package com.sun.management.viperimpl.services.authentication.server;

import com.sun.management.viper.VException;
import com.sun.management.viper.services.AuthenticationException;
import com.sun.management.viper.services.AuthenticationFlavor;
import com.sun.management.viper.services.AuthenticationMessageException;
import com.sun.management.viper.util.Debug;
import com.sun.management.viperimpl.services.authentication.AuthenticationLoginException;
import com.sun.management.viperimpl.services.authentication.AuthenticationPrincipal;
import com.sun.management.viperimpl.services.authentication.AuthenticationUtil;
import com.sun.management.viperimpl.services.authentication.AuthenticatorSecurityToken;
import com.sun.management.viperimpl.services.authentication.ConfirmSecurityToken;
import com.sun.management.viperimpl.services.authentication.DigestAuthFlavor;
import com.sun.management.viperimpl.services.authentication.DigestAuthenticatorSecurityToken;
import com.sun.management.viperimpl.services.authentication.DigestConfirmSecurityToken;
import com.sun.management.viperimpl.services.authentication.DigestMessageSecurityToken;
import com.sun.management.viperimpl.services.authentication.DigestResponseSecurityToken;
import com.sun.management.viperimpl.services.authentication.DigestSecurityUtil;
import com.sun.management.viperimpl.services.authentication.MessageSecurityToken;
import com.sun.management.viperimpl.services.authentication.RequestSecurityToken;
import com.sun.management.viperimpl.services.authentication.ResponseSecurityToken;
import com.sun.management.viperimpl.services.authentication.SecurityContext;
import java.net.InetAddress;

/* loaded from: input_file:112945-39/SUNWmccom/reloc/usr/sadm/lib/smc/lib/server_rt.jar:com/sun/management/viperimpl/services/authentication/server/DigestServerSecurityContext.class */
public class DigestServerSecurityContext extends ServerSecurityContext {
    private boolean signing;
    private boolean integrity;
    private byte[] clientkey;
    private byte[] serverchg;
    private byte[] clientchg;
    private byte[] sessionkey;
    private byte[] hashpswd;
    private byte[] salt;
    private String username;
    private String userpswd;
    private static boolean ssl_enabled = true;
    private static String is_ssl = null;
    private static final char[] hex = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public DigestServerSecurityContext(DigestAuthFlavor digestAuthFlavor) throws AuthenticationException {
        super(digestAuthFlavor);
        this.clientkey = (byte[]) null;
        this.username = (String) null;
        this.userpswd = (String) null;
        this.serverchg = null;
        this.clientchg = null;
        this.sessionkey = null;
        this.hashpswd = null;
        this.salt = null;
        this.integrity = false;
        if (is_ssl == null) {
            is_ssl = System.getProperty("sun.smc.internal.ssl.enable", "yes");
            if (is_ssl.equals("yes")) {
                return;
            }
            ssl_enabled = false;
        }
    }

    @Override // com.sun.management.viperimpl.services.authentication.server.ServerSecurityContext
    public boolean verifyAuthFlavor(AuthenticationFlavor authenticationFlavor) throws AuthenticationException {
        boolean z = true;
        boolean z2 = false;
        DigestAuthFlavor digestAuthFlavor = null;
        try {
            digestAuthFlavor = (DigestAuthFlavor) authenticationFlavor;
        } catch (Exception e) {
            writeLog(400, "LMS_SecurityError", "LMD_AuthTypeMismatch", authenticationFlavor.getAuthTypeName(), "Digest");
            z = false;
        }
        DigestAuthFlavor digestAuthFlavor2 = (DigestAuthFlavor) getAuthFlavor();
        while (true) {
            if (!z) {
                break;
            }
            if (digestAuthFlavor.getAuthType() != 0) {
                writeLog(400, "LMS_SecurityError", "LMD_AuthTypeMismatch", digestAuthFlavor.getAuthTypeName(), "Digest");
                break;
            }
            if (!digestAuthFlavor2.getDigestAlgorithm().equals(digestAuthFlavor.getDigestAlgorithm())) {
                writeLog(400, "LMS_SecurityError", "LMD_DigestAlgoMismatch", digestAuthFlavor.getDigestAlgorithm(), digestAuthFlavor2.getDigestAlgorithm());
                break;
            }
            if (!digestAuthFlavor2.getSignatureAlgorithm().equals(digestAuthFlavor.getSignatureAlgorithm())) {
                writeLog(400, "LMS_SecurityError", "LMD_SignAlgoMismatch", digestAuthFlavor.getSignatureAlgorithm(), digestAuthFlavor2.getSignatureAlgorithm());
                break;
            }
            if (!digestAuthFlavor2.getKeyGenerationAlgorithm().equals(digestAuthFlavor.getKeyGenerationAlgorithm())) {
                writeLog(400, "LMS_SecurityError", "LMD_KeyAlgoMismatch", digestAuthFlavor.getKeyGenerationAlgorithm(), digestAuthFlavor2.getKeyGenerationAlgorithm());
                break;
            }
            if (digestAuthFlavor2.getKeyStrength() != digestAuthFlavor.getKeyStrength()) {
                writeLog(400, "LMS_SecurityError", "LMD_KeySizeMismatch", new Integer(digestAuthFlavor.getKeyStrength()).toString(), new Integer(digestAuthFlavor2.getKeyStrength()).toString());
                break;
            }
            z2 = true;
            z = false;
        }
        if (!z2) {
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.WARNING, "Authentication flavor mismatch", (Throwable) null);
        }
        return z2;
    }

    @Override // com.sun.management.viperimpl.services.authentication.server.ServerSecurityContext
    public ResponseSecurityToken verifyRequestToken(RequestSecurityToken requestSecurityToken) throws AuthenticationException {
        this.clientkey = null;
        this.serverchg = null;
        this.clientchg = null;
        this.sessionkey = null;
        this.hashpswd = null;
        this.username = null;
        this.userpswd = null;
        this.salt = null;
        Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, "Verifying authentication request...", (Throwable) null);
        String str = null;
        int i = -1;
        int i2 = -1;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        AuthenticationPrincipal authPrincipal = requestSecurityToken.getAuthPrincipal();
        if (authPrincipal != ((AuthenticationPrincipal) null)) {
            this.username = authPrincipal.getName();
            if (this.username != ((String) null)) {
                try {
                    str = AuthenticationLibrary.getPassword(this.username);
                } catch (Exception e) {
                    Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, new StringBuffer().append("cannot get user \"").append(this.username).append("\" account info").toString(), e);
                }
                if (str == null) {
                    throw new AuthenticationLoginException();
                }
                i = Integer.parseInt(AuthenticationLibrary.getUid(this.username));
                i2 = Integer.parseInt(AuthenticationLibrary.getGid(this.username));
                str2 = AuthenticationLibrary.getHomedir(this.username);
                str3 = AuthenticationLibrary.getShell(this.username);
                if (str == null || str.trim().length() == 0) {
                    Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.WARNING, new StringBuffer().append("Cannot access user password for ").append(this.username).toString(), (Throwable) null);
                    writeLog(100, "LMS_LoginFailed", "LMD_LoginBadUser", this.username, requestSecurityToken.getClientHost());
                    auditBadUser(requestSecurityToken.getClientHost(), this.username);
                    throw new AuthenticationLoginException();
                }
                str4 = str.substring(0, 2);
            } else {
                authPrincipal = null;
            }
        }
        if (authPrincipal == ((AuthenticationPrincipal) null)) {
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.ERROR, "Null or invalid admin principal identity", (Throwable) null);
            throw new AuthenticationException("EXSS_BUI");
        }
        this.hashpswd = str.getBytes();
        this.salt = str4.getBytes();
        Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   Client user identity=").append(this.username).toString(), (Throwable) null);
        this.serverchg = new byte[16];
        DigestSecurityUtil.getRandomBytes(this.serverchg);
        byte[] bArr = new byte[32];
        DigestSecurityUtil.getRandomBytes(bArr);
        Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   challenge=").append(toHex(this.serverchg)).toString(), (Throwable) null);
        Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   salt=").append(str4).toString(), (Throwable) null);
        DigestResponseSecurityToken digestResponseSecurityToken = new DigestResponseSecurityToken(getSecurityId());
        digestResponseSecurityToken.setChallenge(this.serverchg);
        digestResponseSecurityToken.setPasswordSalt(this.salt);
        digestResponseSecurityToken.setServerKey(bArr);
        setAuthPrincipal(authPrincipal);
        setUid(i);
        setGid(i2);
        setHome(str2);
        setShell(str3);
        setClientHost(requestSecurityToken.getClientHost());
        setAuthState(2);
        return digestResponseSecurityToken;
    }

    @Override // com.sun.management.viperimpl.services.authentication.server.ServerSecurityContext
    public ConfirmSecurityToken verifyAuthenticatorToken(AuthenticatorSecurityToken authenticatorSecurityToken) throws AuthenticationException {
        byte[] bArr;
        try {
            DigestAuthenticatorSecurityToken digestAuthenticatorSecurityToken = (DigestAuthenticatorSecurityToken) authenticatorSecurityToken;
            byte[] messageDigest = digestAuthenticatorSecurityToken.getMessageDigest();
            byte[] authenticatorDigest = digestAuthenticatorSecurityToken.getAuthenticatorDigest();
            byte[] sessionDigest = digestAuthenticatorSecurityToken.getSessionDigest();
            this.clientchg = digestAuthenticatorSecurityToken.getChallenge();
            this.clientkey = digestAuthenticatorSecurityToken.getClientKey();
            AuthenticationPrincipal authPrincipal = getAuthPrincipal();
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, "Verifying authenticator...", (Throwable) null);
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   msg digest=").append(toHex(messageDigest)).toString(), (Throwable) null);
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   auth digest=").append(toHex(authenticatorDigest)).toString(), (Throwable) null);
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   sess digest=").append(toHex(sessionDigest)).toString(), (Throwable) null);
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   client chal=").append(toHex(this.clientchg)).toString(), (Throwable) null);
            if (ssl_enabled) {
                bArr = messageDigest;
                this.sessionkey = sessionDigest;
                this.userpswd = AuthenticationUtil.hashPassword(new String(bArr));
            } else {
                byte[] generateDigest = DigestSecurityUtil.generateDigest(this.serverchg, this.hashpswd, null);
                try {
                    bArr = DigestSecurityUtil.decryptPassword(generateDigest, messageDigest);
                    this.userpswd = AuthenticationUtil.hashPassword(new String(bArr));
                    try {
                        this.sessionkey = DigestSecurityUtil.encryptDigest(sessionDigest, generateDigest);
                    } catch (VException e) {
                        Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.WARNING, "Authentication Failed! (2)", e);
                        this.clientkey = null;
                        this.username = null;
                        this.userpswd = null;
                        String userName = authPrincipal.getUserName();
                        if (authPrincipal.getRoleName() != null) {
                            userName = new StringBuffer().append(userName).append(" (in role ").append(authPrincipal.getRoleName()).append(")").toString();
                        }
                        writeLog(100, "LMS_LoginFailed", "LMD_DecryptSKeyFailed", userName);
                        throw new AuthenticationLoginException();
                    }
                } catch (VException e2) {
                    Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.WARNING, "Authentication Failed! (1)", e2);
                    this.clientkey = null;
                    String userName2 = authPrincipal.getUserName();
                    if (authPrincipal.getRoleName() != null) {
                        userName2 = new StringBuffer().append(userName2).append(" (in role ").append(authPrincipal.getRoleName()).append(")").toString();
                    }
                    writeLog(100, "LMS_LoginFailed", "LMD_LoginBadPwd", userName2, getClientHost());
                    auditBadPasswd(getClientHost(), authPrincipal.getName());
                    throw new AuthenticationLoginException();
                }
            }
            byte[] generateDigest2 = DigestSecurityUtil.generateDigest(messageDigest, this.clientkey, bArr);
            for (int i = 0; i < bArr.length; i++) {
                bArr[i] = 0;
            }
            if (!DigestSecurityUtil.compareDigests(authenticatorDigest, generateDigest2)) {
                Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.WARNING, "Authentication Failed! (3)", (Throwable) null);
                this.clientkey = null;
                this.username = null;
                this.userpswd = null;
                this.sessionkey = null;
                String userName3 = authPrincipal.getUserName();
                if (authPrincipal.getRoleName() != null) {
                    userName3 = new StringBuffer().append(userName3).append(" (in role ").append(authPrincipal.getRoleName()).append(")").toString();
                }
                writeLog(100, "LMS_LoginFailed", "LMD_LoginBadPwd", userName3, getClientHost());
                auditBadPasswd(getClientHost(), authPrincipal.getName());
                throw new AuthenticationLoginException();
            }
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, "Authenticator digest is verified!", (Throwable) null);
            if (AuthenticationLibrary.doPamAuthentication(this.username, this.username.equals(authPrincipal.getUserName()) ? null : authPrincipal.getUserName(), AuthenticationUtil.unhashPassword(this.userpswd)) != 0) {
                Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.WARNING, "Authentication Failed! (4)", (Throwable) null);
                this.clientkey = null;
                this.username = null;
                this.userpswd = null;
                this.sessionkey = null;
                String userName4 = authPrincipal.getUserName();
                if (authPrincipal.getRoleName() != null) {
                    userName4 = new StringBuffer().append(userName4).append(" (in role ").append(authPrincipal.getRoleName()).append(")").toString();
                }
                writeLog(100, "LMS_LoginFailed", "LMD_LoginBadOthers", userName4, getClientHost());
                throw new AuthenticationLoginException();
            }
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, "User authenticated to Solaris", (Throwable) null);
            byte[] bytes = "success".getBytes();
            byte[] generateDigest3 = !ssl_enabled ? DigestSecurityUtil.generateDigest(this.clientchg, this.hashpswd, bytes) : DigestSecurityUtil.generateDigest(this.clientchg, this.userpswd.getBytes(), bytes);
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   result digest=").append(toHex(generateDigest3)).toString(), (Throwable) null);
            AuthenticationPrincipal[] authenticationPrincipalArr = null;
            String[] roleNames = AuthenticationLibrary.getRoleNames(this.username);
            if (roleNames != null) {
                authenticationPrincipalArr = new AuthenticationPrincipal[roleNames.length];
                String str = null;
                try {
                    str = InetAddress.getLocalHost().getHostAddress();
                } catch (Exception e3) {
                }
                for (int i2 = 0; i2 < roleNames.length; i2++) {
                    authenticationPrincipalArr[i2] = new AuthenticationPrincipal(0, this.username, roleNames[i2]);
                    authenticationPrincipalArr[i2].setUserDesc(AuthenticationLibrary.getDesc(this.username));
                    authenticationPrincipalArr[i2].setRoleDesc(AuthenticationLibrary.getDesc(roleNames[i2]));
                    if (str != null) {
                        authenticationPrincipalArr[i2].setHostName(str);
                    }
                    Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("role[").append(i2).append("]=").append(authenticationPrincipalArr[i2]).toString(), (Throwable) null);
                }
            }
            DigestConfirmSecurityToken digestConfirmSecurityToken = new DigestConfirmSecurityToken(getSecurityId(), authenticationPrincipalArr);
            digestConfirmSecurityToken.setHeartbeatPeriod(getHeartbeatPeriod());
            digestConfirmSecurityToken.setResultMessage("success");
            digestConfirmSecurityToken.setMessageDigest(generateDigest3);
            if (isIntegrityRequired()) {
                digestConfirmSecurityToken.setIntegrity();
            }
            setAuthState(4);
            auditAuthSuccess(getClientHost(), this.username, getSecurityId());
            return digestConfirmSecurityToken;
        } catch (Exception e4) {
            writeLog(400, "LMS_SecurityError", "LMD_BadAuthToken");
            throw new AuthenticationException("EXSS_BAT");
        }
    }

    @Override // com.sun.management.viperimpl.services.authentication.server.ServerSecurityContext
    public void verifyMessageToken(MessageSecurityToken messageSecurityToken, Object[] objArr) throws AuthenticationException {
        try {
            DigestMessageSecurityToken digestMessageSecurityToken = (DigestMessageSecurityToken) messageSecurityToken;
            byte[] bArr = this.serverchg;
            if (isIntegrityRequired() && objArr != null && objArr.length > 0) {
                bArr = DigestSecurityUtil.generateDigest(objArr);
            }
            byte[] encryptDigest = DigestSecurityUtil.encryptDigest(digestMessageSecurityToken.getDigest(), this.sessionkey);
            if (encryptDigest == null) {
                throw new AuthenticationException("EXSS_BVD");
            }
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, "Verifying message...", (Throwable) null);
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   server digest=").append(toHex(bArr)).toString(), (Throwable) null);
            Debug.trace(SecurityContext.AUTH_SERVICE_NAME, Debug.INFORMATION, new StringBuffer().append("   client digest=").append(toHex(encryptDigest)).toString(), (Throwable) null);
            if (!DigestSecurityUtil.compareDigests(bArr, encryptDigest)) {
                throw new AuthenticationMessageException();
            }
        } catch (Exception e) {
            throw new AuthenticationException("EXSS_BVT");
        }
    }

    @Override // com.sun.management.viperimpl.services.authentication.server.ServerSecurityContext
    public String decryptPassword(byte[] bArr) throws AuthenticationException {
        if (getAuthState() != 4) {
            throw new AuthenticationException("EXSS_NAX", "encryptPassword");
        }
        try {
            return new String(DigestSecurityUtil.decryptPassword(DigestSecurityUtil.generateDigest(this.serverchg, this.hashpswd, null), bArr));
        } catch (VException e) {
            throw new AuthenticationException("EXSS_BEP");
        }
    }

    @Override // com.sun.management.viperimpl.services.authentication.server.ServerSecurityContext
    public ServerSecurityContext newCopy() throws AuthenticationException {
        DigestServerSecurityContext digestServerSecurityContext = new DigestServerSecurityContext((DigestAuthFlavor) getAuthFlavor());
        super.copyAttrs((ServerSecurityContext) digestServerSecurityContext);
        digestServerSecurityContext.setClientKey(this.clientkey);
        digestServerSecurityContext.setServerChallenge(this.serverchg);
        digestServerSecurityContext.setClientChallenge(this.clientchg);
        digestServerSecurityContext.setPasswordHash(this.hashpswd);
        digestServerSecurityContext.setPasswordSalt(this.salt);
        digestServerSecurityContext.setUserPassword(this.userpswd);
        if (this.integrity) {
            digestServerSecurityContext.setIntegrity();
        }
        return digestServerSecurityContext;
    }

    public byte[] getClientKey() {
        return this.clientkey;
    }

    public void setClientKey(byte[] bArr) {
        this.clientkey = bArr;
    }

    public void setServerChallenge(byte[] bArr) {
        if (bArr == null) {
            this.serverchg = null;
        } else {
            this.serverchg = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.serverchg, 0, bArr.length);
        }
    }

    public void setClientChallenge(byte[] bArr) {
        if (bArr == null) {
            this.clientchg = null;
        } else {
            this.clientchg = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.clientchg, 0, bArr.length);
        }
    }

    public void setPasswordHash(byte[] bArr) {
        if (bArr == null) {
            this.hashpswd = null;
        } else {
            this.hashpswd = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.hashpswd, 0, bArr.length);
        }
    }

    public void setPasswordSalt(byte[] bArr) {
        if (bArr == null) {
            this.salt = null;
        } else {
            this.salt = new byte[bArr.length];
            System.arraycopy(bArr, 0, this.salt, 0, bArr.length);
        }
    }

    @Override // com.sun.management.viperimpl.services.authentication.server.ServerSecurityContext
    public void setUserPassword(String str) {
        if (str != null) {
            this.userpswd = new String(str);
        } else {
            this.userpswd = null;
        }
    }

    public boolean isIntegrityRequired() {
        return this.integrity & isVerify();
    }

    public void setIntegrity() {
        this.integrity = true;
    }

    private String toHex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        if (bArr == null) {
            return "(null)";
        }
        if (bArr.length == 0) {
            return "(empty)";
        }
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hex[(bArr[i] >> 4) & 15]);
            stringBuffer.append(hex[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }
}
