package tigase.xmpp.impl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import javax.security.sasl.Sasl;
import org.apache.derby.shared.common.reference.Attribute;
import tigase.auth.BruteForceLockerBean;
import tigase.auth.CallbackHandlerFactory;
import tigase.auth.SaslInvalidLoginExcepion;
import tigase.auth.TigaseSaslProvider;
import tigase.auth.XmppSaslException;
import tigase.auth.mechanisms.AbstractSaslSCRAM;
import tigase.auth.mechanisms.SaslSCRAMPlus;
import tigase.cluster.VirtualComponent;
import tigase.db.AuthRepository;
import tigase.db.TigaseDBException;
import tigase.kernel.beans.Bean;
import tigase.kernel.beans.Inject;
import tigase.server.Packet;
import tigase.server.Priority;
import tigase.server.xmppsession.SessionManager;
import tigase.xml.Element;
import tigase.xml.XMLNodeIfc;
import tigase.xmpp.XMPPProcessorIfc;
import tigase.xmpp.XMPPResourceConnection;
import tigase.xmpp.jid.BareJID;

@Bean(name = "urn:xmpp:sasl:2", parent = SessionManager.class, active = true)
/* loaded from: input_file:tigase/xmpp/impl/SaslAuth2.class */
public class SaslAuth2 extends AbstractAuthPreprocessor implements XMPPProcessorIfc {
    public static final String ID = "urn:xmpp:sasl:2";
    private static final String XMLNS = "urn:xmpp:sasl:2";
    protected static final String ALLOWED_SASL_MECHANISMS_KEY = "allowed-sasl-mechanisms";
    protected static final String USER_AGENT_KEY = "user-agent-key";
    protected static final String SASL_FEATURES_KEY = "sasl-features-key";
    private static final String SASL_SERVER_KEY = "SASL_SERVER_KEY";

    @Inject
    private BruteForceLockerBean bruteForceLocker;

    @Inject
    private TigaseSaslProvider saslProvider;

    @Inject(nullAllowed = true)
    private SessionManager sessionManager;

    @Inject
    private List<Inline> inlines;
    private final Map<String, Object> props = new HashMap();
    private static final Logger log = Logger.getLogger(SaslAuth2.class.getName());
    private static final Element[] DISCO_FEATURES = {new Element("feature", new String[]{"var"}, new String[]{"urn:xmpp:sasl:2"})};
    private static final String[][] ELEMENTS = {new String[]{"authenticate"}, new String[]{"response"}, new String[]{"challenge"}, new String[]{"failure"}, new String[]{"success"}, new String[]{"continue"}, new String[]{"next"}, new String[]{"data"}, new String[]{Attribute.UPGRADE_ATTR}, new String[]{"parameters"}, new String[]{"hash"}, new String[]{"abort"}};
    private static final String[] XMLNSS = {"urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2", "urn:xmpp:sasl:2"};

    /* loaded from: input_file:tigase/xmpp/impl/SaslAuth2$ElementType.class */
    public enum ElementType {
        ABORT,
        AUTHENTICATE,
        CHALLENGE,
        FAILURE,
        RESPONSE,
        SUCCESS,
        CONTINUE,
        NEXT,
        DATA,
        UPGRADE,
        PARAMETERS,
        HASH;

        private static Map<String, ElementType> ALL_TYPES = (Map) Arrays.stream(values()).collect(Collectors.toMap((v0) -> {
            return v0.getElementName();
        }, Function.identity()));
        private final String elementName = name().toLowerCase();

        public static ElementType parse(String str) {
            return ALL_TYPES.get(str);
        }

        ElementType() {
        }

        public String getElementName() {
            return this.elementName;
        }
    }

    /* loaded from: input_file:tigase/xmpp/impl/SaslAuth2$Inline.class */
    public interface Inline {

        /* loaded from: input_file:tigase/xmpp/impl/SaslAuth2$Inline$Action.class */
        public enum Action {
            sasl2,
            bind2
        }

        /* loaded from: input_file:tigase/xmpp/impl/SaslAuth2$Inline$Result.class */
        public static class Result {
            public final Element element;
            public final boolean shouldContinue;

            public Result(Element element, boolean z) {
                this.element = element;
                this.shouldContinue = z;
            }
        }

        boolean canHandle(XMPPResourceConnection xMPPResourceConnection, Element element);

        Element[] supStreamFeatures(Action action);

        CompletableFuture<Result> process(XMPPResourceConnection xMPPResourceConnection, Element element);
    }

    /* loaded from: input_file:tigase/xmpp/impl/SaslAuth2$UserAgent.class */
    public static class UserAgent {
        private final String id;
        private final String software;
        private final String device;

        public UserAgent(String str, String str2, String str3) {
            this.id = str;
            this.software = str2;
            this.device = str3;
        }

        public String getId() {
            return this.id;
        }

        public String getSoftware() {
            return this.software;
        }

        public String getDevice() {
            return this.device;
        }
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public int concurrentQueuesNo() {
        return super.concurrentQueuesNo() * 4;
    }

    @Override // tigase.xmpp.XMPPImplIfc
    public String id() {
        return "urn:xmpp:sasl:2";
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supDiscoFeatures(XMPPResourceConnection xMPPResourceConnection) {
        return DISCO_FEATURES;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[][] supElementNamePaths() {
        return ELEMENTS;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public String[] supNamespaces() {
        return XMLNSS;
    }

    public List<Inline> getInlines() {
        return this.inlines;
    }

    public void setInlines(List<Inline> list) {
        if (list == null) {
            list = Collections.emptyList();
        }
        List list2 = (List) list.stream().filter(inline -> {
            return inline instanceof StreamManagementInline;
        }).collect(Collectors.toList());
        if (!list2.isEmpty()) {
            list.removeAll(list2);
            list.addAll(0, list2);
        }
        this.inlines = list;
    }

    @Override // tigase.xmpp.XMPPProcessor, tigase.xmpp.XMPPImplIfc
    public Element[] supStreamFeatures(XMPPResourceConnection xMPPResourceConnection) {
        if (xMPPResourceConnection == null || xMPPResourceConnection.isAuthorized()) {
            return null;
        }
        Collection<String> filterMechanisms = this.saslProvider.filterMechanisms(Sasl.getSaslServerFactories(), xMPPResourceConnection);
        if (filterMechanisms.isEmpty()) {
            return null;
        }
        xMPPResourceConnection.putSessionData(ALLOWED_SASL_MECHANISMS_KEY, filterMechanisms);
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = filterMechanisms.iterator();
        while (it.hasNext()) {
            arrayList.add(new Element(AuthRepository.MACHANISM_KEY, it.next()));
        }
        Element element = new Element("inline");
        arrayList.add(element);
        Iterator<Inline> it2 = this.inlines.iterator();
        while (it2.hasNext()) {
            XMLNodeIfc[] supStreamFeatures = it2.next().supStreamFeatures(Inline.Action.sasl2);
            if (supStreamFeatures != null) {
                for (XMLNodeIfc xMLNodeIfc : supStreamFeatures) {
                    element.addChild(xMLNodeIfc);
                }
            }
        }
        return (xMPPResourceConnection.isEncrypted() && xMPPResourceConnection.getSessionData(AbstractSaslSCRAM.LOCAL_CERTIFICATE_KEY) != null && SaslSCRAMPlus.containsScramPlus(filterMechanisms)) ? new Element[]{new Element("authentication", (Element[]) arrayList.toArray(i -> {
            return new Element[i];
        }), new String[]{"xmlns"}, new String[]{"urn:xmpp:sasl:2"}), AbstractSaslSCRAM.getSupportedChannelBindings(xMPPResourceConnection)} : new Element[]{new Element("authentication", (Element[]) arrayList.toArray(i2 -> {
            return new Element[i2];
        }), new String[]{"xmlns"}, new String[]{"urn:xmpp:sasl:2"})};
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Removed duplicated region for block: B:104:0x03d6 A[Catch: LoginLockedException -> 0x0481, XmppSaslException -> 0x04b6, SaslException -> 0x04f8, Exception -> 0x0534, all -> 0x056c, TryCatch #7 {LoginLockedException -> 0x0481, XmppSaslException -> 0x04b6, blocks: (B:30:0x00bf, B:32:0x00cd, B:33:0x00e1, B:34:0x00e2, B:35:0x00f0, B:36:0x010c, B:38:0x0123, B:39:0x0130, B:41:0x0146, B:46:0x015d, B:48:0x017b, B:50:0x01ab, B:51:0x01bc, B:52:0x01bd, B:54:0x01e9, B:56:0x01f3, B:57:0x01fc, B:59:0x020d, B:61:0x0219, B:63:0x0224, B:65:0x0282, B:67:0x0292, B:68:0x029f, B:70:0x02a9, B:72:0x02b3, B:74:0x02c3, B:75:0x02ea, B:77:0x02f5, B:79:0x0304, B:80:0x030b, B:81:0x030c, B:83:0x0318, B:85:0x0325, B:87:0x0339, B:91:0x0350, B:93:0x0366, B:94:0x0371, B:96:0x0389, B:97:0x039a, B:99:0x03b9, B:101:0x03c3, B:102:0x03cc, B:104:0x03d6, B:105:0x03ed, B:107:0x03f7, B:109:0x0410, B:116:0x0429, B:126:0x02d2, B:127:0x044f, B:129:0x0459, B:130:0x0473, B:131:0x047d, B:133:0x0169, B:134:0x017a, B:135:0x022e, B:137:0x023f, B:138:0x0249, B:139:0x024a, B:141:0x0258, B:143:0x0263, B:144:0x026d, B:145:0x0281), top: B:29:0x00bf, outer: #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:93:0x0366 A[Catch: LoginLockedException -> 0x0481, XmppSaslException -> 0x04b6, SaslException -> 0x04f8, Exception -> 0x0534, all -> 0x056c, TryCatch #7 {LoginLockedException -> 0x0481, XmppSaslException -> 0x04b6, blocks: (B:30:0x00bf, B:32:0x00cd, B:33:0x00e1, B:34:0x00e2, B:35:0x00f0, B:36:0x010c, B:38:0x0123, B:39:0x0130, B:41:0x0146, B:46:0x015d, B:48:0x017b, B:50:0x01ab, B:51:0x01bc, B:52:0x01bd, B:54:0x01e9, B:56:0x01f3, B:57:0x01fc, B:59:0x020d, B:61:0x0219, B:63:0x0224, B:65:0x0282, B:67:0x0292, B:68:0x029f, B:70:0x02a9, B:72:0x02b3, B:74:0x02c3, B:75:0x02ea, B:77:0x02f5, B:79:0x0304, B:80:0x030b, B:81:0x030c, B:83:0x0318, B:85:0x0325, B:87:0x0339, B:91:0x0350, B:93:0x0366, B:94:0x0371, B:96:0x0389, B:97:0x039a, B:99:0x03b9, B:101:0x03c3, B:102:0x03cc, B:104:0x03d6, B:105:0x03ed, B:107:0x03f7, B:109:0x0410, B:116:0x0429, B:126:0x02d2, B:127:0x044f, B:129:0x0459, B:130:0x0473, B:131:0x047d, B:133:0x0169, B:134:0x017a, B:135:0x022e, B:137:0x023f, B:138:0x0249, B:139:0x024a, B:141:0x0258, B:143:0x0263, B:144:0x026d, B:145:0x0281), top: B:29:0x00bf, outer: #4 }] */
    /* JADX WARN: Removed duplicated region for block: B:96:0x0389 A[Catch: LoginLockedException -> 0x0481, XmppSaslException -> 0x04b6, SaslException -> 0x04f8, Exception -> 0x0534, all -> 0x056c, TryCatch #7 {LoginLockedException -> 0x0481, XmppSaslException -> 0x04b6, blocks: (B:30:0x00bf, B:32:0x00cd, B:33:0x00e1, B:34:0x00e2, B:35:0x00f0, B:36:0x010c, B:38:0x0123, B:39:0x0130, B:41:0x0146, B:46:0x015d, B:48:0x017b, B:50:0x01ab, B:51:0x01bc, B:52:0x01bd, B:54:0x01e9, B:56:0x01f3, B:57:0x01fc, B:59:0x020d, B:61:0x0219, B:63:0x0224, B:65:0x0282, B:67:0x0292, B:68:0x029f, B:70:0x02a9, B:72:0x02b3, B:74:0x02c3, B:75:0x02ea, B:77:0x02f5, B:79:0x0304, B:80:0x030b, B:81:0x030c, B:83:0x0318, B:85:0x0325, B:87:0x0339, B:91:0x0350, B:93:0x0366, B:94:0x0371, B:96:0x0389, B:97:0x039a, B:99:0x03b9, B:101:0x03c3, B:102:0x03cc, B:104:0x03d6, B:105:0x03ed, B:107:0x03f7, B:109:0x0410, B:116:0x0429, B:126:0x02d2, B:127:0x044f, B:129:0x0459, B:130:0x0473, B:131:0x047d, B:133:0x0169, B:134:0x017a, B:135:0x022e, B:137:0x023f, B:138:0x0249, B:139:0x024a, B:141:0x0258, B:143:0x0263, B:144:0x026d, B:145:0x0281), top: B:29:0x00bf, outer: #4 }] */
    /* JADX WARN: Type inference failed for: r16v2, types: [java.lang.Throwable, tigase.auth.XmppSaslException, java.lang.Exception] */
    @Override // tigase.xmpp.XMPPProcessorIfc
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void process(tigase.server.Packet r9, tigase.xmpp.XMPPResourceConnection r10, tigase.db.NonAuthUserRepository r11, java.util.Queue<tigase.server.Packet> r12, java.util.Map<java.lang.String, java.lang.Object> r13) throws tigase.xmpp.XMPPException {
        /*
            Method dump skipped, instructions count: 1397
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: tigase.xmpp.impl.SaslAuth2.process(tigase.server.Packet, tigase.xmpp.XMPPResourceConnection, tigase.db.NonAuthUserRepository, java.util.Queue, java.util.Map):void");
    }

    protected void onAuthFail(XMPPResourceConnection xMPPResourceConnection) {
        xMPPResourceConnection.removeSessionData(SASL_SERVER_KEY);
    }

    private Element createReply(ElementType elementType, String str) {
        Element element = new Element(elementType.getElementName());
        element.setXMLNS("urn:xmpp:sasl:2");
        if (str != null) {
            element.setCData(str);
        }
        return element;
    }

    private void disableUser(XMPPResourceConnection xMPPResourceConnection, BareJID bareJID) {
        try {
            if (xMPPResourceConnection.getAuthRepository().getAccountStatus(bareJID) == AuthRepository.AccountStatus.active) {
                log.log(Level.CONFIG, "Disabling user " + bareJID);
                xMPPResourceConnection.getAuthRepository().setAccountStatus(bareJID, AuthRepository.AccountStatus.disabled);
            }
        } catch (TigaseDBException e) {
            log.log(Level.WARNING, "Cannot check status or disable user!", (Throwable) e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private BareJID extractUserJid(Exception exc, XMPPResourceConnection xMPPResourceConnection) {
        BareJID bareJID = null;
        if (exc instanceof SaslInvalidLoginExcepion) {
            String jid = ((SaslInvalidLoginExcepion) exc).getJid();
            bareJID = jid == null ? null : BareJID.bareJIDInstanceNS(jid);
        }
        if (bareJID != null) {
            bareJID = (BareJID) xMPPResourceConnection.getSessionData(CallbackHandlerFactory.AUTH_JID);
        }
        return bareJID;
    }

    private void saveIntoBruteForceLocker(XMPPResourceConnection xMPPResourceConnection, Exception exc) {
        try {
            if (this.bruteForceLocker.isEnabled(xMPPResourceConnection)) {
                String clientIp = BruteForceLockerBean.getClientIp(xMPPResourceConnection);
                BareJID extractUserJid = extractUserJid(exc, xMPPResourceConnection);
                if (clientIp == null && log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "There is no client IP. Cannot add entry to BruteForceLocker.");
                }
                if (extractUserJid == null && log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, "There is no user JID. Cannot add entry to BruteForceLocker.");
                }
                if (extractUserJid != null && clientIp != null) {
                    this.bruteForceLocker.addInvalidLogin(xMPPResourceConnection, clientIp, extractUserJid);
                }
                if (this.bruteForceLocker.canUserBeDisabled(xMPPResourceConnection, clientIp, extractUserJid)) {
                    disableUser(xMPPResourceConnection, extractUserJid);
                }
            }
        } catch (Throwable th) {
            log.log(Level.WARNING, "Cannot update BruteForceLocker", th);
        }
    }

    private Packet createSaslErrorResponse(XmppSaslException.SaslError saslError, String str, Packet packet) {
        Element element = new Element(ElementType.FAILURE.getElementName());
        element.setXMLNS("urn:xmpp:sasl:2");
        element.addChild((saslError == null ? XmppSaslException.SaslError.not_authorized : saslError).getElement());
        if (str != null) {
            element.addChild(new Element(VirtualComponent.DISCO_TYPE_PROP_VAL, str, new String[]{"xml:lang"}, new String[]{"en"}));
        }
        Packet swapFromTo = packet.swapFromTo(element, null, null);
        swapFromTo.setPriority(Priority.SYSTEM);
        return swapFromTo;
    }

    private UserAgent parseUserAgent(Packet packet) {
        Element elemChild = packet.getElemChild("user-agent");
        if (elemChild == null) {
            return null;
        }
        Element child = elemChild.getChild("software");
        Element child2 = elemChild.getChild("device");
        return new UserAgent(elemChild.getAttributeStaticStr("id"), child != null ? child.getCData() : null, child2 != null ? child2.getCData() : null);
    }
}
