package com.sun.admin.cis.service.security;

import com.sun.admin.cis.common.AdminCommonTools;
import com.sun.admin.cis.common.AdminException;
import com.sun.admin.cis.server.AdminServerLibrary;
import java.security.PublicKey;

/* loaded from: input_file:109413-09/SUNWseamj/reloc/SUNWseam/3_0/admswt10.jar:com/sun/admin/cis/service/security/DigestServerSecurityContext.class */
public class DigestServerSecurityContext extends ServerSecurityContext {
    private boolean signing;
    private boolean integrity;
    private PublicKey clientkey;
    private byte[] serverchg;
    private byte[] clientchg;
    private byte[] sessionkey;
    private byte[] hashpswd;
    private byte[] salt;
    private String userpswd;
    private static final char[] hex = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public DigestServerSecurityContext(DigestAuthFlavor digestAuthFlavor) throws AdminSecurityException {
        super(digestAuthFlavor);
        this.clientkey = null;
        this.userpswd = null;
        this.serverchg = null;
        this.clientchg = null;
        this.sessionkey = null;
        this.hashpswd = null;
        this.salt = null;
        this.integrity = false;
    }

    @Override // com.sun.admin.cis.service.security.ServerSecurityContext
    public boolean verifyAuthFlavor(AuthenticationFlavor authenticationFlavor) throws AdminSecurityException {
        boolean z = true;
        boolean z2 = false;
        DigestAuthFlavor digestAuthFlavor = null;
        try {
            digestAuthFlavor = (DigestAuthFlavor) authenticationFlavor;
        } catch (Exception unused) {
            writeLog(2, "LM_1030", "LM_1037", authenticationFlavor.getAuthTypeName(), AuthenticationFlavor.ADM_AUTH_DIGEST_NAME);
            z = false;
        }
        DigestAuthFlavor digestAuthFlavor2 = (DigestAuthFlavor) getAuthFlavor();
        while (true) {
            if (!z) {
                break;
            }
            if (digestAuthFlavor.getAuthType() != 1) {
                writeLog(2, "LM_1030", "LM_1037", digestAuthFlavor.getAuthTypeName(), AuthenticationFlavor.ADM_AUTH_DIGEST_NAME);
                break;
            }
            if (!digestAuthFlavor2.getDigestAlgorithm().equals(digestAuthFlavor.getDigestAlgorithm())) {
                writeLog(2, "LM_1030", "LM_1038", digestAuthFlavor.getDigestAlgorithm(), digestAuthFlavor2.getDigestAlgorithm());
                break;
            }
            if (!digestAuthFlavor2.getSignatureAlgorithm().equals(digestAuthFlavor.getSignatureAlgorithm())) {
                writeLog(2, "LM_1030", "LM_1039", digestAuthFlavor.getSignatureAlgorithm(), digestAuthFlavor2.getSignatureAlgorithm());
                break;
            }
            if (!digestAuthFlavor2.getKeyGenerationAlgorithm().equals(digestAuthFlavor.getKeyGenerationAlgorithm())) {
                writeLog(2, "LM_1030", "LM_1040", digestAuthFlavor.getKeyGenerationAlgorithm(), digestAuthFlavor2.getKeyGenerationAlgorithm());
                break;
            }
            if (digestAuthFlavor2.getKeyStrength() != digestAuthFlavor.getKeyStrength()) {
                writeLog(2, "LM_1030", "LM_1041", new Integer(digestAuthFlavor.getKeyStrength()).toString(), new Integer(digestAuthFlavor2.getKeyStrength()).toString());
                break;
            }
            z2 = true;
            z = false;
        }
        if (!z2) {
            AdminCommonTools.CMN_Trace1("Security service: authentication flavor mismatch");
        }
        return z2;
    }

    @Override // com.sun.admin.cis.service.security.ServerSecurityContext
    public SecurityToken verifyRequest(RequestSecurityToken requestSecurityToken) throws AdminSecurityException {
        this.clientkey = null;
        this.serverchg = null;
        this.clientchg = null;
        this.sessionkey = null;
        this.hashpswd = null;
        this.userpswd = null;
        this.salt = null;
        AdminCommonTools.CMN_Trace3("Security service: verifying authentication request...");
        String str = null;
        String str2 = null;
        String str3 = null;
        AdminPrincipal adminPrincipal = requestSecurityToken.getAdminPrincipal();
        setAdminPrincipal(adminPrincipal);
        setClientHost(requestSecurityToken.getClientHost());
        if (adminPrincipal != null) {
            str = adminPrincipal.getUserName();
            adminPrincipal.getDomainName();
            if (str != null) {
                try {
                    str2 = AdminServerLibrary.getEncryptedPassword(str);
                    if (str2 == null || str2.trim().length() == 0) {
                        AdminCommonTools.CMN_Trace1(new StringBuffer("Security service: cannot access user password for ").append(adminPrincipal.getName()).toString());
                        logBadUser();
                        throw new AdminAuthenticationException(adminPrincipal.getName());
                    }
                    str3 = str2.substring(0, 2);
                } catch (AdminException unused) {
                    writeLog(2, "LM_1030", "LM_1031");
                    throw new AdminAuthenticationException(adminPrincipal.getName());
                }
            } else {
                adminPrincipal = null;
            }
        }
        if (adminPrincipal == null) {
            writeLog(2, "LM_1030", "LM_1032");
            AdminCommonTools.CMN_Trace1("Security service: null or invalid admin principal identity");
            throw new AdminSecurityException("EXSS_BUI");
        }
        this.hashpswd = str2.getBytes();
        this.salt = str3.getBytes();
        AdminCommonTools.CMN_Trace3(new StringBuffer("   Client user identity=").append(str).toString());
        this.serverchg = new byte[16];
        DigestSecurityUtil.getRandomBytes(this.serverchg);
        PublicKey publicKey = DigestSecurityUtil.getPublicKey();
        AdminCommonTools.CMN_Trace3(new StringBuffer("   challenge=").append(toHex(this.serverchg)).toString());
        AdminCommonTools.CMN_Trace3(new StringBuffer("   salt=").append(str3).toString());
        DigestResponseSecurityToken digestResponseSecurityToken = new DigestResponseSecurityToken(getSecurityId());
        digestResponseSecurityToken.setChallenge(this.serverchg);
        digestResponseSecurityToken.setPasswordSalt(this.salt);
        digestResponseSecurityToken.setServerKey(publicKey);
        setAuthState(2);
        return digestResponseSecurityToken;
    }

    @Override // com.sun.admin.cis.service.security.ServerSecurityContext
    public SecurityToken verifyAuthenticator(AuthenticatorSecurityToken authenticatorSecurityToken) throws AdminSecurityException {
        try {
            DigestAuthenticatorSecurityToken digestAuthenticatorSecurityToken = (DigestAuthenticatorSecurityToken) authenticatorSecurityToken;
            byte[] messageDigest = digestAuthenticatorSecurityToken.getMessageDigest();
            byte[] authenticatorDigest = digestAuthenticatorSecurityToken.getAuthenticatorDigest();
            byte[] sessionDigest = digestAuthenticatorSecurityToken.getSessionDigest();
            this.clientchg = digestAuthenticatorSecurityToken.getChallenge();
            this.clientkey = digestAuthenticatorSecurityToken.getClientKey();
            AdminCommonTools.CMN_Trace3("Security service:  verifying authenticator...");
            AdminCommonTools.CMN_Trace3(new StringBuffer("   msg  digest=").append(toHex(messageDigest)).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   auth digest=").append(toHex(authenticatorDigest)).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   sess digest=").append(toHex(sessionDigest)).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   client chal=").append(toHex(this.clientchg)).toString());
            byte[] generateDigest = DigestSecurityUtil.generateDigest(this.serverchg, this.hashpswd, null);
            try {
                byte[] decryptPassword = DigestSecurityUtil.decryptPassword(generateDigest, messageDigest);
                this.userpswd = AdminSecurityUtil.hashPassword(new String(decryptPassword));
                try {
                    this.sessionkey = DigestSecurityUtil.encryptDigest(sessionDigest, generateDigest);
                    byte[] encoded = this.clientkey.getEncoded();
                    if (encoded == null) {
                        encoded = this.clientkey.toString().getBytes();
                    }
                    byte[] generateDigest2 = DigestSecurityUtil.generateDigest(messageDigest, encoded, decryptPassword);
                    for (int i = 0; i < decryptPassword.length; i++) {
                        decryptPassword[i] = 0;
                    }
                    if (!DigestSecurityUtil.compareDigests(authenticatorDigest, generateDigest2)) {
                        AdminCommonTools.CMN_Trace3("   Authentication failed! (3)");
                        this.clientkey = null;
                        this.userpswd = null;
                        this.sessionkey = null;
                        AdminPrincipal adminPrincipal = getAdminPrincipal();
                        logBadPasswd("LM_1003");
                        throw new AdminAuthenticationException(adminPrincipal.getName());
                    }
                    AdminCommonTools.CMN_Trace3("   Authenticator digest is verified!");
                    byte[] generateDigest3 = DigestSecurityUtil.generateDigest(this.clientchg, this.hashpswd, "success".getBytes());
                    AdminCommonTools.CMN_Trace3(new StringBuffer("   result digest=").append(toHex(generateDigest3)).toString());
                    DigestConfirmSecurityToken digestConfirmSecurityToken = new DigestConfirmSecurityToken(getSecurityId());
                    digestConfirmSecurityToken.setResultMessage("success");
                    digestConfirmSecurityToken.setMessageDigest(generateDigest3);
                    if (isIntegrityRequired()) {
                        digestConfirmSecurityToken.setIntegrity();
                    }
                    setAuthState(4);
                    logAuthSuccess();
                    return digestConfirmSecurityToken;
                } catch (AdminException unused) {
                    AdminCommonTools.CMN_Trace3("   Authentication failed! (2)");
                    this.clientkey = null;
                    this.userpswd = null;
                    AdminPrincipal adminPrincipal2 = getAdminPrincipal();
                    logBadPasswd("LM_1016");
                    throw new AdminAuthenticationException(adminPrincipal2.getName());
                }
            } catch (AdminException unused2) {
                AdminCommonTools.CMN_Trace3("   Authentication failed! (1)");
                this.clientkey = null;
                AdminPrincipal adminPrincipal3 = getAdminPrincipal();
                logBadPasswd("LM_1002");
                throw new AdminAuthenticationException(adminPrincipal3.getName());
            }
        } catch (Exception unused3) {
            writeLog(2, "LM_1030", "LM_1033");
            throw new AdminSecurityException("EXSS_BAT");
        }
    }

    @Override // com.sun.admin.cis.service.security.ServerSecurityContext
    public void checkVerifier(VerifierSecurityToken verifierSecurityToken, Object[] objArr) throws AdminSecurityException {
        try {
            DigestVerifierSecurityToken digestVerifierSecurityToken = (DigestVerifierSecurityToken) verifierSecurityToken;
            if (isIntegrityRequired()) {
                byte[] generateDigest = (objArr == null || objArr.length <= 0) ? this.serverchg : DigestSecurityUtil.generateDigest(objArr);
                byte[] encryptDigest = DigestSecurityUtil.encryptDigest(digestVerifierSecurityToken.getDigest(), this.sessionkey);
                if (encryptDigest == null) {
                    throw new AdminSecurityException("EXSS_BVD");
                }
                AdminCommonTools.CMN_Trace3(new StringBuffer("   server digest=").append(toHex(generateDigest)).toString());
                AdminCommonTools.CMN_Trace3(new StringBuffer("   client digest=").append(toHex(encryptDigest)).toString());
                if (!DigestSecurityUtil.compareDigests(generateDigest, encryptDigest)) {
                    throw new AdminVerificationException();
                }
            }
        } catch (Exception unused) {
            AdminCommonTools.CMN_Trace1("Security service: message verifier: client passed null digest!");
            throw new AdminSecurityException("EXSS_BVT");
        }
    }

    @Override // com.sun.admin.cis.service.security.ServerSecurityContext
    public String decryptPassword(byte[] bArr) throws AdminSecurityException {
        if (getAuthState() != 4) {
            throw new AdminSecurityException("EXSS_NAX", "encryptPassword");
        }
        try {
            return new String(DigestSecurityUtil.decryptPassword(DigestSecurityUtil.generateDigest(this.serverchg, this.hashpswd, null), bArr));
        } catch (AdminException unused) {
            throw new AdminSecurityException("EXSS_BEP");
        }
    }

    @Override // com.sun.admin.cis.service.security.ServerSecurityContext
    public ServerSecurityContext newCopy() throws AdminSecurityException {
        DigestServerSecurityContext digestServerSecurityContext = new DigestServerSecurityContext((DigestAuthFlavor) getAuthFlavor());
        super.copyAttrs((ServerSecurityContext) digestServerSecurityContext);
        digestServerSecurityContext.setClientKey(this.clientkey);
        digestServerSecurityContext.setServerChallenge(this.serverchg);
        digestServerSecurityContext.setClientChallenge(this.clientchg);
        digestServerSecurityContext.setPasswordHash(this.hashpswd);
        digestServerSecurityContext.setPasswordSalt(this.salt);
        digestServerSecurityContext.setUserPassword(this.userpswd);
        if (this.integrity) {
            digestServerSecurityContext.setIntegrity();
        }
        return digestServerSecurityContext;
    }

    public PublicKey getClientKey() {
        return this.clientkey;
    }

    public void setClientKey(PublicKey publicKey) {
        this.clientkey = publicKey;
    }

    public void setServerChallenge(byte[] bArr) {
        if (bArr == null) {
            this.serverchg = null;
        } else {
            this.serverchg = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.serverchg, 0, bArr.length);
        }
    }

    public void setClientChallenge(byte[] bArr) {
        if (bArr == null) {
            this.clientchg = null;
        } else {
            this.clientchg = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.clientchg, 0, bArr.length);
        }
    }

    public void setPasswordHash(byte[] bArr) {
        if (bArr == null) {
            this.hashpswd = null;
        } else {
            this.hashpswd = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.hashpswd, 0, bArr.length);
        }
    }

    public void setPasswordSalt(byte[] bArr) {
        if (bArr == null) {
            this.salt = null;
        } else {
            this.salt = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.salt, 0, bArr.length);
        }
    }

    public void setUserPassword(String str) {
        if (str != null) {
            this.userpswd = new String(str);
        } else {
            this.userpswd = null;
        }
    }

    public boolean isIntegrityRequired() {
        return this.integrity & isVerify();
    }

    public void setIntegrity() {
        this.integrity = true;
    }

    private String toHex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        if (bArr == null) {
            return "(null)";
        }
        if (bArr.length == 0) {
            return "(empty)";
        }
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hex[(bArr[i] >> 4) & 15]);
            stringBuffer.append(hex[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }
}
