package com.sun.admin.cis.service.security;

import com.sun.admin.cis.common.AdminCommonTools;
import java.security.PublicKey;

/* loaded from: input_file:109413-09/SUNWseamj/reloc/SUNWseam/3_0/admswt10.jar:com/sun/admin/cis/service/security/DigestClientSecurityContext.class */
public class DigestClientSecurityContext extends ClientSecurityContext {
    private PublicKey serverkey;
    private byte[] serverchg;
    private byte[] clientchg;
    private byte[] sessionkey;
    private byte[] hashpswd;
    private byte[] salt;
    private boolean integrity;
    private static final char[] hex = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public DigestClientSecurityContext(DigestAuthFlavor digestAuthFlavor) throws AdminSecurityException {
        super(digestAuthFlavor);
        this.serverkey = null;
        this.serverchg = null;
        this.sessionkey = null;
        this.hashpswd = null;
        this.salt = null;
        this.integrity = false;
    }

    @Override // com.sun.admin.cis.service.security.ClientSecurityContext
    public SecurityToken generateRequest() throws AdminSecurityException {
        AdminPrincipal adminPrincipal = getAdminPrincipal();
        if (adminPrincipal == null || getUserPassword() == null) {
            throw new AdminSecurityException("EXSS_NUI");
        }
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken(getAuthFlavor(), adminPrincipal);
        setAuthState(1);
        setSecurityToken(requestSecurityToken);
        return requestSecurityToken;
    }

    @Override // com.sun.admin.cis.service.security.ClientSecurityContext
    public SecurityToken verifyResponse(ResponseSecurityToken responseSecurityToken) throws AdminSecurityException {
        try {
            DigestResponseSecurityToken digestResponseSecurityToken = (DigestResponseSecurityToken) responseSecurityToken;
            SecurityIdentifier securityId = digestResponseSecurityToken.getSecurityId();
            setSecurityId(securityId);
            this.serverchg = digestResponseSecurityToken.getChallenge();
            this.salt = digestResponseSecurityToken.getPasswordSalt();
            this.serverkey = digestResponseSecurityToken.getServerKey();
            AdminCommonTools.CMN_Trace3("Security service: verifying server response...");
            AdminCommonTools.CMN_Trace3(new StringBuffer("   Id=").append(securityId.getValue()).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   challenge=").append(toHex(this.serverchg)).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   salt=").append(new String(this.salt)).toString());
            String userPassword = getUserPassword();
            byte[] bytes = userPassword.getBytes();
            this.hashpswd = null;
            if (userPassword != null) {
                this.hashpswd = new Pwcx().pwcx(bytes, this.salt);
            }
            if (this.hashpswd == null) {
                AdminCommonTools.CMN_Trace1("Security service: cannot generate encrypted password");
                throw new AdminSecurityException("EXSS_BUP");
            }
            this.sessionkey = DigestSecurityUtil.getSessionKey();
            byte[] generateDigest = DigestSecurityUtil.generateDigest(this.serverchg, this.hashpswd, null);
            byte[] encryptPassword = DigestSecurityUtil.encryptPassword(generateDigest, bytes);
            byte[] encryptDigest = DigestSecurityUtil.encryptDigest(this.sessionkey, generateDigest);
            PublicKey publicKey = DigestSecurityUtil.getPublicKey();
            byte[] encoded = publicKey.getEncoded();
            if (encoded == null) {
                encoded = publicKey.toString().getBytes();
            }
            byte[] generateDigest2 = DigestSecurityUtil.generateDigest(encryptPassword, encoded, bytes);
            this.clientchg = new byte[16];
            DigestSecurityUtil.getRandomBytes(this.clientchg);
            AdminCommonTools.CMN_Trace3("Security service: generating client authenticator...");
            AdminCommonTools.CMN_Trace3(new StringBuffer("   digest=").append(toHex(encryptPassword)).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   auth=").append(toHex(generateDigest2)).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   challenge=").append(toHex(this.clientchg)).toString());
            DigestAuthenticatorSecurityToken digestAuthenticatorSecurityToken = new DigestAuthenticatorSecurityToken(securityId);
            digestAuthenticatorSecurityToken.setMessageDigest(encryptPassword);
            digestAuthenticatorSecurityToken.setAuthenticatorDigest(generateDigest2);
            digestAuthenticatorSecurityToken.setSessionDigest(encryptDigest);
            digestAuthenticatorSecurityToken.setChallenge(this.clientchg);
            digestAuthenticatorSecurityToken.setClientKey(publicKey);
            setAuthState(3);
            return digestAuthenticatorSecurityToken;
        } catch (Exception unused) {
            throw new AdminSecurityException("EXSS_BRT");
        }
    }

    @Override // com.sun.admin.cis.service.security.ClientSecurityContext
    public SecurityToken verifyConfirm(ConfirmSecurityToken confirmSecurityToken) throws AdminSecurityException {
        try {
            DigestConfirmSecurityToken digestConfirmSecurityToken = (DigestConfirmSecurityToken) confirmSecurityToken;
            byte[] bytes = digestConfirmSecurityToken.getResultMessage().getBytes();
            AdminCommonTools.CMN_Trace3("Security service: verifying confirm...");
            AdminCommonTools.CMN_Trace3(new StringBuffer("   Result=").append(digestConfirmSecurityToken.getResultMessage()).toString());
            AdminCommonTools.CMN_Trace3(new StringBuffer("   digest=").append(toHex(digestConfirmSecurityToken.getMessageDigest())).toString());
            if (!DigestSecurityUtil.compareDigests(DigestSecurityUtil.generateDigest(this.clientchg, this.hashpswd, bytes), digestConfirmSecurityToken.getMessageDigest())) {
                AdminCommonTools.CMN_Trace1("Security service: confirmation digests differ");
                throw new AdminAuthenticationException(getAdminPrincipal().getName());
            }
            if (digestConfirmSecurityToken.isIntegrityRequired()) {
                this.integrity = true;
            }
            setAuthState(4);
            setSecurityToken(confirmSecurityToken);
            return digestConfirmSecurityToken;
        } catch (Exception unused) {
            throw new AdminSecurityException("EXSS_BCT");
        }
    }

    @Override // com.sun.admin.cis.service.security.ClientSecurityContext
    public SecurityToken generateVerifier(Object[] objArr) throws AdminSecurityException {
        if (getAuthState() != 4) {
            throw new AdminSecurityException("EXSS_VBA");
        }
        DigestVerifierSecurityToken digestVerifierSecurityToken = new DigestVerifierSecurityToken(getSecurityId());
        if (isIntegrityRequired()) {
            byte[] generateDigest = (objArr == null || objArr.length <= 0) ? this.serverchg : DigestSecurityUtil.generateDigest(objArr);
            byte[] encryptDigest = DigestSecurityUtil.encryptDigest(generateDigest, this.sessionkey);
            AdminCommonTools.CMN_Trace3(new StringBuffer("Security service: generate message verifier: digest=").append(toHex(generateDigest)).toString());
            digestVerifierSecurityToken.setDigest(encryptDigest);
        }
        return digestVerifierSecurityToken;
    }

    @Override // com.sun.admin.cis.service.security.ClientSecurityContext
    public byte[] encryptPassword(String str) throws AdminSecurityException {
        int length;
        if (getAuthState() != 4) {
            throw new AdminSecurityException("EXSS_NAX", "encryptPassword");
        }
        if (str == null || (length = str.trim().length()) == 0 || length > 16) {
            throw new AdminSecurityException("EXSS_BUP");
        }
        return DigestSecurityUtil.encryptPassword(DigestSecurityUtil.generateDigest(this.serverchg, this.hashpswd, null), str.getBytes());
    }

    @Override // com.sun.admin.cis.service.security.ClientSecurityContext
    public ClientSecurityContext newCopy() throws AdminSecurityException {
        DigestClientSecurityContext digestClientSecurityContext = new DigestClientSecurityContext((DigestAuthFlavor) getAuthFlavor());
        super.copyAttrs((ClientSecurityContext) digestClientSecurityContext);
        digestClientSecurityContext.setServerKey(this.serverkey);
        digestClientSecurityContext.setServerChallenge(this.serverchg);
        digestClientSecurityContext.setClientChallenge(this.clientchg);
        digestClientSecurityContext.setPasswordHash(this.hashpswd);
        digestClientSecurityContext.setPasswordSalt(this.salt);
        if (this.integrity) {
            digestClientSecurityContext.setIntegrity();
        }
        return digestClientSecurityContext;
    }

    public void setServerKey(PublicKey publicKey) {
        this.serverkey = publicKey;
    }

    public void setServerChallenge(byte[] bArr) {
        if (bArr == null) {
            this.serverchg = null;
        } else {
            this.serverchg = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.serverchg, 0, bArr.length);
        }
    }

    public void setClientChallenge(byte[] bArr) {
        if (bArr == null) {
            this.clientchg = null;
        } else {
            this.clientchg = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.clientchg, 0, bArr.length);
        }
    }

    public void setPasswordHash(byte[] bArr) {
        if (bArr == null) {
            this.hashpswd = null;
        } else {
            this.hashpswd = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.hashpswd, 0, bArr.length);
        }
    }

    public void setPasswordSalt(byte[] bArr) {
        if (bArr == null) {
            this.salt = null;
        } else {
            this.salt = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.salt, 0, bArr.length);
        }
    }

    public PublicKey getServerKey() {
        return this.serverkey;
    }

    public boolean isIntegrityRequired() {
        return this.integrity;
    }

    public void setIntegrity() {
        this.integrity = true;
    }

    private String toHex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hex[(bArr[i] >> 4) & 15]);
            stringBuffer.append(hex[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }
}
