package tigase.auth.impl;

import java.io.IOException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.SaslException;
import tigase.auth.AuthRepositoryAware;
import tigase.auth.CallbackHandlerFactory;
import tigase.auth.DomainAware;
import tigase.auth.SessionAware;
import tigase.auth.XmppSaslException;
import tigase.auth.callbacks.AuthorizationIdCallback;
import tigase.auth.callbacks.ReplaceServerKeyCallback;
import tigase.auth.callbacks.ServerKeyCallback;
import tigase.auth.credentials.Credentials;
import tigase.auth.credentials.entries.XTokenCredentialsEntry;
import tigase.auth.mechanisms.AbstractSasl;
import tigase.auth.mechanisms.SaslXTOKEN;
import tigase.db.AuthRepository;
import tigase.db.TigaseDBException;
import tigase.util.Base64;
import tigase.util.stringprep.TigaseStringprepException;
import tigase.xmpp.XMPPResourceConnection;
import tigase.xmpp.jid.BareJID;

/* loaded from: input_file:tigase/auth/impl/XTokenCallbackHandler.class */
public class XTokenCallbackHandler implements CallbackHandler, AuthRepositoryAware, DomainAware, SessionAware {
    protected String domain;
    protected AuthRepository repo;
    private XMPPResourceConnection session;
    private String credentialId;
    private XTokenCredentialsEntry entry;
    protected BareJID jid = null;
    protected Logger log = Logger.getLogger(getClass().getName());
    private boolean loggingInForbidden = false;

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (this.log.isLoggable(Level.FINEST)) {
                this.log.log(Level.FINEST, "Callback: {0}", callbackArr[i].getClass().getSimpleName());
            }
            handleCallback(callbackArr[i]);
        }
    }

    @Override // tigase.auth.AuthRepositoryAware
    public void setAuthRepository(AuthRepository authRepository) {
        this.repo = authRepository;
    }

    @Override // tigase.auth.DomainAware
    public void setDomain(String str) {
        this.domain = str;
    }

    @Override // tigase.auth.SessionAware
    public void setSession(XMPPResourceConnection xMPPResourceConnection) {
        this.session = xMPPResourceConnection;
    }

    protected void handleAuthorizeCallback(AuthorizeCallback authorizeCallback) {
        String authenticationID = authorizeCallback.getAuthenticationID();
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "AuthorizeCallback: authenId: {0}", authenticationID);
        }
        if (this.loggingInForbidden) {
            authorizeCallback.setAuthorized(false);
            if (this.log.isLoggable(Level.FINEST)) {
                this.log.log(Level.FINEST, "User {0} is disabled", this.jid);
                return;
            }
            return;
        }
        String authorizationID = authorizeCallback.getAuthorizationID();
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "AuthorizeCallback: authorId: {0}", authorizationID);
        }
        authorizeCallback.setAuthorized(true);
        this.session.removeSessionData(CallbackHandlerFactory.AUTH_JID);
    }

    protected void handleCallback(Callback callback) throws UnsupportedCallbackException, IOException {
        if (callback instanceof RealmCallback) {
            handleRealmCallback((RealmCallback) callback);
            return;
        }
        if (callback instanceof NameCallback) {
            handleNameCallback((NameCallback) callback);
            return;
        }
        if (callback instanceof AuthorizationIdCallback) {
            handleAuthorizationIdCallback((AuthorizationIdCallback) callback);
            return;
        }
        if (callback instanceof ServerKeyCallback) {
            handleServerKeyCallback((ServerKeyCallback) callback);
        } else if (callback instanceof AuthorizeCallback) {
            handleAuthorizeCallback((AuthorizeCallback) callback);
        } else {
            if (!(callback instanceof ReplaceServerKeyCallback)) {
                throw new UnsupportedCallbackException(callback, "Unrecognized Callback");
            }
            handleReplaceServerKeyCallback((ReplaceServerKeyCallback) callback);
        }
    }

    protected void handleNameCallback(NameCallback nameCallback) throws IOException {
        this.credentialId = "default";
        BareJID bareJIDInstanceNS = BareJID.bareJIDInstanceNS(nameCallback.getDefaultName());
        if (bareJIDInstanceNS.getLocalpart() == null || !this.domain.equalsIgnoreCase(bareJIDInstanceNS.getDomain())) {
            bareJIDInstanceNS = BareJID.bareJIDInstanceNS(nameCallback.getDefaultName(), this.domain);
        }
        setJid(bareJIDInstanceNS);
        nameCallback.setName(bareJIDInstanceNS.toString());
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "NameCallback: {0}", this.credentialId);
        }
    }

    protected void handleRealmCallback(RealmCallback realmCallback) throws IOException {
        String str = this.domain;
        if (str != null) {
            realmCallback.setText(str);
        }
        if (this.log.isLoggable(Level.FINEST)) {
            this.log.log(Level.FINEST, "RealmCallback: {0}", str);
        }
    }

    protected void handleServerKeyCallback(ServerKeyCallback serverKeyCallback) throws IOException {
        try {
            Credentials credentials = this.repo.getCredentials(this.jid, this.credentialId);
            this.log.log(Level.FINE, "Fetched credentials for: " + this.jid + " with credentialsId: " + this.credentialId + ", credentials: " + credentials);
            this.entry = (XTokenCredentialsEntry) credentials.getEntryForMechanism(SaslXTOKEN.NAME);
            this.loggingInForbidden = !credentials.canLogin();
            if (this.loggingInForbidden) {
                throw XmppSaslException.getExceptionFor(credentials.getAccountStatus());
            }
            serverKeyCallback.setServerKey(this.entry.getSecretKey());
        } catch (Exception e) {
            this.log.log(Level.FINE, "Could not retrieve credentials for user " + this.jid + " with credentialId " + this.credentialId, (Throwable) e);
        } catch (SaslException e2) {
            this.log.log(Level.FINE, "User inactive: " + e2);
            throw e2;
        }
    }

    private void handleAuthorizationIdCallback(AuthorizationIdCallback authorizationIdCallback) throws XmppSaslException {
        if (AbstractSasl.isAuthzIDIgnored() || authorizationIdCallback.getAuthzId() == null || authorizationIdCallback.getAuthzId().equals(this.jid.toString())) {
            this.credentialId = "default";
            authorizationIdCallback.setAuthzId(this.jid.toString());
            return;
        }
        try {
            this.credentialId = this.jid.getLocalpart();
            setJid(BareJID.bareJIDInstance(authorizationIdCallback.getAuthzId()));
        } catch (TigaseStringprepException e) {
            this.log.warning("Malformed AuthorizationId: " + e.getMessage());
            throw new XmppSaslException(XmppSaslException.SaslError.invalid_authzid);
        }
    }

    private void handleReplaceServerKeyCallback(ReplaceServerKeyCallback replaceServerKeyCallback) throws XmppSaslException {
        try {
            byte[] generateSecretKey = SaslXTOKEN.generateSecretKey();
            this.repo.updateCredential(this.jid, this.credentialId, "XTOKEN", "t=" + Base64.encode(generateSecretKey) + ",o=false");
            replaceServerKeyCallback.setNewServerKey(generateSecretKey);
        } catch (TigaseDBException e) {
            throw new XmppSaslException(XmppSaslException.SaslError.temporary_auth_failure);
        }
    }

    private void setJid(BareJID bareJID) {
        this.jid = bareJID;
        if (bareJID != null) {
            this.session.putSessionData(CallbackHandlerFactory.AUTH_JID, bareJID);
        }
    }
}
