package com.ibm.eim.token;

import com.ibm.eim.Domain;
import com.ibm.eim.Eid;
import com.ibm.eim.EimException;
import com.ibm.eim.RegistryUser;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Iterator;
import java.util.Set;

/* JADX WARN: Classes with same name are omitted:
  input_file:install/jsfCustomerLookup.zip:JSFCustomerLookup/WebContent/WEB-INF/lib/iwdtrt.jar:com/ibm/eim/token/IdentityDomain.class
 */
/* loaded from: input_file:install/webserviceSample.zip:CustDetSrv/WebContent/WEB-INF/lib/iwdtrt.jar:com/ibm/eim/token/IdentityDomain.class */
public final class IdentityDomain {
    private static final boolean DEBUG = false;
    private static final String KEY_REGISTRY = "__PKA_REG__";
    private static final char[] CHAR_FOR_NIBBLE = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
    private static final byte[] NIBBLE_FOR_CHAR = {17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 17, 17, 17, 17, 17, 17, 17, 10, 11, 12, 13, 14, 15, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 10, 11, 12, 13, 14, 15, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17, 17};
    private KeyPairGenerator keyPairGenerator_ = null;
    private Domain domain_;
    private PrintWriter logWriter_;
    private boolean verifiedKeyRegistryExists_;

    public IdentityKeyPair publishPublicKey(Eid eid, String str) throws EimException, IOException, GeneralSecurityException {
        return publishPublicKey(eid, str, IdentityKeyPair.DEFAULT_KEY_TIMEOUT_SECONDS, 512);
    }

    public IdentityKeyPair publishPublicKey(Eid eid, String str, long j, int i) throws EimException, IOException, GeneralSecurityException {
        if (eid == null) {
            throw new NullPointerException("appEimID");
        }
        if (str == null) {
            throw new NullPointerException("appInstanceID");
        }
        if (j <= 0 || j > 31536000) {
            throw new IllegalArgumentException("period");
        }
        if (i < 512 || i > 2048) {
            throw new IllegalArgumentException("keySize");
        }
        if (!this.verifiedKeyRegistryExists_) {
            this.verifiedKeyRegistryExists_ = true;
            if (this.domain_.getRegistries(KEY_REGISTRY).size() == 0) {
                this.domain_.addSystemRegistry(KEY_REGISTRY, "1.3.18.0.2.33.10-caseIgnore", "Created by IdentityDomain", (String) null);
            }
        }
        removeTargetAssociations(eid, new StringBuffer().append(str).append("=cur").toString());
        removeTargetAssociations(eid, new StringBuffer().append(str).append("=prev").toString());
        IdentityKeyPair identityKeyPair = new IdentityKeyPair(generateKeyPair(i), eid, str, j * 1000, i);
        publish(identityKeyPair);
        return identityKeyPair;
    }

    public void unpublishPublicKey(Eid eid, String str) throws EimException {
        if (eid == null) {
            throw new NullPointerException("appEimID");
        }
        if (str == null) {
            throw new NullPointerException("appInstanceID");
        }
        removeTargetAssociations(eid, new StringBuffer().append(str).append("=cur").toString());
        removeTargetAssociations(eid, new StringBuffer().append(str).append("=prev").toString());
    }

    public IdentityToken generate(IdentityKeyPair identityKeyPair, String str, String str2, String str3, String str4) throws EimException, IOException, GeneralSecurityException {
        if (str == null) {
            throw new NullPointerException("authenticatedUser");
        }
        if (str2 == null) {
            throw new NullPointerException("userRegistry");
        }
        if (identityKeyPair == null) {
            throw new NullPointerException("keyPair");
        }
        UserToken userToken = new UserToken(str, str2);
        if (identityKeyPair.isExpired()) {
            renewKeyPair(identityKeyPair);
        }
        TokenManifest tokenManifest = new TokenManifest(1, identityKeyPair.getEid().getName(), identityKeyPair.getAppInstanceID(), identityKeyPair.getFormattedTimestamp(), str3, str4);
        return new IdentityToken(SignatureHeader.getInstance(tokenManifest, null, userToken, identityKeyPair.getPrivate()), tokenManifest, null, userToken, this);
    }

    public void delegate(IdentityKeyPair identityKeyPair, IdentityToken identityToken, String str, String str2) throws EimException, IOException, GeneralSecurityException {
        if (identityKeyPair == null) {
            throw new NullPointerException("keyPair");
        }
        if (identityToken == null) {
            throw new NullPointerException("identityToken");
        }
        verify(identityToken, identityKeyPair.getEid(), identityKeyPair.getAppInstanceID());
        if (identityKeyPair.isExpired()) {
            renewKeyPair(identityKeyPair);
        }
        TokenManifest tokenManifest = new TokenManifest(identityToken.getManifest().getCounter() + 1, identityKeyPair.getEid().getName(), identityKeyPair.getAppInstanceID(), identityKeyPair.getFormattedTimestamp(), str, str2);
        identityToken.getPriorManifests();
        identityToken.addNewSignatureAndManifest(SignatureHeader.getInstance(tokenManifest, identityToken, identityKeyPair.getPrivate()), tokenManifest);
    }

    public RegistryUser getUser(IdentityToken identityToken, String str, Eid eid, String str2) throws EimException, IOException, GeneralSecurityException {
        if (identityToken == null) {
            throw new NullPointerException("identityToken");
        }
        if (str == null) {
            throw new NullPointerException("targetRegistry");
        }
        if (eid == null) {
            throw new NullPointerException("appEimID");
        }
        if (str2 == null) {
            throw new NullPointerException("appInstanceID");
        }
        verify(identityToken, eid, str2);
        UserToken userToken = identityToken.getUserToken();
        Set findTargetFromSource = this.domain_.findTargetFromSource(userToken.getUserName(), userToken.getRegistryName(), str);
        switch (findTargetFromSource.size()) {
            case 0:
                return null;
            case 1:
                return (RegistryUser) findTargetFromSource.toArray()[0];
            default:
                RegistryUser[] registryUserArr = new RegistryUser[findTargetFromSource.size()];
                findTargetFromSource.toArray(registryUserArr);
                String targetUserName = registryUserArr[0].getTargetUserName();
                for (RegistryUser registryUser : registryUserArr) {
                    if (!targetUserName.equals(registryUser.getTargetUserName())) {
                        throw new EimException("The source username maps to multiple targets", 8);
                    }
                }
                return registryUserArr[0];
        }
    }

    public Domain getDomain() {
        return this.domain_;
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x0038, code lost:
    
        monitor-exit(r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x0039, code lost:
    
        ret r0;
     */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11 */
    /* JADX WARN: Type inference failed for: r0v4 */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
    /* JADX WARN: Unreachable blocks removed: 3, instructions: 3 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.security.KeyPair generateKeyPair(int r5) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException {
        /*
            r4 = this;
            r0 = r4
            java.security.KeyPairGenerator r0 = r0.keyPairGenerator_
            if (r0 != 0) goto L10
            r0 = r4
            java.lang.String r1 = "RSA"
            java.security.KeyPairGenerator r1 = java.security.KeyPairGenerator.getInstance(r1)
            r0.keyPairGenerator_ = r1
        L10:
            r0 = r4
            java.security.KeyPairGenerator r0 = r0.keyPairGenerator_
            r6 = r0
            r0 = r6
            monitor-enter(r0)
            r0 = r4
            java.security.KeyPairGenerator r0 = r0.keyPairGenerator_     // Catch: java.lang.Throwable -> L33
            r1 = r5
            r0.initialize(r1)     // Catch: java.lang.Throwable -> L33
            r0 = r4
            java.security.KeyPairGenerator r0 = r0.keyPairGenerator_     // Catch: java.lang.Throwable -> L33
            java.security.KeyPair r0 = r0.generateKeyPair()     // Catch: java.lang.Throwable -> L33
            r8 = r0
            r0 = jsr -> L36
        L2b:
            r1 = r8
            return r1
            r1 = r6
            monitor-exit(r1)     // Catch: java.lang.Throwable -> L33
            goto L3b
        L33:
            r1 = move-exception
            monitor-exit(r1)
            throw r0
        L36:
            r7 = r0
            r0 = r6
            monitor-exit(r0)
            ret r7
        L3b:
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.eim.token.IdentityDomain.generateKeyPair(int):java.security.KeyPair");
    }

    private void publish(IdentityKeyPair identityKeyPair) throws EimException {
        String bytesToHexString = bytesToHexString(identityKeyPair.getPublic().getEncoded());
        Eid eid = identityKeyPair.getEid();
        eid.addAssociation(1, KEY_REGISTRY, bytesToHexString);
        Set findTarget = eid.findTarget(KEY_REGISTRY);
        if (findTarget.isEmpty()) {
            logTrace(new StringBuffer("[EIM ERROR] No targets in registry __PKA_REG__ for EID ").append(eid.getName()).toString());
            throw new EimException("No RegistryUser is associated with the specified EID", 99);
        }
        Iterator it = findTarget.iterator();
        boolean z = false;
        RegistryUser registryUser = null;
        while (it.hasNext() && !z) {
            registryUser = (RegistryUser) it.next();
            if (registryUser.getTargetUserName().equals(bytesToHexString)) {
                z = true;
            }
        }
        if (!z) {
            throw new EimException("No RegistryUser entry has target name matching public key", 99);
        }
        String appInstanceID = identityKeyPair.getAppInstanceID();
        registryUser.addAdditionalInfo(new StringBuffer().append(appInstanceID).append("=cur").toString());
        identityKeyPair.setPublishTime(System.currentTimeMillis());
        registryUser.addAdditionalInfo(new StringBuffer().append(appInstanceID).append("=").append(identityKeyPair.getFormattedTimestamp()).toString());
    }

    private void renewKeyPair(IdentityKeyPair identityKeyPair) throws EimException, IOException, NoSuchAlgorithmException, NoSuchProviderException {
        String appInstanceID = identityKeyPair.getAppInstanceID();
        Eid eid = identityKeyPair.getEid();
        removeTargetAssociations(eid, new StringBuffer().append(appInstanceID).append("=prev").toString());
        Set findTarget = eid.findTarget(KEY_REGISTRY, new StringBuffer().append(appInstanceID).append("=cur").toString());
        switch (findTarget.size()) {
            case 0:
            case 1:
                break;
            default:
                logTrace(new StringBuffer().append("[EIM WARNING] IdentityDomain.renewKeyPair: Multiple targets returned with additional info == \"").append(appInstanceID).append("=cur\"").toString());
                break;
        }
        if (findTarget.size() != 0) {
            RegistryUser[] registryUserArr = new RegistryUser[findTarget.size()];
            findTarget.toArray(registryUserArr);
            for (int i = 0; i < registryUserArr.length; i++) {
                registryUserArr[i].removeAdditionalInfo(new StringBuffer().append(appInstanceID).append("=cur").toString());
                registryUserArr[i].addAdditionalInfo(new StringBuffer().append(appInstanceID).append("=prev").toString());
            }
        }
        identityKeyPair.setInnerKeyPair(generateKeyPair(identityKeyPair.getKeySize()));
        publish(identityKeyPair);
    }

    private void verify(IdentityToken identityToken, Eid eid, String str) throws EimException, IOException, NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, InvalidKeySpecException, SignatureException {
        if (!eid.getName().equals(identityToken.getManifest().getReceiverEidName())) {
            throw new EimException("Receiver EIM ID in token does not match current application", 10);
        }
        if (!str.equals(identityToken.getManifest().getReceiverAppInstanceID())) {
            throw new EimException("Receiver appInstanceID in token does not match current application", 11);
        }
        String senderEidName = identityToken.getManifest().getSenderEidName();
        String senderAppInstanceID = identityToken.getManifest().getSenderAppInstanceID();
        String senderTimestamp = identityToken.getManifest().getSenderTimestamp();
        Set eidsByName = this.domain_.getEidsByName(senderEidName);
        switch (eidsByName.size()) {
            case 0:
                throw new EimException("Sender's EID not found in registry", 15);
            case 1:
                Set findTarget = ((Eid) eidsByName.toArray()[0]).findTarget(KEY_REGISTRY, new StringBuffer().append(senderAppInstanceID).append("=").append(senderTimestamp).toString());
                switch (findTarget.size()) {
                    case 0:
                        throw new EimException("Sender's appInstanceID/timestamp not found in registry", 18);
                    case 1:
                        PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(hexStringToBytes(((RegistryUser) findTarget.toArray()[0]).getTargetUserName())));
                        Signature signature = Signature.getInstance("SHA1withRSA");
                        signature.initVerify(generatePublic);
                        byte[] signature2 = identityToken.getSignatureHeader().getSignature();
                        byte[] bytes = identityToken.toBytes();
                        int length = identityToken.getSignatureHeader().getLength();
                        byte[] bArr = new byte[bytes.length - length];
                        System.arraycopy(bytes, length, bArr, 0, bArr.length);
                        signature.update(bArr);
                        if (!signature.verify(signature2)) {
                            throw new EimException("Signature is not valid", 12);
                        }
                        return;
                    default:
                        throw new EimException("Found multiple registry entries for the specified appInstanceID/timestamp", 8);
                }
            default:
                throw new EimException(new StringBuffer().append("Found multiple EIDs for the specified sender name (").append(senderEidName).append(")").toString(), 8);
        }
    }

    public PrintWriter getLogWriter() {
        return this.logWriter_;
    }

    public void setLogWriter(PrintWriter printWriter) {
        this.logWriter_ = printWriter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final synchronized void logTrace(String str) {
        if (this.logWriter_ != null) {
            this.logWriter_.println(str);
            this.logWriter_.flush();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final synchronized void printStackTrace(Throwable th) {
        if (this.logWriter_ != null) {
            th.printStackTrace(this.logWriter_);
            this.logWriter_.flush();
        }
    }

    static void printByteArray(byte[] bArr) {
        if (bArr == null) {
            System.out.println("null");
        } else {
            int i = 0;
            int i2 = 0;
            while (i2 < bArr.length) {
                int i3 = (bArr[i] >>> 4) & 15;
                int i4 = bArr[i] & 15;
                char c = i3 < 10 ? (char) (48 + i3) : (char) ((i3 - 10) + 65);
                char c2 = i4 < 10 ? (char) (48 + i4) : (char) ((i4 - 10) + 65);
                System.out.print(c);
                System.out.print(c2);
                System.out.print(" ");
                if ((i2 & 15) == 15) {
                    System.out.println();
                }
                i2++;
                i++;
            }
            if (((bArr.length - 1) & 15) != 15) {
                System.out.println();
            }
        }
        System.out.flush();
    }

    private void removeTargetAssociations(Eid eid, String str) throws EimException {
        Set findTarget = eid.findTarget(KEY_REGISTRY, str);
        if (findTarget.isEmpty()) {
            return;
        }
        Iterator it = findTarget.iterator();
        while (it.hasNext()) {
            eid.removeAssociation(1, KEY_REGISTRY, ((RegistryUser) it.next()).getTargetUserName());
        }
    }

    private static String bytesToHexString(byte[] bArr) {
        char[] cArr = new char[bArr.length * 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i * 2;
            byte b = (byte) ((bArr[i] >>> 4) & 15);
            byte b2 = (byte) (bArr[i] & 15);
            cArr[i2] = CHAR_FOR_NIBBLE[b];
            cArr[i2 + 1] = CHAR_FOR_NIBBLE[b2];
        }
        return new String(cArr);
    }

    private static byte[] hexStringToBytes(String str) {
        if (str.length() == 0) {
            return new byte[0];
        }
        char[] charArray = str.toCharArray();
        byte[] bArr = new byte[charArray.length / 2];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i * 2;
            int i3 = 65535 & charArray[i2];
            int i4 = 65535 & charArray[i2 + 1];
            if (i3 > 255 || i4 > 255) {
                throw new NumberFormatException();
            }
            byte b = NIBBLE_FOR_CHAR[i3];
            byte b2 = NIBBLE_FOR_CHAR[i4];
            if (b == 17 || b2 == 17) {
                throw new NumberFormatException();
            }
            bArr[i] = (byte) (((byte) (b << 4)) + b2);
        }
        return bArr;
    }

    public IdentityDomain(Domain domain) {
        if (domain == null) {
            throw new NullPointerException("domain");
        }
        this.domain_ = domain;
    }
}
