package tigase.xmpp.impl;

import java.security.Security;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Queue;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import tigase.auth.CallbackHandlerFactory;
import tigase.auth.MechanismSelector;
import tigase.auth.MechanismSelectorFactory;
import tigase.auth.TigaseSaslProvider;
import tigase.auth.XmppSaslException;
import tigase.auth.mechanisms.SaslANONYMOUS;
import tigase.conf.Configurable;
import tigase.db.AuthRepository;
import tigase.db.NonAuthUserRepository;
import tigase.db.TigaseDBException;
import tigase.server.Command;
import tigase.server.Packet;
import tigase.server.Priority;
import tigase.util.Base64;
import tigase.xml.Element;
import tigase.xmpp.BareJID;
import tigase.xmpp.NotAuthorizedException;
import tigase.xmpp.StanzaType;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;

/* loaded from: input_file:tigase/xmpp/impl/SaslAuth.class */
public class SaslAuth extends AbstractAuthPreprocessor implements XMPPProcessorIfc {
    public static final String ID = "urn:ietf:params:xml:ns:xmpp-sasl";
    private static final String _XMLNS = "urn:ietf:params:xml:ns:xmpp-sasl";
    private static final String ALLOWED_SASL_MECHANISMS_KEY = "allowed-sasl-mechanisms";
    private static final String SASL_SERVER_KEY = "SASL_SERVER_KEY";
    private CallbackHandlerFactory callbackHandlerFactory = new CallbackHandlerFactory();
    private final Map<String, Object> props = new HashMap();
    private MechanismSelector mechanismSelector;
    private static final Element[] DISCO_FEATURES = {new Element("feature", new String[]{"var"}, new String[]{"urn:ietf:params:xml:ns:xmpp-sasl"})};
    private static final String[][] ELEMENTS = {new String[]{"auth"}, new String[]{"response"}, new String[]{"challenge"}, new String[]{"failure"}, new String[]{"success"}, new String[]{"abort"}};
    private static final Logger log = Logger.getLogger(SaslAuth.class.getName());
    private static final String[] XMLNSS = {"urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl"};

    /* loaded from: input_file:tigase/xmpp/impl/SaslAuth$ElementType.class */
    public enum ElementType {
        abort,
        auth,
        challenge,
        failure,
        response,
        success
    }

    @Override // tigase.xmpp.XMPPImplIfc
    public int concurrentQueuesNo() {
        return super.concurrentQueuesNo() * 4;
    }

    private Element createReply(ElementType elementType, String str) {
        Element element = new Element(elementType.toString());
        element.setXMLNS("urn:ietf:params:xml:ns:xmpp-sasl");
        if (str != null) {
            element.setCData(str);
        }
        return element;
    }

    @Override // tigase.xmpp.XMPPImplIfc
    public String id() {
        return "urn:ietf:params:xml:ns:xmpp-sasl";
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public void init(Map<String, Object> map) throws TigaseDBException {
        if (map != null) {
            this.props.putAll(map);
        }
        super.init(map);
        if (!(Security.getProvider("tigase.sasl") instanceof TigaseSaslProvider)) {
            Security.removeProvider("tigase.sasl");
        }
        Security.insertProviderAt(new TigaseSaslProvider(map), 1);
        try {
            this.mechanismSelector = new MechanismSelectorFactory().create(map);
        } catch (Exception e) {
            log.severe("Can't create SASL Mechanism Selector");
            throw new RuntimeException("Can't create SASL Mechanism Selector", e);
        }
    }

    protected void onAuthFail(XMPPResourceConnection xMPPResourceConnection) {
        xMPPResourceConnection.removeSessionData(SASL_SERVER_KEY);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, tigase.auth.XmppSaslException] */
    @Override // tigase.xmpp.XMPPProcessorIfc
    public void process(Packet packet, XMPPResourceConnection xMPPResourceConnection, NonAuthUserRepository nonAuthUserRepository, Queue<Packet> queue, Map<String, Object> map) {
        SaslServer saslServer;
        boolean z;
        if (xMPPResourceConnection == null) {
            return;
        }
        synchronized (xMPPResourceConnection) {
            if (xMPPResourceConnection.getSessionData(XMPPResourceConnection.AUTHENTICATION_TIMEOUT_KEY) != null) {
                return;
            }
            if (xMPPResourceConnection.isAuthorized()) {
                Packet swapFromTo = packet.swapFromTo(createReply(ElementType.failure, "<not-authorized/>"), null, null);
                swapFromTo.setPriority(Priority.SYSTEM);
                queue.offer(swapFromTo);
                queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Discovered second authentication attempt: {0}, packet: {1}", new Object[]{xMPPResourceConnection.toString(), packet.toString()});
                }
                try {
                    xMPPResourceConnection.logout();
                } catch (NotAuthorizedException e) {
                    log.log(Level.FINER, "Unsuccessful session logout: {0}", xMPPResourceConnection.toString());
                }
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Session after logout: {0}", xMPPResourceConnection.toString());
                }
            }
            Element element = packet.getElement();
            try {
                try {
                    if ("auth" == element.getName()) {
                        String attributeStaticStr = element.getAttributeStaticStr(AuthRepository.MACHANISM_KEY);
                        if (log.isLoggable(Level.FINEST)) {
                            log.finest("Start SASL auth. mechanism=" + attributeStaticStr);
                        }
                        Collection<String> collection = (Collection) xMPPResourceConnection.getSessionData(ALLOWED_SASL_MECHANISMS_KEY);
                        xMPPResourceConnection.removeSessionData(ALLOWED_SASL_MECHANISMS_KEY);
                        if (collection == null) {
                            collection = this.mechanismSelector.filterMechanisms(Sasl.getSaslServerFactories(), xMPPResourceConnection);
                        }
                        if (attributeStaticStr == null || collection == null || !collection.contains(attributeStaticStr)) {
                            throw new XmppSaslException(XmppSaslException.SaslError.invalid_mechanism, "Mechanism '" + attributeStaticStr + "' is not allowed");
                        }
                        saslServer = Sasl.createSaslServer(attributeStaticStr, Configurable.STANZA_XMPP_ACK, xMPPResourceConnection.getDomain().getVhost().getDomain(), this.props, this.callbackHandlerFactory.create(attributeStaticStr, xMPPResourceConnection, nonAuthUserRepository, map));
                        if (saslServer == null) {
                            throw new XmppSaslException(XmppSaslException.SaslError.invalid_mechanism, "Mechanism '" + attributeStaticStr + "' is not allowed");
                        }
                        xMPPResourceConnection.putSessionData(SASL_SERVER_KEY, saslServer);
                    } else {
                        if ("response" != element.getName()) {
                            throw new XmppSaslException(XmppSaslException.SaslError.malformed_request, "Unrecognized element " + element.getName());
                        }
                        saslServer = (SaslServer) xMPPResourceConnection.getSessionData(SASL_SERVER_KEY);
                        if (saslServer == null) {
                            throw new XmppSaslException(XmppSaslException.SaslError.malformed_request);
                        }
                    }
                    String cData = element.getCData();
                    byte[] evaluateResponse = saslServer.evaluateResponse((cData != null && cData.length() == 1 && cData.equals("=")) ? new byte[0] : (cData == null || cData.length() <= 0) ? new byte[0] : Base64.decode(cData));
                    String encode = evaluateResponse != null ? Base64.encode(evaluateResponse) : null;
                    if (saslServer.isComplete() && saslServer.getAuthorizationID() != null) {
                        BareJID bareJIDInstance = saslServer.getAuthorizationID().contains("@") ? BareJID.bareJIDInstance(saslServer.getAuthorizationID()) : BareJID.bareJIDInstance(saslServer.getAuthorizationID(), xMPPResourceConnection.getDomain().getVhost().getDomain());
                        if (log.isLoggable(Level.FINE)) {
                            log.finest("Authorized as " + bareJIDInstance);
                        }
                        try {
                            Boolean bool = (Boolean) saslServer.getNegotiatedProperty(SaslANONYMOUS.IS_ANONYMOUS_PROPERTY);
                            z = bool == null ? false : bool.booleanValue();
                        } catch (Exception e2) {
                            z = false;
                        }
                        xMPPResourceConnection.removeSessionData(SASL_SERVER_KEY);
                        xMPPResourceConnection.authorizeJID(bareJIDInstance, z);
                        queue.offer(packet.swapFromTo(createReply(ElementType.success, encode), null, null));
                    } else {
                        if (saslServer.isComplete()) {
                            throw new XmppSaslException(XmppSaslException.SaslError.malformed_request);
                        }
                        queue.offer(packet.swapFromTo(createReply(ElementType.challenge, encode), null, null));
                    }
                } catch (SaslException e3) {
                    onAuthFail(xMPPResourceConnection);
                    if (log.isLoggable(Level.FINER)) {
                        log.log(Level.FINER, "SASL unsuccessful", e3);
                    }
                    Packet swapFromTo2 = packet.swapFromTo(createReply(ElementType.failure, "<not-authorized/>"), null, null);
                    swapFromTo2.setPriority(Priority.SYSTEM);
                    queue.offer(swapFromTo2);
                }
            } catch (Exception e4) {
                onAuthFail(xMPPResourceConnection);
                if (log.isLoggable(Level.WARNING)) {
                    log.log(Level.WARNING, "Problem with SASL", (Throwable) e4);
                }
                Packet swapFromTo3 = packet.swapFromTo(createReply(ElementType.failure, "<temporary-auth-failure/>"), null, null);
                swapFromTo3.setPriority(Priority.SYSTEM);
                queue.offer(swapFromTo3);
            } catch (XmppSaslException e5) {
                onAuthFail(xMPPResourceConnection);
                if (log.isLoggable(Level.FINER)) {
                    log.log(Level.FINER, "SASL unsuccessful", (Throwable) e5);
                }
                String str = e5.getSaslErrorElementName() != null ? "<" + e5.getSaslErrorElementName() + "/>" : "<not-authorized/>";
                if (e5.getMessage() != null) {
                    str = str + "<text xml:lang='en'>" + e5.getMessage() + "</text>";
                }
                Packet swapFromTo4 = packet.swapFromTo(createReply(ElementType.failure, str), null, null);
                swapFromTo4.setPriority(Priority.SYSTEM);
                queue.offer(swapFromTo4);
            }
        }
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supDiscoFeatures(XMPPResourceConnection xMPPResourceConnection) {
        return DISCO_FEATURES;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[][] supElementNamePaths() {
        return ELEMENTS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[] supNamespaces() {
        return XMLNSS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supStreamFeatures(XMPPResourceConnection xMPPResourceConnection) {
        if (xMPPResourceConnection == null || xMPPResourceConnection.isAuthorized()) {
            return null;
        }
        Collection<String> filterMechanisms = this.mechanismSelector.filterMechanisms(Sasl.getSaslServerFactories(), xMPPResourceConnection);
        Element[] elementArr = new Element[filterMechanisms.size()];
        int i = 0;
        xMPPResourceConnection.putSessionData(ALLOWED_SASL_MECHANISMS_KEY, filterMechanisms);
        Iterator<String> it = filterMechanisms.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            elementArr[i2] = new Element(AuthRepository.MACHANISM_KEY, it.next());
        }
        return new Element[]{new Element("mechanisms", elementArr, new String[]{"xmlns"}, new String[]{"urn:ietf:params:xml:ns:xmpp-sasl"})};
    }
}
