package tigase.xmpp.impl;

import java.security.Security;
import java.util.Collection;
import java.util.Map;
import java.util.Queue;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.Sasl;
import tigase.auth.CallbackHandlerFactory;
import tigase.auth.MechanismSelector;
import tigase.auth.MechanismSelectorFactory;
import tigase.auth.TigaseSaslProvider;
import tigase.auth.callbacks.VerifyPasswordCallback;
import tigase.cluster.repo.ClusterRepoItem;
import tigase.cluster.strategy.DefaultClusteringStrategy;
import tigase.db.AuthRepository;
import tigase.db.NonAuthUserRepository;
import tigase.db.TigaseDBException;
import tigase.db.jdbc.TigaseCustomAuth;
import tigase.server.Command;
import tigase.server.Iq;
import tigase.server.Packet;
import tigase.server.Priority;
import tigase.xml.Element;
import tigase.xmpp.Authorization;
import tigase.xmpp.BareJID;
import tigase.xmpp.NotAuthorizedException;
import tigase.xmpp.StanzaType;
import tigase.xmpp.XMPPException;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;

/* loaded from: input_file:tigase/xmpp/impl/JabberIqAuth.class */
public class JabberIqAuth extends AbstractAuthPreprocessor implements XMPPProcessorIfc {
    private static final String XMLNS = "jabber:iq:auth";
    private static final String ID = "jabber:iq:auth";
    private CallbackHandlerFactory callbackHandlerFactory = new CallbackHandlerFactory();
    private MechanismSelector mechanismSelector;
    private static final String[][] ELEMENT_PATHS = {Iq.IQ_QUERY_PATH};
    private static final Logger log = Logger.getLogger(JabberIqAuth.class.getName());
    private static final String[] XMLNSS = {"jabber:iq:auth"};
    private static final String[] IQ_QUERY_USERNAME_PATH = {Iq.ELEM_NAME, "query", AuthRepository.USERNAME_KEY};
    private static final String[] IQ_QUERY_RESOURCE_PATH = {Iq.ELEM_NAME, "query", DefaultClusteringStrategy.RESOURCE};
    private static final String[] IQ_QUERY_PASSWORD_PATH = {Iq.ELEM_NAME, "query", "password"};
    private static final String[] IQ_QUERY_DIGEST_PATH = {Iq.ELEM_NAME, "query", AuthRepository.DIGEST_KEY};
    private static final Element[] FEATURES = {new Element("auth", new String[]{"xmlns"}, new String[]{"http://jabber.org/features/iq-auth"})};
    private static final Element[] DISCO_FEATURES = {new Element("feature", new String[]{"var"}, new String[]{"jabber:iq:auth"})};

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public void init(Map<String, Object> map) throws TigaseDBException {
        if (!(Security.getProvider("tigase.sasl") instanceof TigaseSaslProvider)) {
            Security.removeProvider("tigase.sasl");
        }
        Security.insertProviderAt(new TigaseSaslProvider(map), 1);
        super.init(map);
        try {
            this.mechanismSelector = new MechanismSelectorFactory().create(map);
        } catch (Exception e) {
            log.severe("Can't create SASL Mechanism Selector");
            throw new RuntimeException("Can't create SASL Mechanism Selector", e);
        }
    }

    @Override // tigase.xmpp.XMPPImplIfc
    public String id() {
        return "jabber:iq:auth";
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:27:0x00ca. Please report as an issue. */
    @Override // tigase.xmpp.XMPPProcessorIfc
    public void process(Packet packet, XMPPResourceConnection xMPPResourceConnection, NonAuthUserRepository nonAuthUserRepository, Queue<Packet> queue, Map<String, Object> map) throws XMPPException {
        if (xMPPResourceConnection == null) {
            return;
        }
        synchronized (xMPPResourceConnection) {
            if (xMPPResourceConnection.getSessionData(XMPPResourceConnection.AUTHENTICATION_TIMEOUT_KEY) != null) {
                return;
            }
            if (xMPPResourceConnection.isAuthorized()) {
                Packet responseMessage = Authorization.NOT_AUTHORIZED.getResponseMessage(packet, "Cannot authenticate twice on the same stream.", false);
                responseMessage.setPriority(Priority.SYSTEM);
                queue.offer(responseMessage);
                queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Discovered second authentication attempt: {0}, packet: {1}", new Object[]{xMPPResourceConnection.toString(), packet.toString()});
                }
                try {
                    xMPPResourceConnection.logout();
                } catch (NotAuthorizedException e) {
                    log.log(Level.FINER, "Unsuccessful session logout: {0}", xMPPResourceConnection.toString());
                }
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Session after logout: {0}", xMPPResourceConnection.toString());
                }
            }
            Element element = packet.getElement();
            switch (packet.getType()) {
                case get:
                    try {
                        StringBuilder sb = new StringBuilder("<username/>");
                        Collection<String> filterMechanisms = this.mechanismSelector.filterMechanisms(Sasl.getSaslServerFactories(), xMPPResourceConnection);
                        if (filterMechanisms.contains(TigaseCustomAuth.DEF_SASL_MECHS) || filterMechanisms.contains("DIGEST-MD5")) {
                            sb.append("<password/>");
                        }
                        sb.append("<resource/>");
                        queue.offer(packet.okResult(sb.toString(), 1));
                    } catch (NullPointerException e2) {
                        if (log.isLoggable(Level.FINE)) {
                            log.fine("Database problem, most likely misconfiguration error: " + e2);
                        }
                        queue.offer(Authorization.INTERNAL_SERVER_ERROR.getResponseMessage(packet, "Database access problem, please contact administrator.", true));
                    }
                    return;
                case set:
                    String childCDataStaticStr = element.getChildCDataStaticStr(IQ_QUERY_USERNAME_PATH);
                    String childCDataStaticStr2 = element.getChildCDataStaticStr(IQ_QUERY_RESOURCE_PATH);
                    try {
                        if (doAuth(nonAuthUserRepository, map, xMPPResourceConnection, BareJID.bareJIDInstance(childCDataStaticStr, xMPPResourceConnection.getDomain().getVhost().getDomain()), element.getChildCDataStaticStr(IQ_QUERY_PASSWORD_PATH), element.getChildCDataStaticStr(IQ_QUERY_DIGEST_PATH)) == Authorization.AUTHORIZED) {
                            if (childCDataStaticStr2 != null && !childCDataStaticStr2.isEmpty()) {
                                xMPPResourceConnection.setResource(childCDataStaticStr2);
                            }
                            queue.offer(xMPPResourceConnection.getAuthState().getResponseMessage(packet, "Authentication successful.", false));
                        } else {
                            queue.offer(Authorization.NOT_AUTHORIZED.getResponseMessage(packet, "Authentication failed", false));
                            queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                        }
                    } catch (Exception e3) {
                        log.info("Authentication failed: " + childCDataStaticStr);
                        if (log.isLoggable(Level.FINEST)) {
                            log.log(Level.FINEST, "Authorization exception: ", (Throwable) e3);
                        }
                        Packet responseMessage2 = Authorization.NOT_AUTHORIZED.getResponseMessage(packet, e3.getMessage(), false);
                        responseMessage2.setPriority(Priority.SYSTEM);
                        queue.offer(responseMessage2);
                        Integer num = (Integer) xMPPResourceConnection.getSessionData("auth-retries");
                        if (num == null) {
                            num = new Integer(0);
                        }
                        if (num.intValue() < 3) {
                            xMPPResourceConnection.putSessionData("auth-retries", new Integer(num.intValue() + 1));
                        } else {
                            queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                        }
                    }
                    return;
                default:
                    queue.offer(Authorization.BAD_REQUEST.getResponseMessage(packet, "Message type is incorrect", false));
                    queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                    return;
            }
        }
    }

    protected Authorization doAuth(NonAuthUserRepository nonAuthUserRepository, Map<String, Object> map, XMPPResourceConnection xMPPResourceConnection, BareJID bareJID, String str, String str2) {
        try {
            CallbackHandler create = this.callbackHandlerFactory.create(TigaseCustomAuth.DEF_SASL_MECHS, xMPPResourceConnection, nonAuthUserRepository, map);
            Callback nameCallback = new NameCallback("Authentication identity", bareJID.getLocalpart());
            VerifyPasswordCallback verifyPasswordCallback = new VerifyPasswordCallback(str);
            create.handle(new Callback[]{nameCallback});
            try {
                create.handle(new Callback[]{verifyPasswordCallback});
            } catch (UnsupportedCallbackException e) {
                PasswordCallback passwordCallback = new PasswordCallback(ClusterRepoItem.PASSWORD_LABEL, false);
                create.handle(new Callback[]{passwordCallback});
                char[] password = passwordCallback.getPassword();
                if (password != null && str.equals(new String(password))) {
                    xMPPResourceConnection.authorizeJID(bareJID, false);
                    return Authorization.AUTHORIZED;
                }
            }
            if (!verifyPasswordCallback.isVerified()) {
                return Authorization.NOT_AUTHORIZED;
            }
            xMPPResourceConnection.authorizeJID(bareJID, false);
            return Authorization.AUTHORIZED;
        } catch (Exception e2) {
            log.log(Level.WARNING, "Can't authenticate with given CallbackHandler", (Throwable) e2);
            return Authorization.INTERNAL_SERVER_ERROR;
        }
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supDiscoFeatures(XMPPResourceConnection xMPPResourceConnection) {
        return DISCO_FEATURES;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[][] supElementNamePaths() {
        return ELEMENT_PATHS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[] supNamespaces() {
        return XMLNSS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supStreamFeatures(XMPPResourceConnection xMPPResourceConnection) {
        if (xMPPResourceConnection == null || xMPPResourceConnection.isAuthorized()) {
            return null;
        }
        if (!xMPPResourceConnection.isTlsRequired() || xMPPResourceConnection.isEncrypted()) {
            return FEATURES;
        }
        return null;
    }
}
