package tigase.auth.mechanisms;

import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.Random;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import tigase.auth.SaslInvalidLoginExcepion;
import tigase.auth.XmppSaslException;
import tigase.auth.callbacks.AuthorizationIdCallback;
import tigase.auth.callbacks.ChannelBindingCallback;
import tigase.auth.callbacks.PBKDIterationsCallback;
import tigase.auth.callbacks.SaltCallback;
import tigase.auth.callbacks.SaltedPasswordCallback;
import tigase.util.Base64;
import tigase.xmpp.impl.PresenceCapabilitiesManager;

/* loaded from: input_file:tigase/auth/mechanisms/AbstractSaslSCRAM.class */
public abstract class AbstractSaslSCRAM extends AbstractSasl {
    public static final String TLS_UNIQUE_ID_KEY = "TLS_UNIQUE_ID_KEY";
    public static final String LOCAL_CERTIFICATE_KEY = "LOCAL_CERTIFICATE_KEY";
    private static final String ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    private final String algorithm;
    private final byte[] clientKeyData;
    private final String hmacAlgorithm;
    private final String mechanismName;
    private final byte[] serverKeyData;
    private final String serverNonce;
    private byte[] bindingData;
    private String cfmAuthzid;
    private String cfmBareMessage;
    private String cfmCbname;
    private String cfmGs2header;
    private String cfmUsername;
    private byte[] clientKey;
    private Random random;
    private BindType requestedBindType;
    private byte[] saltedPassword;
    private String sfmMessage;
    private String sfmNonce;
    private Step step;
    private byte[] storedKey;
    private static final Charset CHARSET = Charset.forName(PresenceCapabilitiesManager.charsetName);
    protected static final byte[] DEFAULT_CLIENT_KEY = "Client Key".getBytes(CHARSET);
    protected static final byte[] DEFAULT_SERVER_KEY = "Server Key".getBytes(CHARSET);
    private static final Pattern CLIENT_FIRST_MESSAGE = Pattern.compile("^(?<gs2Header>(?:y|n|p=(?<cbName>[a-zA-z0-9.-]+)),(?:a=(?<authzid>(?:[^,\\x00-\\x20\\x2C]|=2C|=3D)+))?,)(?<clientFirstBare>(?<mext>m=[^\\000=]+,)?n=(?<username>(?:[^,\\x00-\\x20\\x2C]|=2C|=3D)+),r=(?<nonce>[^,\\x00-\\x20\\x2C]+)(?:,.*)?)$");
    private static final Pattern CLIENT_LAST_MESSAGE = Pattern.compile("^(?<withoutProof>c=(?<cb>[a-zA-Z0-9/+=]+),(?:r=(?<nonce>[^,\\x00-\\x20\\x2C]+))(?:,.*)?),p=(?<proof>[a-zA-Z0-9/+=]+)$");

    /* loaded from: input_file:tigase/auth/mechanisms/AbstractSaslSCRAM$BindType.class */
    public enum BindType {
        n,
        y,
        tls_unique,
        tls_server_end_point
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:tigase/auth/mechanisms/AbstractSaslSCRAM$Step.class */
    public enum Step {
        clientFinalMessage,
        clientFirstMessage,
        finished
    }

    public static byte[] hi(String str, byte[] bArr, byte[] bArr2, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (str.startsWith("SHA-")) {
            str = str.replace("SHA-", "SHA");
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "Hmac" + str);
        byte[] bArr3 = new byte[bArr2.length + 4];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(new byte[]{0, 0, 0, 1}, 0, bArr3, bArr2.length, 4);
        byte[] hmac = hmac(secretKeySpec, bArr3);
        byte[] bArr4 = new byte[hmac.length];
        System.arraycopy(hmac, 0, bArr4, 0, bArr4.length);
        for (int i2 = 1; i2 < i; i2++) {
            hmac = hmac(secretKeySpec, hmac);
            for (int i3 = 0; i3 < hmac.length; i3++) {
                int i4 = i3;
                bArr4[i4] = (byte) (bArr4[i4] ^ hmac[i3]);
            }
        }
        return bArr4;
    }

    protected static byte[] hmac(SecretKey secretKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(secretKey.getAlgorithm());
        mac.init(secretKey);
        return mac.doFinal(bArr);
    }

    public static byte[] normalize(String str) {
        return str.getBytes(CHARSET);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractSaslSCRAM(String str, String str2, byte[] bArr, byte[] bArr2, Map<? super String, ?> map, CallbackHandler callbackHandler) {
        super(map, callbackHandler);
        this.bindingData = null;
        this.random = new SecureRandom();
        this.step = Step.clientFirstMessage;
        this.mechanismName = str;
        this.algorithm = str2;
        this.hmacAlgorithm = "Hmac" + (str2.startsWith("SHA-") ? str2.replace("SHA-", "SHA") : str2);
        this.clientKeyData = bArr;
        this.serverKeyData = bArr2;
        this.serverNonce = randomString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractSaslSCRAM(String str, String str2, byte[] bArr, byte[] bArr2, Map<? super String, ?> map, CallbackHandler callbackHandler, String str3) {
        super(map, callbackHandler);
        this.bindingData = null;
        this.random = new SecureRandom();
        this.step = Step.clientFirstMessage;
        this.mechanismName = str;
        this.algorithm = str2;
        this.hmacAlgorithm = "Hmac" + (str2.startsWith("SHA-") ? str2.replace("SHA-", "SHA") : str2);
        this.clientKeyData = bArr;
        this.serverKeyData = bArr2;
        this.serverNonce = str3;
    }

    protected byte[] calculateC() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(this.cfmGs2header.getBytes(CHARSET));
            if (this.requestedBindType == BindType.tls_unique || this.requestedBindType == BindType.tls_server_end_point) {
                byteArrayOutputStream.write(this.bindingData);
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected abstract void checkRequestedBindType(BindType bindType) throws SaslException;

    private BindType createBindType(String str, String str2) throws SaslException {
        char charAt = str.charAt(0);
        if ('n' == charAt) {
            return BindType.n;
        }
        if ('y' == charAt) {
            return BindType.y;
        }
        if ("tls-unique".equals(str2)) {
            return BindType.tls_unique;
        }
        if ("tls-server-end-point".equals(str2)) {
            return BindType.tls_server_end_point;
        }
        throw new SaslException("Unsupported channel binding type");
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        try {
            switch (this.step) {
                case clientFirstMessage:
                    return processClientFirstMessage(bArr);
                case clientFinalMessage:
                    return processClientLastMessage(bArr);
                default:
                    throw new SaslException(getMechanismName() + ": Server at illegal state");
            }
        } catch (SaslException e) {
            throw e;
        } catch (Exception e2) {
            this.log.log(Level.FINEST, "Error evaluating response", (Throwable) e2);
            throw new SaslException("SASL Failed", e2);
        }
    }

    public String getAuthorizationID() {
        return this.authorizedId;
    }

    public String getMechanismName() {
        return this.mechanismName;
    }

    protected byte[] h(byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(this.algorithm).digest(bArr);
    }

    protected SecretKey key(byte[] bArr) {
        return new SecretKeySpec(bArr, this.hmacAlgorithm);
    }

    protected byte[] processClientFirstMessage(byte[] bArr) throws SaslException, InvalidKeyException, NoSuchAlgorithmException {
        Matcher matcher = CLIENT_FIRST_MESSAGE.matcher(new String(bArr, CHARSET));
        if (!matcher.matches()) {
            throw new SaslException("Bad challenge syntax");
        }
        this.cfmGs2header = matcher.group("gs2Header");
        this.cfmCbname = matcher.group("cbName");
        this.requestedBindType = createBindType(this.cfmGs2header, this.cfmCbname);
        this.cfmAuthzid = matcher.group("authzid");
        this.cfmBareMessage = matcher.group("clientFirstBare");
        matcher.group("mext");
        this.cfmUsername = matcher.group("username");
        String group = matcher.group("nonce");
        checkRequestedBindType(this.requestedBindType);
        ChannelBindingCallback channelBindingCallback = new ChannelBindingCallback("Channel binding data", this.requestedBindType);
        Callback nameCallback = new NameCallback("Authentication identity", this.cfmUsername);
        AuthorizationIdCallback authorizationIdCallback = new AuthorizationIdCallback("Authorization identity", this.cfmAuthzid);
        PBKDIterationsCallback pBKDIterationsCallback = new PBKDIterationsCallback("PBKD2 iterations");
        SaltCallback saltCallback = new SaltCallback("Salt");
        SaltedPasswordCallback saltedPasswordCallback = new SaltedPasswordCallback("Salted password");
        handleCallbacks(nameCallback, authorizationIdCallback, pBKDIterationsCallback, saltCallback, saltedPasswordCallback, channelBindingCallback);
        if (saltedPasswordCallback.getSaltedPassword() == null) {
            throw new SaslException("Unknown user");
        }
        if (saltedPasswordCallback.getSaltedPassword().length == 0) {
            if (this.log.isLoggable(Level.WARNING)) {
                this.log.log(Level.WARNING, "User {0} exists, but his password is empty.", this.cfmUsername);
            }
            throw new SaslException("Unknown user");
        }
        this.cfmAuthzid = authorizationIdCallback.getAuthzId();
        if (this.cfmAuthzid == null) {
            this.cfmAuthzid = nameCallback.getName();
        }
        validateBindingsData(this.requestedBindType, channelBindingCallback.getBindingData());
        this.bindingData = channelBindingCallback.getBindingData();
        this.sfmNonce = group + this.serverNonce;
        this.saltedPassword = saltedPasswordCallback.getSaltedPassword();
        this.clientKey = hmac(key(this.saltedPassword), this.clientKeyData);
        this.storedKey = h(this.clientKey);
        StringBuilder sb = new StringBuilder();
        sb.append("r=").append(this.sfmNonce).append(",");
        sb.append("s=").append(Base64.encode(saltCallback.getSalt())).append(",");
        sb.append("i=").append(pBKDIterationsCallback.getInterations());
        this.sfmMessage = sb.toString();
        this.step = Step.clientFinalMessage;
        return this.sfmMessage.getBytes(CHARSET);
    }

    protected byte[] processClientLastMessage(byte[] bArr) throws SaslException, InvalidKeyException, NoSuchAlgorithmException {
        Matcher matcher = CLIENT_LAST_MESSAGE.matcher(new String(bArr, CHARSET));
        if (!matcher.matches()) {
            throw new SaslException("Bad challenge syntax");
        }
        String group = matcher.group("withoutProof");
        byte[] decode = Base64.decode(matcher.group("cb"));
        String group2 = matcher.group("nonce");
        String group3 = matcher.group("proof");
        byte[] calculateC = calculateC();
        if (!new String(decode, CHARSET).startsWith(this.cfmGs2header)) {
            throw new XmppSaslException(XmppSaslException.SaslError.not_authorized, "Invalid GS2 header");
        }
        if (!Arrays.equals(decode, calculateC)) {
            if (this.log.isLoggable(Level.FINEST)) {
                this.log.log(Level.FINEST, "Channel bindings does not match. expected: {0}; received: {1}", new Object[]{calculateC, decode});
            }
            throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.not_authorized, this.cfmAuthzid, "Channel bindings does not match");
        }
        if (!group2.equals(this.sfmNonce)) {
            throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.not_authorized, this.cfmAuthzid, "Wrong nonce");
        }
        String str = this.cfmBareMessage + "," + this.sfmMessage + "," + group;
        if (!Arrays.equals(xor(this.clientKey, hmac(key(this.storedKey), str.getBytes(CHARSET))), Base64.decode(group3))) {
            throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.not_authorized, this.cfmAuthzid, PASSWORD_NOT_VERIFIED_MSG);
        }
        AuthorizeCallback authorizeCallback = new AuthorizeCallback(this.cfmUsername, this.cfmAuthzid);
        handleCallbacks(authorizeCallback);
        if (!authorizeCallback.isAuthorized()) {
            throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.invalid_authzid, this.cfmAuthzid, "SCRAM: " + this.cfmAuthzid + " is not authorized to act as " + this.cfmAuthzid);
        }
        this.authorizedId = authorizeCallback.getAuthorizedID();
        byte[] hmac = hmac(key(hmac(key(this.saltedPassword), this.serverKeyData)), str.getBytes(CHARSET));
        StringBuilder sb = new StringBuilder();
        sb.append("v=").append(Base64.encode(hmac));
        this.step = Step.finished;
        this.complete = true;
        return sb.toString().getBytes(CHARSET);
    }

    private String randomString() {
        int length = ALPHABET.length();
        char[] cArr = new char[20];
        for (int i = 0; i < 20; i++) {
            cArr[i] = ALPHABET.charAt(this.random.nextInt(length));
        }
        return new String(cArr);
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) {
        return null;
    }

    protected void validateBindingsData(BindType bindType, byte[] bArr) {
        if (bindType == BindType.tls_server_end_point && bArr == null) {
            throw new RuntimeException("Binding data not found!");
        }
        if (bindType == BindType.tls_unique && bArr == null) {
            throw new RuntimeException("Binding data not found!");
        }
    }

    public byte[] wrap(byte[] bArr, int i, int i2) {
        return null;
    }

    protected byte[] xor(byte[] bArr, byte[] bArr2) {
        int length = bArr.length;
        byte[] bArr3 = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }
}
