package tigase.xmpp.impl;

import java.util.Map;
import java.util.Queue;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.Sasl;
import org.apache.derby.shared.common.reference.DRDAConstants;
import tigase.auth.BruteForceLockerBean;
import tigase.auth.TigaseSaslProvider;
import tigase.auth.callbacks.VerifyPasswordCallback;
import tigase.cluster.repo.ClusterRepoItem;
import tigase.cluster.strategy.DefaultClusteringStrategy;
import tigase.db.AuthRepository;
import tigase.db.NonAuthUserRepository;
import tigase.kernel.beans.Bean;
import tigase.kernel.beans.Inject;
import tigase.server.Command;
import tigase.server.Iq;
import tigase.server.Packet;
import tigase.server.Priority;
import tigase.server.xmppsession.SessionManager;
import tigase.xml.Element;
import tigase.xmpp.Authorization;
import tigase.xmpp.NotAuthorizedException;
import tigase.xmpp.StanzaType;
import tigase.xmpp.XMPPException;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;
import tigase.xmpp.jid.BareJID;

@Bean(name = "jabber:iq:auth", parent = SessionManager.class, active = true)
/* loaded from: input_file:tigase/xmpp/impl/JabberIqAuth.class */
public class JabberIqAuth extends AbstractAuthPreprocessor implements XMPPProcessorIfc {
    private static final String XMLNS = "jabber:iq:auth";
    protected static final String ID = "jabber:iq:auth";

    @Inject
    private BruteForceLockerBean bruteForceLocker;

    @Inject
    private TigaseSaslProvider saslProvider;
    private static final String[][] ELEMENT_PATHS = {Iq.IQ_QUERY_PATH};
    private static final Logger log = Logger.getLogger(JabberIqAuth.class.getName());
    private static final String[] XMLNSS = {"jabber:iq:auth"};
    private static final String[] IQ_QUERY_USERNAME_PATH = {Iq.ELEM_NAME, Iq.QUERY_NAME, "username"};
    private static final String[] IQ_QUERY_RESOURCE_PATH = {Iq.ELEM_NAME, Iq.QUERY_NAME, DefaultClusteringStrategy.RESOURCE};
    private static final String[] IQ_QUERY_PASSWORD_PATH = {Iq.ELEM_NAME, Iq.QUERY_NAME, "password"};
    private static final String[] IQ_QUERY_DIGEST_PATH = {Iq.ELEM_NAME, Iq.QUERY_NAME, AuthRepository.DIGEST_KEY};
    private static final Element[] FEATURES = {new Element("auth", new String[]{"xmlns"}, new String[]{"http://jabber.org/features/iq-auth"})};
    private static final Element[] DISCO_FEATURES = {new Element("feature", new String[]{"var"}, new String[]{"jabber:iq:auth"})};

    /* renamed from: tigase.xmpp.impl.JabberIqAuth$1, reason: invalid class name */
    /* loaded from: input_file:tigase/xmpp/impl/JabberIqAuth$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$tigase$db$AuthRepository$AccountStatus;

        static {
            try {
                $SwitchMap$tigase$xmpp$StanzaType[StanzaType.get.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$tigase$xmpp$StanzaType[StanzaType.set.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$tigase$db$AuthRepository$AccountStatus = new int[AuthRepository.AccountStatus.values().length];
            try {
                $SwitchMap$tigase$db$AuthRepository$AccountStatus[AuthRepository.AccountStatus.pending.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$tigase$db$AuthRepository$AccountStatus[AuthRepository.AccountStatus.disabled.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$tigase$db$AuthRepository$AccountStatus[AuthRepository.AccountStatus.banned.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$tigase$db$AuthRepository$AccountStatus[AuthRepository.AccountStatus.spam.ordinal()] = 4;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$tigase$db$AuthRepository$AccountStatus[AuthRepository.AccountStatus.undefined_inactive.ordinal()] = 5;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    @Override // tigase.xmpp.XMPPImplIfc
    public String id() {
        return "jabber:iq:auth";
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:30:0x00ce. Please report as an issue. */
    @Override // tigase.xmpp.XMPPProcessorIfc
    public void process(Packet packet, XMPPResourceConnection xMPPResourceConnection, NonAuthUserRepository nonAuthUserRepository, Queue<Packet> queue, Map<String, Object> map) throws XMPPException {
        if (xMPPResourceConnection == null) {
            return;
        }
        synchronized (xMPPResourceConnection) {
            if (xMPPResourceConnection.getSessionData(XMPPResourceConnection.AUTHENTICATION_TIMEOUT_KEY) != null) {
                return;
            }
            if (xMPPResourceConnection.isAuthorized()) {
                Packet responseMessage = Authorization.NOT_AUTHORIZED.getResponseMessage(packet, "Cannot authenticate twice on the same stream.", false);
                responseMessage.setPriority(Priority.SYSTEM);
                queue.offer(responseMessage);
                queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Discovered second authentication attempt: {0}, packet: {1}", new Object[]{xMPPResourceConnection.toString(), packet.toString()});
                }
                try {
                    xMPPResourceConnection.logout();
                } catch (NotAuthorizedException e) {
                    log.log(Level.FINER, "Unsuccessful session logout: {0}", xMPPResourceConnection.toString());
                }
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Session after logout: {0}", xMPPResourceConnection.toString());
                }
                return;
            }
            Element element = packet.getElement();
            switch (packet.getType()) {
                case get:
                    try {
                        StringBuilder sb = new StringBuilder("<username/>");
                        if (this.saslProvider.filterMechanisms(Sasl.getSaslServerFactories(), xMPPResourceConnection).contains("PLAIN")) {
                            sb.append("<password/>");
                        }
                        sb.append("<resource/>");
                        queue.offer(packet.okResult(sb.toString(), 1));
                    } catch (NullPointerException e2) {
                        if (log.isLoggable(Level.FINE)) {
                            log.fine("Database problem, most likely misconfiguration error: " + e2);
                        }
                        queue.offer(Authorization.INTERNAL_SERVER_ERROR.getResponseMessage(packet, "Database access problem, please contact administrator.", true));
                    }
                    return;
                case set:
                    String childCDataStaticStr = element.getChildCDataStaticStr(IQ_QUERY_USERNAME_PATH);
                    String childCDataStaticStr2 = element.getChildCDataStaticStr(IQ_QUERY_RESOURCE_PATH);
                    String childCDataStaticStr3 = element.getChildCDataStaticStr(IQ_QUERY_PASSWORD_PATH);
                    String childCDataStaticStr4 = element.getChildCDataStaticStr(IQ_QUERY_DIGEST_PATH);
                    if (childCDataStaticStr == null || childCDataStaticStr2 == null || (childCDataStaticStr3 == null && childCDataStaticStr4 == null)) {
                        queue.offer(Authorization.NOT_ACCEPTABLE.getResponseMessage(packet, "Authentication failed: Required Information Not Provided", false));
                        queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                        return;
                    }
                    try {
                        BareJID bareJIDInstance = BareJID.bareJIDInstance(childCDataStaticStr, xMPPResourceConnection.getDomain().getVhost().getDomain());
                        switch (AnonymousClass1.$SwitchMap$tigase$db$AuthRepository$AccountStatus[xMPPResourceConnection.getAuthRepository().getAccountStatus(bareJIDInstance).ordinal()]) {
                            case 1:
                                queue.offer(Authorization.NOT_AUTHORIZED.getResponseMessage(packet, "Account is pending verification, please confirm the email address by clicking on the link sent to you", false));
                                queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                                return;
                            case 2:
                            case DRDAConstants.DRDA_TYPE_NINTEGER /* 3 */:
                            case 4:
                            case 5:
                                queue.offer(Authorization.NOT_AUTHORIZED.getResponseMessage(packet, "Account was disabled, please contact the support", false));
                                queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                                return;
                            default:
                                if (doAuth(nonAuthUserRepository, map, xMPPResourceConnection, bareJIDInstance, childCDataStaticStr3, childCDataStaticStr4) == Authorization.AUTHORIZED) {
                                    if (childCDataStaticStr2 != null && !childCDataStaticStr2.isEmpty()) {
                                        xMPPResourceConnection.setResource(childCDataStaticStr2);
                                    }
                                    queue.offer(xMPPResourceConnection.getAuthState().getResponseMessage(packet, "Authentication successful.", false));
                                } else {
                                    queue.offer(Authorization.NOT_AUTHORIZED.getResponseMessage(packet, "Authentication failed", false));
                                    queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                                }
                                break;
                        }
                    } catch (Exception e3) {
                        log.log(Level.CONFIG, "Authentication failed: " + childCDataStaticStr);
                        if (log.isLoggable(Level.FINEST)) {
                            log.log(Level.FINEST, "Authorization exception: ", (Throwable) e3);
                        }
                        Packet responseMessage2 = Authorization.NOT_AUTHORIZED.getResponseMessage(packet, e3.getMessage(), false);
                        responseMessage2.setPriority(Priority.SYSTEM);
                        queue.offer(responseMessage2);
                        Integer num = (Integer) xMPPResourceConnection.getSessionData("auth-retries");
                        if (num == null) {
                            num = new Integer(0);
                        }
                        if (num.intValue() < 3) {
                            xMPPResourceConnection.putSessionData("auth-retries", new Integer(num.intValue() + 1));
                        } else {
                            queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                        }
                    }
                    return;
                default:
                    queue.offer(Authorization.BAD_REQUEST.getResponseMessage(packet, "Message type is incorrect", false));
                    queue.offer(Command.CLOSE.getPacket(packet.getTo(), packet.getFrom(), StanzaType.set, xMPPResourceConnection.nextStanzaId()));
                    return;
            }
        }
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supDiscoFeatures(XMPPResourceConnection xMPPResourceConnection) {
        return DISCO_FEATURES;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[][] supElementNamePaths() {
        return ELEMENT_PATHS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[] supNamespaces() {
        return XMLNSS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supStreamFeatures(XMPPResourceConnection xMPPResourceConnection) {
        if (xMPPResourceConnection == null || xMPPResourceConnection.isAuthorized()) {
            return null;
        }
        if (!xMPPResourceConnection.isTlsRequired() || xMPPResourceConnection.isEncrypted()) {
            return FEATURES;
        }
        return null;
    }

    protected Authorization doAuth(NonAuthUserRepository nonAuthUserRepository, Map<String, Object> map, XMPPResourceConnection xMPPResourceConnection, BareJID bareJID, String str, String str2) {
        try {
            CallbackHandler create = this.saslProvider.create("PLAIN", xMPPResourceConnection, nonAuthUserRepository, map);
            Callback nameCallback = new NameCallback("Authentication identity", bareJID.getLocalpart());
            VerifyPasswordCallback verifyPasswordCallback = new VerifyPasswordCallback(str);
            String clientIp = BruteForceLockerBean.getClientIp(xMPPResourceConnection);
            create.handle(new Callback[]{nameCallback});
            try {
                create.handle(new Callback[]{verifyPasswordCallback});
            } catch (UnsupportedCallbackException e) {
                PasswordCallback passwordCallback = new PasswordCallback(ClusterRepoItem.PASSWORD_LABEL, false);
                create.handle(new Callback[]{passwordCallback});
                char[] password = passwordCallback.getPassword();
                if (password != null && str.equals(new String(password))) {
                    if (this.bruteForceLocker.isLoginAllowed(xMPPResourceConnection, clientIp, bareJID)) {
                        xMPPResourceConnection.authorizeJID(bareJID, false);
                        return Authorization.AUTHORIZED;
                    }
                    this.bruteForceLocker.addInvalidLogin(xMPPResourceConnection, clientIp, bareJID);
                    return Authorization.NOT_AUTHORIZED;
                }
            }
            if (!verifyPasswordCallback.isVerified()) {
                this.bruteForceLocker.addInvalidLogin(xMPPResourceConnection, clientIp, bareJID);
                return Authorization.NOT_AUTHORIZED;
            }
            if (this.bruteForceLocker.isLoginAllowed(xMPPResourceConnection, clientIp, bareJID)) {
                xMPPResourceConnection.authorizeJID(bareJID, false);
                return Authorization.AUTHORIZED;
            }
            this.bruteForceLocker.addInvalidLogin(xMPPResourceConnection, clientIp, bareJID);
            return Authorization.NOT_AUTHORIZED;
        } catch (Exception e2) {
            log.log(Level.WARNING, "Can''t authenticate with given CallbackHandler", (Throwable) e2);
            return Authorization.INTERNAL_SERVER_ERROR;
        }
    }
}
