package tigase.auth.impl;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import tigase.auth.AuthRepositoryAware;
import tigase.auth.DomainAware;
import tigase.auth.callbacks.PBKDIterationsCallback;
import tigase.auth.callbacks.SaltCallback;
import tigase.auth.callbacks.SaltedPasswordCallback;
import tigase.auth.mechanisms.AbstractSaslSCRAM;
import tigase.db.AuthRepository;
import tigase.xmpp.BareJID;

/* loaded from: input_file:tigase/auth/impl/ScramCallbackHandler.class */
public class ScramCallbackHandler implements CallbackHandler, AuthRepositoryAware, DomainAware {
    private String domain;
    private AuthRepository repo;
    protected BareJID jid = null;
    protected Logger log = Logger.getLogger(getClass().getName());
    private int pbkd2Iterations = 4096;
    private final SecureRandom random = new SecureRandom();
    private final byte[] salt = new byte[10];

    public ScramCallbackHandler() {
        this.random.nextBytes(this.salt);
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (this.log.isLoggable(Level.FINEST)) {
                this.log.log(Level.FINEST, "Callback: {0}", callbackArr[i].getClass().getSimpleName());
            }
            handleCallback(callbackArr[i]);
        }
    }

    protected void handleAuthorizeCallback(AuthorizeCallback authorizeCallback) {
        String authenticationID = authorizeCallback.getAuthenticationID();
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "AuthorizeCallback: authenId: {0}", authenticationID);
        }
        String authorizationID = authorizeCallback.getAuthorizationID();
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "AuthorizeCallback: authorId: {0}", authorizationID);
        }
        if (authenticationID.equals(authorizationID)) {
            authorizeCallback.setAuthorized(true);
        }
    }

    protected void handleCallback(Callback callback) throws UnsupportedCallbackException, IOException {
        if (callback instanceof PBKDIterationsCallback) {
            handlePBKDIterationsCallback((PBKDIterationsCallback) callback);
            return;
        }
        if (callback instanceof SaltedPasswordCallback) {
            handleSaltedPasswordCallbackCallback((SaltedPasswordCallback) callback);
            return;
        }
        if (callback instanceof NameCallback) {
            handleNameCallback((NameCallback) callback);
        } else if (callback instanceof SaltCallback) {
            handleSaltCallback((SaltCallback) callback);
        } else {
            if (!(callback instanceof AuthorizeCallback)) {
                throw new UnsupportedCallbackException(callback, "Unrecognized Callback " + callback);
            }
            handleAuthorizeCallback((AuthorizeCallback) callback);
        }
    }

    protected void handleNameCallback(NameCallback nameCallback) throws IOException {
        String defaultName = nameCallback.getDefaultName();
        this.jid = BareJID.bareJIDInstanceNS(defaultName, this.domain);
        nameCallback.setName(this.jid.toString());
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "NameCallback: {0}", defaultName);
        }
    }

    protected void handlePBKDIterationsCallback(PBKDIterationsCallback pBKDIterationsCallback) {
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "PBKDIterationsCallback: {0}", this.jid);
        }
        pBKDIterationsCallback.setInterations(this.pbkd2Iterations);
    }

    protected void handleSaltCallback(SaltCallback saltCallback) {
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "SaltCallback: {0}", this.jid);
        }
        saltCallback.setSalt(this.salt);
    }

    protected void handleSaltedPasswordCallbackCallback(SaltedPasswordCallback saltedPasswordCallback) {
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "PasswordCallback: {0}", this.jid);
        }
        try {
            String password = this.repo.getPassword(this.jid);
            if (password == null) {
                saltedPasswordCallback.setSaltedPassword(new byte[0]);
            } else {
                saltedPasswordCallback.setSaltedPassword(AbstractSaslSCRAM.hi("SHA1", AbstractSaslSCRAM.normalize(password), this.salt, this.pbkd2Iterations));
            }
        } catch (Exception e) {
            saltedPasswordCallback.setSaltedPassword(null);
            this.log.log(Level.WARNING, "Can't retrieve user password.", (Throwable) e);
        }
    }

    @Override // tigase.auth.AuthRepositoryAware
    public void setAuthRepository(AuthRepository authRepository) {
        this.repo = authRepository;
    }

    @Override // tigase.auth.DomainAware
    public void setDomain(String str) {
        this.domain = str;
    }
}
