package com.wikidsystems.server;

import com.wikidsystems.client.TokenClientType;
import com.wikidsystems.crypto.wCryptoException;
import com.wikidsystems.crypto.wEncKeys;
import com.wikidsystems.crypto.wEncKeysFactory;
import com.wikidsystems.data.UserHelper;
import com.wikidsystems.data.WiKIDEvent;
import com.wikidsystems.db.PooledConnectionManager;
import com.wikidsystems.server.Constant;
import com.wikidsystems.tacacs.TacPlusWriter;
import com.wikidsystems.util.AESBlockCrypt;
import com.wikidsystems.util.B64;
import com.wikidsystems.util.Config;
import com.wikidsystems.util.keyList;
import com.wikidsystems.util.wUtil;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.math.BigDecimal;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.Timestamp;
import java.util.Date;
import java.util.HashMap;
import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.apache.log4j.helpers.FileWatchdog;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.postgresql.core.Oid;

/* loaded from: input_file:com/wikidsystems/server/DeviceTransactionExec.class */
public class DeviceTransactionExec {
    static Logger logger;
    private keyList keys;
    boolean usingAES;
    boolean lockedToken;
    private boolean DISABLE_UNREGISTERED_PASSCODES;
    private static final ConcurrentHashMap<String, Object[]> domainMap;

    public static void clearDomainMapCache() {
        domainMap.clear();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DeviceTransactionExec(keyList keylist, boolean z, boolean z2) {
        this.usingAES = true;
        this.lockedToken = false;
        this.keys = keylist;
        this.usingAES = z;
        this.lockedToken = z2;
        this.DISABLE_UNREGISTERED_PASSCODES = keylist.get("DISABLE_UNREGED_PASSCODES") != null && keylist.get("DISABLE_UNREGED_PASSCODES").equalsIgnoreCase("True");
        this.DISABLE_UNREGISTERED_PASSCODES = this.DISABLE_UNREGISTERED_PASSCODES || (keylist.get("DENY_UNVALIDATED_REQUESTS") != null && keylist.get("DENY_UNVALIDATED_REQUESTS").equalsIgnoreCase("True"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] setDevicePIN(Long l, String str, byte[] bArr, Connection connection, wEncKeysFactory wenckeysfactory, wEncKeys wenckeys, String str2) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        byte[] bArr2 = null;
        if (bArr.length == 0) {
            logger.error("Invalid Device ID in Registration Phase 2: domainCode: " + str + " ,deviceID:" + l);
            return new byte[]{5};
        }
        logger.debug("Recieved " + bArr.length + " bytes from client.");
        try {
            PreparedStatement prepareStatement = connection.prepareStatement("select id_domain, minPIN from domain where code= ?");
            prepareStatement.setString(1, str);
            ResultSet executeQuery = prepareStatement.executeQuery();
            if (!executeQuery.next()) {
                logger.error("Error06: Cannot find the domain client requested: domainCode: " + str + " ,deviceID:" + l + " ,domain:" + str);
                return new byte[]{6};
            }
            BigDecimal bigDecimal = executeQuery.getBigDecimal("id_domain");
            int i = executeQuery.getInt("minPIN");
            Statement createStatement = connection.createStatement();
            if (!createStatement.executeQuery("select deviceID from devices where deviceID=" + l).next()) {
                logger.error("Invalid Device ID in Registration Phase 2: domainCode: " + str + " ,deviceID:" + l);
                return new byte[]{10};
            }
            if (createStatement.executeQuery("select id_devicemap from devicemap where (deviceID=" + l + " and domainID=" + bigDecimal + ")").next()) {
                logger.error("Error08: PIN has already been established for this device in this domain: domainCode: " + str + " ,deviceID:" + l + " ,domain:" + str);
                return new byte[]{8};
            }
            wEncKeys generatePair = wenckeysfactory.generatePair();
            logger.debug("PIN :: Recieved " + bArr.length + " bytes from client: domainCode: " + str + " ,deviceID:" + l);
            try {
                byte[] unpackagePayload = wenckeys.unpackagePayload(bArr);
                logger.debug("Decrypted transaction payload:domainCode: " + str + " ,deviceID:" + l);
                DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(unpackagePayload));
                logger.debug("Reading payload: domainCode: " + str + " ,deviceID:" + l);
                String readUTF = dataInputStream.readUTF();
                if (this.usingAES) {
                    bArr2 = new byte[dataInputStream.readInt()];
                    logger.debug("Read " + dataInputStream.read(bArr2) + " bytes of data for AES seed.");
                }
                String str3 = null;
                if (this.lockedToken) {
                    try {
                        byte[] bArr3 = new byte[dataInputStream.readInt()];
                        if (dataInputStream.read(bArr3) == 0 || bArr3.length == 0) {
                            throw new IOException("The lock code was 0 bytes long.");
                        }
                        str3 = new String(bArr3);
                    } catch (IOException e) {
                        logger.warn("Token claimed to be locked but sent no lockcode data.", e);
                        return new byte[]{12};
                    }
                }
                if (readUTF.length() < i) {
                    logger.warn("PIN length less than minimum for this domain. domainCode: " + str + " ,deviceID:" + l + " , Length: " + readUTF.length());
                    return new byte[]{11};
                }
                byte[] bArr4 = new byte[64];
                System.arraycopy(readUTF.getBytes(), 0, bArr4, 0, readUTF.getBytes().length);
                byte[] bArr5 = new byte[16];
                System.arraycopy(wenckeys.exportPubKey(), 0, bArr5, 0, bArr5.length);
                byte[] AESEncrypt = AESBlockCrypt.AESEncrypt(bArr5, bArr4);
                PreparedStatement prepareStatement2 = connection.prepareStatement("insert into devicemap (deviceID, domainID, PIN, offKeyPub, offKeyPriv, bads, offs, init_expire, disable_cause) values (?,?,?,?,?,0,0,?,-1)");
                prepareStatement2.setLong(1, l.longValue());
                prepareStatement2.setBigDecimal(2, bigDecimal);
                prepareStatement2.setBytes(3, AESEncrypt);
                prepareStatement2.setBytes(4, generatePair.exportPubKey());
                prepareStatement2.setBytes(5, generatePair.exportPrivKey());
                prepareStatement2.setTimestamp(6, new Timestamp(new Date().getTime() + (Integer.parseInt(this.keys.get("UnRegDeviceTTL")) * FileWatchdog.DEFAULT_DELAY)));
                prepareStatement2.execute();
                logger.debug("Running Query...");
                ResultSet executeQuery2 = createStatement.executeQuery("select id_devicemap from devicemap where deviceID=" + l + " and domainID=" + bigDecimal);
                PreparedStatement prepareStatement3 = connection.prepareStatement("update devices set lockcode = ?, init_expire = ?, last_activity = 'now' where deviceid = ?");
                prepareStatement3.setString(1, str3);
                prepareStatement3.setTimestamp(2, new Timestamp(new Date().getTime() + (Integer.parseInt(this.keys.get("UnRegDeviceTTL")) * 60000)));
                prepareStatement3.setLong(3, l.longValue());
                prepareStatement3.execute();
                logger.debug("Ran Query");
                if (executeQuery2.next()) {
                    long nextLong = SecureRandom.getInstance("SHA1PRNG").nextLong();
                    String processRegcode = processRegcode(nextLong, MessageDigest.getInstance("SHA1"), wenckeys);
                    String processRegcode2 = processRegcode(nextLong, MessageDigest.getInstance("SHA256"), wenckeys);
                    logger.info("Issued registration code " + processRegcode + " / " + processRegcode2 + " to deviceID " + l);
                    PreparedStatement prepareStatement4 = connection.prepareStatement("insert into tempregcodes (regcode, regcode256, id_devicemap, expiration, embedded_id ) values (?,?,?,?,?)");
                    prepareStatement4.setString(1, processRegcode);
                    prepareStatement4.setString(2, processRegcode2);
                    prepareStatement4.setBigDecimal(3, executeQuery2.getBigDecimal(1));
                    prepareStatement4.setTimestamp(4, new Timestamp(new Date().getTime() + (Integer.parseInt(this.keys.get("RegCodeTTL")) * FileWatchdog.DEFAULT_DELAY)));
                    prepareStatement4.setString(5, str2);
                    prepareStatement4.execute();
                    dataOutputStream.writeUTF(nextLong + "");
                    generatePair.writePubKeyBytes(dataOutputStream);
                    dataOutputStream.writeInt(256);
                }
                PreparedStatement prepareStatement5 = connection.prepareStatement("select ckey from devices where deviceID= ?");
                prepareStatement5.setLong(1, l.longValue());
                ResultSet executeQuery3 = prepareStatement5.executeQuery();
                if (!executeQuery3.next()) {
                    return null;
                }
                byte[] packagePayload = wenckeysfactory.create(executeQuery3.getBytes("ckey"), null).packagePayload(byteArrayOutputStream.toByteArray());
                if (this.usingAES) {
                    packagePayload = AESBlockCrypt.AESEncrypt(bArr2, packagePayload);
                }
                byteArrayOutputStream.reset();
                dataOutputStream.write(packagePayload, 0, packagePayload.length);
                return byteArrayOutputStream.toByteArray();
            } catch (wCryptoException e2) {
                logger.error("Exception in unpackagepayload:domainCode: " + str + " ,deviceID:" + l, e2);
                return new byte[]{9};
            }
        } catch (wCryptoException e3) {
            logger.error("wCryptoException while setting PIN.", e3);
            return new byte[]{6};
        } catch (SQLException e4) {
            logger.error("SQLException while setting PIN.", e4);
            return new byte[]{5};
        } catch (Throwable th) {
            logger.error("Caught Exception while setting PIN.", th);
            return new byte[]{7};
        }
    }

    private String processRegcode(long j, MessageDigest messageDigest, wEncKeys wenckeys) {
        messageDigest.update(Long.toString(j).getBytes(), 0, Long.toString(j).getBytes().length);
        messageDigest.update(wenckeys.exportPubKey(), 0, wenckeys.exportPubKey().length);
        long j2 = 1;
        int length = messageDigest.digest().length;
        for (int i = 0; i < length; i++) {
            j2 += (long) Math.pow(r0[i], 6.0d);
        }
        return wUtil.b62(j2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getPreRegDomain(HttpServletRequest httpServletRequest, byte[] bArr, Connection connection, wEncKeysFactory wenckeysfactory, wEncKeys wenckeys, int i, long j, HttpServletResponse httpServletResponse) {
        try {
            wEncKeysFactory[] wenckeysfactoryArr = new wEncKeysFactory[1];
            wEncKeys domKeyAndFactory = ServletCrypto.getDomKeyAndFactory(httpServletRequest, connection, wenckeysfactoryArr);
            wEncKeysFactory wenckeysfactory2 = wenckeysfactoryArr[0];
            logger.debug("Decrypting pre-registration code ");
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(domKeyAndFactory.unpackagePayload(bArr)));
            String readUTF = dataInputStream.readUTF();
            logger.debug("Pre-registration code decrypted and extracted");
            byte[] bArr2 = new byte[dataInputStream.readInt()];
            dataInputStream.read(bArr2);
            logger.debug("Token crypto material extracted");
            PreparedStatement prepareStatement = connection.prepareStatement("select code from pre_registration, full_domain where full_domain.id_domain = pre_registration.id_domain and pre_registration_code= ?");
            prepareStatement.setString(1, readUTF);
            ResultSet executeQuery = prepareStatement.executeQuery();
            if (!executeQuery.next()) {
                logger.error("Could not find configuration for domain referenced by prereg code" + readUTF + " on this server.");
                return "4".getBytes();
            }
            String string = executeQuery.getString("code");
            logger.debug("Token is pre-registerd for domain code " + string);
            wEncKeysFactory[] wenckeysfactoryArr2 = new wEncKeysFactory[1];
            wEncKeys domKeyAndFactory2 = ServletCrypto.getDomKeyAndFactory(string, httpServletRequest.getParameter("CT"), connection, wenckeysfactoryArr2);
            wEncKeysFactory wenckeysfactory3 = wenckeysfactoryArr2[0];
            httpServletResponse.setHeader("DomainCode", string);
            return sendDeviceConfig(string, bArr2, connection, wenckeysfactory3, domKeyAndFactory2, i, j);
        } catch (wCryptoException e) {
            logger.error("wCryptoException while sending pre-reg domain configuration", e);
            return new byte[]{3};
        } catch (IOException e2) {
            logger.error("IOException while reading pre-reg data", e2);
            return new byte[]{3};
        } catch (SQLException e3) {
            logger.error("SQLException while sending pre-reg domain configuration", e3);
            return new byte[]{2};
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] sendDeviceConfig(String str, byte[] bArr, Connection connection, wEncKeysFactory wenckeysfactory, wEncKeys wenckeys, int i, long j) {
        byte[] bArr2 = this.usingAES ? new byte[bArr.length - 16] : new byte[bArr.length];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        logger.debug("Beginning send device configuration for domain " + str);
        if (bArr.length == 0) {
            logger.error("Received no txData data from client (Client error: 5)");
            return new byte[]{5};
        }
        logger.debug("Recieved " + bArr.length + " bytes from client.");
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        logger.debug("devPub.length: " + bArr2.length);
        try {
            Statement createStatement = connection.createStatement();
            try {
                PreparedStatement prepareStatement = connection.prepareStatement("select ddname, minPIN, valid, code, registered_url, lockrequired, clients_allowed from domain where code= ?");
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (!executeQuery.next()) {
                    logger.error("Could not find configuration for domain " + str + " on this server.");
                    return "4".getBytes();
                }
                if (executeQuery.getLong("clients_allowed") == 2034) {
                    if (!this.lockedToken && !TokenClientType.validateClientType(j, executeQuery.getLong("clients_allowed"))) {
                        logger.warn("Domain requires either a locked or wireless token: " + str);
                        return new byte[]{118};
                    }
                } else {
                    if (executeQuery.getBoolean("lockrequired") && !this.lockedToken) {
                        logger.warn("Unlocked token attempted to register for domain " + str);
                        return new byte[]{112};
                    }
                    if (!TokenClientType.validateClientType(j, executeQuery.getLong("clients_allowed"))) {
                        logger.warn("Non-wireless token attmepted to register in wireless-only domain " + str);
                        return new byte[]{117};
                    }
                }
                long generateID = generateID(createStatement);
                PreparedStatement prepareStatement2 = connection.prepareStatement("insert into devices (deviceID, ckey, id_cryptotype, init_expire, client_type, last_activity) values (?, ?, ?, ?, ?, 'now')");
                prepareStatement2.setLong(1, generateID);
                prepareStatement2.setBytes(2, bArr2);
                if (0 < i) {
                    prepareStatement2.setInt(3, i);
                } else {
                    prepareStatement2.setNull(3, 4);
                }
                prepareStatement2.setTimestamp(4, new Timestamp(new Date().getTime() + (Integer.parseInt(this.keys.get("IncompDeviceTTL")) * FileWatchdog.DEFAULT_DELAY)));
                prepareStatement2.setInt(5, Integer.parseInt(j + ""));
                prepareStatement2.execute();
                logger.debug("DeviceID " + generateID + " generated and added to the DB.");
                dataOutputStream.writeUTF(executeQuery.getString("ddname"));
                dataOutputStream.writeInt(executeQuery.getInt("minPIN"));
                dataOutputStream.writeInt(executeQuery.getInt("valid"));
                dataOutputStream.writeUTF(generateID + "");
                dataOutputStream.writeUTF(executeQuery.getString("registered_url"));
                logger.debug("Located domain configuration for domain " + str);
                if (wenckeysfactory == null) {
                    logger.error("wkeyfactory is null!!");
                }
                wEncKeys create = wenckeysfactory.create(bArr2, null);
                logger.debug("Successfully created encryption key from device key material.");
                byte[] packagePayload = create.packagePayload(byteArrayOutputStream.toByteArray());
                logger.debug("Encrypted payload.");
                byteArrayOutputStream.reset();
                dataOutputStream.writeInt(packagePayload.length);
                dataOutputStream.write(packagePayload, 0, packagePayload.length);
                dataOutputStream.writeInt(wenckeys.exportPubKey().length);
                dataOutputStream.write(wenckeys.exportPubKey(), 0, wenckeys.exportPubKey().length);
                logger.debug("Payload: " + B64.encodeBytes(byteArrayOutputStream.toByteArray()));
                logger.info("New device" + generateID + " added to server.");
                return byteArrayOutputStream.toByteArray();
            } catch (wCryptoException e) {
                logger.error("wCryptoException while sending domain configuration", e);
                return new byte[]{3};
            } catch (SQLException e2) {
                logger.error("SQLException while sending domain configuration", e2);
                return new byte[]{2};
            } catch (Throwable th) {
                logger.error("Exception while sending domain configuration", th);
                return new byte[]{4};
            }
        } catch (SQLException e3) {
            logger.error("SQLException while closing db connection in senddeviceconfig", e3);
            return new byte[]{5};
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] sendPublicKey(String str, byte[] bArr, Connection connection, wEncKeysFactory wenckeysfactory, wEncKeys wenckeys, int i, long j) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        logger.debug("Beginning key exchange. Using initial key for domain " + str);
        if (bArr.length == 0) {
            logger.error("Received no txData data from client (Client error: 5)");
            return new byte[]{5};
        }
        logger.debug("Recieved " + bArr.length + " bytes from client.");
        try {
            connection.createStatement();
            try {
                PreparedStatement prepareStatement = connection.prepareStatement("select ddname, minPIN, valid, code, registered_url, lockrequired, clients_allowed from domain where code= ?");
                prepareStatement.setString(1, str);
                if (!prepareStatement.executeQuery().next()) {
                    logger.error("Could not find configuration for domain " + str + " on this server.");
                    return "4".getBytes();
                }
                if (wenckeysfactory == null) {
                    logger.error("wkeyfactory is null!!");
                    return "-1".getBytes();
                }
                wenckeysfactory.create(bArr, null);
                logger.debug("Successfully created encryption key from device key material.");
                dataOutputStream.write(wenckeys.exportPubKey(), 0, wenckeys.exportPubKey().length);
                return byteArrayOutputStream.toByteArray();
            } catch (wCryptoException e) {
                logger.error("wCryptoException while sending domain public key", e);
                return new byte[]{3};
            } catch (SQLException e2) {
                logger.error("SQLException while sending domain public key", e2);
                return new byte[]{2};
            } catch (Throwable th) {
                logger.error("Exception while sending domain public key", th);
                return new byte[]{4};
            }
        } catch (SQLException e3) {
            logger.error("SQLException while closing db connection in sendPublicKey", e3);
            return new byte[]{5};
        }
    }

    private long generateID(Statement statement) {
        long j = 0;
        try {
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            j = secureRandom.nextLong();
            ResultSet executeQuery = statement.executeQuery("select id_devices from devices where deviceID=" + j);
            while (executeQuery.next()) {
                j = secureRandom.nextLong();
                executeQuery = statement.executeQuery("select id_devices from devices where deviceID=" + j);
            }
        } catch (NoSuchAlgorithmException e) {
            logger.error("Error in Registration Phase 1", e);
        } catch (SQLException e2) {
            logger.error("DB Error in Registration Phase 1", e2);
        }
        return j;
    }

    public byte[] processPasscodeRequest(byte[] bArr, HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("S");
        try {
            long parseLong = Long.parseLong(httpServletRequest.getParameter("D"));
            try {
                try {
                    byte[] bArr2 = null;
                    Timer timer = Timer.getTimer();
                    Connection connection = PooledConnectionManager.getConnection();
                    StatsCounter.connectionAcquire += timer.complete();
                    logger.debug("Got database connection");
                    ResultSet executeQuery = connection.createStatement().executeQuery("select ckey, lockcode from devices where devices.deviceid=" + parseLong);
                    Timer timer2 = Timer.getTimer();
                    wEncKeysFactory[] wenckeysfactoryArr = new wEncKeysFactory[1];
                    wEncKeys domKeyAndFactory = ServletCrypto.getDomKeyAndFactory(httpServletRequest, connection, wenckeysfactoryArr);
                    wEncKeysFactory wenckeysfactory = wenckeysfactoryArr[0];
                    StatsCounter.inflateDomainKeys += timer2.complete();
                    if (!executeQuery.next()) {
                        logger.error("Passcode request from unrecognized device - DeviceID: " + parseLong + " Most likely this token has been deleted from this server.");
                        byte[] bArr3 = {109};
                        PooledConnectionManager.closeConnection(connection);
                        return bArr3;
                    }
                    byte[] bytes = executeQuery.getBytes("ckey");
                    String trim = executeQuery.getString("lockcode") == null ? "" : executeQuery.getString("lockcode").trim();
                    Timer timer3 = Timer.getTimer();
                    wEncKeys create = wenckeysfactory.create(bytes, null);
                    StatsCounter.createClientKey += timer3.complete();
                    logger.debug("Loaded domain keys");
                    Timer timer4 = Timer.getTimer();
                    Object[] objArr = new Object[6];
                    PreparedStatement prepareStatement = connection.prepareStatement("select id_domain, maxbads, valid, tacacs, lockrequired, clients_allowed  from domain where code= ?");
                    prepareStatement.setString(1, parameter);
                    ResultSet executeQuery2 = prepareStatement.executeQuery();
                    if (!executeQuery2.next()) {
                        logger.error("Cant find the domain client requested: " + parameter);
                        byte[] bArr4 = {102};
                        PooledConnectionManager.closeConnection(connection);
                        return bArr4;
                    }
                    objArr[0] = Long.valueOf(executeQuery2.getLong("id_domain"));
                    objArr[1] = Integer.valueOf(executeQuery2.getInt("maxbads"));
                    objArr[2] = Integer.valueOf(executeQuery2.getInt("valid"));
                    objArr[3] = Boolean.valueOf(executeQuery2.getInt("tacacs") == 1);
                    objArr[4] = Boolean.valueOf(executeQuery2.getBoolean("lockrequired"));
                    objArr[5] = Long.valueOf(executeQuery2.getLong("clients_allowed"));
                    domainMap.put(parameter, objArr);
                    long longValue = ((Long) domainMap.get(parameter)[0]).longValue();
                    int intValue = ((Integer) domainMap.get(parameter)[1]).intValue();
                    int intValue2 = ((Integer) domainMap.get(parameter)[2]).intValue();
                    boolean booleanValue = ((Boolean) domainMap.get(parameter)[3]).booleanValue();
                    boolean booleanValue2 = ((Boolean) domainMap.get(parameter)[4]).booleanValue();
                    long longValue2 = ((Long) domainMap.get(parameter)[5]).longValue();
                    boolean z = longValue2 == 2034;
                    if (booleanValue2 && ((!z || (longValue2 & TokenClientType.WIRELESS) <= 0) && (httpServletRequest.getParameter("lck") == null || !httpServletRequest.getParameter("lck").equals("1")))) {
                        logger.warn("Unlocked device " + parseLong + " requesting pass code for locked domain " + parameter);
                        byte[] bArr5 = {112};
                        PooledConnectionManager.closeConnection(connection);
                        return bArr5;
                    }
                    StatsCounter.selectDomain += timer4.complete();
                    Timer timer5 = Timer.getTimer();
                    String tacacsSecret = TacPlusWriter.getTacacsSecret(connection.createStatement());
                    StatsCounter.tacacsSecret += timer5.complete();
                    Timer timer6 = Timer.getTimer();
                    try {
                        Timer timer7 = Timer.getTimer();
                        byte[] unpackagePayload = domKeyAndFactory.unpackagePayload(bArr);
                        StatsCounter.unpackagePayload += timer7.complete();
                        logger.debug("Decrypted client transaction");
                        Timer timer8 = Timer.getTimer();
                        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(unpackagePayload));
                        String readUTF = dataInputStream.readUTF();
                        StatsCounter.readPin += timer8.complete();
                        logger.debug("Read PIN from transaction");
                        Timer timer9 = Timer.getTimer();
                        if (this.usingAES) {
                            bArr2 = new byte[dataInputStream.readInt()];
                            logger.debug("Read " + dataInputStream.read(bArr2) + " bytes for AESSeed");
                        }
                        StatsCounter.readAESSeed += timer9.complete();
                        if (booleanValue2 && (!z || (longValue2 & TokenClientType.WIRELESS) <= 0)) {
                            String readUTF2 = dataInputStream.readUTF();
                            if (!trim.equals(readUTF2.trim())) {
                                logger.warn("Device " + parseLong + " requesting pass code with lockcode that did not match registration lockcode for domain " + parameter);
                                byte[] bArr6 = {112};
                                PooledConnectionManager.closeConnection(connection);
                                return bArr6;
                            }
                            logger.debug("Read " + readUTF2.length() + " bytes for lockcode");
                        }
                        StatsCounter.decryptTransaction += timer6.complete();
                        if (this.DISABLE_UNREGISTERED_PASSCODES) {
                            Timer timer10 = Timer.getTimer();
                            long id_Usermap = getId_Usermap(parseLong, connection);
                            StatsCounter.id_usermap += timer10.complete();
                            if (id_Usermap == -1) {
                                logger.debug("Returning 0 to unregistered device");
                                byte[] encryptDataForTX = encryptDataForTX("0", bArr2, create);
                                PooledConnectionManager.closeConnection(connection);
                                return encryptDataForTX;
                            }
                        }
                        Timer timer11 = Timer.getTimer();
                        PreparedStatement prepareStatement2 = connection.prepareStatement("select id_devicemap,PIN,deleted, bads from full_devicemap where domainid = ? and deviceID = ? and status=1");
                        prepareStatement2.setLong(1, longValue);
                        prepareStatement2.setLong(2, parseLong);
                        ResultSet executeQuery3 = prepareStatement2.executeQuery();
                        StatsCounter.retrieveDeviceDetailsSql += timer11.complete();
                        if (!executeQuery3.next()) {
                            ResultSet executeQuery4 = connection.createStatement().executeQuery("select status,id_devicemap,id_domain from devicemap,domain where domain.id_domain=devicemap.domainID and code='" + parameter + "' and deviceID=" + parseLong);
                            if (!executeQuery4.next()) {
                                logger.info("Passcode request from unknown device: " + parseLong + " Most likely this deveice was deleted or never completed the registration process.");
                                byte[] bArr7 = {116};
                                PooledConnectionManager.closeConnection(connection);
                                return bArr7;
                            }
                            if (executeQuery4.getInt(1) == 0) {
                                logger.info("Passcode request from disabled device: " + parseLong);
                                byte[] bArr8 = {111};
                                PooledConnectionManager.closeConnection(connection);
                                return bArr8;
                            }
                            logger.error("Cant find device " + parseLong + " in domain: " + parameter);
                            byte[] bArr9 = {113};
                            PooledConnectionManager.closeConnection(connection);
                            return bArr9;
                        }
                        if (executeQuery3.getBoolean("deleted")) {
                            logger.error("Passcode request from deleted device - DeviceID: " + parseLong);
                            byte[] bArr10 = {109};
                            PooledConnectionManager.closeConnection(connection);
                            return bArr10;
                        }
                        long j = executeQuery3.getLong("id_devicemap");
                        byte[] bytes2 = executeQuery3.getBytes("PIN");
                        int i = executeQuery3.getInt("bads");
                        Timer timer12 = Timer.getTimer();
                        byte[] bArr11 = new byte[16];
                        System.arraycopy(domKeyAndFactory.exportPubKey(), 0, bArr11, 0, bArr11.length);
                        byte[] AESDecrypt = AESBlockCrypt.AESDecrypt(bArr11, bytes2);
                        String trim2 = new String(AESDecrypt, 0, AESDecrypt.length).trim();
                        StatsCounter.pinDecryption += timer12.complete();
                        Timer timer13 = Timer.getTimer();
                        if (!readUTF.equals(trim2)) {
                            logger.info("Recieved bad passcode request. Incrementing bad attempt counter on device " + parseLong);
                            int i2 = 0;
                            if (i < intValue) {
                                i2 = 1;
                            } else {
                                logger.info("Device " + parseLong + " disabled due to bad passcode attempts.");
                            }
                            PreparedStatement prepareStatement3 = connection.prepareStatement("UPDATE devicemap set bads=((SELECT bads from devicemap where id_devicemap= ?)+1), status= ?, disable_date='now', disable_cause= ? where id_devicemap= ?");
                            prepareStatement3.setLong(1, j);
                            prepareStatement3.setInt(2, i2);
                            prepareStatement3.setInt(3, Constant.getDisableCauseIntValue(Constant.DisableCause.BAD_ATTEMPTS));
                            prepareStatement3.setLong(4, j);
                            prepareStatement3.executeUpdate();
                            if (i2 == 0) {
                                try {
                                    WiKIDEventReporter wiKIDEventReporter = new WiKIDEventReporter();
                                    wiKIDEventReporter.report(new WiKIDEvent(2, UserHelper.getUserByDeviceMapPK(connection, j), new Date()));
                                    wiKIDEventReporter.close();
                                } catch (Exception e) {
                                    logger.error(e, e);
                                }
                            }
                            byte[] bArr12 = {104};
                            PooledConnectionManager.closeConnection(connection);
                            return bArr12;
                        }
                        logger.debug("Submitted PIN verified");
                        Timer timer14 = Timer.getTimer();
                        if (i != 0) {
                            connection.createStatement().execute("UPDATE full_devicemap set bads=0 where id_devicemap=" + j);
                        }
                        StatsCounter.bads += timer14.complete();
                        Timer timer15 = Timer.getTimer();
                        int generateCode = generateCode();
                        StatsCounter.generateCode += timer15.complete();
                        Timer timer16 = Timer.getTimer();
                        PreparedStatement prepareStatement4 = connection.prepareStatement("delete from curr_codes where id_devicemap= ?");
                        prepareStatement4.setLong(1, j);
                        prepareStatement4.execute();
                        StatsCounter.findCurrentSql += timer16.complete();
                        Timer timer17 = Timer.getTimer();
                        logger.debug("Inserting new valid passcode for device" + parseLong);
                        PreparedStatement prepareStatement5 = connection.prepareStatement("insert into curr_codes (code,creation,expire,id_devicemap) values (?,'now',?,?)");
                        prepareStatement5.setInt(1, generateCode);
                        prepareStatement5.setTimestamp(2, new Timestamp(new Date().getTime() + (intValue2 * Oid.BOOL_ARRAY)));
                        prepareStatement5.setLong(3, j);
                        prepareStatement5.executeUpdate();
                        StatsCounter.insertNew += timer17.complete();
                        Timer timer18 = Timer.getTimer();
                        if (booleanValue) {
                            TacPlusWriter.write(Config.getValue("BASEPATH") + "private/tacacs.conf", connection, tacacsSecret);
                        }
                        StatsCounter.writeTacacs += timer18.complete();
                        String str = "1".equals(httpServletRequest.getParameter("withTTL")) ? "/" + intValue2 : "";
                        logger.info("Issued passcode to device " + parseLong);
                        Timer timer19 = Timer.getTimer();
                        byte[] encryptReply = encryptReply(generateCode, bArr2, str, create);
                        StatsCounter.encryptReply += timer19.complete();
                        StatsCounter.pinSuccess += timer13.complete();
                        PooledConnectionManager.closeConnection(connection);
                        return encryptReply;
                    } catch (wCryptoException e2) {
                        logger.error("Error decrypting data in passcode request", e2);
                        byte[] bArr13 = {108};
                        PooledConnectionManager.closeConnection(connection);
                        return bArr13;
                    }
                } catch (Throwable th) {
                    PooledConnectionManager.closeConnection(null);
                    throw th;
                }
            } catch (wCryptoException e3) {
                logger.error("Crypto error while generating code", e3);
                byte[] bArr14 = {114};
                PooledConnectionManager.closeConnection(null);
                return bArr14;
            } catch (Throwable th2) {
                th2.printStackTrace();
                logger.error("Error generating code", th2);
                byte[] bArr15 = {115};
                PooledConnectionManager.closeConnection(null);
                return bArr15;
            }
        } catch (NumberFormatException e4) {
            logger.error("Invalid DeviceID Format During Online Passcode Request", e4);
            return new byte[]{101};
        }
    }

    private byte[] encryptDataForTX(String str, byte[] bArr, wEncKeys wenckeys) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeUTF(str);
        byte[] AESEncrypt = AESBlockCrypt.AESEncrypt(bArr, wenckeys.packagePayload(byteArrayOutputStream.toByteArray()));
        logger.debug("ciphertext length: " + AESEncrypt.length);
        byteArrayOutputStream.reset();
        dataOutputStream.write(AESEncrypt, 0, AESEncrypt.length);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] encryptReply(int i, byte[] bArr, String str, wEncKeys wenckeys) throws IOException, SQLException, wCryptoException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        Timer timer = Timer.getTimer();
        dataOutputStream.writeUTF(i + str);
        StatsCounter.writePasscodeBytes += timer.complete();
        Timer timer2 = Timer.getTimer();
        byte[] packagePayload = wenckeys.packagePayload(byteArrayOutputStream.toByteArray());
        StatsCounter.packagePayload += timer2.complete();
        Timer timer3 = Timer.getTimer();
        if (this.usingAES) {
            packagePayload = AESBlockCrypt.AESEncrypt(bArr, packagePayload);
        }
        StatsCounter.AESEncrypt += timer3.complete();
        logger.debug("ciphertext length: " + packagePayload.length);
        byteArrayOutputStream.reset();
        dataOutputStream.write(packagePayload, 0, packagePayload.length);
        return byteArrayOutputStream.toByteArray();
    }

    private int generateCode() {
        Random random = new Random();
        int nextInt = random.nextInt();
        while (true) {
            int i = nextInt;
            if (i >= 99999 && i <= 999999) {
                return i;
            }
            nextInt = random.nextInt();
        }
    }

    private long getId_Usermap(long j, Connection connection) {
        try {
            ResultSet executeQuery = connection.createStatement().executeQuery("select id_usermap from full_usermap where id_devicemap=(select id_devicemap from full_devicemap where deviceid=" + j + ")");
            if (executeQuery.next()) {
                return executeQuery.getLong("id_usermap");
            }
            return -1L;
        } catch (SQLException e) {
            e.printStackTrace();
            return -1L;
        }
    }

    public byte[] preRegister(long j, String str, byte[] bArr, Connection connection, wEncKeysFactory wenckeysfactory, wEncKeys wenckeys) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        byte[] bArr2 = null;
        if (bArr.length == 0) {
            logger.error("Invalid Device ID in Pre-Registration Phase 2: domainCode: " + str + " ,deviceID:" + j);
            return new byte[]{5};
        }
        logger.debug("Recieved " + bArr.length + " bytes from client.");
        try {
            long j2 = -1;
            PreparedStatement prepareStatement = connection.prepareStatement("select id_domain, minPIN from domain where code= ?");
            prepareStatement.setString(1, str);
            ResultSet executeQuery = prepareStatement.executeQuery();
            if (!executeQuery.next()) {
                logger.error("Error06: Cannot find the domain client requested: domainCode: " + str + " ,deviceID:" + j + " ,domain:" + str);
                return new byte[]{6};
            }
            BigDecimal bigDecimal = executeQuery.getBigDecimal("id_domain");
            int i = executeQuery.getInt("minPIN");
            Statement createStatement = connection.createStatement();
            if (!createStatement.executeQuery("select deviceID from devices where deviceID=" + j).next()) {
                logger.error("Invalid Device ID in Pre-Registration Phase 2: domainCode: " + str + " ,deviceID:" + j);
                return new byte[]{10};
            }
            if (createStatement.executeQuery("select id_devicemap from devicemap where (deviceID=" + j + " and domainID=" + bigDecimal + ")").next()) {
                logger.error("Error07: PIN has already been established for this device in this domain: domainCode: " + str + " ,deviceID:" + j + " ,domain:" + str);
                return new byte[]{8};
            }
            wEncKeys generatePair = wenckeysfactory.generatePair();
            logger.debug("PIN :: Recieved " + bArr.length + " bytes from client: domainCode: " + str + " ,deviceID:" + j);
            try {
                byte[] unpackagePayload = wenckeys.unpackagePayload(bArr);
                logger.debug("Decrypted transaction payload:domainCode: " + str + " ,deviceID:" + j);
                DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(unpackagePayload));
                logger.debug("Reading payload: domainCode: " + str + " ,deviceID:" + j);
                String readUTF = dataInputStream.readUTF();
                logger.debug("Checking pre-registration code is valid: " + readUTF);
                String readUTF2 = dataInputStream.readUTF();
                if (this.usingAES) {
                    bArr2 = new byte[dataInputStream.readInt()];
                    logger.debug("Read " + dataInputStream.read(bArr2) + " bytes of data for AES seed.");
                }
                HashMap<String, Object> checkPRC = checkPRC(readUTF, connection);
                if (checkPRC == null) {
                    dataOutputStream.writeInt(-301);
                    dataOutputStream.writeUTF("Registration code not valid");
                    dataOutputStream.writeInt(0);
                    return encryptPreRegReply(connection, j, wenckeysfactory, byteArrayOutputStream, bArr2, dataOutputStream);
                }
                String str2 = null;
                if (this.lockedToken) {
                    try {
                        byte[] bArr3 = new byte[dataInputStream.readInt()];
                        if (dataInputStream.read(bArr3) == 0 || bArr3.length == 0) {
                            throw new IOException("The lock code was 0 bytes long.");
                        }
                        str2 = new String(bArr3);
                    } catch (IOException e) {
                        logger.warn("Token claimed to be locked but sent no lockcode data.", e);
                        return new byte[]{12};
                    }
                }
                if (readUTF2.length() < i) {
                    logger.warn("PIN length less than minimum for this domain.domainCode: " + str + " ,deviceID:" + j + " , Length: " + readUTF2.length());
                    return new byte[]{11};
                }
                byte[] bArr4 = new byte[64];
                System.arraycopy(readUTF2.getBytes(), 0, bArr4, 0, readUTF2.getBytes().length);
                byte[] bArr5 = new byte[16];
                System.arraycopy(wenckeys.exportPubKey(), 0, bArr5, 0, bArr5.length);
                byte[] AESEncrypt = AESBlockCrypt.AESEncrypt(bArr5, bArr4);
                PreparedStatement prepareStatement2 = connection.prepareStatement("insert into devicemap (deviceID, domainID, PIN, offKeyPub, offKeyPriv, bads, offs, init_expire) values (?,?,?,?,?,0,0,?)");
                prepareStatement2.setLong(1, j);
                prepareStatement2.setBigDecimal(2, bigDecimal);
                prepareStatement2.setBytes(3, AESEncrypt);
                prepareStatement2.setBytes(4, generatePair.exportPubKey());
                prepareStatement2.setBytes(5, generatePair.exportPrivKey());
                prepareStatement2.setTimestamp(6, new Timestamp(new Date().getTime() + 561600000000L));
                prepareStatement2.execute();
                logger.debug("Updating database with PIN value...");
                ResultSet executeQuery2 = createStatement.executeQuery("select id_devicemap from devicemap where deviceID=" + j + " and domainID=" + bigDecimal);
                if (executeQuery2.next()) {
                    j2 = executeQuery2.getLong("id_devicemap");
                }
                PreparedStatement prepareStatement3 = connection.prepareStatement("update devices set lockcode = ?, init_expire = ?, last_activity = 'now' where deviceid = ?");
                prepareStatement3.setString(1, str2);
                prepareStatement3.setTimestamp(2, new Timestamp(new Date().getTime() + 561600000000L));
                prepareStatement3.setLong(3, j);
                prepareStatement3.execute();
                logger.debug("PIN set in DB for deviceID:" + j);
                logger.debug("Pre-registering user: " + checkPRC.get("temp_name") + " with deviceID: " + j);
                preRegisterUser(checkPRC, connection, j2);
                if (j2 != -1) {
                    dataOutputStream.writeInt(0);
                    dataOutputStream.writeUTF("Registration Succeeded");
                    generatePair.writePubKeyBytes(dataOutputStream);
                } else {
                    dataOutputStream.writeInt(-1);
                    dataOutputStream.writeUTF("Registration Failed");
                    dataOutputStream.writeInt(0);
                }
                return encryptPreRegReply(connection, j, wenckeysfactory, byteArrayOutputStream, bArr2, dataOutputStream);
            } catch (wCryptoException e2) {
                logger.error("Exception in unpackagepayload:domainCode: " + str + " ,deviceID:" + j, e2);
                return new byte[]{9};
            }
        } catch (wCryptoException e3) {
            logger.error("wCryptoException while setting PIN.", e3);
            return new byte[]{6};
        } catch (SQLException e4) {
            logger.error("SQLException while setting PIN.", e4);
            return new byte[]{5};
        } catch (Throwable th) {
            logger.error("Caught Exception while setting PIN.", th);
            return new byte[]{7};
        }
    }

    private void preRegisterUser(HashMap<String, Object> hashMap, Connection connection, long j) throws SQLException {
        PreparedStatement prepareStatement = connection.prepareStatement("insert into full_usermap (id_devicemap, userid, bads, status) values (?, ?, 0, 1)");
        prepareStatement.setLong(1, j);
        prepareStatement.setString(2, hashMap.get("temp_name").toString());
        prepareStatement.execute();
        PreparedStatement prepareStatement2 = connection.prepareStatement("select id_usermap from full_usermap where upper(full_usermap.userid)= ? and id_devicemap= ?");
        prepareStatement2.setString(1, hashMap.get("temp_name").toString().toUpperCase());
        prepareStatement2.setLong(2, j);
        ResultSet executeQuery = prepareStatement2.executeQuery();
        if (executeQuery.next()) {
            long j2 = executeQuery.getLong("id_usermap");
            PreparedStatement prepareStatement3 = connection.prepareStatement("update pre_registration set pre_registration_code= ? , id_usermap= ? where pre_registration_code= ?");
            prepareStatement3.setString(1, "-- Registered --");
            prepareStatement3.setLong(2, j2);
            prepareStatement3.setString(3, hashMap.get("pre_registration_code").toString());
            prepareStatement3.execute();
        }
    }

    private HashMap<String, Object> checkPRC(String str, Connection connection) {
        try {
            PreparedStatement prepareStatement = connection.prepareStatement("select * from pre_registration where pre_registration_code= ?");
            prepareStatement.setString(1, str);
            ResultSet executeQuery = prepareStatement.executeQuery();
            if (!executeQuery.next()) {
                return null;
            }
            HashMap<String, Object> hashMap = new HashMap<>();
            hashMap.put("id_pre_registration", executeQuery.getString("id_pre_registration"));
            hashMap.put("id_usermap", Long.valueOf(executeQuery.getLong("id_usermap")));
            hashMap.put("temp_name", executeQuery.getString("temp_name"));
            hashMap.put("pre_registration_code", executeQuery.getString("pre_registration_code"));
            hashMap.put("email_address", executeQuery.getString("email_address"));
            return hashMap;
        } catch (SQLException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    private byte[] encryptPreRegReply(Connection connection, long j, wEncKeysFactory wenckeysfactory, ByteArrayOutputStream byteArrayOutputStream, byte[] bArr, DataOutputStream dataOutputStream) throws IOException, SQLException, wCryptoException {
        PreparedStatement prepareStatement = connection.prepareStatement("select ckey from devices where deviceID= ?");
        prepareStatement.setLong(1, j);
        ResultSet executeQuery = prepareStatement.executeQuery();
        if (!executeQuery.next()) {
            return null;
        }
        byte[] packagePayload = wenckeysfactory.create(executeQuery.getBytes("ckey"), null).packagePayload(byteArrayOutputStream.toByteArray());
        if (this.usingAES) {
            packagePayload = AESBlockCrypt.AESEncrypt(bArr, packagePayload);
        }
        byteArrayOutputStream.reset();
        dataOutputStream.write(packagePayload, 0, packagePayload.length);
        return byteArrayOutputStream.toByteArray();
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        logger = Logger.getLogger(DeviceTransactionExec.class);
        domainMap = new ConcurrentHashMap<>();
    }
}
