package com.tivoli.snmp;

import com.tivoli.snmp.data.Hex;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/tivoli/snmp/SnmpV3Auth.class */
public class SnmpV3Auth {
    public static final int AUTHENTIC = 0;
    public static final int WRONG_DIGEST = 1;
    public static final int NOT_IN_TIME = 2;
    private static final String COPYRIGHT = "\nLicensed Materials - Property of IBM\n\n5698-TKS\n\nCopyright IBM Corp. 1999, 2001 All Rights Reserved\n\nUS Government Users Restricted Rights - Use, duplication or disclosure\nrestricted by GSA ADP Schedule Contract with IBM Corp.\n";
    private SnmpHmac hm;
    private int authProto;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SnmpV3Auth(int i) throws Exception {
        this.hm = null;
        this.authProto = i;
        if (i == 1) {
            this.hm = new SnmpMD5Hmac();
        } else {
            if (i != 2) {
                throw new Exception("Unknown Hmac passed!");
            }
            this.hm = new SnmpShaHmac();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getAuthProto() {
        return this.authProto;
    }

    boolean isMacOK(SnmpV3SecParams snmpV3SecParams, SnmpMsgBuffer snmpMsgBuffer) {
        User messageUser = snmpV3SecParams.getMessageUser();
        if (messageUser == null) {
            return false;
        }
        SnmpLKey fetchAuthLKey = messageUser.fetchAuthLKey(snmpV3SecParams.getMessageEngineId());
        if (fetchAuthLKey == null) {
            if (!SnmpV1API.isTracing()) {
                return false;
            }
            SnmpV1API.trace(new StringBuffer().append("SnmpV3Auth: LKey not found for ").append(Hex.toString(snmpV3SecParams.getMessageEngineId())).toString());
            return false;
        }
        snmpV3SecParams.saveAndZeroMAC();
        byte[] hmac = this.hm.hmac(fetchAuthLKey.getValue(), snmpMsgBuffer.buf);
        snmpV3SecParams.restoreMAC();
        byte[] messageMAC = snmpV3SecParams.getMessageMAC();
        for (int i = 0; i < messageMAC.length; i++) {
            if (hmac[i] != messageMAC[i]) {
                return false;
            }
        }
        return true;
    }

    int isAuthentic(SnmpV3SecParams snmpV3SecParams, SnmpMsgBuffer snmpMsgBuffer) {
        if (!isMacOK(snmpV3SecParams, snmpMsgBuffer)) {
            if (!SnmpV1API.isTracing()) {
                return 1;
            }
            SnmpV1API.trace(new StringBuffer().append("SnmpV3Auth.isAuthentic(sp,msg) - Got bad MAC - using sec params ").append(snmpV3SecParams.toString()).toString());
            return 1;
        }
        if (snmpV3SecParams.getMessageTimers().isInWindow()) {
            return 0;
        }
        if (!SnmpV1API.isTracing()) {
            return 2;
        }
        SnmpV1API.trace(new StringBuffer().append("SnmpV3Auth.isAuthentic(sp,msg) - \"Stale\" msg ").append(snmpV3SecParams.getMessageTimers().toString()).toString());
        return 2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int isAuthentic(SnmpV3SecParams snmpV3SecParams, SnmpMsgBuffer snmpMsgBuffer, SnmpV3Timers snmpV3Timers, boolean z) {
        if (!isMacOK(snmpV3SecParams, snmpMsgBuffer)) {
            if (!SnmpV1API.isTracing()) {
                return 1;
            }
            SnmpV1API.trace("SnmpV3Auth.isAuthentic(sp,msg,t) - Got bad MAC");
            return 1;
        }
        if (SnmpV1API.isTracing()) {
            SnmpV1API.trace("SnmpV3Auth.isAuthentic(sp,msg,t) - MAC matched");
        }
        if (snmpV3SecParams.getMessageTimers().isInWindow(snmpV3Timers)) {
            if (!SnmpV1API.isTracing()) {
                return 0;
            }
            SnmpV1API.trace("SnmpV3Auth.isAuthentic(sp,msg,t) - Message timers are in window");
            return 0;
        }
        if (SnmpV1API.isTracing()) {
            SnmpV1API.trace(new StringBuffer().append("SnmpV3Auth.isAuthentic(sp,msg,t) - \"Stale\" msg ").append(snmpV3SecParams.getMessageTimers().toString()).toString());
        }
        if (!z || SnmpV1API.checkTrapTimers) {
            return 2;
        }
        if (!SnmpV1API.isTracing()) {
            return 0;
        }
        SnmpV1API.trace("SnmpV3Auth.isAuthentic(sp,msg,t) - allowing invalid timers since we don't maintain separate timers");
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void generateMAC(SnmpV3SecParams snmpV3SecParams, SnmpMsgBuffer snmpMsgBuffer) throws Exception {
        User messageUser = snmpV3SecParams.getMessageUser();
        if (messageUser == null) {
            throw new Exception("Unknown user ");
        }
        SnmpLKey fetchAuthLKey = messageUser.fetchAuthLKey(snmpV3SecParams.getMessageEngineId());
        if (fetchAuthLKey == null) {
            if (this != SnmpAPI.authEngine) {
                throw new Exception(new StringBuffer().append("No key for the engine ").append(Hex.toString(snmpV3SecParams.getMessageEngineId())).append(" user = ").append(messageUser.toString()).toString());
            }
            messageUser.localizeAuthKey(messageUser.getAuthKey(), snmpV3SecParams.getMessageEngineId());
            fetchAuthLKey = messageUser.fetchAuthLKey(snmpV3SecParams.getMessageEngineId());
            if (fetchAuthLKey == null) {
                throw new Exception(new StringBuffer().append("No local key for the engine ").append(Hex.toString(snmpV3SecParams.getMessageEngineId())).append(" user = ").append(messageUser.toString()).toString());
            }
        }
        snmpV3SecParams.insertMAC(this.hm.hmac(fetchAuthLKey.getValue(), snmpMsgBuffer.buf));
    }
}
