package com.sun.wbem.cimom;

import com.sun.wbem.cimom.security.UserPasswordProvider;
import com.sun.wbem.client.adapter.rmi.RemoteCIMListener;
import com.sun.wbem.utility.directorytable.TableDefinitions;
import java.io.File;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Arrays;
import javax.wbem.cim.CIMException;
import javax.wbem.client.CIMSecurityException;
import javax.wbem.client.Debug;
import javax.wbem.security.SecurityMessage;
import javax.wbem.security.SecurityToken;
import javax.wbem.security.SecurityUtil;

/* loaded from: input_file:114193-17/SUNWwbcou/reloc/usr/sadm/lib/wbem/cimom.jar:com/sun/wbem/cimom/ServerSecurity.class */
public final class ServerSecurity implements CommonServerSecurityContext {
    public static final long AUDIT_NO_SUCH_USER = -1;
    public static final long AUDIT_BAD_PASSWD = -2;
    public static final long AUDIT_SUCCESS = 1;
    private static final String WBEM_LOCAL_TYPE = "__LOCAL";
    private static final String WBEM_LOCAL_DIR = "/var/sadm/wbem/security";
    private static final int WBEM_LOCAL_NONCE_SIZE = 16;
    private static KeyPairGenerator keygen;
    private static KeyPair keypair;
    private static Signature signer;
    private static PrivateKey sprivkey;
    private static PublicKey spubkey;
    private MessageDigest md;
    private PublicKey cpubkey;
    private String userName;
    private String roleName;
    private String authName;
    private String localFile;
    private String clientHost;
    private String initialKey;
    private byte[] schallenge1;
    private byte[] sessionId;
    private byte[] sessionKey;
    private byte[] decryptKey;
    private byte[] auditKey;
    private byte[] cf;
    private byte[] sf;
    private byte[] nameSpace;
    private String cp;
    private String cversion;
    private String cap;
    private String capNameSpace;
    private boolean bLocalMode;
    private RemoteCIMListener rl;
    private static final int MAX_DATA_SIZE = 15;
    private static ThreadLocal requestSession = new ThreadLocal();
    protected static byte[] adminCred = null;
    private static boolean initialized = false;
    private static UserPasswordProvider upp = null;
    private static final char[] hex = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    /* JADX INFO: Access modifiers changed from: package-private */
    public static UserPasswordProvider getUserPasswordProvider() throws Exception {
        if (upp == null) {
            try {
                upp = (UserPasswordProvider) Class.forName(System.getProperty(UserPasswordProvider.PSWD_PROV_PROP)).newInstance();
            } catch (Exception e) {
                Debug.trace1("Sundigest: Error getting password provider", e);
                throw e;
            }
        }
        return upp;
    }

    public ServerSecurity() throws Exception {
        this.md = null;
        this.userName = null;
        this.roleName = null;
        this.authName = null;
        this.localFile = null;
        this.clientHost = null;
        this.initialKey = "InitialKey";
        this.sessionId = null;
        this.sessionKey = null;
        this.decryptKey = null;
        this.auditKey = null;
        this.cp = null;
        this.cap = "none";
        this.capNameSpace = "__junk__";
        this.bLocalMode = false;
        this.rl = null;
        if (!initialized) {
            signer = Signature.getInstance("DSA");
            keygen = KeyPairGenerator.getInstance("DSA");
            keygen.initialize(TableDefinitions.ACCESS_WORLD_CREATE, SecurityUtil.secrand);
            keypair = keygen.generateKeyPair();
            sprivkey = keypair.getPrivate();
            spubkey = keypair.getPublic();
            initialized = true;
        }
        upp = getUserPasswordProvider();
        this.md = MessageDigest.getInstance("MD5");
    }

    public ServerSecurity(String str, String str2, String str3, byte[] bArr) {
        this.md = null;
        this.userName = null;
        this.roleName = null;
        this.authName = null;
        this.localFile = null;
        this.clientHost = null;
        this.initialKey = "InitialKey";
        this.sessionId = null;
        this.sessionKey = null;
        this.decryptKey = null;
        this.auditKey = null;
        this.cp = null;
        this.cap = "none";
        this.capNameSpace = "__junk__";
        this.bLocalMode = false;
        this.rl = null;
        this.userName = str;
        this.roleName = str2;
        setClientHostName(str3);
        setRequestSession(this);
        this.auditKey = bArr;
    }

    public String getClientVersion() {
        return this.cversion;
    }

    public String getCapability() {
        return this.cap;
    }

    public String getCapabilityNS() {
        return this.capNameSpace;
    }

    public byte[] getSessionId() {
        return this.sessionId;
    }

    public byte[] getChallenge() {
        return this.schallenge1;
    }

    public String getPasswd() {
        return this.cp;
    }

    public byte[] getNameSpace() {
        return this.nameSpace;
    }

    public byte[] getShadow() {
        return this.sf;
    }

    public byte[] getSessionKey() {
        return this.sessionKey;
    }

    public PublicKey getPublicKey() {
        return spubkey;
    }

    public PublicKey getClientPublicKey() {
        return this.cpubkey;
    }

    public PrivateKey getPrivateKey() {
        return sprivkey;
    }

    public MessageDigest getMD() {
        return this.md;
    }

    public Signature getSigner() {
        return signer;
    }

    public RemoteCIMListener getListener() {
        return this.rl;
    }

    public void setCapability(String str) {
        this.cap = str;
    }

    public void setCapabilityNS(String str) {
        this.capNameSpace = str;
    }

    public void setClientHostName(String str) {
        this.clientHost = str;
    }

    public void setListener(RemoteCIMListener remoteCIMListener) {
        this.rl = remoteCIMListener;
    }

    public SecurityMessage generateChallenge(String str, SecurityMessage securityMessage, byte[] bArr) throws CIMException {
        byte[] bytes;
        if (!securityMessage.isHello()) {
            throw new CIMSecurityException(CIMSecurityException.NOT_HELLO);
        }
        this.cversion = str;
        this.sessionId = bArr;
        byte[] challenge = securityMessage.getChallenge();
        this.md.reset();
        this.md.update(challenge);
        byte[] digest = this.md.digest(this.initialKey.getBytes());
        this.md.reset();
        this.md.update(challenge);
        this.md.update(this.initialKey.getBytes());
        this.md.update(securityMessage.getUserDigest());
        this.md.update(securityMessage.getNameSpace());
        if (!MessageDigest.isEqual(this.md.digest(), securityMessage.getChecksum())) {
            Debug.trace1("Sundigest: user authentication; request checksum error");
            throw new CIMSecurityException(CIMSecurityException.CHECKSUM_ERROR);
        }
        byte[] extractHashedData = SecurityUtil.extractHashedData(securityMessage.getUserDigest(), digest);
        this.nameSpace = SecurityUtil.extractHashedData(securityMessage.getNameSpace(), digest);
        this.userName = new String(extractHashedData);
        if (extractHashedData == null) {
            Debug.trace1("Sundigest: user authentication; no user name");
            upp.auditLogin(this.clientHost, this.userName, -1L);
            throw new CIMSecurityException(CIMSecurityException.NO_SUCH_PRINCIPAL, (Object[]) null);
        }
        this.authName = new String(extractHashedData);
        Debug.trace3(new StringBuffer().append("Sundigest: user = ").append(this.authName).toString());
        int indexOf = this.authName.indexOf(58);
        if (indexOf > 0) {
            this.userName = this.authName.substring(0, indexOf);
            if (this.authName.length() <= indexOf || !this.authName.substring(indexOf + 1).equals(WBEM_LOCAL_TYPE)) {
                Debug.trace1(new StringBuffer().append("Sundigest: invalid user type: ").append(this.authName).toString());
                throw new CIMSecurityException(CIMSecurityException.NO_SUCH_PRINCIPAL, "INVALID_TYPE");
            }
            this.bLocalMode = true;
        } else {
            this.userName = this.authName;
            this.bLocalMode = false;
        }
        String encryptedPassword = upp.getEncryptedPassword(this.userName, 1);
        if (encryptedPassword == null || encryptedPassword.length() == 0) {
            Debug.trace1(new StringBuffer().append("Sundigest: user authentication; bad user name: ").append(this.userName).toString());
            upp.auditLogin(this.clientHost, this.userName, -1L);
            throw new CIMSecurityException(CIMSecurityException.NO_SUCH_PRINCIPAL, this.userName);
        }
        if (this.bLocalMode) {
            this.sf = new byte[16];
            SecurityUtil.secrand.nextBytes(this.sf);
            Debug.trace3(new StringBuffer().append("Sundigest: shared secret: ").append(toHex(this.sf)).toString());
            String hex2 = toHex(SecurityUtil.hashData(this.sf, challenge));
            this.localFile = null;
            try {
                this.localFile = upp.writeLocalAuthenticator(this.userName, WBEM_LOCAL_DIR, hex2);
                int lastIndexOf = this.localFile.lastIndexOf(File.separatorChar);
                if (lastIndexOf > 0) {
                    this.localFile = this.localFile.substring(lastIndexOf + 1);
                }
                bytes = new StringBuffer().append("$__LOCAL$").append(this.localFile).toString().getBytes("UTF-8");
            } catch (Exception e) {
                Debug.trace1(new StringBuffer().append("Sundigest: error writing local auth file: ").append(e.getMessage()).toString());
                throw new CIMSecurityException(CIMException.CIM_ERR_FAILED, "WRITE_LOCAL_AUTHENTICATOR");
            }
        } else {
            if (encryptedPassword.charAt(0) != '$') {
                this.sf = encryptedPassword.getBytes();
                bytes = new byte[]{this.sf[0], this.sf[1]};
            } else {
                int lastIndexOf2 = encryptedPassword.lastIndexOf(36);
                try {
                    this.sf = encryptedPassword.substring(lastIndexOf2 + 1).getBytes();
                    bytes = encryptedPassword.substring(0, lastIndexOf2).getBytes();
                } catch (Exception e2) {
                    Debug.trace1(new StringBuffer().append("Sundigest: bad password encryption: ").append(encryptedPassword).toString());
                    throw new CIMSecurityException(CIMSecurityException.INVALID_CREDENTIAL);
                }
            }
            Debug.trace3(new StringBuffer().append("Sundigest: shared secret: ").append(new String(this.sf)).toString());
        }
        Debug.trace3(new StringBuffer().append("Sundigest: salt = ").append(new String(bytes)).toString());
        Debug.trace3(new StringBuffer().append("Sundigest: request valid: ").append(this.userName).toString());
        this.schallenge1 = new byte[16];
        SecurityUtil.secrand.nextBytes(this.schallenge1);
        this.md.reset();
        this.md.update(this.schallenge1);
        this.md.update(this.initialKey.getBytes());
        byte[] hashData = SecurityUtil.hashData(bytes, this.md.digest());
        this.md.reset();
        this.md.update(this.schallenge1);
        this.md.update(this.initialKey.getBytes());
        this.md.update(hashData);
        return SecurityMessage.challenge(this.schallenge1, hashData, bArr, this.md.digest(bArr));
    }

    public SecurityMessage validateResponse(byte[] bArr, byte[] bArr2, PublicKey publicKey, byte[] bArr3, SecurityMessage securityMessage) throws CIMException {
        if (this.bLocalMode) {
            removeLocalFile();
        }
        if (!securityMessage.isResponse()) {
            throw new CIMSecurityException(CIMSecurityException.NOT_RESPONSE);
        }
        this.sessionKey = bArr3;
        this.cpubkey = securityMessage.getPublicKey();
        this.md.reset();
        this.md.update(bArr);
        this.md.update(this.initialKey.getBytes());
        byte[] digest = this.md.digest(bArr2);
        this.md.reset();
        this.md.update(bArr);
        this.md.update(this.initialKey.getBytes());
        this.md.update(bArr2);
        this.md.update(securityMessage.getResponse());
        this.md.update(securityMessage.getPublicKey().getEncoded());
        this.md.update(securityMessage.getSessionId());
        if (!MessageDigest.isEqual(this.md.digest(), securityMessage.getChecksum())) {
            Debug.trace1(new StringBuffer().append("Sundigest: invalid credentials: ").append(this.userName).toString());
            upp.auditLogin(this.clientHost, this.userName, -2L);
            throw new CIMSecurityException(CIMSecurityException.INVALID_CREDENTIAL);
        }
        byte[] extractHashedData = SecurityUtil.extractHashedData(securityMessage.getResponse(), digest);
        if (extractHashedData == null) {
            upp.auditLogin(this.clientHost, this.userName, -2L);
            throw new CIMSecurityException(CIMSecurityException.INVALID_CREDENTIAL);
        }
        boolean z = false;
        if (!this.bLocalMode) {
            try {
                z = upp.authenticateUser(this.userName, new String(extractHashedData, "UTF-8"));
            } catch (Exception e) {
                Debug.trace1(new StringBuffer().append("Sundigest: error creating password string with UTF-8 converter: ").append(e.getMessage()).toString());
            }
        } else if (Arrays.equals(extractHashedData, bArr2)) {
            z = true;
        }
        if (!z) {
            Debug.trace1(new StringBuffer().append("Sundigest: invalid credentials: ").append(this.userName).toString());
            upp.auditLogin(this.clientHost, this.userName, -2L);
            throw new CIMSecurityException(CIMSecurityException.INVALID_CREDENTIAL);
        }
        Debug.trace1(new StringBuffer().append("Sundigest: client authenticated: ").append(this.userName).toString());
        this.decryptKey = new byte[bArr3.length];
        System.arraycopy(bArr3, 0, this.decryptKey, 0, this.decryptKey.length);
        this.auditKey = new byte[4];
        System.arraycopy(bArr3, 0, this.auditKey, 0, 4);
        this.md.reset();
        this.md.update(bArr);
        byte[] hashData = SecurityUtil.hashData(bArr3, this.md.digest(extractHashedData));
        this.md.reset();
        this.md.update(bArr);
        this.md.update(extractHashedData);
        this.md.update(securityMessage.getSessionId());
        this.md.update(publicKey.getEncoded());
        upp.auditLogin(this.clientHost, this.userName, 1L);
        return SecurityMessage.result(securityMessage.getSessionId(), publicKey, hashData, this.md.digest(hashData));
    }

    public void assumeRole(String str, String str2) throws CIMException {
        if (!upp.authenticateRole(str, trans51Unformat(str2), this.userName)) {
            Debug.trace1(new StringBuffer().append("Solarisdigest: role assumption; : Could not assume role ").append(str).append(" for user ").append(this.userName).toString());
            upp.auditLogin(this.clientHost, str, -2L);
            throw new CIMSecurityException(CIMSecurityException.CANNOT_ASSUME_ROLE, this.userName, str);
        }
        this.roleName = str;
        Debug.trace1(new StringBuffer().append("Solarisdigest: role assumed: ").append(this.roleName).toString());
        upp.auditLogin(this.clientHost, str, 1L);
    }

    public void authenticateRequest(String[] strArr, SecurityToken securityToken) throws CIMException {
        setRequestSession(this);
        MessageDigest md = getMD();
        String str = "";
        for (String str2 : strArr) {
            str = new StringBuffer().append(str).append(str2).toString();
        }
        byte[] bytes = str.getBytes();
        md.reset();
        md.update(getSessionKey());
        md.update(bytes);
        if (MessageDigest.isEqual(md.digest(), securityToken.getChecksum())) {
            return;
        }
        Debug.trace1("Sundigest: method authentication; invalid digest");
        throw new CIMSecurityException(CIMSecurityException.CHECKSUM_ERROR);
    }

    public void incSessionKey() {
        SecurityUtil.incByteArray(this.sessionKey);
    }

    public String trans51Unformat(String str) {
        byte[] fromHex = fromHex(str);
        if (fromHex == null || this.decryptKey == null) {
            return null;
        }
        int length = this.decryptKey.length;
        byte[] bArr = new byte[length];
        System.arraycopy(this.decryptKey, 0, bArr, 0, length);
        boolean z = true;
        int i = 0;
        for (int i2 = 0; i2 < length; i2++) {
            int i3 = i2;
            bArr[i3] = (byte) (bArr[i3] ^ fromHex[i2]);
            if (z && bArr[i2] == 0) {
                z = false;
                i = i2;
            }
        }
        if (i < 1 || i > 15) {
            return null;
        }
        return new String(bArr, 0, i);
    }

    public static void setRequestSession(CommonServerSecurityContext commonServerSecurityContext) {
        requestSession.set(commonServerSecurityContext);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static CommonServerSecurityContext getRequestSession() {
        return (CommonServerSecurityContext) requestSession.get();
    }

    @Override // com.sun.wbem.cimom.CommonServerSecurityContext
    public String getUserName() {
        return this.userName;
    }

    @Override // com.sun.wbem.cimom.CommonServerSecurityContext
    public String getRoleName() {
        return this.roleName;
    }

    @Override // com.sun.wbem.cimom.CommonServerSecurityContext
    public String getClientHostName() {
        return this.clientHost;
    }

    @Override // com.sun.wbem.cimom.CommonServerSecurityContext
    public int getAuditId() {
        int i = 0;
        if (this.auditKey != null) {
            i = ((this.auditKey[0] & 255) << 24) | ((this.auditKey[1] & 255) << 16) | ((this.auditKey[2] & 255) << 8) | (this.auditKey[3] & 255);
        }
        return i;
    }

    private void removeLocalFile() {
        if (this.localFile == null || this.localFile.length() <= 0) {
            return;
        }
        try {
            new File(new StringBuffer().append(WBEM_LOCAL_DIR).append(File.separator).append(this.localFile).toString()).delete();
        } catch (Exception e) {
        }
    }

    private String toHex(byte[] bArr) {
        if (bArr == null) {
            return (String) null;
        }
        if (bArr.length == 0) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer(bArr.length * 2);
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append(hex[(bArr[i] >> 4) & 15]);
            stringBuffer.append(hex[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    private byte[] fromHex(String str) {
        if (str == null) {
            return (byte[]) null;
        }
        int length = (str.length() / 2) * 2;
        byte[] bArr = new byte[length / 2];
        int i = 0;
        int i2 = 0;
        while (i < length) {
            bArr[i2] = 0;
            boolean z = false;
            char charAt = str.charAt(i);
            int i3 = 0;
            while (true) {
                if (i3 >= hex.length) {
                    break;
                }
                if (charAt == hex[i3]) {
                    bArr[i2] = (byte) ((i3 << 4) & TableDefinitions.ACCESS_GROUP_ALL);
                    z = true;
                    break;
                }
                i3++;
            }
            if (!z) {
                return null;
            }
            int i4 = i + 1;
            boolean z2 = false;
            char charAt2 = str.charAt(i4);
            int i5 = 0;
            while (true) {
                if (i5 >= hex.length) {
                    break;
                }
                if (charAt2 == hex[i5]) {
                    bArr[i2] = (byte) (bArr[i2] | ((byte) (i5 & 15)));
                    z2 = true;
                    break;
                }
                i5++;
            }
            if (!z2) {
                return null;
            }
            i2++;
            i = i4 + 1;
        }
        return bArr;
    }
}
