package tigase.auth.credentials.entries;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import tigase.auth.credentials.Credentials;
import tigase.auth.mechanisms.AbstractSaslSCRAM;
import tigase.kernel.beans.config.ConfigField;
import tigase.util.Base64;
import tigase.xmpp.jid.BareJID;

/* loaded from: input_file:tigase/auth/credentials/entries/ScramCredentialsEntry.class */
public class ScramCredentialsEntry implements Credentials.Entry {
    private static final Logger log = Logger.getLogger(ScramCredentialsEntry.class.getCanonicalName());
    private final String algorithm;
    private final int iterations = 4096;
    private final byte[] salt;
    private final byte[] saltedPassword;

    /* loaded from: input_file:tigase/auth/credentials/entries/ScramCredentialsEntry$Decoder.class */
    public static class Decoder implements Credentials.Decoder {

        @ConfigField(desc = "Hash algorithm")
        private String algorithm;

        @ConfigField(desc = "Mechanism name")
        private String name;

        public Decoder() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public Decoder(String str) {
            this.algorithm = str;
        }

        @Override // tigase.auth.credentials.Credentials.Decoder
        public String getName() {
            return this.name;
        }

        /* JADX WARN: Removed duplicated region for block: B:14:0x0087 A[LOOP:0: B:2:0x000b->B:14:0x0087, LOOP_END] */
        /* JADX WARN: Removed duplicated region for block: B:15:0x0090 A[SYNTHETIC] */
        @Override // tigase.auth.credentials.Credentials.Decoder
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        public tigase.auth.credentials.Credentials.Entry decode(tigase.xmpp.jid.BareJID r6, java.lang.String r7) {
            /*
                r5 = this;
                r0 = 0
                r8 = r0
                r0 = 0
                r9 = r0
                r0 = 0
                r10 = r0
                r0 = 0
                r11 = r0
            Lb:
                r0 = r11
                r1 = r7
                int r1 = r1.length()
                if (r0 >= r1) goto L90
                r0 = r7
                r1 = r11
                char r0 = r0.charAt(r1)
                r12 = r0
                r0 = r7
                java.lang.String r1 = ","
                r2 = r11
                r3 = 2
                int r2 = r2 + r3
                int r0 = r0.indexOf(r1, r2)
                r13 = r0
                r0 = r7
                r1 = r11
                r2 = 2
                int r1 = r1 + r2
                r2 = r13
                r3 = -1
                if (r2 != r3) goto L3a
                r2 = r7
                int r2 = r2.length()
                goto L3c
            L3a:
                r2 = r13
            L3c:
                java.lang.String r0 = r0.substring(r1, r2)
                r14 = r0
                r0 = r12
                switch(r0) {
                    case 105: goto L6d;
                    case 112: goto L77;
                    case 115: goto L64;
                    default: goto L7e;
                }
            L64:
                r0 = r14
                byte[] r0 = tigase.util.Base64.decode(r0)
                r8 = r0
                goto L7e
            L6d:
                r0 = r14
                int r0 = java.lang.Integer.parseInt(r0)
                r10 = r0
                goto L7e
            L77:
                r0 = r14
                byte[] r0 = tigase.util.Base64.decode(r0)
                r9 = r0
            L7e:
                r0 = r13
                r1 = -1
                if (r0 != r1) goto L87
                goto L90
            L87:
                r0 = r13
                r1 = 1
                int r0 = r0 + r1
                r11 = r0
                goto Lb
            L90:
                r0 = r5
                r1 = r8
                r2 = r10
                r3 = r9
                tigase.auth.credentials.Credentials$Entry r0 = r0.newInstance(r1, r2, r3)
                return r0
            */
            throw new UnsupportedOperationException("Method not decompiled: tigase.auth.credentials.entries.ScramCredentialsEntry.Decoder.decode(tigase.xmpp.jid.BareJID, java.lang.String):tigase.auth.credentials.Credentials$Entry");
        }

        protected Credentials.Entry newInstance(byte[] bArr, int i, byte[] bArr2) {
            return new ScramCredentialsEntry(this.algorithm, bArr, i, bArr2);
        }
    }

    /* loaded from: input_file:tigase/auth/credentials/entries/ScramCredentialsEntry$Encoder.class */
    public static class Encoder implements Credentials.Encoder {

        @ConfigField(desc = "Hash algorithm")
        private String algorithm;

        @ConfigField(desc = "Mechanism name")
        private String name;
        private final SecureRandom random = new SecureRandom();

        @ConfigField(desc = "Number of iterations")
        private int iterations = 4096;

        public Encoder() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public Encoder(String str) {
            this.algorithm = str;
        }

        @Override // tigase.auth.credentials.Credentials.Encoder
        public String getName() {
            return this.name;
        }

        @Override // tigase.auth.credentials.Credentials.Encoder
        public String encode(BareJID bareJID, String str) {
            byte[] bArr = new byte[10];
            this.random.nextBytes(bArr);
            byte[] bArr2 = new byte[0];
            try {
                return "s=" + Base64.encode(bArr) + ",i=" + this.iterations + ",p=" + Base64.encode(AbstractSaslSCRAM.hi(this.algorithm, AbstractSaslSCRAM.normalize(str), bArr, this.iterations));
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new RuntimeException("Could not encode password", e);
            }
        }
    }

    public ScramCredentialsEntry(String str, PlainCredentialsEntry plainCredentialsEntry) throws NoSuchAlgorithmException, InvalidKeyException {
        SecureRandom secureRandom = new SecureRandom();
        this.algorithm = str;
        this.salt = new byte[10];
        secureRandom.nextBytes(this.salt);
        this.saltedPassword = AbstractSaslSCRAM.hi(str, AbstractSaslSCRAM.normalize(plainCredentialsEntry.getPassword()), this.salt, 4096);
    }

    public ScramCredentialsEntry(String str, byte[] bArr, int i, byte[] bArr2) {
        this.algorithm = str;
        this.salt = bArr;
        this.saltedPassword = bArr2;
    }

    public byte[] getSalt() {
        return this.salt;
    }

    public byte[] getSaltedPassword() {
        return this.saltedPassword;
    }

    public int getIterations() {
        return 4096;
    }

    @Override // tigase.auth.credentials.Credentials.Entry
    public String getMechanism() {
        return "SCRAM-" + this.algorithm;
    }

    @Override // tigase.auth.credentials.Credentials.Entry
    public boolean verifyPlainPassword(String str) {
        try {
            return Arrays.equals(this.saltedPassword, AbstractSaslSCRAM.hi(this.algorithm, AbstractSaslSCRAM.normalize(str), this.salt, 4096));
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            log.log(Level.FINE, "Password comparison failed", e);
            return false;
        }
    }
}
