package tigase.halcyon.core.xmpp.modules.auth;

import java.util.Arrays;
import korlibs.crypto.HMAC;
import korlibs.crypto.Hash;
import korlibs.crypto.PBKDF2;
import korlibs.crypto.SHA1Kt;
import korlibs.crypto.SHA256Kt;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.collections.ArraysKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.MatchGroup;
import kotlin.text.MatchResult;
import kotlin.text.Regex;
import kotlin.text.RegexOption;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import tigase.halcyon.core.Base64Kt;
import tigase.halcyon.core.configuration.Configuration;
import tigase.halcyon.core.configuration.JIDPasswordSaslConfig;
import tigase.halcyon.core.configuration.SaslConfig;
import tigase.halcyon.core.xmpp.modules.auth.SASLMechanism;

/* compiled from: AbstractSASLScram.kt */
@Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��D\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0012\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\b&\u0018��2\u00020\u0001B7\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\f\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00030\u0007\u0012\b\b\u0002\u0010\b\u001a\u00020\t\u0012\b\b\u0002\u0010\n\u001a\u00020\t¢\u0006\u0002\u0010\u000bJ$\u0010\u0013\u001a\u0004\u0018\u00010\u00032\b\u0010\u0014\u001a\u0004\u0018\u00010\u00032\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018H\u0016J\u0018\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018H\u0016J\u0010\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u0017\u001a\u00020\u0018H\u0002R\u000e\u0010\b\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n��R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\f\u0010\rR\u0014\u0010\u0002\u001a\u00020\u0003X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\u000fR\u0014\u0010\u0006\u001a\b\u0012\u0004\u0012\u00020\u00030\u0007X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0010\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0012\u001a\u00020\u0011X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001d"}, d2 = {"Ltigase/halcyon/core/xmpp/modules/auth/AbstractSASLScram;", "Ltigase/halcyon/core/xmpp/modules/auth/SASLMechanism;", "name", "", "hashAlgorithm", "Ltigase/halcyon/core/xmpp/modules/auth/ScramHashAlgorithm;", "randomGenerator", "Lkotlin/Function0;", "clientKeyData", "", "serverKeyData", "(Ljava/lang/String;Ltigase/halcyon/core/xmpp/modules/auth/ScramHashAlgorithm;Lkotlin/jvm/functions/Function0;[B[B)V", "getHashAlgorithm", "()Ltigase/halcyon/core/xmpp/modules/auth/ScramHashAlgorithm;", "getName", "()Ljava/lang/String;", "serverFirstMessageRegex", "Lkotlin/text/Regex;", "serverLastMessageRegex", "evaluateChallenge", "input", "config", "Ltigase/halcyon/core/configuration/Configuration;", "saslContext", "Ltigase/halcyon/core/xmpp/modules/auth/SASLContext;", "isAllowedToUse", "", "scramData", "Ltigase/halcyon/core/xmpp/modules/auth/SCRAMData;", "halcyon-core"})
/* loaded from: input_file:tigase/halcyon/core/xmpp/modules/auth/AbstractSASLScram.class */
public abstract class AbstractSASLScram implements SASLMechanism {

    @NotNull
    private final String name;

    @NotNull
    private final ScramHashAlgorithm hashAlgorithm;

    @NotNull
    private final Function0<String> randomGenerator;

    @NotNull
    private final byte[] clientKeyData;

    @NotNull
    private final byte[] serverKeyData;

    @NotNull
    private final Regex serverFirstMessageRegex;

    @NotNull
    private final Regex serverLastMessageRegex;

    /* compiled from: AbstractSASLScram.kt */
    @Metadata(mv = {1, 8, 0}, k = 3, xi = 48)
    /* loaded from: input_file:tigase/halcyon/core/xmpp/modules/auth/AbstractSASLScram$WhenMappings.class */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;
        public static final /* synthetic */ int[] $EnumSwitchMapping$1;

        static {
            int[] iArr = new int[BindType.values().length];
            try {
                iArr[BindType.N.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[BindType.Y.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                iArr[BindType.TlsUnique.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                iArr[BindType.TlsServerEndPoint.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $EnumSwitchMapping$0 = iArr;
            int[] iArr2 = new int[ScramHashAlgorithm.values().length];
            try {
                iArr2[ScramHashAlgorithm.SHA1.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                iArr2[ScramHashAlgorithm.SHA256.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            $EnumSwitchMapping$1 = iArr2;
        }
    }

    public AbstractSASLScram(@NotNull String str, @NotNull ScramHashAlgorithm scramHashAlgorithm, @NotNull Function0<String> function0, @NotNull byte[] bArr, @NotNull byte[] bArr2) {
        Intrinsics.checkNotNullParameter(str, "name");
        Intrinsics.checkNotNullParameter(scramHashAlgorithm, "hashAlgorithm");
        Intrinsics.checkNotNullParameter(function0, "randomGenerator");
        Intrinsics.checkNotNullParameter(bArr, "clientKeyData");
        Intrinsics.checkNotNullParameter(bArr2, "serverKeyData");
        this.name = str;
        this.hashAlgorithm = scramHashAlgorithm;
        this.randomGenerator = function0;
        this.clientKeyData = bArr;
        this.serverKeyData = bArr2;
        this.serverFirstMessageRegex = new Regex("^(m=[^,]+,)?r=([^,]+),s=([^,]+),i=([0-9]+)(?:,.*)?$", RegexOption.IGNORE_CASE);
        this.serverLastMessageRegex = new Regex("^(?:e=([^,]+)|v=([^,]+)(?:,.*)?)$", RegexOption.IGNORE_CASE);
    }

    public /* synthetic */ AbstractSASLScram(String str, ScramHashAlgorithm scramHashAlgorithm, Function0 function0, byte[] bArr, byte[] bArr2, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(str, scramHashAlgorithm, function0, (i & 8) != 0 ? StringsKt.encodeToByteArray("Client Key") : bArr, (i & 16) != 0 ? StringsKt.encodeToByteArray("Server Key") : bArr2);
    }

    @Override // tigase.halcyon.core.xmpp.modules.auth.SASLMechanism
    @NotNull
    public String getName() {
        return this.name;
    }

    @NotNull
    public final ScramHashAlgorithm getHashAlgorithm() {
        return this.hashAlgorithm;
    }

    @Override // tigase.halcyon.core.xmpp.modules.auth.SASLMechanism
    public boolean isAllowedToUse(@NotNull Configuration configuration, @NotNull SASLContext sASLContext) {
        Intrinsics.checkNotNullParameter(configuration, "config");
        Intrinsics.checkNotNullParameter(sASLContext, "saslContext");
        return configuration.getSasl() instanceof JIDPasswordSaslConfig;
    }

    private final SCRAMData scramData(SASLContext sASLContext) {
        if (sASLContext.getMechanismData() == null) {
            sASLContext.setMechanismData(new SCRAMData(null, null, null, null, null, null, null, null, null, 0, 1023, null));
        }
        MechanismData mechanismData = sASLContext.getMechanismData();
        Intrinsics.checkNotNull(mechanismData, "null cannot be cast to non-null type tigase.halcyon.core.xmpp.modules.auth.SCRAMData");
        return (SCRAMData) mechanismData;
    }

    @Override // tigase.halcyon.core.xmpp.modules.auth.SASLMechanism
    @Nullable
    public String evaluateChallenge(@Nullable String str, @NotNull Configuration configuration, @NotNull SASLContext sASLContext) {
        String value;
        Hash hmacSHA256;
        Hash hmacSHA2562;
        String value2;
        String value3;
        byte[] fromBase64;
        byte[] bytes;
        Hash hmacSHA2563;
        Hash sha256;
        Hash hmacSHA2564;
        Intrinsics.checkNotNullParameter(configuration, "config");
        Intrinsics.checkNotNullParameter(sASLContext, "saslContext");
        SCRAMData scramData = scramData(sASLContext);
        SaslConfig sasl = configuration.getSasl();
        Intrinsics.checkNotNull(sasl, "null cannot be cast to non-null type tigase.halcyon.core.configuration.JIDPasswordSaslConfig");
        JIDPasswordSaslConfig jIDPasswordSaslConfig = (JIDPasswordSaslConfig) sasl;
        if (scramData.getStage() == 0) {
            scramData.setConce((String) this.randomGenerator.invoke());
            scramData.setBindType(BindType.N);
            scramData.setBindData(new byte[0]);
            String authcId = jIDPasswordSaslConfig.getAuthcId();
            if (authcId == null) {
                authcId = jIDPasswordSaslConfig.getUserJID().getLocalpart();
                Intrinsics.checkNotNull(authcId);
            }
            scramData.setAuthcId(authcId);
            scramData.setAuthzId(jIDPasswordSaslConfig.getAuthcId() != null ? jIDPasswordSaslConfig.getUserJID().toString() : null);
            StringBuilder sb = new StringBuilder();
            BindType bindType = scramData.getBindType();
            Intrinsics.checkNotNull(bindType);
            switch (WhenMappings.$EnumSwitchMapping$0[bindType.ordinal()]) {
                case 1:
                    sb.append("n");
                    break;
                case 2:
                    sb.append("y");
                    break;
                case 3:
                    sb.append("p=tls-unique");
                    break;
                case 4:
                    sb.append("p=tls-server-end-point");
                    break;
            }
            sb.append(",");
            String authzId = scramData.getAuthzId();
            if (authzId != null) {
                sb.append("a=").append(authzId);
            }
            sb.append(",");
            String sb2 = sb.toString();
            Intrinsics.checkNotNullExpressionValue(sb2, "StringBuilder().apply(builderAction).toString()");
            scramData.setCb(sb2);
            String str2 = ("n=" + scramData.getAuthcId() + ",") + ("r=" + scramData.getConce());
            Intrinsics.checkNotNullExpressionValue(str2, "StringBuilder().apply(builderAction).toString()");
            scramData.setClientFirstMessageBare(str2);
            scramData.setStage(scramData.getStage() + 1);
            scramData.getStage();
            return Base64Kt.toBase64(scramData.getCb() + scramData.getClientFirstMessageBare());
        }
        if (scramData.getStage() != 1) {
            if (scramData.getStage() != 2) {
                if (sASLContext.getComplete() && str == null) {
                    return null;
                }
                throw new IllegalStateException("SASL Client in illegal state. stage=" + scramData.getStage() + " complete=" + sASLContext.getComplete());
            }
            if (str == null) {
                throw new ClientSaslException("Unexpected empty input!");
            }
            MatchResult matchEntire = this.serverLastMessageRegex.matchEntire(StringsKt.decodeToString(Base64Kt.fromBase64(str)));
            if (matchEntire == null) {
                throw new ClientSaslException("Bad challenge syntax");
            }
            MatchGroup matchGroup = matchEntire.getGroups().get(1);
            if (matchGroup != null) {
                throw new ClientSaslException("Error: " + matchGroup);
            }
            MatchGroup matchGroup2 = matchEntire.getGroups().get(2);
            if (matchGroup2 == null || (value = matchGroup2.getValue()) == null) {
                throw new ClientSaslException("Bad challenge syntax");
            }
            switch (WhenMappings.$EnumSwitchMapping$1[this.hashAlgorithm.ordinal()]) {
                case 1:
                    HMAC.Companion companion = HMAC.Companion;
                    byte[] saltedPassword = scramData.getSaltedPassword();
                    Intrinsics.checkNotNull(saltedPassword);
                    hmacSHA256 = companion.hmacSHA1(saltedPassword, this.serverKeyData);
                    break;
                case 2:
                    HMAC.Companion companion2 = HMAC.Companion;
                    byte[] saltedPassword2 = scramData.getSaltedPassword();
                    Intrinsics.checkNotNull(saltedPassword2);
                    hmacSHA256 = companion2.hmacSHA256(saltedPassword2, this.serverKeyData);
                    break;
                default:
                    throw new NoWhenBranchMatchedException();
            }
            byte[] bytes2 = hmacSHA256.getBytes();
            switch (WhenMappings.$EnumSwitchMapping$1[this.hashAlgorithm.ordinal()]) {
                case 1:
                    HMAC.Companion companion3 = HMAC.Companion;
                    String authMessage = scramData.getAuthMessage();
                    Intrinsics.checkNotNull(authMessage);
                    hmacSHA2562 = companion3.hmacSHA1(bytes2, StringsKt.encodeToByteArray(authMessage));
                    break;
                case 2:
                    HMAC.Companion companion4 = HMAC.Companion;
                    String authMessage2 = scramData.getAuthMessage();
                    Intrinsics.checkNotNull(authMessage2);
                    hmacSHA2562 = companion4.hmacSHA256(bytes2, StringsKt.encodeToByteArray(authMessage2));
                    break;
                default:
                    throw new NoWhenBranchMatchedException();
            }
            if (!Arrays.equals(hmacSHA2562.getBytes(), Base64Kt.fromBase64(value))) {
                throw new ClientSaslException("Invalid Server Signature");
            }
            scramData.setStage(scramData.getStage() + 1);
            scramData.getStage();
            sASLContext.setComplete$halcyon_core(true);
            return null;
        }
        if (str == null) {
            throw new ClientSaslException("Unexpected empty input!");
        }
        String decodeToString = StringsKt.decodeToString(Base64Kt.fromBase64(str));
        MatchResult matchEntire2 = this.serverFirstMessageRegex.matchEntire(decodeToString);
        if (matchEntire2 == null) {
            throw new ClientSaslException("Bad challenge syntax");
        }
        MatchGroup matchGroup3 = matchEntire2.getGroups().get(2);
        if (matchGroup3 == null || (value2 = matchGroup3.getValue()) == null) {
            throw new ClientSaslException("Bad challenge syntax: missing nonce");
        }
        MatchGroup matchGroup4 = matchEntire2.getGroups().get(3);
        if (matchGroup4 == null || (value3 = matchGroup4.getValue()) == null || (fromBase64 = Base64Kt.fromBase64(value3)) == null) {
            throw new ClientSaslException("Bad challenge syntax: missing salt");
        }
        MatchGroup matchGroup5 = matchEntire2.getGroups().get(4);
        if (matchGroup5 != null) {
            String value4 = matchGroup5.getValue();
            if (value4 != null) {
                int parseInt = Integer.parseInt(value4);
                String conce = scramData.getConce();
                Intrinsics.checkNotNull(conce);
                if (!StringsKt.startsWith$default(value2, conce, false, 2, (Object) null)) {
                    throw new ClientSaslException("Wrong nonce");
                }
                StringBuilder sb3 = new StringBuilder();
                sb3.append("c=");
                String cb = scramData.getCb();
                Intrinsics.checkNotNull(cb);
                sb3.append(Base64Kt.toBase64(ArraysKt.plus(StringsKt.encodeToByteArray(cb), scramData.getBindData())));
                sb3.append(",");
                sb3.append("r=");
                sb3.append(value2);
                String sb4 = sb3.toString();
                Intrinsics.checkNotNullExpressionValue(sb4, "StringBuilder().apply(builderAction).toString()");
                scramData.setAuthMessage(scramData.getClientFirstMessageBare() + "," + decodeToString + "," + sb4);
                switch (WhenMappings.$EnumSwitchMapping$1[this.hashAlgorithm.ordinal()]) {
                    case 1:
                        bytes = PBKDF2.Companion.pbkdf2WithHmacSHA1(StringsKt.encodeToByteArray((String) ((JIDPasswordSaslConfig) configuration.getSasl()).getPasswordCallback().invoke()), fromBase64, parseInt, 160).getBytes();
                        break;
                    case 2:
                        bytes = PBKDF2.Companion.pbkdf2WithHmacSHA256(StringsKt.encodeToByteArray((String) ((JIDPasswordSaslConfig) configuration.getSasl()).getPasswordCallback().invoke()), fromBase64, parseInt, 256).getBytes();
                        break;
                    default:
                        throw new NoWhenBranchMatchedException();
                }
                scramData.setSaltedPassword(bytes);
                switch (WhenMappings.$EnumSwitchMapping$1[this.hashAlgorithm.ordinal()]) {
                    case 1:
                        HMAC.Companion companion5 = HMAC.Companion;
                        byte[] saltedPassword3 = scramData.getSaltedPassword();
                        Intrinsics.checkNotNull(saltedPassword3);
                        hmacSHA2563 = companion5.hmacSHA1(saltedPassword3, this.clientKeyData);
                        break;
                    case 2:
                        HMAC.Companion companion6 = HMAC.Companion;
                        byte[] saltedPassword4 = scramData.getSaltedPassword();
                        Intrinsics.checkNotNull(saltedPassword4);
                        hmacSHA2563 = companion6.hmacSHA256(saltedPassword4, this.clientKeyData);
                        break;
                    default:
                        throw new NoWhenBranchMatchedException();
                }
                byte[] bytes3 = hmacSHA2563.getBytes();
                switch (WhenMappings.$EnumSwitchMapping$1[this.hashAlgorithm.ordinal()]) {
                    case 1:
                        sha256 = SHA1Kt.sha1(bytes3);
                        break;
                    case 2:
                        sha256 = SHA256Kt.sha256(bytes3);
                        break;
                    default:
                        throw new NoWhenBranchMatchedException();
                }
                byte[] bytes4 = sha256.getBytes();
                switch (WhenMappings.$EnumSwitchMapping$1[this.hashAlgorithm.ordinal()]) {
                    case 1:
                        HMAC.Companion companion7 = HMAC.Companion;
                        String authMessage3 = scramData.getAuthMessage();
                        Intrinsics.checkNotNull(authMessage3);
                        hmacSHA2564 = companion7.hmacSHA1(bytes4, StringsKt.encodeToByteArray(authMessage3));
                        break;
                    case 2:
                        HMAC.Companion companion8 = HMAC.Companion;
                        String authMessage4 = scramData.getAuthMessage();
                        Intrinsics.checkNotNull(authMessage4);
                        hmacSHA2564 = companion8.hmacSHA256(bytes4, StringsKt.encodeToByteArray(authMessage4));
                        break;
                    default:
                        throw new NoWhenBranchMatchedException();
                }
                byte[] bytes5 = hmacSHA2564.getBytes();
                byte[] copyOf = Arrays.copyOf(bytes3, bytes3.length);
                Intrinsics.checkNotNullExpressionValue(copyOf, "copyOf(this, size)");
                int length = copyOf.length;
                for (int i = 0; i < length; i++) {
                    copyOf[i] = (byte) (copyOf[i] ^ bytes5[i]);
                }
                String str3 = sb4 + ",p=" + Base64Kt.toBase64(copyOf);
                Intrinsics.checkNotNullExpressionValue(str3, "StringBuilder().apply(builderAction).toString()");
                scramData.setStage(scramData.getStage() + 1);
                scramData.getStage();
                return Base64Kt.toBase64(str3);
            }
        }
        throw new ClientSaslException("Bad challenge syntax: missing iterations");
    }

    @Override // tigase.halcyon.core.xmpp.modules.auth.SASLMechanism
    public boolean isComplete(@NotNull SASLContext sASLContext) {
        return SASLMechanism.DefaultImpls.isComplete(this, sASLContext);
    }
}
