package progress.message.zclient;

import com.sonicsw.security.pcs.AbstractCipherSuite;
import com.sonicsw.security.pcs.CipherSuiteInfo;
import com.sonicsw.security.pcs.EInvalidCipherSuiteException;
import com.sonicsw.security.pcs.IPluggableCipherSuite;
import com.sonicsw.security.pcs.SonicCipherSuite;
import com.sonicsw.util.debug.Debug;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import progress.message.client.EInauthenticBroker;
import progress.message.client.EInauthenticClient;
import progress.message.msg.IMgram;
import progress.message.msg.MgramFactory;
import progress.message.resources.prMessageFormat;
import progress.message.security.cert.X509Certificate;
import progress.message.util.DebugState;
import progress.message.util.EAssertFailure;
import progress.message.util.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:progress/message/zclient/ConnectHandshaker.class */
public class ConnectHandshaker extends DebugObject {
    protected static final boolean DEBUG_NONCE = false;
    protected static final boolean DEBUG_CR_DECRYPT = false;
    protected static final boolean DEBUG_CR_ENCRYPT = false;
    protected static final String SHA_CLASS = "progress.message.crypto.SHA";
    protected static final String DES_CLASS = "progress.message.crypto.DES";
    protected static final int HASH_LENGTH = 20;
    protected static final int PADDED_HASH_LENGTH = 20 + computePad(20);
    protected static final byte CLIENT_HELLO_SUBTYPE = 1;
    protected static final byte BROKER_HELLO_SUBTYPE = 2;
    protected static final byte CLIENT_ID_SUBTYPE = 3;
    protected static final byte CHALLENGE_1_SUBTYPE = 4;
    protected static final byte CHALLENGE_2_SUBTYPE = 5;
    protected static final byte RESPONSE_SUBTYPE = 6;
    protected static final byte SUCCESS_SUBTYPE = 7;
    protected static final byte SEC_DISABLED_SUBTYPE = 8;
    protected static final byte BROKER_REDIRECTED_SUBTYPE = 9;
    protected static final byte REQUEST_PASSWORD_SUBTYPE = 10;
    protected static final byte PASSWORD_PAYLOAD_SUBTYPE = 11;
    protected static final byte RESPONSE_XPASSWORD_SUBTYPE = 12;
    protected static final byte PASSWORD_PAYLOAD_ERROR_SUBTYPE = 13;
    protected static final int CLIENT_HELLO_STATE = 0;
    protected static final int CLIENT_ID_STATE = 1;
    protected static final int CHALLENGE_1_STATE = 2;
    protected static final int CHALLENGE_2_STATE = 3;
    protected static final int RESPONSE_STATE = 4;
    protected static final int DONE_STATE = 5;
    protected static final int REQUESTING_PASSWORD_STATE = 6;
    protected static final int SENDING_PASSWORD_STATE = 7;
    protected static final int ERROR_STATE = 8;
    protected static long s_tmpAppIdCnt;
    protected BaseConnection m_connection;
    protected boolean m_client;
    protected boolean m_active;
    protected boolean m_securityEnabled;
    protected Sender m_sender;
    protected byte m_incomingClientVer;
    protected ProgressPasswordUser m_user;
    protected String m_uid;
    protected String m_appid;
    protected int m_keyBits;
    protected IUser m_iuser;
    protected X509Certificate m_peerCert;
    protected X509Certificate[] m_peerCertChain;
    protected Object m_cert;
    protected boolean m_loadBalancingRequested;
    protected boolean m_faultToleranceRequested;
    protected boolean m_resumedJMSConnection;
    protected String m_clientData;
    protected ClientConnectParms m_clientParameters;
    protected ExtendedClientData m_extendedClientData;
    protected BrokerConnectParms m_brokerParameters;
    protected String m_newBrokerURL;
    protected int m_state;
    protected byte[] m_activeNonce;
    protected byte[] m_passiveNonce;
    protected byte[] m_masterSecret;
    protected byte[] m_pwKey;
    protected byte[] m_certBytes;
    protected byte[] m_challenge2Data;
    protected byte[] m_responseData;
    protected boolean m_authenticated;
    protected byte[] m_transformedPassword;
    protected IPluggableCipherSuite m_brokerCipherSuite;
    protected IPluggableCipherSuite m_clientCipherSuite;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ConnectHandshaker(BaseConnection baseConnection) {
        super(DebugState.GLOBAL_DEBUG_ON ? "ConnectHandshaker " + baseConnection : null);
        this.m_loadBalancingRequested = false;
        this.m_faultToleranceRequested = false;
        this.m_resumedJMSConnection = false;
        this.m_clientData = null;
        this.m_clientParameters = null;
        this.m_extendedClientData = null;
        this.m_brokerParameters = null;
        this.m_newBrokerURL = null;
        this.m_state = 0;
        this.m_authenticated = false;
        this.m_connection = baseConnection;
        this.m_peerCert = this.m_connection.m495getSocket().getPeerCertificate();
        this.m_peerCertChain = this.m_connection.m495getSocket().getPeerCertificateChain();
        if (!this.DEBUG || this.m_peerCert == null) {
            return;
        }
        debug("Peer Subject Name is : " + this.m_peerCert.getSubjectDN());
    }

    public final boolean isDone() {
        return this.m_state == 5;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleConnectMgram(IMgram iMgram) throws EInauthenticClient, EInauthenticBroker, EUnexpectedMgram, EMgramFormatError, EInvalidCipherSuiteException {
        switch (this.m_state) {
            case 0:
                if (compareSubtype(iMgram, 9)) {
                    this.m_newBrokerURL = decodeBrokerRedirectedMgram(iMgram);
                    this.m_state = 5;
                    return;
                }
                break;
            case 1:
            default:
                throw new EAssertFailure(prMessageFormat.format(prAccessor.getString("STR007"), new Object[]{Integer.toString(this.m_state)}));
            case 2:
                break;
            case 3:
                verifySubtype(iMgram, 5);
                this.m_sender.send(buildResponse(iMgram));
                this.m_state = 5;
                return;
            case 4:
                verifySubtype(iMgram, 6);
                verifyResponse(iMgram);
                this.m_state = 5;
                return;
        }
        if (this.m_transformedPassword != null) {
            this.m_user = new ProgressPasswordUser(this.m_uid, this.m_transformedPassword);
        }
        if (compareSubtype(iMgram, 8)) {
            if (this.m_cert != null) {
                throw new EInauthenticBroker();
            }
            this.m_state = 5;
        } else {
            verifySubtype(iMgram, 4);
            this.m_state = 4;
            this.m_sender.send(buildChallenge2(iMgram));
        }
    }

    private String decodeBrokerRedirectedMgram(IMgram iMgram) throws EMgramFormatError {
        if (iMgram.getBodyLength() <= 1) {
            return null;
        }
        try {
            return new DataInputStream(new ByteArrayInputStream(iMgram.getRawBody(), 1, iMgram.getBodyLength() - 1)).readUTF();
        } catch (Exception e) {
            throw new EMgramFormatError(prMessageFormat.format(prAccessor.getString("STR008"), new Object[]{e.toString()}));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final boolean compareSubtype(IMgram iMgram, int i) {
        try {
            return iMgram.getRawBody()[0] == i;
        } catch (ArrayIndexOutOfBoundsException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void verifySubtype(IMgram iMgram, int i) throws EUnexpectedMgram, EMgramFormatError {
        try {
            if (iMgram.getRawBody()[0] != i) {
                throw new EUnexpectedMgram(iMgram);
            }
        } catch (ArrayIndexOutOfBoundsException e) {
            throw new EMgramFormatError(prAccessor.getString("STR009"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final IMgram buildChallenge1() throws EInauthenticClient {
        this.m_passiveNonce = new byte[16];
        ProgressSecureRandom.theSecureRandom().nextBytes(this.m_passiveNonce);
        if (this.DEBUG) {
            debug("built passive nonce: " + this.m_passiveNonce);
        }
        byte[] bArr = new byte[17];
        bArr[0] = 4;
        DESEncrypt(this.m_passiveNonce, 0, bArr, 1, 16);
        return MgramFactory.getMgramFactory().buildConnectMgram(bArr, 0);
    }

    private IMgram buildChallenge2(IMgram iMgram) throws EMgramFormatError, EInauthenticClient {
        try {
            this.m_passiveNonce = new byte[16];
            DESDecrypt(iMgram.getRawBody(), 1, this.m_passiveNonce, 0, 16);
            this.m_activeNonce = new byte[16];
            ProgressSecureRandom.theSecureRandom().nextBytes(this.m_activeNonce);
            serializeSSLCertificate();
            this.m_challenge2Data = new byte[16 + PADDED_HASH_LENGTH];
            System.arraycopy(this.m_activeNonce, 0, this.m_challenge2Data, 0, 16);
            byte[] digest = initSha().digest();
            System.arraycopy(digest, 0, this.m_challenge2Data, 16, digest.length);
            if (this.DEBUG) {
                debug("built challenge 2 data: " + Hex.toString(this.m_challenge2Data));
            }
            byte[] bArr = new byte[this.m_challenge2Data.length + 1];
            bArr[0] = 5;
            DESEncrypt(this.m_challenge2Data, 0, bArr, 1, this.m_challenge2Data.length);
            return MgramFactory.getMgramFactory().buildConnectMgram(bArr, 0);
        } catch (IndexOutOfBoundsException e) {
            throw new EMgramFormatError(prAccessor.getString("STR011"));
        }
    }

    private IMgram buildResponse(IMgram iMgram) throws EInauthenticClient, EInauthenticBroker, EMgramFormatError, EInvalidCipherSuiteException {
        if (this.m_user == null) {
            throw new EInauthenticClient();
        }
        try {
            this.m_challenge2Data = new byte[iMgram.getBodyLength() - 1];
            if (this.m_challenge2Data.length % 8 != 0) {
                throw new EMgramFormatError(prAccessor.getString("STR013"));
            }
            DESDecrypt(iMgram.getRawBody(), 1, this.m_challenge2Data, 0, this.m_challenge2Data.length);
            if (this.DEBUG) {
                debug("received challenge 2 data: " + Hex.toString(this.m_challenge2Data));
            }
            this.m_activeNonce = new byte[16];
            System.arraycopy(this.m_challenge2Data, 0, this.m_activeNonce, 0, 16);
            serializeSSLCertificate();
            ISHA initSha = initSha();
            byte[] digest = initSha.digest();
            if (!arrayCompare(this.m_challenge2Data, 16, digest, 0, digest.length)) {
                throw new EInauthenticClient();
            }
            if (this.m_brokerCipherSuite == null) {
                throw new EInvalidCipherSuiteException("Unable to find broker side Cipher Suite");
            }
            this.m_masterSecret = new byte[48];
            ProgressSecureRandom.theSecureRandom().nextBytes(this.m_masterSecret);
            byte[] bArr = null;
            if (this.m_brokerCipherSuite.isSonicCipherSuite()) {
                this.m_responseData = new byte[48 + PADDED_HASH_LENGTH];
            } else {
                try {
                    CipherSuiteInfo cipherSuiteInfo = this.m_brokerCipherSuite.getCipherSuiteInfo();
                    byte[] writeBytesWithoutKeySize = this.m_incomingClientVer < 32 ? cipherSuiteInfo.writeBytesWithoutKeySize() : cipherSuiteInfo.writeBytes();
                    bArr = new byte[writeBytesWithoutKeySize.length + computePad(writeBytesWithoutKeySize.length)];
                    System.arraycopy(writeBytesWithoutKeySize, 0, bArr, 0, writeBytesWithoutKeySize.length);
                    this.m_responseData = new byte[48 + PADDED_HASH_LENGTH + bArr.length];
                } catch (IOException e) {
                    SessionConfig.logMessage(e, SessionConfig.getLevelWarning());
                    throw new EInvalidCipherSuiteException("Unable to get Broker side cipher information");
                }
            }
            System.arraycopy(this.m_masterSecret, 0, this.m_responseData, 0, 48);
            byte[] createHash = createHash(initSha);
            System.arraycopy(createHash, 0, this.m_responseData, 48, createHash.length);
            if (this.m_responseData.length > 48 + PADDED_HASH_LENGTH) {
                if (bArr == null) {
                    throw new NullPointerException("'cipherSuiteInfoInBytes' in " + getClass().getName() + ".buildResponse(final IMgram challenge2) cannot be null!");
                }
                System.arraycopy(bArr, 0, this.m_responseData, 48 + PADDED_HASH_LENGTH, bArr.length);
            }
            byte[] bArr2 = new byte[this.m_responseData.length + 1];
            bArr2[0] = 6;
            DESEncrypt(this.m_responseData, 0, bArr2, 1, this.m_responseData.length);
            return MgramFactory.getMgramFactory().buildConnectMgram(bArr2, 0);
        } catch (IndexOutOfBoundsException e2) {
            throw new EMgramFormatError(prAccessor.getString("STR013"));
        }
    }

    private ISHA initSha() {
        ISHA isha = (ISHA) newInstance(SHA_CLASS);
        isha.add(this.m_passiveNonce);
        isha.add(this.m_activeNonce);
        isha.add(this.m_certBytes);
        return isha;
    }

    private void traceCertBytes() {
        Debug.trace("Certs bytes: " + this.m_certBytes + ", size: " + this.m_certBytes.length);
        if (this.m_certBytes != null) {
            Debug.trace(Hex.toString(this.m_certBytes));
        }
    }

    private void serializeSSLCertificate() {
        try {
            serializeCert();
        } catch (IOException e) {
            SessionConfig.logMessage(prMessageFormat.format(prAccessor.getString("STR012"), new Object[]{this.m_cert.toString(), e.toString()}), SessionConfig.getLevelWarning());
            SessionConfig.logMessage(e, SessionConfig.getLevelWarning());
            this.m_certBytes = new byte[0];
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final byte[] getHash(int i) {
        byte[] bArr = new byte[i];
        for (int i2 = 0; i2 < i; i2++) {
            bArr[i2] = (byte) i2;
        }
        return bArr;
    }

    private void verifyResponse(IMgram iMgram) throws EInauthenticClient, EInauthenticBroker, EMgramFormatError, EInvalidCipherSuiteException {
        if (this.m_user == null) {
            throw new EInauthenticClient();
        }
        try {
            this.m_responseData = new byte[iMgram.getBodyLength() - 1];
            if (this.m_responseData.length % 8 != 0) {
                throw new EMgramFormatError(prAccessor.getString("STR016"));
            }
            DESDecrypt(iMgram.getRawBody(), 1, this.m_responseData, 0, this.m_responseData.length);
            this.m_masterSecret = new byte[48];
            System.arraycopy(this.m_responseData, 0, this.m_masterSecret, 0, 48);
            byte[] hash = this.m_uid.equals(SecurityConfig.AUTHENTICATED_USER) ? getHash(20) : createHash((ISHA) newInstance(SHA_CLASS));
            if (!arrayCompare(hash, 0, this.m_responseData, 48, hash.length)) {
                throw new EInauthenticBroker();
            }
            CipherSuiteInfo cipherSuiteInfo = null;
            try {
                if (this.m_responseData.length > 48 + PADDED_HASH_LENGTH) {
                    cipherSuiteInfo = new CipherSuiteInfo();
                    int i = 48 + PADDED_HASH_LENGTH;
                    int length = this.m_responseData.length - i;
                    byte[] bArr = new byte[length];
                    System.arraycopy(this.m_responseData, i, bArr, 0, length);
                    cipherSuiteInfo.readBytes(bArr);
                }
                if (cipherSuiteInfo == null) {
                    this.m_clientCipherSuite = SonicCipherSuite.getInstance();
                } else {
                    String[] transformation = cipherSuiteInfo.getTransformation(0);
                    if (transformation == null || transformation.length < 3 || transformation[2] == null || transformation[2].trim().length() == 0) {
                        throw new EInvalidCipherSuiteException("Invalid cipher transformation. Default not found");
                    }
                    String[] transformationAndKeySize = AbstractCipherSuite.getTransformationAndKeySize(transformation[2]);
                    if (transformationAndKeySize == null || transformationAndKeySize.length == 0 || transformationAndKeySize[0] == null) {
                        throw new EInvalidCipherSuiteException("Invalid transformation " + transformation[2]);
                    }
                    String str = transformationAndKeySize[0];
                    String str2 = transformationAndKeySize[1];
                    int i2 = 0;
                    if (str2 != null) {
                        i2 = Integer.parseInt(str2);
                    }
                    String[] digest = cipherSuiteInfo.getDigest(0);
                    if (digest == null || digest.length < 3 || digest[2] == null || digest[2].trim().length() == 0) {
                        throw new EInvalidCipherSuiteException("Invalid digest. Default not found");
                    }
                    this.m_clientCipherSuite = AbstractCipherSuite.getCipherSuiteInstance(transformation[0], transformation[1], str, i2, digest[0], digest[1], digest[2]);
                }
            } catch (IOException e) {
                SessionConfig.logMessage(e, SessionConfig.getLevelWarning());
                throw new EInvalidCipherSuiteException("Unable to read cipher suite information received. " + e.getMessage());
            } catch (IndexOutOfBoundsException e2) {
                SessionConfig.logMessage(e2, SessionConfig.getLevelWarning());
                throw new EInvalidCipherSuiteException("Unable to read cipher suite information received. " + e2.getMessage());
            }
        } catch (EInvalidCipherSuiteException e3) {
            throw e3;
        } catch (IndexOutOfBoundsException e4) {
            throw new EMgramFormatError(prAccessor.getString("STR016") + " " + e4.getMessage());
        }
    }

    private byte[] createHash(ISHA isha) {
        isha.add(this.m_activeNonce);
        isha.add(this.m_masterSecret);
        return isha.digest();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final IMgram buildSecDisabledMgram() {
        return MgramFactory.getMgramFactory().buildConnectMgram(new byte[]{8}, 0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean arrayCompare(byte[] bArr, int i, byte[] bArr2, int i2, int i3) {
        for (int i4 = 0; i4 < i3; i4++) {
            try {
                if (bArr[i4 + i] != bArr2[i4 + i2]) {
                    return false;
                }
            } catch (IndexOutOfBoundsException e) {
                return false;
            }
        }
        return true;
    }

    private void serializeCert() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new ObjectOutputStream(byteArrayOutputStream).writeObject(this.m_cert);
        this.m_certBytes = byteArrayOutputStream.toByteArray();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void DESEncrypt(byte[] bArr, int i, byte[] bArr2, int i2, int i3) throws EInauthenticClient {
        IDES validateUserCopyAndGetIDES = validateUserCopyAndGetIDES();
        validateUserCopyAndGetIDES.init(1, this.m_pwKey);
        debugKey(false);
        validateUserCopyAndGetIDES.doFinal(bArr, i, i3, bArr2, i2);
    }

    private void DESDecrypt(byte[] bArr, int i, byte[] bArr2, int i2, int i3) throws EInauthenticClient {
        IDES validateUserCopyAndGetIDES = validateUserCopyAndGetIDES();
        validateUserCopyAndGetIDES.init(2, this.m_pwKey);
        debugKey(false);
        validateUserCopyAndGetIDES.doFinal(bArr, i, i3, bArr2, i2);
    }

    private void debugKey(boolean z) {
    }

    private IDES validateUserCopyAndGetIDES() throws EInauthenticClient {
        if (this.m_user == null) {
            throw new EInauthenticClient();
        }
        System.arraycopy(this.m_user.getTestPattern(), 6, this.m_pwKey, 0, 8);
        return (IDES) newInstance(DES_CLASS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static final int computePad(int i) {
        int i2 = 0;
        int i3 = i % 8;
        if (i3 > 0) {
            i2 = 8 - i3;
        }
        return i2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Object newInstance(String str) {
        try {
            return Class.forName(str).newInstance();
        } catch (Exception e) {
            throw new EAssertFailure(e.toString());
        }
    }

    protected final String resolveState(int i) {
        return "";
    }
}
