package com.sun.slp;

import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.NoSuchElementException;
import java.util.StringTokenizer;

/* JADX INFO: Access modifiers changed from: package-private */
/* JADX WARN: Classes with same name are omitted:
  input_file:113418-01/SUNWslpu/reloc/usr/share/lib/slp/slp.jar:com/sun/slp/AuthBlock.class
 */
/* loaded from: input_file:113418-01/SUNWslpu/reloc/usr/share/lib/slp/slpd.jar:com/sun/slp/AuthBlock.class */
public class AuthBlock {
    private static String SPI_PROPERTY = "sun.net.slp.SPIs";
    int bsd;
    String spi;
    Object[] message;
    int lifetime;
    long timeStamp;
    SrvLocHeader hdr;
    Signature sig;
    int abLength;
    byte[] abBytes;
    byte[] spiBytes;
    HashSet eqSet;
    private static KeyStore keystore;
    private static KeyStore keypkg;

    AuthBlock(SrvLocHeader srvLocHeader, Object[] objArr, DataInputStream dataInputStream) throws ServiceLocationException, IllegalArgumentException, IOException {
        Assert.nonNullParameter(srvLocHeader, "hdr");
        ensureNonEmpty(objArr, "message");
        Assert.nonNullParameter(dataInputStream, "dis");
        this.message = objArr;
        this.eqSet = new HashSet();
        this.bsd = srvLocHeader.getInt(dataInputStream);
        this.abLength = srvLocHeader.getInt(dataInputStream);
        this.timeStamp = getInt32(dataInputStream);
        int i = 4 + 4;
        srvLocHeader.nbytes += 4;
        StringBuffer stringBuffer = new StringBuffer();
        srvLocHeader.getString(stringBuffer, dataInputStream);
        this.spi = stringBuffer.toString();
        if (this.spi.length() == 0) {
            throw new ServiceLocationException((short) 2, "no_spi_string", new Object[0]);
        }
        int length = i + 2 + this.spi.length();
        this.abBytes = new byte[this.abLength - length];
        dataInputStream.readFully(this.abBytes, 0, this.abLength - length);
        srvLocHeader.nbytes += this.abBytes.length;
        long currentSLPTime = this.timeStamp - SLPConfig.currentSLPTime();
        this.lifetime = (int) (currentSLPTime <= 2147483647L ? currentSLPTime : 0L);
        this.lifetime = this.lifetime < 0 ? 0 : this.lifetime;
        getSecurityProvider(this.bsd);
    }

    AuthBlock(Object[] objArr, String str, int i, int i2) throws ServiceLocationException, IllegalArgumentException {
        ensureNonEmpty(objArr, "message");
        Assert.nonNullParameter(str, "spi");
        this.bsd = i;
        getSecurityProvider(i);
        this.message = objArr;
        this.spi = str;
        this.lifetime = i2;
        this.timeStamp = SLPConfig.currentSLPTime() + i2;
        try {
            this.sig.initSign(null);
            computeHash();
            this.abBytes = this.sig.sign();
            this.abLength = 8 + this.spiBytes.length + this.abBytes.length;
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException(SLPConfig.getSLPConfig().formatMessage("cant_sign_for_spi", new Object[]{str, e.getMessage()}));
        } catch (SignatureException e2) {
            throw new IllegalArgumentException(SLPConfig.getSLPConfig().formatMessage("cant_sign_for_spi", new Object[]{str, e2.getMessage()}));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean canSignAs(String str) throws ServiceLocationException {
        KeyStore keyStore;
        X509Certificate signAsCert = getSignAsCert();
        if (signAsCert == null || (keyStore = getKeyStore()) == null) {
            return false;
        }
        return onCertChain(signAsCert.getSubjectDN().toString(), getCert(str, keyStore).getSubjectDN());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean checkEquiv(String str, AuthBlock authBlock) {
        try {
            return authBlock.inEqSet(getCert(str, getKeyStore()).getSubjectDN());
        } catch (Exception e) {
            SLPConfig.getSLPConfig().writeLog("cant_get_equivalency", new Object[]{str, e.getMessage()});
            return false;
        }
    }

    private void checkSPIs(X509Certificate x509Certificate, KeyStore keyStore) throws ServiceLocationException, GeneralSecurityException {
        String property = System.getProperty("sun.net.slp.SPIs");
        if (property == null) {
            throw new ServiceLocationException((short) 7, "no_spis_configured", new Object[0]);
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(x509Certificate.getSubjectDN().toString());
        if (certificateChain == null) {
            throw new ServiceLocationException((short) 7, "no_cert_chain", new Object[]{x509Certificate.getSubjectDN().toString()});
        }
        int i = 0;
        try {
            this.eqSet.add(((X509Certificate) certificateChain[0]).getSubjectDN());
            i = 1;
            while (i < certificateChain.length) {
                ((X509Certificate) certificateChain[i]).checkValidity();
                certificateChain[i - 1].verify(certificateChain[i].getPublicKey(), "SunAMI");
                this.eqSet.add(((X509Certificate) certificateChain[i]).getSubjectDN());
                i++;
            }
            if (!configuredToVerify(certificateChain, property, keyStore)) {
                throw new ServiceLocationException((short) 7, "cant_match_spis", new Object[]{x509Certificate.getSubjectDN().toString(), ""});
            }
        } catch (ClassCastException e) {
            throw new ServiceLocationException((short) 7, "not_x509cert", new Object[]{certificateChain[i].getType(), e.getMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LinkedList commaSeparatedListToLinkedList(String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        LinkedList linkedList = new LinkedList();
        while (stringTokenizer.hasMoreTokens()) {
            linkedList.add(stringTokenizer.nextToken());
        }
        return linkedList;
    }

    private void computeHash() throws ServiceLocationException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            SrvLocHeader.putStringField(this.spi, byteArrayOutputStream, "UTF8");
            this.spiBytes = byteArrayOutputStream.toByteArray();
            this.sig.update(this.spiBytes);
            int length = this.message.length;
            for (int i = 0; i < length; i++) {
                this.sig.update((byte[]) this.message[i]);
            }
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            putInt32(this.timeStamp, byteArrayOutputStream2);
            this.sig.update(byteArrayOutputStream2.toByteArray());
        } catch (SignatureException e) {
            throw new ServiceLocationException((short) 20, "cant_compute_hash", new Object[]{e.getMessage()});
        }
    }

    private static boolean configuredToVerify(Certificate[] certificateArr, String str, KeyStore keyStore) {
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            try {
                String nextToken = stringTokenizer.nextToken();
                try {
                } catch (ServiceLocationException e) {
                    SLPConfig.getSLPConfig().writeLog("cant_process_spi", new Object[]{nextToken, e.getMessage()});
                }
                if (onCertChain(getCert(nextToken, keyStore).getSubjectDN(), certificateArr)) {
                    return true;
                }
            } catch (NoSuchElementException unused) {
                return false;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String desc(Hashtable hashtable) {
        if (hashtable == null) {
            return "null";
        }
        Enumeration elements = hashtable.elements();
        int size = hashtable.size();
        String stringBuffer = size == 1 ? "1 Auth Block:\n" : new StringBuffer(String.valueOf(size)).append(" Auth Blocks:\n").toString();
        int i = 0;
        while (elements.hasMoreElements()) {
            int i2 = i;
            i++;
            stringBuffer = new StringBuffer(String.valueOf(stringBuffer)).append("             ").append(i2).append(": ").append(((AuthBlock) elements.nextElement()).toString()).toString();
        }
        return stringBuffer;
    }

    private static void ensureNonEmpty(Object obj, String str) throws IllegalArgumentException {
        int i = 0;
        if (obj != null) {
            i = obj instanceof Object[] ? ((Object[]) obj).length : ((Hashtable) obj).size();
        }
        if (obj == null || i == 0) {
            throw new IllegalArgumentException(SLPConfig.getSLPConfig().formatMessage("null_or_empty_vector", new Object[]{str}));
        }
    }

    void externalize(SrvLocHeader srvLocHeader, ByteArrayOutputStream byteArrayOutputStream) throws ServiceLocationException, IllegalArgumentException {
        Assert.nonNullParameter(srvLocHeader, "hdr");
        Assert.nonNullParameter(byteArrayOutputStream, "baos");
        srvLocHeader.putInt(this.bsd, byteArrayOutputStream);
        srvLocHeader.putInt(this.abLength, byteArrayOutputStream);
        putInt32(this.timeStamp, byteArrayOutputStream);
        srvLocHeader.nbytes += 4;
        srvLocHeader.putString(this.spi, byteArrayOutputStream);
        byteArrayOutputStream.write(this.abBytes, 0, this.abBytes.length);
        srvLocHeader.nbytes += this.abBytes.length;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void externalizeAll(SrvLocHeader srvLocHeader, Hashtable hashtable, ByteArrayOutputStream byteArrayOutputStream) throws ServiceLocationException, IllegalArgumentException {
        ensureNonEmpty(hashtable, "authBlocks");
        Enumeration elements = hashtable.elements();
        while (elements.hasMoreElements()) {
            ((AuthBlock) elements.nextElement()).externalize(srvLocHeader, byteArrayOutputStream);
        }
    }

    private static X509Certificate getCert(String str, KeyStore keyStore) throws ServiceLocationException {
        X509Certificate x509Certificate = null;
        try {
            str = ServiceLocationAttribute.unescapeAttributeString(str, false);
            try {
                x509Certificate = (X509Certificate) keyStore.getCertificate(str);
                if (x509Certificate == null) {
                    throw new ServiceLocationException((short) 7, "no_cert", new Object[]{str, ""});
                }
                return x509Certificate;
            } catch (ClassCastException e) {
                throw new ServiceLocationException((short) 7, "not_x509cert", new Object[]{x509Certificate.getType(), e.getMessage()});
            } catch (KeyStoreException e2) {
                throw new ServiceLocationException((short) 7, "no_cert", new Object[]{str, e2.getMessage()});
            }
        } catch (ServiceLocationException e3) {
            throw new ServiceLocationException((short) 2, "spi_parse_error", new Object[]{str, e3.getMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Object[] getContents(Hashtable hashtable) throws IllegalArgumentException {
        ensureNonEmpty(hashtable, "authBlocks");
        return ((AuthBlock) hashtable.elements().nextElement()).getMessageParts();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AuthBlock getEquivalentAuth(String str, Hashtable hashtable) {
        if (hashtable.size() == 0) {
            return null;
        }
        try {
            X509Certificate cert = getCert(str, getKeyStore());
            Enumeration elements = hashtable.elements();
            while (elements.hasMoreElements()) {
                AuthBlock authBlock = (AuthBlock) elements.nextElement();
                if (authBlock.inEqSet(cert.getSubjectDN())) {
                    return authBlock;
                }
            }
            return null;
        } catch (Exception e) {
            SLPConfig.getSLPConfig().writeLog("cant_get_equivalency", new Object[]{str, e.getMessage()});
            return null;
        }
    }

    private static long getInt32(DataInputStream dataInputStream) throws IOException {
        byte[] bArr = new byte[4];
        dataInputStream.readFully(bArr, 0, 4);
        return ((bArr[0] & 255) << 24) + ((bArr[1] & 255) << 16) + ((bArr[2] & 255) << 8) + (bArr[3] & 255);
    }

    private static synchronized KeyStore getKeyPkg() throws ServiceLocationException {
        if (keypkg != null) {
            return keypkg;
        }
        try {
            keypkg = KeyStore.getInstance("amiks", "SunAMI");
            keypkg.load(null, null);
            return keypkg;
        } catch (Exception e) {
            throw new ServiceLocationException((short) 7, "no_keystore", new Object[]{e.getMessage()});
        }
    }

    private static synchronized KeyStore getKeyStore() throws ServiceLocationException {
        if (keystore != null) {
            return keystore;
        }
        try {
            keystore = KeyStore.getInstance("amicerts", "SunAMI");
            keystore.load(null, null);
            return keystore;
        } catch (Exception e) {
            throw new ServiceLocationException((short) 7, "no_keystore", new Object[]{e.getMessage()});
        }
    }

    int getLifetime() {
        return this.lifetime;
    }

    Object[] getMessageParts() {
        return this.message;
    }

    String getSPI() {
        return this.spi;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static LinkedList getSPIList(String str) {
        String property = System.getProperty(str);
        if (property == null) {
            return null;
        }
        return commaSeparatedListToLinkedList(property);
    }

    private void getSecurityProvider(int i) throws ServiceLocationException {
        String str;
        str = "Unknown BSD";
        try {
            if (i == 2) {
                this.sig = Signature.getInstance("SHA/DSA", "SunAMI");
            } else {
                if (i != 1) {
                    throw new ServiceLocationException((short) 20, "cant_get_security_provider", new Object[]{new Integer(i), i == 3 ? "Keyed HMAC with MD5" : "Unknown BSD", "Unknown or unsupported BSD"});
                }
                this.sig = Signature.getInstance("MD5/RSA", "SunAMI");
            }
        } catch (GeneralSecurityException e) {
            throw new ServiceLocationException((short) 20, "cant_get_security_provider", new Object[]{new Integer(i), str, e.getMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getShortestLifetime(Hashtable hashtable) throws IllegalArgumentException {
        ensureNonEmpty(hashtable, "authBlocks");
        Enumeration elements = hashtable.elements();
        int i = Integer.MAX_VALUE;
        while (true) {
            int i2 = i;
            if (!elements.hasMoreElements()) {
                return i2;
            }
            int lifetime = ((AuthBlock) elements.nextElement()).getLifetime();
            i = i2 < lifetime ? i2 : lifetime;
        }
    }

    static Hashtable getSignAs() throws ServiceLocationException {
        String str;
        int i;
        X509Certificate signAsCert = getSignAsCert();
        Hashtable hashtable = new Hashtable();
        if (signAsCert == null) {
            return null;
        }
        String principal = signAsCert.getSubjectDN().toString();
        try {
            str = ServiceLocationAttribute.escapeAttributeString(principal, false);
        } catch (ServiceLocationException unused) {
            str = principal;
        }
        String str2 = str;
        String algorithm = signAsCert.getPublicKey().getAlgorithm();
        if (algorithm.equals("DSA")) {
            i = 2;
        } else {
            if (!algorithm.equals("RSA")) {
                SLPConfig.getSLPConfig().writeLog("bad_alg_for_alias", new Object[]{algorithm});
                return null;
            }
            i = 1;
        }
        hashtable.put(str2, new Integer(i));
        return hashtable;
    }

    static X509Certificate getSignAsCert() throws ServiceLocationException {
        String property = System.getProperty("sun.net.slp.signAs");
        if (property == null) {
            SLPConfig.getSLPConfig().writeLog("no_spis_given", new Object[0]);
            return null;
        }
        KeyStore keyPkg = getKeyPkg();
        StringTokenizer stringTokenizer = new StringTokenizer(property, ",");
        X509Certificate x509Certificate = null;
        if (stringTokenizer.hasMoreTokens()) {
            x509Certificate = getCert(stringTokenizer.nextToken(), keyPkg);
        }
        return x509Certificate;
    }

    private boolean inEqSet(Principal principal) {
        return this.eqSet.contains(principal);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Hashtable makeAuthBlocks(SrvLocHeader srvLocHeader, Object[] objArr, DataInputStream dataInputStream, byte b) throws ServiceLocationException, IllegalArgumentException, IOException {
        Hashtable hashtable = new Hashtable();
        byte b2 = 0;
        while (true) {
            byte b3 = b2;
            if (b3 >= b) {
                return hashtable;
            }
            AuthBlock authBlock = new AuthBlock(srvLocHeader, objArr, dataInputStream);
            hashtable.put(authBlock.getSPI(), authBlock);
            b2 = (byte) (b3 + 1);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Hashtable makeAuthBlocks(Object[] objArr, int i) throws ServiceLocationException, IllegalArgumentException {
        Hashtable signAs = getSignAs();
        if (signAs == null) {
            throw new ServiceLocationException((short) 7, "cant_sign", new Object[0]);
        }
        Hashtable hashtable = new Hashtable();
        Enumeration keys = signAs.keys();
        while (keys.hasMoreElements()) {
            String str = (String) keys.nextElement();
            hashtable.put(str, new AuthBlock(objArr, str, ((Integer) signAs.get(str)).intValue(), i));
        }
        return hashtable;
    }

    int nBytes() {
        return this.abLength;
    }

    private static boolean onCertChain(String str, Principal principal) throws ServiceLocationException {
        ServiceLocationException serviceLocationException = new ServiceLocationException((short) 5, "no_cert_chain", new Object[]{str});
        try {
            Certificate[] certificateChain = getKeyStore().getCertificateChain(str);
            if (certificateChain == null) {
                throw serviceLocationException;
            }
            return onCertChain(principal, certificateChain);
        } catch (KeyStoreException unused) {
            throw serviceLocationException;
        }
    }

    private static boolean onCertChain(Principal principal, Certificate[] certificateArr) {
        for (Certificate certificate : certificateArr) {
            if (principal.equals(((X509Certificate) certificate).getSubjectDN())) {
                return true;
            }
        }
        return false;
    }

    private static void putInt32(long j, ByteArrayOutputStream byteArrayOutputStream) {
        byteArrayOutputStream.write((byte) ((j >> 24) & 255));
        byteArrayOutputStream.write((byte) ((j >> 16) & 255));
        byteArrayOutputStream.write((byte) ((j >> 8) & 255));
        byteArrayOutputStream.write((byte) (j & 255));
    }

    public String toString() {
        return new StringBuffer("SPI=``").append(this.spi).append("''\n").append("                BSD=``").append(this.bsd).append("''\n").append("                timeStamp=``").append(this.timeStamp).append("''\n").append("                AuthBlock bytes=").append(this.abLength).append(" bytes\n").toString();
    }

    void verify() throws ServiceLocationException {
        String str;
        try {
            KeyStore keyStore = KeyStore.getInstance("amicerts", "SunAMI");
            keyStore.load(null, null);
            try {
                str = ServiceLocationAttribute.unescapeAttributeString(this.spi, false);
            } catch (ServiceLocationException unused) {
                str = this.spi;
            }
            X509Certificate cert = getCert(this.spi, keyStore);
            try {
                cert.checkValidity();
                if (this.lifetime == 0) {
                    throw new ServiceLocationException((short) 7, "timestamp_failure", new Object[]{str});
                }
                try {
                    checkSPIs(cert, keyStore);
                    try {
                        this.sig.initVerify(cert.getPublicKey());
                        computeHash();
                        ServiceLocationException serviceLocationException = new ServiceLocationException((short) 7, "verify_failure", new Object[]{str});
                        try {
                            if (this.sig.verify(this.abBytes)) {
                            } else {
                                throw serviceLocationException;
                            }
                        } catch (SignatureException unused2) {
                            throw serviceLocationException;
                        }
                    } catch (InvalidKeyException e) {
                        throw new ServiceLocationException((short) 20, "init_verify_failure", new Object[]{str, e.getMessage()});
                    }
                } catch (GeneralSecurityException e2) {
                    throw new ServiceLocationException((short) 7, "cant_match_spis", new Object[]{cert.getSubjectDN(), e2.getMessage()});
                }
            } catch (CertificateException e3) {
                throw new ServiceLocationException((short) 7, "invalid_cert", new Object[]{str, e3.getMessage()});
            }
        } catch (Exception e4) {
            throw new ServiceLocationException((short) 7, "no_keystore", new Object[]{e4.getMessage()});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void verifyAll(Hashtable hashtable) throws ServiceLocationException, IllegalArgumentException {
        ensureNonEmpty(hashtable, "authBlocks");
        Enumeration elements = hashtable.elements();
        while (elements.hasMoreElements()) {
            ((AuthBlock) elements.nextElement()).verify();
        }
    }
}
