package com.ibm.mq.jms;

import com.ibm.disthub2.impl.client.DebugObject;
import com.ibm.disthub2.impl.util.Assert;
import com.ibm.disthub2.spi.AuthException;
import com.ibm.disthub2.spi.AuthResult;
import com.ibm.disthub2.spi.ClientExceptionConstants;
import com.ibm.disthub2.spi.ExceptionBuilder;
import com.ibm.disthub2.spi.LogConstants;
import com.ibm.disthub2.spi.PrincipalDirectory;
import com.ibm.mq.jms.AuthBase;
import java.io.IOException;
import java.net.Socket;
import java.util.Arrays;
import java.util.Properties;

/* loaded from: input_file:MQLib/com.ibm.mqjms.jar:com/ibm/mq/jms/AuthClient.class */
public class AuthClient extends AuthBase {
    private static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-L82, 5724-L26     (c) Copyright IBM Corp. 1999, 2005 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final String sccsid = "@(#) jms/com/ibm/mq/jms/AuthClient.java, disthub, j600, j600-200-060630 1.6.1.1 05/05/25 16:01:11";
    protected static DebugObject debug = new DebugObject("AuthClient");

    public AuthClient(Socket socket, AuthPrincipal authPrincipal, Properties properties, short[] sArr, ISSL issl) {
        this.sock = socket;
        this.credentials = authPrincipal;
        this.metaData = properties;
        this.cfgProtos = sArr;
        this.xssl = issl;
        this.role = false;
    }

    public AuthResult authenticate() throws AuthException {
        try {
            setupDataStreams();
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "runClient", "Starting client auth protocol...");
                for (int i = 0; i < this.cfgProtos.length; i++) {
                    debug.debug(LogConstants.DEBUG_INFO, "runClient", new StringBuffer().append("Client proto: ").append(i).append(" ").append((int) this.cfgProtos[i]).append(" (").append((char) (this.cfgProtos[i] >> 8)).append(")").toString());
                }
            }
            new AuthBase.Hello(this.cfgProtos).writeMsg(this.ostr);
            AuthBase.MsgBase readMsg = xDummy.readMsg(this.istr);
            short type = readMsg.getType();
            if (type == 88) {
                termException((AuthBase.AuthExceptionMsg) readMsg);
            }
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "runClient", new StringBuffer().append("Server requests proto (").append(readMsg.getClass()).append(") : ").append((int) type).append(" (").append((char) (type >> 8)).append(")").toString());
            }
            short s = 0;
            if (this.cfgProtos != null) {
                int i2 = 0;
                while (true) {
                    if (i2 >= this.cfgProtos.length) {
                        break;
                    }
                    if (type == this.cfgProtos[i2]) {
                        s = type;
                        break;
                    }
                    i2++;
                }
            }
            this.whichProto = s;
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "runClient", new StringBuffer().append("Running client with protocol: ").append((int) s).append(" (").append((char) (s >> 8)).append(")").toString());
            }
            AuthResult authResult = null;
            switch (s) {
                case 67:
                    authResult = clntChallengeUP(readMsg);
                    break;
                case 99:
                    authResult = clntChallengeUP(readMsg);
                    break;
                case PrincipalDirectory.CHALLENGE_MPR /* 19779 */:
                    authResult = clntChallengeMPR(readMsg);
                    break;
                case PrincipalDirectory.CHALLENGE_SSL_PURE /* 21059 */:
                    authResult = clntChallengeSSLPure(readMsg);
                    break;
                case PrincipalDirectory.CHALLENGE_SSL_UP /* 21315 */:
                    authResult = clntChallengeSSLUP(readMsg);
                    break;
                default:
                    termException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_AUTH_BDPROTO, new Object[]{new Short(s)}), 1);
                    break;
            }
            if (debug.debugIt(64)) {
                debug.debug(LogConstants.DEBUG_METHODEXIT, "runClient", authResult);
            }
            return authResult;
        } catch (AuthException e) {
            termException(e);
            Assert.condition(false);
            return null;
        } catch (IOException e2) {
            throw new AuthException(2, e2, null);
        }
    }

    protected AuthResult clntChallengeUP(AuthBase.MsgBase msgBase) throws AuthException, IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "clntChallengeUP", msgBase);
        }
        new AuthBase.ReplyUP(this.credentials.getName(), this.credentials.getPassword(), transformPropObj(this.metaData)).writeMsg(this.ostr);
        close_ostr();
        AuthBase.MsgBase readMsg = xDummy.readMsg(this.istr);
        if (readMsg.getType() != 111 && readMsg.getType() != 79) {
            termWrongMsg(readMsg);
        }
        AuthBase.OkayUP okayUP = (AuthBase.OkayUP) readMsg;
        AuthResult authResult = new AuthResult();
        authResult.authPrincipal = new DefaultPrincipal(okayUP.serverId, "");
        authResult.authMetaData = transformPropString(okayUP.serverXid);
        authResult.sharedSecret = "NOT A GOOD SECRET!".getBytes();
        cleanup();
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "clntChallengeUP", authResult);
        }
        return authResult;
    }

    protected AuthResult clntChallengeMPR(AuthBase.MsgBase msgBase) throws AuthException, IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "clntChallengeMPR", msgBase);
        }
        AuthBase.ChallengeMPR challengeMPR = (AuthBase.ChallengeMPR) msgBase;
        String str = challengeMPR.serverId;
        String str2 = challengeMPR.serverXid;
        byte[] random = random(20);
        String name = this.credentials.getName();
        String password = this.credentials.getPassword();
        String transformPropObj = transformPropObj(this.metaData);
        mutualPasswordMacs(password, str, str2, challengeMPR.Rs, name, transformPropObj, random);
        new AuthBase.ResponseAndCounter(name, transformPropObj, random, this.macClnt).writeMsg(this.ostr);
        close_ostr();
        AuthBase.MsgBase readMsg = xDummy.readMsg(this.istr);
        if (readMsg.getType() != 19791) {
            termWrongMsg(readMsg);
        }
        if (!Arrays.equals(((AuthBase.OkayResponse) readMsg).MacS, this.macServ)) {
            termException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_AUTH_FLDSRV, null), 3);
        }
        AuthResult authResult = new AuthResult();
        authResult.authPrincipal = new DefaultPrincipal(str, "");
        authResult.authMetaData = transformPropString(str2);
        authResult.sharedSecret = this.sessionSecret;
        Assert.condition(this.sessionSecret != null);
        cleanup();
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "clntChallengeMPR", authResult);
        }
        return authResult;
    }

    protected AuthResult clntChallengeSSLUP(AuthBase.MsgBase msgBase) throws AuthException, IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "clntChallengeSSLUP", msgBase);
        }
        sslStart(false, (short) 21315);
        byte[] random = random(20);
        new AuthBase.ReplySSLUP(this.credentials.getName(), this.credentials.getPassword(), transformPropObj(this.metaData), random).writeMsg(this.ostr);
        close_ostr();
        AuthBase.MsgBase readMsg = xDummy.readMsg(this.istr);
        if (readMsg.getType() != 21327) {
            termWrongMsg(readMsg);
        }
        AuthBase.OkaySSLUP okaySSLUP = (AuthBase.OkaySSLUP) readMsg;
        String extractUserID = this.sslSession.extractUserID();
        if (extractUserID == null) {
            extractUserID = okaySSLUP.serverId;
        }
        sslDeriveSessionKey(this.sslSession, okaySSLUP.Rs, random);
        AuthResult authResult = new AuthResult();
        authResult.authPrincipal = new DefaultPrincipal(extractUserID, "");
        authResult.authMetaData = transformPropString(okaySSLUP.serverXid);
        authResult.sharedSecret = this.sessionSecret;
        Assert.condition(authResult.sharedSecret != null);
        cleanup();
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "clntChallengeSSLUP", authResult);
        }
        return authResult;
    }

    protected AuthResult clntChallengeSSLPure(AuthBase.MsgBase msgBase) throws AuthException, IOException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "clntChallengeSSLPure", msgBase);
        }
        sslStart(false, (short) 21059);
        byte[] random = random(20);
        String name = this.credentials.getName();
        this.credentials.getPassword();
        new AuthBase.ReplySSLPure(name, "", transformPropObj(this.metaData), random).writeMsg(this.ostr);
        close_ostr();
        AuthBase.MsgBase readMsg = xDummy.readMsg(this.istr);
        if (readMsg.getType() != 21071) {
            termWrongMsg(readMsg);
        }
        AuthBase.OkaySSLPure okaySSLPure = (AuthBase.OkaySSLPure) readMsg;
        String extractUserID = this.sslSession.extractUserID();
        if (extractUserID == null) {
            extractUserID = okaySSLPure.serverId;
        }
        sslDeriveSessionKey(this.sslSession, okaySSLPure.Rs, random);
        AuthResult authResult = new AuthResult();
        authResult.authPrincipal = new DefaultPrincipal(extractUserID, "");
        authResult.authMetaData = transformPropString(okaySSLPure.serverXid);
        authResult.sharedSecret = this.sessionSecret;
        Assert.condition(authResult.sharedSecret != null);
        cleanup();
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "clntChallengeSSLPure", authResult);
        }
        return authResult;
    }
}
