package progress.message.zclient;

import com.sonicsw.security.pass.broker.ConnectionException;
import com.sonicsw.security.pass.broker.IAuthentication;
import com.sonicsw.security.pass.broker.UnauthenticatedException;
import com.sonicsw.security.pass.client.IPasswordUser;
import com.sonicsw.security.pcs.CipherSuiteInfo;
import com.sonicsw.security.pcs.EInvalidCipherSuiteException;
import com.sonicsw.security.pcs.IPluggableCipherSuite;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.ObjectInput;
import java.util.ArrayList;
import progress.message.client.EBrokerVersionMismatch;
import progress.message.client.EInauthenticBroker;
import progress.message.client.EInauthenticClient;
import progress.message.msg.IMgram;
import progress.message.msg.MgramFactory;
import progress.message.resources.prMessageFormat;

/* loaded from: input_file:progress/message/zclient/BrokerConnectHandshaker.class */
public final class BrokerConnectHandshaker extends ConnectHandshaker {
    private IAuthentication m_authenticationSPI;
    private boolean m_isAuthenticationSPIEnabled;

    public BrokerConnectHandshaker(BaseConnection baseConnection) {
        super(baseConnection);
        this.m_authenticationSPI = null;
        this.m_isAuthenticationSPIEnabled = false;
    }

    public static final IMgram buildBrokerRedirectedReply(String str) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(9);
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        if (str != null) {
            dataOutputStream.writeUTF(str);
        }
        dataOutputStream.flush();
        return MgramFactory.getMgramFactory().buildConnectMgram(byteArrayOutputStream.toByteArray(), 0);
    }

    @Override // progress.message.zclient.ConnectHandshaker
    public void handleConnectMgram(IMgram iMgram) throws EInauthenticClient, EInauthenticBroker, EUnexpectedMgram, EMgramFormatError, EInvalidCipherSuiteException {
        switch (this.m_state) {
            case 1:
                verifySubtype(iMgram, 3);
                readClientInfo(iMgram);
                this.m_pwKey = new byte[8];
                if (this.m_user == null && !this.m_isAuthenticationSPIEnabled) {
                    throw new EInauthenticClient(prAccessor.getString("STR121") + ". " + prAccessor.getString("STR192"));
                }
                if (this.m_user != null && this.m_user.isInternalPrincipal()) {
                    System.arraycopy(this.m_user.getTestPattern(), 6, this.m_pwKey, 0, 8);
                } else if (this.m_user != null && this.m_isAuthenticationSPIEnabled) {
                    this.m_user = null;
                }
                if (this.m_active) {
                    this.m_state = 2;
                    return;
                } else if (this.m_securityEnabled) {
                    processSecurity();
                    return;
                } else {
                    this.m_sender.send(buildSecDisabledMgram());
                    this.m_state = 5;
                    return;
                }
            case 6:
                if (!compareSubtype(iMgram, 11)) {
                    if (!compareSubtype(iMgram, 13)) {
                        super.handleConnectMgram(iMgram);
                        return;
                    }
                    try {
                        String readUTF = new DataInputStream(new ByteArrayInputStream(iMgram.getRawBody(), 1, iMgram.getBodyLength() - 1)).readUTF();
                        this.m_state = 8;
                        throw new EInauthenticClient(readUTF);
                    } catch (IOException e) {
                        throw new EInauthenticClient(e.getMessage());
                    }
                }
                if (!this.m_isAuthenticationSPIEnabled || this.m_authenticationSPI == null) {
                    return;
                }
                if (this.m_user == null || !this.m_user.isInternalPrincipal()) {
                    DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(iMgram.getRawBody(), 1, iMgram.getBodyLength() - 1));
                    try {
                        int readInt = dataInputStream.readInt();
                        byte[] bArr = new byte[readInt];
                        dataInputStream.read(bArr, 0, readInt);
                        if (bArr != null) {
                            this.m_transformedPassword = bArr;
                        }
                        String replace = this.m_uid.replace('$', '.');
                        try {
                            byte[] bArr2 = new byte[this.m_transformedPassword.length - 20];
                            System.arraycopy(this.m_transformedPassword, 20, bArr2, 0, bArr2.length);
                            IPasswordUser authenticate = this.m_authenticationSPI.authenticate(replace, bArr2, this.m_peerCertChain);
                            String[] groups = authenticate != null ? authenticate.getGroups() : null;
                            ArrayList arrayList = new ArrayList();
                            if (groups != null && groups.length > 0) {
                                for (String str : groups) {
                                    arrayList.add(str);
                                }
                            }
                            if (authenticate != null) {
                                this.m_uid = authenticate.getName();
                            }
                            this.m_uid = this.m_uid.replace('.', '$');
                            this.m_user = new ProgressPasswordUser(this.m_uid, this.m_transformedPassword);
                            this.m_user.setInternalPrincipal(false);
                            this.m_user.setExternalGroups(arrayList);
                            this.m_sender.send(sendMasterSecret(this.m_transformedPassword));
                            this.m_state = 5;
                            return;
                        } catch (ConnectionException e2) {
                            throw new EInauthenticClient(e2.getMessage());
                        } catch (UnauthenticatedException e3) {
                            throw new EInauthenticClient(e3.getMessage());
                        } catch (Exception e4) {
                            throw new EInauthenticClient(e4.getMessage());
                        } catch (Throwable th) {
                            throw new EInauthenticClient(th.getMessage());
                        }
                    } catch (IOException e5) {
                        this.m_transformedPassword = null;
                        throw new EInauthenticClient(e5.getMessage());
                    } catch (ArrayIndexOutOfBoundsException e6) {
                        this.m_transformedPassword = null;
                        throw new EInauthenticClient(e6.getMessage());
                    }
                }
                return;
            default:
                super.handleConnectMgram(iMgram);
                return;
        }
    }

    public static final IMgram buildBrokerHello(byte b) {
        return MgramFactory.getMgramFactory().buildConnectMgram(new byte[]{2, b}, 0);
    }

    public final IMgram buildSuccessMgram(ConnectData connectData) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(7);
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeInt(SessionConfig.getKeyBits());
        connectData.writeToStream(dataOutputStream, (short) -1);
        if (this.m_incomingClientVer >= 27) {
            this.m_brokerParameters.serialize(dataOutputStream);
        }
        dataOutputStream.flush();
        return MgramFactory.getMgramFactory().buildConnectMgram(byteArrayOutputStream.toByteArray(), 0);
    }

    public ClientConnectParms getClientConnectParms() {
        return this.m_clientParameters;
    }

    public void setBrokerConnectParms(BrokerConnectParms brokerConnectParms) {
        this.m_brokerParameters = brokerConnectParms;
    }

    public BrokerConnectParms getBrokerConnectParms() {
        return this.m_brokerParameters;
    }

    public final String getAppid() {
        return this.m_appid;
    }

    public final String getClientData() {
        return this.m_clientData;
    }

    public final ExtendedClientData getExtendedClientData() {
        return this.m_extendedClientData;
    }

    public final boolean isClientHello(IMgram iMgram) throws EBrokerVersionMismatch, EMgramFormatError {
        if (!compareSubtype(iMgram, 1)) {
            return false;
        }
        try {
            this.m_incomingClientVer = iMgram.getRawBody()[1];
            if (!SessionConfig.isClientSessionVersionSupported(this.m_incomingClientVer)) {
                throw new EBrokerVersionMismatch(32, iMgram.getRawBody()[1]);
            }
            if (iMgram.getBodyLength() <= 2) {
                return true;
            }
            ObjectInput payloadInputStreamHandle = iMgram.getPayloadInputStreamHandle();
            try {
                payloadInputStreamHandle.readByte();
                payloadInputStreamHandle.readByte();
                short readShort = payloadInputStreamHandle.readShort();
                this.m_loadBalancingRequested = (readShort & 1) > 0;
                this.m_faultToleranceRequested = (readShort & 2) > 0;
                this.m_resumedJMSConnection = (readShort & 4) > 0;
                boolean z = (readShort & 16) > 0;
                boolean z2 = (readShort & 8) > 0;
                boolean z3 = (readShort & 32) > 0;
                if (this.m_incomingClientVer < 27) {
                    try {
                        this.m_clientData = payloadInputStreamHandle.readUTF();
                    } catch (IOException e) {
                    }
                } else {
                    if (z2) {
                        this.m_clientData = payloadInputStreamHandle.readUTF();
                    }
                    if (z) {
                        this.m_clientParameters = ClientConnectParms.unserialize(payloadInputStreamHandle);
                    }
                    if (z3) {
                        try {
                            this.m_extendedClientData = ExtendedClientData.unserialize(payloadInputStreamHandle);
                        } catch (Exception e2) {
                            SessionConfig.logMessage(e2, SessionConfig.getLevelWarning());
                        }
                    }
                }
                return true;
            } catch (IOException e3) {
                throw new EMgramFormatError(prMessageFormat.format(prAccessor.getString("STR184"), new Object[]{e3.toString()}));
            }
        } catch (ArrayIndexOutOfBoundsException e4) {
            throw new EBrokerVersionMismatch(32, 23);
        }
    }

    public final boolean isFaultToleranceRequested() {
        return this.m_faultToleranceRequested;
    }

    public final boolean isLoadBalancingRequested() {
        return this.m_loadBalancingRequested;
    }

    public final byte[] getMasterSecret() {
        return this.m_masterSecret;
    }

    public final String getNewBrokerURL() {
        return this.m_newBrokerURL;
    }

    public final boolean isResumedConnection() {
        return this.m_resumedJMSConnection;
    }

    public void setAuthenticationSPI(boolean z, IAuthentication iAuthentication) {
        this.m_isAuthenticationSPIEnabled = z;
        if (this.m_isAuthenticationSPIEnabled) {
            this.m_authenticationSPI = iAuthentication;
        }
    }

    public void setCipherSuite(IPluggableCipherSuite iPluggableCipherSuite) {
        this.m_brokerCipherSuite = iPluggableCipherSuite;
    }

    public final String getUid() {
        return this.m_uid;
    }

    public final ProgressPasswordUser getUser() {
        return this.m_user;
    }

    public final void connectBroker(IUser iUser, boolean z, boolean z2) {
        this.m_iuser = iUser;
        this.m_active = z;
        this.m_sender = this.m_connection.getSender();
        this.m_client = false;
        this.m_securityEnabled = z2;
        this.m_cert = this.m_connection.m481getSocket().getCertificate();
        this.m_state = 1;
    }

    private final void processSecurity() throws EInauthenticClient, EInauthenticBroker, EUnexpectedMgram, EMgramFormatError {
        if (this.m_authenticated) {
            this.m_sender.send(buildResponse2());
            this.m_state = 5;
            return;
        }
        if (this.m_user != null || !this.m_isAuthenticationSPIEnabled) {
            this.m_state = 3;
            this.m_sender.send(buildChallenge1());
            return;
        }
        boolean z = true;
        if (this.m_isAuthenticationSPIEnabled && this.m_authenticationSPI != null) {
            try {
                z = this.m_authenticationSPI.aquireClientCredentials();
            } catch (Throwable th) {
            }
        }
        if (z || (this.m_user != null && this.m_user.isInternalPrincipal())) {
            this.m_state = 6;
            this.m_sender.send(buildRequestPassword());
            return;
        }
        try {
            IPasswordUser authenticate = this.m_authenticationSPI.authenticate(this.m_uid.replace('$', '.'), (byte[]) null, this.m_peerCertChain);
            String[] groups = authenticate != null ? authenticate.getGroups() : null;
            ArrayList arrayList = new ArrayList();
            if (groups != null && groups.length > 0) {
                for (String str : groups) {
                    arrayList.add(str);
                }
            }
            if (authenticate != null) {
                this.m_uid = authenticate.getName();
                this.m_uid = this.m_uid.replace('.', '$');
                byte[] password = authenticate.getPassword();
                if (password != null) {
                    this.m_transformedPassword = password;
                } else if (password == null && this.m_transformedPassword == null) {
                    this.m_transformedPassword = new byte[0];
                }
            }
            this.m_user = new ProgressPasswordUser(this.m_uid, this.m_transformedPassword);
            this.m_user.setInternalPrincipal(false);
            this.m_user.setExternalGroups(arrayList);
            this.m_sender.send(sendMasterSecret(this.m_transformedPassword));
            this.m_state = 5;
        } catch (ConnectionException e) {
            throw new EInauthenticClient(e.getMessage());
        } catch (UnauthenticatedException e2) {
            throw new EInauthenticClient(e2.getMessage());
        } catch (Exception e3) {
            throw new EInauthenticClient(e3.getMessage());
        } catch (Throwable th2) {
            throw new EInauthenticClient(th2.getMessage());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:14:0x00d7  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0150  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void readClientInfo(progress.message.msg.IMgram r10) throws progress.message.client.EInauthenticClient, progress.message.zclient.EMgramFormatError {
        /*
            Method dump skipped, instructions count: 354
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: progress.message.zclient.BrokerConnectHandshaker.readClientInfo(progress.message.msg.IMgram):void");
    }

    private final IMgram buildRequestPassword() {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(10);
        return MgramFactory.getMgramFactory().buildConnectMgram(byteArrayOutputStream.toByteArray(), 0);
    }

    private IMgram buildResponse2() throws EInauthenticClient, EInauthenticBroker, EMgramFormatError {
        try {
            this.m_masterSecret = new byte[48];
            ProgressSecureRandom.theSecureRandom().nextBytes(this.m_masterSecret);
            this.m_responseData = new byte[48 + PADDED_HASH_LENGTH];
            System.arraycopy(this.m_masterSecret, 0, this.m_responseData, 0, 48);
            byte[] hash = getHash(20);
            System.arraycopy(hash, 0, this.m_responseData, 48, hash.length);
            byte[] bArr = new byte[this.m_responseData.length + 1];
            bArr[0] = 6;
            DESEncrypt(this.m_responseData, 0, bArr, 1, this.m_responseData.length);
            return MgramFactory.getMgramFactory().buildConnectMgram(bArr, 0);
        } catch (IndexOutOfBoundsException e) {
            throw new EMgramFormatError(prAccessor.getString("STR013"));
        }
    }

    private IMgram sendMasterSecret(byte[] bArr) throws EInauthenticClient, EInauthenticBroker, EMgramFormatError, EInvalidCipherSuiteException {
        if (this.m_user == null) {
            throw new EInauthenticClient();
        }
        byte[] bArr2 = new byte[bArr.length + computePad(bArr.length)];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        try {
            this.m_masterSecret = new byte[48];
            ProgressSecureRandom.theSecureRandom().nextBytes(this.m_masterSecret);
            byte[] bArr3 = null;
            if (this.m_brokerCipherSuite.isSonicCipherSuite()) {
                this.m_responseData = new byte[48 + PADDED_HASH_LENGTH];
            } else {
                try {
                    CipherSuiteInfo cipherSuiteInfo = this.m_brokerCipherSuite.getCipherSuiteInfo();
                    byte[] writeBytesWithoutKeySize = this.m_incomingClientVer < 32 ? cipherSuiteInfo.writeBytesWithoutKeySize() : cipherSuiteInfo.writeBytes();
                    bArr3 = new byte[writeBytesWithoutKeySize.length + computePad(writeBytesWithoutKeySize.length)];
                    System.arraycopy(writeBytesWithoutKeySize, 0, bArr3, 0, writeBytesWithoutKeySize.length);
                    this.m_responseData = new byte[48 + PADDED_HASH_LENGTH + bArr3.length];
                } catch (IOException e) {
                    SessionConfig.logMessage(e, SessionConfig.getLevelWarning());
                    throw new EInvalidCipherSuiteException("Unable to get Broker side cipher information");
                }
            }
            System.arraycopy(this.m_masterSecret, 0, this.m_responseData, 0, 48);
            byte[] bArr4 = new byte[20];
            try {
                ISHA isha = (ISHA) Class.forName("progress.message.crypto.SHA").newInstance();
                isha.add(this.m_masterSecret);
                isha.add(bArr2);
                bArr4 = isha.digest();
            } catch (Exception e2) {
                SessionConfig.logMessage(e2, SessionConfig.getLevelWarning());
            }
            System.arraycopy(bArr4, 0, this.m_responseData, 48, 20);
            int i = 48 + PADDED_HASH_LENGTH;
            if (this.m_responseData.length > i) {
                if (bArr3 == null) {
                    throw new NullPointerException("'cipherSuiteInfoInBytes' in " + getClass().getName() + ".sendMasterSecret(byte[] key) cannot be null.");
                }
                System.arraycopy(bArr3, 0, this.m_responseData, i, bArr3.length);
            }
            byte[] bArr5 = new byte[this.m_responseData.length + 1];
            bArr5[0] = 12;
            DESEncrypt(this.m_responseData, 0, bArr5, 1, this.m_responseData.length, bArr2);
            return MgramFactory.getMgramFactory().buildConnectMgram(bArr5, 0);
        } catch (IndexOutOfBoundsException e3) {
            throw new EMgramFormatError(prAccessor.getString("STR013"));
        }
    }

    public static void notifyRecoveredTemporaryAppid(long j) {
        synchronized (ConnectHandshaker.class) {
            if (s_tmpAppIdCnt <= j) {
                s_tmpAppIdCnt = j + 1;
            }
        }
    }

    private final void DESEncrypt(byte[] bArr, int i, byte[] bArr2, int i2, int i3, byte[] bArr3) throws EInauthenticClient {
        IDES ides = (IDES) newInstance("progress.message.crypto.DES");
        ides.init(1, bArr3);
        ides.doFinal(bArr, i, i3, bArr2, i2);
    }
}
