package tigase.auth;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.sasl.SaslServerFactory;
import tigase.auth.mechanisms.SaslEXTERNAL;
import tigase.auth.mechanisms.SaslSCRAMPlus;
import tigase.auth.mechanisms.TigaseSaslServerFactory;
import tigase.cert.CertificateUtil;
import tigase.vhosts.VHostItem;
import tigase.xmpp.XMPPResourceConnection;

/* loaded from: input_file:tigase/auth/DefaultMechanismSelector.class */
public class DefaultMechanismSelector implements MechanismSelector {
    private final Set<String> allowedMechanisms = new HashSet();
    protected Map<String, Object> settings;

    @Override // tigase.auth.MechanismSelector
    public Collection<String> filterMechanisms(Enumeration<SaslServerFactory> enumeration, XMPPResourceConnection xMPPResourceConnection) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        while (enumeration.hasMoreElements()) {
            SaslServerFactory nextElement = enumeration.nextElement();
            for (String str : nextElement.getMechanismNames(hashMap)) {
                if (match(nextElement, str, xMPPResourceConnection) && isAllowedForDomain(str, xMPPResourceConnection.getDomain())) {
                    arrayList.add(str);
                }
            }
        }
        return arrayList;
    }

    @Override // tigase.auth.MechanismSelector
    public void init(Map<String, Object> map) {
        String[] split;
        this.settings = map;
        String str = (String) map.get("enabled-mechanisms");
        if (str == null || (split = str.split(",")) == null) {
            return;
        }
        this.allowedMechanisms.addAll(Arrays.asList(split));
    }

    protected boolean isAllowedForDomain(String str, VHostItem vHostItem) {
        String[] saslAllowedMechanisms = vHostItem.getSaslAllowedMechanisms();
        if (saslAllowedMechanisms == null || saslAllowedMechanisms.length <= 0) {
            if (this.allowedMechanisms.isEmpty()) {
                return true;
            }
            return this.allowedMechanisms.contains(str);
        }
        for (String str2 : saslAllowedMechanisms) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private boolean isJIDInCertificate(XMPPResourceConnection xMPPResourceConnection) {
        List<String> extractXmppAddrs;
        Certificate certificate = (Certificate) xMPPResourceConnection.getSessionData(SaslEXTERNAL.PEER_CERTIFICATE_KEY);
        return (certificate == null || (extractXmppAddrs = CertificateUtil.extractXmppAddrs((X509Certificate) certificate)) == null || extractXmppAddrs.isEmpty()) ? false : true;
    }

    protected boolean match(SaslServerFactory saslServerFactory, String str, XMPPResourceConnection xMPPResourceConnection) {
        if ((xMPPResourceConnection.isTlsRequired() && !xMPPResourceConnection.isEncrypted()) || !(saslServerFactory instanceof TigaseSaslServerFactory)) {
            return false;
        }
        if (!xMPPResourceConnection.getDomain().isAnonymousEnabled() && "ANONYMOUS".equals(str)) {
            return false;
        }
        if (!"EXTERNAL".equals(str) || isJIDInCertificate(xMPPResourceConnection)) {
            return !SaslSCRAMPlus.NAME.equals(str) || SaslSCRAMPlus.isAvailable(xMPPResourceConnection);
        }
        return false;
    }
}
