package com.ibm.msg.client.wmq.v6.direct.internal;

import com.ibm.disthub2.impl.client.BaseConfig;
import com.ibm.disthub2.impl.client.DebugObject;
import com.ibm.disthub2.impl.client.Logger;
import com.ibm.disthub2.impl.client.Security;
import com.ibm.disthub2.impl.formats.Framing;
import com.ibm.disthub2.impl.formats.MessageEncrypter;
import com.ibm.disthub2.impl.formats.MessageHandle;
import com.ibm.disthub2.impl.security.CryptoInstantiationException;
import com.ibm.disthub2.impl.security.MessageProtection;
import com.ibm.disthub2.impl.security.Qop;
import com.ibm.disthub2.impl.security.SecurityContext;
import com.ibm.disthub2.impl.util.ExceptionWrapper;
import com.ibm.disthub2.impl.util.Hex;
import com.ibm.disthub2.impl.util.Release;
import com.ibm.disthub2.spi.AuthException;
import com.ibm.disthub2.spi.AuthResult;
import com.ibm.disthub2.spi.ClientExceptionConstants;
import com.ibm.disthub2.spi.ClientLogConstants;
import com.ibm.disthub2.spi.ExceptionBuilder;
import com.ibm.disthub2.spi.ExceptionConstants;
import com.ibm.disthub2.spi.LogConstants;
import com.ibm.disthub2.spi.Principal;
import com.ibm.mq.jms.ISSLException;
import com.ibm.msg.client.commonservices.trace.Trace;
import java.io.IOException;
import java.net.Socket;
import java.util.Hashtable;
import java.util.Properties;

/* loaded from: input_file:lib/com.ibm.mqjms.jar:com/ibm/msg/client/wmq/v6/direct/internal/SxaSecurityImpl.class */
public class SxaSecurityImpl implements Security, ClientExceptionConstants, ClientLogConstants {
    static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-R36, 5724-L26, 5655-L82                (c) Copyright IBM Corp. 2008, 2011 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";
    private static final String sccsid = "@(#) MQMBID sn=p750-004-140807 su=_pY8W4B4HEeS1ypf5zzZGLw pn=com.ibm.msg.client.wmq.v6/src/com/ibm/msg/client/wmq/v6/direct/internal/SxaSecurityImpl.java";
    private static final DebugObject debug;
    protected ISSL issl;
    protected Object isslCreds;
    protected SecurityContext sc;
    protected Hashtable qopCache;
    protected static final Byte QOP_MINTEGRITY;
    protected static final Byte QOP_PRIVACY;
    protected Socket toAuth = null;
    BaseConfig baseConfig;

    /* loaded from: input_file:lib/com.ibm.mqjms.jar:com/ibm/msg/client/wmq/v6/direct/internal/SxaSecurityImpl$AuthTimer.class */
    static class AuthTimer implements Runnable {
        private SxaSecurityImpl instance;
        private long time;

        public AuthTimer(SxaSecurityImpl sxaSecurityImpl, long j) {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.AuthTimer", "<init>(SxaSecurityImpl,long)", new Object[]{sxaSecurityImpl, Long.valueOf(j)});
            }
            this.instance = sxaSecurityImpl;
            this.time = j;
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.AuthTimer", "<init>(SxaSecurityImpl,long)");
            }
        }

        @Override // java.lang.Runnable
        public void run() {
            if (Trace.isOn) {
                Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.AuthTimer", "run()");
            }
            try {
                synchronized (this.instance) {
                    this.instance.wait(this.time);
                    if (this.instance.toAuth != null) {
                        try {
                            this.instance.toAuth.shutdownInput();
                        } catch (Throwable th) {
                            if (Trace.isOn) {
                                Trace.catchBlock(this, "com.ibm.msg.client.wmq.v6.direct.internal.AuthTimer", "run()", th, 1);
                            }
                        }
                        try {
                            this.instance.toAuth.shutdownOutput();
                        } catch (Throwable th2) {
                            if (Trace.isOn) {
                                Trace.catchBlock(this, "com.ibm.msg.client.wmq.v6.direct.internal.AuthTimer", "run()", th2, 2);
                            }
                        }
                        this.instance.toAuth.close();
                    }
                }
            } catch (Throwable th3) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.msg.client.wmq.v6.direct.internal.AuthTimer", "run()", th3, 3);
                }
                if (Logger.logIt(LogConstants.LOG_MIN_TMFAIL)) {
                    Logger.log(LogConstants.LOG_MIN_TMFAIL, "SxaSecurityImpl", new Object[]{new ExceptionWrapper(th3)});
                }
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.AuthTimer", "run()");
            }
        }
    }

    /* loaded from: input_file:lib/com.ibm.mqjms.jar:com/ibm/msg/client/wmq/v6/direct/internal/SxaSecurityImpl$RealSecUsername.class */
    public class RealSecUsername implements Principal, AuthPrincipal {
        protected String m_login;
        protected String m_passwd;

        public RealSecUsername(String str, String str2) {
            if (Trace.isOn) {
                Object[] objArr = new Object[2];
                objArr[0] = str;
                objArr[1] = str2 == null ? str2 : "********";
                Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.RealSecUsername", "<init>(String,String)", objArr);
            }
            this.m_login = str;
            this.m_passwd = str2;
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.RealSecUsername", "<init>(String,String)");
            }
        }

        @Override // com.ibm.disthub2.spi.Principal
        public String toString() {
            return this.m_login;
        }

        @Override // com.ibm.disthub2.spi.Principal
        public int hashCode() {
            int i = 0;
            if (null != this.m_login) {
                i = this.m_login.hashCode();
            }
            return i;
        }

        @Override // com.ibm.disthub2.spi.Principal
        public String getName() {
            if (Trace.isOn) {
                Trace.data(this, "com.ibm.msg.client.wmq.v6.direct.internal.RealSecUsername", "getName()", "getter", this.m_login);
            }
            return this.m_login;
        }

        @Override // com.ibm.msg.client.wmq.v6.direct.internal.AuthPrincipal
        public String getPassword() {
            if (Trace.isOn) {
                Trace.data(this, "com.ibm.msg.client.wmq.v6.direct.internal.RealSecUsername", "getPassword()", "getter", this.m_passwd == null ? this.m_passwd : "********");
            }
            return this.m_passwd;
        }

        @Override // com.ibm.msg.client.wmq.v6.direct.internal.AuthPrincipal
        public Object getSSLCredentials() {
            if (Trace.isOn) {
                Trace.data(this, "com.ibm.msg.client.wmq.v6.direct.internal.RealSecUsername", "getSSLCredentials()", "getter", SxaSecurityImpl.this.isslCreds);
            }
            return SxaSecurityImpl.this.isslCreds;
        }

        @Override // com.ibm.disthub2.spi.Principal
        public boolean equals(Object obj) {
            if (obj == null || !(obj instanceof RealSecUsername)) {
                return false;
            }
            return this.m_login.equals(((RealSecUsername) obj).m_login);
        }
    }

    public SxaSecurityImpl(BaseConfig baseConfig) throws AuthException {
        this.issl = null;
        this.isslCreds = null;
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "<init>(BaseConfig)", new Object[]{baseConfig});
        }
        this.baseConfig = baseConfig;
        if (AuthBase.SSLrequired(AuthBase.parseAuthProtocols(this.baseConfig.AUTH_PROTOCOLS))) {
            try {
                this.issl = new JsseImpl();
                if (Trace.isOn) {
                    Trace.traceData(this, "Instantiated JsseImpl", (Object) null);
                }
                this.issl.setEnabledCipherSuites(this.baseConfig.SSL_CIPHER_SUITES);
                if (Trace.isOn) {
                    Trace.traceData(this, "Set cipherSuites", (Object) null);
                }
                JsseCredsImpl jsseCredsImpl = new JsseCredsImpl(this.baseConfig.SSL_SOCKET_FACTORY, this.baseConfig.SSL_PEER_NAME, this.baseConfig.SSL_CERT_STORES);
                if (Trace.isOn) {
                    Trace.traceData(this, "Created JsseCredsImpl object", (Object) null);
                }
                this.isslCreds = this.issl.createCredentials(jsseCredsImpl);
            } catch (ISSLException e) {
                if (Trace.isOn) {
                    Trace.catchBlock(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "<init>(BaseConfig)", e);
                }
                AuthException authException = new AuthException(1, new RuntimeException(ExceptionBuilder.buildReasonString(ExceptionConstants.ERR_MIN_SSLINST, new Object[]{new ExceptionWrapper(e)})), null);
                if (Trace.isOn) {
                    Trace.throwing(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "<init>(BaseConfig)", authException);
                }
                throw authException;
            }
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "<init>(BaseConfig)");
        }
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public Principal createPrincipal(String str, String str2) {
        if (Trace.isOn) {
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = str2 == null ? str2 : "********";
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "createPrincipal(String,String)", objArr);
        }
        RealSecUsername realSecUsername = new RealSecUsername(str == null ? "" : str, str2 == null ? "" : str2);
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "createPrincipal(String,String)", realSecUsername);
        }
        return realSecUsername;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public int authorize(Socket socket, Principal principal) throws IOException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "authorize(Socket,Principal)", new Object[]{socket, principal});
        }
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "authorize", socket);
        }
        try {
            Properties properties = new Properties();
            properties.put("release", "1.2");
            short[] parseAuthProtocols = AuthBase.parseAuthProtocols(this.baseConfig.AUTH_PROTOCOLS);
            if (this.baseConfig.AUTH_TIMEOUT > 0) {
                synchronized (this) {
                    this.toAuth = socket;
                    if (this.baseConfig.THREADER != null) {
                        this.baseConfig.THREADER.schedule(new AuthTimer(this, this.baseConfig.AUTH_TIMEOUT));
                    } else {
                        new Thread(new AuthTimer(this, this.baseConfig.AUTH_TIMEOUT)).start();
                    }
                }
            }
            AuthResult authenticate = new AuthClient(socket, (AuthPrincipal) principal, properties, parseAuthProtocols, this.issl).authenticate();
            if (this.baseConfig.AUTH_TIMEOUT > 0) {
                synchronized (this) {
                    this.toAuth = null;
                    notifyAll();
                }
            }
            int remoteRelease = Release.getRemoteRelease(authenticate.authMetaData.getProperty("release"));
            if (Boolean.valueOf(authenticate.authMetaData.getProperty("qop", "false")).booleanValue()) {
                this.baseConfig.ENABLE_QOP_SECURITY = true;
            }
            this.sc = new SecurityContext(principal, authenticate.sharedSecret, this.baseConfig.ENABLE_QOP_SECURITY);
            if (this.baseConfig.ENABLE_QOP_SECURITY) {
                this.qopCache = new Hashtable();
            }
            if (debug.debugIt(64)) {
                debug.debug(LogConstants.DEBUG_METHODEXIT, "authorize", Integer.valueOf(remoteRelease));
            }
            if (Trace.isOn) {
                Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "authorize(Socket,Principal)", Integer.valueOf(remoteRelease));
            }
            return remoteRelease;
        } catch (CryptoInstantiationException e) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "authorize(Socket,Principal)", e, 1);
            }
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "authorize", "Failed with exception: " + new ExceptionWrapper(e));
            }
            IOException iOException = new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_CPT_UNKEXC, new Object[]{e}));
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "authorize(Socket,Principal)", iOException, 1);
            }
            throw iOException;
        } catch (Exception e2) {
            if (Trace.isOn) {
                Trace.catchBlock(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "authorize(Socket,Principal)", e2, 2);
            }
            if (debug.debugIt(16)) {
                debug.debug(LogConstants.DEBUG_INFO, "authorize", "Failed with exception: " + new ExceptionWrapper(e2));
            }
            IOException iOException2 = new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_AUTHEXC, new Object[]{e2}));
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "authorize(Socket,Principal)", iOException2, 2);
            }
            throw iOException2;
        }
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public MessageEncrypter incoming(byte[] bArr) throws IOException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "incoming(byte [ ])", new Object[]{bArr});
        }
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "incoming", bArr);
        }
        MessageProtection messageProtection = null;
        if (this.baseConfig.ENABLE_QOP_SECURITY) {
            Qop.checkIntegrity(bArr, this.sc, false, this.baseConfig.ENABLE_QOP_SECURITY);
            if (Framing.qop(bArr) == 14) {
                MessageProtection mp = this.sc.getMP();
                Qop.sessionDecrypt(bArr, mp, this.sc.getServerKey(), this.sc.getDecryptIV());
                messageProtection = mp;
            }
        }
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "incoming", Hex.toString(bArr));
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "incoming", messageProtection);
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "incoming(byte [ ])", messageProtection);
        }
        return messageProtection;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public byte[] outgoing(MessageHandle messageHandle, byte b) throws IOException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "outgoing(MessageHandle,byte)", new Object[]{messageHandle, Byte.valueOf(b)});
        }
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "outgoing", messageHandle, Byte.valueOf(b));
        }
        if (!this.baseConfig.ENABLE_QOP_SECURITY && b != 1) {
            IOException iOException = new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_QOPDIS, null));
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "outgoing(MessageHandle,byte)", iOException);
            }
            throw iOException;
        }
        MessageProtection mp = b == 14 ? this.sc.getMP() : null;
        int overhead = Framing.overhead(b, this.sc.getMP(), false);
        int encodedLength = messageHandle.getEncodedLength(mp);
        byte[] bArr = new byte[overhead + encodedLength];
        int byteArray = messageHandle.toByteArray(bArr, overhead, encodedLength, mp);
        if (b != 14) {
            byteArray = 0;
        }
        if (b == 1) {
            Framing.frameMessage(bArr, messageHandle.getInterpreterId(), messageHandle.getEncodingSchema().getId(), bArr.length);
        } else {
            byte[] bArr2 = null;
            if ((b & 6) == 6) {
                bArr2 = Qop.computeDigest(bArr, overhead + byteArray, encodedLength - byteArray, this.sc.getMP());
            }
            Qop.frameMessage(bArr, messageHandle.getInterpreterId(), messageHandle.getEncodingSchema().getId(), b, b == 14 ? byteArray : -1, this.sc, bArr2, true, overhead + encodedLength);
            Qop.channelProtect(bArr, this.sc.getMP(), this.sc.getNextSendCount(), this.sc.getClientMAC());
        }
        if (debug.debugIt(16)) {
            debug.debug(LogConstants.DEBUG_INFO, "outgoing", Hex.toString(bArr));
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "outgoing", bArr);
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "outgoing(MessageHandle,byte)", bArr);
        }
        return bArr;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public byte[] framePropagationMessage(byte[] bArr) throws IOException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "framePropagationMessage(byte [ ])", new Object[]{bArr});
        }
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "framePropagationMessage", bArr);
        }
        int overhead = Framing.overhead(this.baseConfig.ENABLE_QOP_SECURITY ? (byte) 14 : (byte) 1, this.sc.getMP(), true);
        byte[] bArr2 = new byte[bArr.length + overhead];
        System.arraycopy(bArr, 0, bArr2, overhead, bArr.length);
        if (this.baseConfig.ENABLE_QOP_SECURITY) {
            Qop.framePropagationMessage(bArr2, this.sc, true, bArr2.length);
        } else {
            Framing.framePropagationMessage(bArr2, bArr2.length);
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "framePropagationMessage", bArr2);
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "framePropagationMessage(byte [ ])", bArr2);
        }
        return bArr2;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public byte getQop(MessageHandle messageHandle) {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "getQop(MessageHandle)", new Object[]{messageHandle});
        }
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "getQop", messageHandle);
        }
        byte b = 1;
        if (this.baseConfig.ENABLE_QOP_SECURITY) {
            int choice = messageHandle.getChoice(149);
            if (choice == 10) {
                b = Qop.getSingleHopControlRequiredQop(messageHandle.getChoice(162));
            } else if (choice != 1) {
                b = Qop.getPayloadRequiredQop(choice);
            } else {
                Byte b2 = (Byte) this.qopCache.get(messageHandle.getString(4));
                if (b2 != null) {
                    b = b2.byteValue();
                } else {
                    messageHandle.setBoolean(1, true);
                    b = 14;
                }
            }
        }
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "qopUpdate", Byte.valueOf(b));
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "getQop(MessageHandle)", Byte.valueOf(b));
        }
        return b;
    }

    @Override // com.ibm.disthub2.impl.client.Security
    public void qopUpdate(MessageHandle messageHandle) throws IOException {
        if (Trace.isOn) {
            Trace.entry(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "qopUpdate(MessageHandle)", new Object[]{messageHandle});
        }
        if (debug.debugIt(32)) {
            debug.debug(LogConstants.DEBUG_METHODENTRY, "qopUpdate", messageHandle);
        }
        if (this.qopCache == null) {
            IOException iOException = new IOException(ExceptionBuilder.buildReasonString(ClientExceptionConstants.ERR_MIN_QOPDIS, null));
            if (Trace.isOn) {
                Trace.throwing(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "qopUpdate(MessageHandle)", iOException);
            }
            throw iOException;
        }
        this.qopCache.put(messageHandle.getString(45), Byte.valueOf(messageHandle.getByte(44)));
        if (debug.debugIt(64)) {
            debug.debug(LogConstants.DEBUG_METHODEXIT, "qopUpdate");
        }
        if (Trace.isOn) {
            Trace.exit(this, "com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "qopUpdate(MessageHandle)");
        }
    }

    static {
        if (Trace.isOn) {
            Trace.data("com.ibm.msg.client.wmq.v6.direct.internal.SxaSecurityImpl", "static", "SCCS id", (Object) sccsid);
        }
        debug = new DebugObject("SxaSecurityImpl");
        QOP_MINTEGRITY = (byte) 6;
        QOP_PRIVACY = (byte) 14;
    }
}
