package com.ibm.disthub2.impl.security;

import com.ibm.disthub2.impl.client.DebugObject;
import com.ibm.disthub2.impl.formats.Envelop;
import com.ibm.disthub2.impl.formats.Framing;
import com.ibm.disthub2.impl.util.ArrayUtil;
import com.ibm.disthub2.impl.util.Assert;
import com.ibm.disthub2.impl.util.Hex;
import com.ibm.disthub2.spi.ClientExceptionConstants;
import com.ibm.disthub2.spi.ClientLogConstants;
import com.ibm.disthub2.spi.ExceptionBuilder;
import com.ibm.disthub2.spi.LogConstants;

/* loaded from: input_file:lib/dhbcore.jar:com/ibm/disthub2/impl/security/Qop.class */
public class Qop implements ClientLogConstants, ClientExceptionConstants, Envelop.Constants {
    private static final String copyright = "Licensed Material - Property of IBM \n5648-C63 (c) Copyright IBM Corp. 2000, 2001 - All Rights Reserved. \nUS Government Users Restricted Rights - Use, duplication or disclosure \nrestricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final DebugObject debug = new DebugObject("Qop");

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    public static byte getPayloadRequiredQop(int i) {
        byte b;
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "getPayloadRequiredQop", new Integer(i));
        }
        switch (i) {
            case 1:
            case 10:
                Assert.failure("Qop.getPayloadRequiredQop(): invalid payload type");
                b = 1;
                break;
            case 2:
            case 3:
                b = 2;
                break;
            case 4:
            case 7:
            case 8:
                b = 14;
                break;
            case 5:
            case 6:
                b = 6;
                break;
            case 9:
            default:
                b = 1;
                break;
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "getPayloadRequiredQop", new Byte(b));
        }
        return b;
    }

    public static byte getSingleHopControlRequiredQop(int i) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "getSingleHopControlRequiredQop", new Integer(i));
        }
        byte b = 1;
        switch (i) {
            case 1:
            case 2:
            case 11:
            case 14:
            case 15:
            case 34:
            case 35:
                b = 14;
                break;
            case 3:
            case 4:
            case 5:
            case 6:
            case 7:
            case 8:
            case 9:
            case 10:
                b = 6;
                break;
            case 12:
            case 13:
            case 16:
            case 17:
            case 18:
            case 19:
            case 20:
            case 21:
            case 22:
            case 23:
            case 24:
            case 25:
            case 26:
            case 27:
            case 28:
            case 29:
            case 30:
            case 31:
            case 32:
            case 33:
            default:
                Assert.failure("Qop.getSingleHopControlRequiredQop: SingleHopControl with unknown body type - are we in compatibility mode?");
                break;
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "getSingleHopControlRequiredQop", new Byte(b));
        }
        return b;
    }

    public static boolean isPrivate(byte b) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "isPrivate", new Byte(b));
        }
        boolean z = (b & 14) == 14;
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "isNoProtection", new Boolean(z));
        }
        return z;
    }

    public static boolean isMessageIntegrity(byte b) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "isMessageIntegrity", new Byte(b));
        }
        boolean z = (b & 6) == 6;
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "isNoProtection", new Boolean(z));
        }
        return z;
    }

    public static boolean isChannelIntegrity(byte b) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "isChannelIntegrity", new Byte(b));
        }
        boolean z = (b & 2) == 2;
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "isNoProtection", new Boolean(z));
        }
        return z;
    }

    public static boolean isNoProtection(byte b) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "isNoProtection", new Byte(b));
        }
        boolean z = b == 1;
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "isNoProtection", new Boolean(z));
        }
        return z;
    }

    public static void checkIntegrity(byte[] bArr, SecurityContext securityContext, boolean z, boolean z2) throws IntegrityCompromisedException, SecurityGeneralException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "checkIntegrity", bArr, securityContext, new Boolean(z));
        }
        byte b = bArr[6];
        if (b != 1 && b != 2 && b != 6 && b != 14) {
            throw new IntegrityCompromisedException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_SEC_BDQOP, new Object[]{new Byte(b)}));
        }
        if (b != 1 && !z2) {
            throw new IntegrityCompromisedException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_SEC_UNCQOP, new Object[]{new Byte(b)}));
        }
        if ((b & 1) != 0) {
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", "No QOP on message, skipping integrity check");
            }
            if (debug.debugIt(64)) {
                debug.debug(LogConstants.DEBUG_METHODEXIT, "checkIntegrity");
                return;
            }
            return;
        }
        if (!securityContext.useQOP) {
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", "QOP > SA_NONE but QOP disabled, throwing exception");
            }
            throw new SecurityGeneralException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_SEC_UNCQOP, new Object[]{new Byte(b)}));
        }
        MessageProtection mp = securityContext.getMP();
        int fullLength = Framing.fullLength(bArr);
        byte b2 = bArr[7];
        int computeDigestOffset = Framing.computeDigestOffset(bArr);
        byte[] bArr2 = new byte[computeDigestOffset + 8];
        System.arraycopy(bArr, 0, bArr2, 8, computeDigestOffset);
        if ((b & 6) == 6) {
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", new StringBuffer().append("hashLen=").append((int) b2).append(", msgLen=").append(fullLength).append(", channelRegion=").append(computeDigestOffset).toString());
                debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", new StringBuffer().append("Testing digest on frame: ").append(Hex.toString(bArr, computeDigestOffset, fullLength - computeDigestOffset)).toString());
            }
            byte[] extractDigest = extractDigest(bArr, mp);
            System.arraycopy(extractDigest, 0, bArr2, 16, extractDigest.length);
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", new StringBuffer().append("QOP = MINTEGRITY, computed hash: ").append(Hex.toString(bArr2, 16, (int) b2)).toString());
            }
        } else {
            for (int i = 0; i < b2; i++) {
                bArr2[i + 8 + 8] = 0;
            }
        }
        long nextRcvCount = securityContext.getNextRcvCount();
        ArrayUtil.writeLong(bArr2, 0, nextRcvCount);
        Object[] clientMAC = z ? securityContext.getClientMAC() : securityContext.getServerMAC();
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", new StringBuffer().append("QOP = CINTEGRITY, pre-mac frame: ").append(Hex.toString(bArr2)).toString());
        }
        mp.hmac(clientMAC, bArr2, 0, bArr2.length, bArr2, 16);
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", new StringBuffer().append("QOP = CINTEGRITY, seq: ").append(nextRcvCount).append(" computed mac: ").append(Hex.toString(bArr2, 16, mp.digestLength())).append(" hash region length: ").append(bArr2.length).append(" inner key: ").append(clientMAC[0].toString()).append(" outer key: ").append(clientMAC[1].toString()).toString());
        }
        if (!mp.compareBuffers(bArr, 8, bArr2, 16, b2)) {
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", "Channel and/or message integrity compromised, throwing exception");
            }
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "checkIntegrity", new StringBuffer().append("Msg QOP: ").append((int) b).append(" msg type: ").append(ArrayUtil.readLong(bArr, Framing.bodyOffset(bArr))).toString());
            }
            throw new IntegrityCompromisedException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_SEC_INTQOP, null));
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "checkIntegrity");
        }
    }

    public static void sessionEncrypt(byte[] bArr, int i, int i2, MessageProtection messageProtection, Object obj, byte[] bArr2) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "sessionEncrypt", bArr, new Integer(i), new Integer(i2), messageProtection, obj, bArr2);
        }
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "sessionEncrypt", new StringBuffer().append("Session encrypting message with sksl: ").append(i2).toString());
        }
        messageProtection.encrypt(obj, bArr2, bArr, i, i2, bArr, i);
        ArrayUtil.writeInt(bArr, i - 4, i2);
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "sessionEncrypt");
        }
    }

    public static void sessionDecrypt(byte[] bArr, MessageProtection messageProtection, Object obj, byte[] bArr2) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "sessionDecrypt", bArr, messageProtection, obj, bArr2);
        }
        Assert.condition(Framing.qop(bArr) == 14);
        int sksl = Framing.sksl(bArr) + 10;
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "sessionDecrypt", new StringBuffer().append("Session decrypting message with sksl: ").append(sksl).toString());
        }
        int i = bArr[7] + 8 + 4;
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "sessionDecrypt", new StringBuffer().append("Pre decryption frame: ").append(Hex.toString(bArr, i, sksl)).toString());
        }
        messageProtection.decrypt(obj, bArr2, bArr, i, sksl, bArr, i);
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "sessionDecrypt", new StringBuffer().append("Post decryption frame: ").append(Hex.toString(bArr, i, sksl)).toString());
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "sessionDecrypt");
        }
    }

    public static void channelProtect(byte[] bArr, MessageProtection messageProtection, long j, Object[] objArr) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "channelProtect", bArr, messageProtection, new Long(j), objArr);
        }
        Framing.qop(bArr);
        messageProtection.digestLength();
        int computeDigestOffset = Framing.computeDigestOffset(bArr);
        byte[] bArr2 = new byte[computeDigestOffset + 8];
        System.arraycopy(bArr, 0, bArr2, 8, computeDigestOffset);
        ArrayUtil.writeLong(bArr2, 0, j);
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "channelProtect", new StringBuffer().append("pre-mac frame: ").append(Hex.toString(bArr2)).toString());
        }
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "channelProtect", new StringBuffer().append("Attaching channel protection -> count: ").append(j).append(" to hash: ").append(Hex.toString(bArr2, 0, bArr2.length)).append(" hash region length: ").append(bArr2.length).append(" inner key: ").append(objArr[0].toString()).append(" outer key: ").append(objArr[1].toString()).toString());
        }
        messageProtection.hmac(objArr, bArr2, 0, bArr2.length, bArr, 8);
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "channelProtect", new StringBuffer().append("Attached channel protection -> count: ").append(j).append(" hash: ").append(Hex.toString(bArr, 8, messageProtection.digestLength())).append(" hash region length: ").append(bArr2.length).append(" inner key: ").append(objArr[0].toString()).append(" outer key: ").append(objArr[1].toString()).toString());
            debug.debug(LogConstants.DEBUG_INFO, "channelProtect", new StringBuffer().append("Final frame: ").append(Hex.toString(bArr)).toString());
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "channelProtect");
        }
    }

    public static byte[] computeDigest(byte[] bArr, int i, int i2, MessageProtection messageProtection) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "computeDigest", bArr, new Integer(i), new Integer(i2), messageProtection);
        }
        byte[] bArr2 = new byte[messageProtection.digestLength()];
        messageProtection.digest(null, bArr, i, i2, bArr2, 0);
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "computeDigest", bArr2);
        }
        return bArr2;
    }

    public static byte[] extractDigest(byte[] bArr, MessageProtection messageProtection) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "extractDigest", bArr, messageProtection);
        }
        byte[] bArr2 = new byte[messageProtection.digestLength()];
        Assert.condition((bArr[6] & 6) == 6);
        int fullLength = Framing.fullLength(bArr);
        int computeDigestOffset = Framing.computeDigestOffset(bArr);
        messageProtection.digest(null, bArr, computeDigestOffset, fullLength - computeDigestOffset, bArr2, 0);
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "extractDigest", bArr2);
        }
        return bArr2;
    }

    public static void framePropagationMessage(byte[] bArr, SecurityContext securityContext, boolean z, int i) {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "framePropagationMessage", bArr, securityContext, new Boolean(z), new Integer(i));
        }
        MessageProtection mp = securityContext.getMP();
        int overhead = Framing.overhead((byte) 14, mp, true);
        ArrayUtil.writeShort(bArr, overhead - 2, (short) -1);
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "framePropagationMessage", new StringBuffer().append("Propagation frame contents: ").append(Hex.toString(bArr, 0, i)).toString());
        }
        sessionEncrypt(bArr, overhead - 2, i - (overhead - 2), mp, z ? securityContext.getClientKey() : securityContext.getServerKey(), securityContext.getEncryptIV());
        Framing.attachDigest(bArr, computeDigest(bArr, 0, 0, mp));
        Framing.frame(bArr, i, (byte) 14);
        channelProtect(bArr, mp, securityContext.getNextSendCount(), z ? securityContext.getClientMAC() : securityContext.getServerMAC());
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "framePropagationMessage");
        }
    }

    public static void frameMessage(byte[] bArr, short s, long j, byte b, int i, SecurityContext securityContext, byte[] bArr2, boolean z, int i2) throws SecurityGeneralException {
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "frameMessage", new Object[]{bArr, new Short(s), new Long(j), new Byte(b), new Integer(i), securityContext, bArr2, new Boolean(z), new Integer(i2)});
        }
        int overhead = Framing.overhead(b, securityContext.getMP(), false);
        ArrayUtil.writeShort(bArr, overhead - 10, s);
        ArrayUtil.writeLong(bArr, overhead - 8, j);
        int i3 = i + 10;
        MessageProtection mp = securityContext.getMP();
        Object clientKey = z ? securityContext.getClientKey() : securityContext.getServerKey();
        switch (b) {
            case 2:
                Framing.attachDigest(bArr, new byte[mp.digestLength()]);
                break;
            case 14:
                sessionEncrypt(bArr, overhead - 10, i3, mp, clientKey, securityContext.getEncryptIV());
            case 6:
                Assert.condition(bArr2.length == mp.digestLength());
                Framing.attachDigest(bArr, bArr2);
                break;
        }
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "frameMessage", new StringBuffer().append("QOP: ").append((int) b).toString());
        }
        Framing.frame(bArr, i2, b);
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "frameMessage");
        }
    }

    public static String debugPrint(byte b) {
        String str;
        str = "flags[ ";
        str = isPrivate(b) ? new StringBuffer().append(str).append("SA_PRIVACY ").toString() : "flags[ ";
        if (isMessageIntegrity(b)) {
            str = new StringBuffer().append(str).append("SA_MINTEGRITY ").toString();
        }
        if (isChannelIntegrity(b)) {
            str = new StringBuffer().append(str).append("SA_CINTEGRITY ").toString();
        }
        if (isNoProtection(b)) {
            str = new StringBuffer().append(str).append("SA_NONE ").toString();
        }
        return new StringBuffer().append(str).append("]").toString();
    }
}
