package tigase.xmpp.impl;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Queue;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.sasl.Sasl;
import tigase.auth.BruteForceLockerBean;
import tigase.auth.CallbackHandlerFactory;
import tigase.auth.SaslInvalidLoginExcepion;
import tigase.auth.TigaseSaslProvider;
import tigase.auth.XmppSaslException;
import tigase.auth.mechanisms.AbstractSaslSCRAM;
import tigase.auth.mechanisms.SaslSCRAMPlus;
import tigase.db.AuthRepository;
import tigase.db.TigaseDBException;
import tigase.kernel.beans.Bean;
import tigase.kernel.beans.Inject;
import tigase.server.Packet;
import tigase.server.Priority;
import tigase.server.xmppsession.SessionManager;
import tigase.xml.Element;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;
import tigase.xmpp.jid.BareJID;

@Bean(name = "urn:ietf:params:xml:ns:xmpp-sasl", parent = SessionManager.class, active = true)
/* loaded from: input_file:tigase/xmpp/impl/SaslAuth.class */
public class SaslAuth extends AbstractAuthPreprocessor implements XMPPProcessorIfc {
    public static final String ID = "urn:ietf:params:xml:ns:xmpp-sasl";
    private static final String _XMLNS = "urn:ietf:params:xml:ns:xmpp-sasl";
    protected static final String ALLOWED_SASL_MECHANISMS_KEY = "allowed-sasl-mechanisms";
    private static final String SASL_SERVER_KEY = "SASL_SERVER_KEY";
    private final Map<String, Object> props = new HashMap();

    @Inject
    private BruteForceLockerBean bruteForceLocker;

    @Inject
    private TigaseSaslProvider saslProvider;
    private static final Element[] DISCO_FEATURES = {new Element("feature", new String[]{"var"}, new String[]{"urn:ietf:params:xml:ns:xmpp-sasl"})};
    private static final String[][] ELEMENTS = {new String[]{"auth"}, new String[]{"response"}, new String[]{"challenge"}, new String[]{"failure"}, new String[]{"success"}, new String[]{"abort"}};
    private static final Logger log = Logger.getLogger(SaslAuth.class.getName());
    private static final String[] XMLNSS = {"urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl", "urn:ietf:params:xml:ns:xmpp-sasl"};

    /* loaded from: input_file:tigase/xmpp/impl/SaslAuth$ElementType.class */
    public enum ElementType {
        abort,
        auth,
        challenge,
        failure,
        response,
        success
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public int concurrentQueuesNo() {
        return super.concurrentQueuesNo() * 4;
    }

    @Override // tigase.xmpp.XMPPImplIfc
    public String id() {
        return "urn:ietf:params:xml:ns:xmpp-sasl";
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:85:0x02ed A[Catch: LoginLockedException -> 0x0344, XmppSaslException -> 0x0373, SaslException -> 0x03af, Exception -> 0x03e5, all -> 0x0417, TryCatch #7 {LoginLockedException -> 0x0344, XmppSaslException -> 0x0373, blocks: (B:31:0x00ca, B:33:0x00d4, B:35:0x00e9, B:36:0x00f6, B:38:0x010c, B:43:0x0123, B:45:0x0141, B:47:0x0170, B:48:0x0181, B:49:0x0182, B:50:0x01c7, B:52:0x01d3, B:54:0x01dc, B:56:0x01e6, B:57:0x020a, B:59:0x021a, B:60:0x0227, B:62:0x0231, B:64:0x023b, B:66:0x024b, B:67:0x0272, B:69:0x027d, B:71:0x028c, B:72:0x0293, B:73:0x0294, B:75:0x02a0, B:77:0x02ad, B:79:0x02c1, B:83:0x02d8, B:85:0x02ed, B:86:0x02f8, B:96:0x025a, B:97:0x0312, B:99:0x031c, B:100:0x0336, B:101:0x0340, B:105:0x01f3, B:107:0x01fb, B:108:0x0205, B:109:0x012f, B:110:0x0140, B:111:0x018d, B:113:0x0197, B:115:0x01a7, B:116:0x01b1, B:117:0x01b2, B:118:0x01c6), top: B:30:0x00ca, outer: #4 }] */
    /* JADX WARN: Type inference failed for: r17v2, types: [java.lang.Throwable, tigase.auth.XmppSaslException, java.lang.Exception] */
    @Override // tigase.xmpp.XMPPProcessorIfc
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void process(tigase.server.Packet r9, tigase.xmpp.XMPPResourceConnection r10, tigase.db.NonAuthUserRepository r11, java.util.Queue<tigase.server.Packet> r12, java.util.Map<java.lang.String, java.lang.Object> r13) {
        /*
            Method dump skipped, instructions count: 1056
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: tigase.xmpp.impl.SaslAuth.process(tigase.server.Packet, tigase.xmpp.XMPPResourceConnection, tigase.db.NonAuthUserRepository, java.util.Queue, java.util.Map):void");
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supDiscoFeatures(XMPPResourceConnection xMPPResourceConnection) {
        return DISCO_FEATURES;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[][] supElementNamePaths() {
        return ELEMENTS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[] supNamespaces() {
        return XMLNSS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supStreamFeatures(XMPPResourceConnection xMPPResourceConnection) {
        if (xMPPResourceConnection == null || xMPPResourceConnection.isAuthorized()) {
            return null;
        }
        Collection<String> filterMechanisms = this.saslProvider.filterMechanisms(Sasl.getSaslServerFactories(), xMPPResourceConnection);
        if (filterMechanisms.isEmpty()) {
            return null;
        }
        Element[] elementArr = new Element[filterMechanisms.size()];
        int i = 0;
        xMPPResourceConnection.putSessionData(ALLOWED_SASL_MECHANISMS_KEY, filterMechanisms);
        Iterator<String> it = filterMechanisms.iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            elementArr[i2] = new Element(AuthRepository.MACHANISM_KEY, it.next());
        }
        return (xMPPResourceConnection.isEncrypted() && xMPPResourceConnection.getSessionData(AbstractSaslSCRAM.LOCAL_CERTIFICATE_KEY) != null && SaslSCRAMPlus.containsScramPlus(filterMechanisms)) ? new Element[]{new Element("mechanisms", elementArr, new String[]{"xmlns"}, new String[]{"urn:ietf:params:xml:ns:xmpp-sasl"}), AbstractSaslSCRAM.getSupportedChannelBindings(xMPPResourceConnection)} : new Element[]{new Element("mechanisms", elementArr, new String[]{"xmlns"}, new String[]{"urn:ietf:params:xml:ns:xmpp-sasl"})};
    }

    protected void onAuthFail(XMPPResourceConnection xMPPResourceConnection) {
        xMPPResourceConnection.removeSessionData(SASL_SERVER_KEY);
    }

    private Element createReply(ElementType elementType, String str) {
        Element element = new Element(elementType.toString());
        element.setXMLNS("urn:ietf:params:xml:ns:xmpp-sasl");
        if (str != null) {
            element.setCData(str);
        }
        return element;
    }

    private void disableUser(XMPPResourceConnection xMPPResourceConnection, BareJID bareJID) {
        try {
            if (xMPPResourceConnection.getAuthRepository().getAccountStatus(bareJID) == AuthRepository.AccountStatus.active) {
                log.log(Level.CONFIG, "Disabling user " + bareJID);
                xMPPResourceConnection.getAuthRepository().setAccountStatus(bareJID, AuthRepository.AccountStatus.disabled);
            }
        } catch (TigaseDBException e) {
            log.log(Level.WARNING, "Cannot check status or disable user!", (Throwable) e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private BareJID extractUserJid(Exception exc, XMPPResourceConnection xMPPResourceConnection) {
        BareJID bareJID = null;
        if (exc instanceof SaslInvalidLoginExcepion) {
            String jid = ((SaslInvalidLoginExcepion) exc).getJid();
            bareJID = jid == null ? null : BareJID.bareJIDInstanceNS(jid);
        }
        if (bareJID != null) {
            bareJID = (BareJID) xMPPResourceConnection.getSessionData(CallbackHandlerFactory.AUTH_JID);
        }
        return bareJID;
    }

    private void saveIntoBruteForceLocker(XMPPResourceConnection xMPPResourceConnection, Exception exc) {
        try {
            if (this.bruteForceLocker.isEnabled(xMPPResourceConnection)) {
                String clientIp = BruteForceLockerBean.getClientIp(xMPPResourceConnection);
                BareJID extractUserJid = extractUserJid(exc, xMPPResourceConnection);
                if (clientIp == null && log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "There is no client IP. Cannot add entry to BruteForceLocker.");
                }
                if (extractUserJid == null && log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "There is no user JID. Cannot add entry to BruteForceLocker.");
                }
                if (extractUserJid != null && clientIp != null) {
                    this.bruteForceLocker.addInvalidLogin(xMPPResourceConnection, clientIp, extractUserJid);
                }
                if (this.bruteForceLocker.canUserBeDisabled(xMPPResourceConnection, clientIp, extractUserJid)) {
                    disableUser(xMPPResourceConnection, extractUserJid);
                }
            }
        } catch (Throwable th) {
            log.log(Level.WARNING, "Cannot update BruteForceLocker", th);
        }
    }

    private void sendNotAuthorized(XmppSaslException.SaslError saslError, String str, Packet packet, Queue<Packet> queue) {
        String str2 = saslError.getElementName() != null ? "<" + saslError.getElementName() + "/>" : "<not-authorized/>";
        if (str != null) {
            str2 = str2 + "<text xml:lang='en'>" + str + "</text>";
        }
        Packet swapFromTo = packet.swapFromTo(createReply(ElementType.failure, str2), null, null);
        swapFromTo.setPriority(Priority.SYSTEM);
        queue.offer(swapFromTo);
    }
}
