr, overhead, encodedLength, mp);
        if (b != 14) {
            byteArray = 0;
        }
        if (b == 1) {
            Framing.frameMessage(bArr, messageHandle.getInterpreterId(), messageHandle.getEncodingSchema().getId(), bArr.length);
        } else {
            byte[] bArr2 = null;
            if ((b & 6) == 6) {
                bArr2 = Qop.computeDigest(bArr, overhead + byteArray, encodedLength - byteArray, this.sc.getMP());
            }
            Qop.frameMessage(bArr, messageHandle.getInterpreterId(), messageHandle.getEncodingSchema().getId(), b, b == 14 ? byteArray : -1, this.sc, bArr2, true, overhead + encodedLength);
            Qop.channelProtect(bArr, this.sc.getMP(), this.sc.getNextSendCount(), this.sc.getClientMAC());
        }
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "outgoing", Hex.toString(bArr));
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "outgoing", bArr);
        }
        return bArr;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public byte[] framePropagationMessage(byte[] bArr) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "framePropagationMessage", bArr);
        }
        int overhead = Framing.overhead(this.baseConfig.ENABLE_QOP_SECURITY ? (byte) 14 : (byte) 1, this.sc.getMP(), true);
        byte[] bArr2 = new byte[bArr.length + overhead];
        System.arraycopy(bArr, 0, bArr2, overhead, bArr.length);
        if (this.baseConfig.ENABLE_QOP_SECURITY) {
            Qop.framePropagationMessage(bArr2, this.sc, true, bArr2.length);
        } else {
            Framing.framePropagationMessage(bArr2, bArr2.length);
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "framePropagationMessage", bArr2);
        }
        return bArr2;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public byte getQop(MessageHandle messageHandle) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "getQop", messageHandle);
        }
        byte b = 1;
        if (this.baseConfig.ENABLE_QOP_SECURITY) {
            int choice = messageHandle.getChoice(Envelop.Constants.payload);
            if (choice == 10) {
                b = Qop.getSingleHopControlRequiredQop(messageHandle.getChoice(162));
            } else if (choice != 1) {
                b = Qop.getPayloadRequiredQop(choice);
            } else {
                Byte b2 = (Byte) this.qopCache.get(messageHandle.getString(4));
                if (b2 != null) {
                    b = b2.byteValue();
                } else {
                    messageHandle.setBoolean(1, true);
                    b = 14;
                }
            }
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "qopUpdate", new Byte(b));
        }
        return b;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public void qopUpdate(MessageHandle messageHandle) throws IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "qopUpdate", messageHandle);
        }
        if (this.qopCache == null) {
            throw new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_QOPDIS, null));
        }
        this.qopCache.put(messageHandle.getString(45), new Byte(messageHandle.getByte(44)));
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "qopUpdate");
        }
    }
}
