package tigase.auth.credentials.entries;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import tigase.auth.credentials.Credentials;
import tigase.auth.mechanisms.SCRAMHelper;
import tigase.kernel.beans.config.ConfigField;
import tigase.server.ConnectionManager;
import tigase.util.Base64;
import tigase.xmpp.jid.BareJID;

/* loaded from: input_file:tigase/auth/credentials/entries/ScramCredentialsEntry.class */
public class ScramCredentialsEntry implements Credentials.Entry {
    private static final Logger log = Logger.getLogger(ScramCredentialsEntry.class.getCanonicalName());
    private final String algorithm;
    private final int iterations;
    private final byte[] salt;
    private final byte[] serverKey;
    private final byte[] storedKey;

    /* loaded from: input_file:tigase/auth/credentials/entries/ScramCredentialsEntry$Decoder.class */
    public static class Decoder implements Credentials.Decoder<ScramCredentialsEntry> {

        @ConfigField(desc = "Hash algorithm")
        private String algorithm;

        @ConfigField(desc = "Mechanism name")
        private String name;

        public Decoder() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public Decoder(String str) {
            this.algorithm = str;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0049. Please report as an issue. */
        @Override // tigase.auth.credentials.Credentials.Decoder
        public ScramCredentialsEntry decode(BareJID bareJID, String str) {
            byte[] bArr = null;
            byte[] bArr2 = null;
            byte[] bArr3 = null;
            byte[] bArr4 = null;
            int i = 0;
            int i2 = 0;
            while (true) {
                int i3 = i2;
                if (i3 < str.length()) {
                    char charAt = str.charAt(i3);
                    int indexOf = str.indexOf(",", i3 + 2);
                    String substring = str.substring(i3 + 2, indexOf == -1 ? str.length() : indexOf);
                    switch (charAt) {
                        case 'e':
                            bArr4 = Base64.decode(substring);
                            break;
                        case 'i':
                            i = Integer.parseInt(substring);
                            break;
                        case 'p':
                            bArr2 = Base64.decode(substring);
                            break;
                        case 's':
                            bArr = Base64.decode(substring);
                            break;
                        case 't':
                            bArr3 = Base64.decode(substring);
                            break;
                    }
                    if (indexOf != -1) {
                        i2 = indexOf + 1;
                    }
                }
            }
            if ((bArr3 == null || bArr4 == null) && bArr2 != null) {
                return newInstance(bArr, i, bArr2);
            }
            if (bArr3 == null || bArr4 == null) {
                throw new RuntimeException("saltedPassword or storedKey&serverKey pair must be not null.");
            }
            return newInstance(bArr, i, bArr3, bArr4);
        }

        @Override // tigase.auth.credentials.Credentials.Decoder
        public String getName() {
            return this.name;
        }

        protected ScramCredentialsEntry newInstance(byte[] bArr, int i, byte[] bArr2) {
            try {
                return new ScramCredentialsEntry(this.algorithm, bArr, i, bArr2);
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        }

        protected ScramCredentialsEntry newInstance(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
            return new ScramCredentialsEntry(this.algorithm, bArr, i, bArr2, bArr3);
        }
    }

    /* loaded from: input_file:tigase/auth/credentials/entries/ScramCredentialsEntry$Encoder.class */
    public static class Encoder implements Credentials.Encoder<ScramCredentialsEntry> {

        @ConfigField(desc = "Number of iterations")
        private final int iterations = ConnectionManager.SOCKET_BUFFER_ST_PROP_VAL;
        private final SecureRandom random = new SecureRandom();

        @ConfigField(desc = "Hash algorithm")
        private String algorithm;

        @ConfigField(desc = "Mechanism name")
        private String name;

        public Encoder() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public Encoder(String str) {
            this.algorithm = str;
        }

        public static String encode(byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
            return "s=" + Base64.encode(bArr) + ",i=" + i + ",t=" + Base64.encode(bArr2) + ",e=" + Base64.encode(bArr3);
        }

        public static String encode(ScramCredentialsEntry scramCredentialsEntry) {
            return encode(scramCredentialsEntry.getSalt(), scramCredentialsEntry.getIterations(), scramCredentialsEntry.getStoredKey(), scramCredentialsEntry.getServerKey());
        }

        @Override // tigase.auth.credentials.Credentials.Encoder
        public String encode(BareJID bareJID, ScramCredentialsEntry scramCredentialsEntry) {
            return encode(scramCredentialsEntry);
        }

        @Override // tigase.auth.credentials.Credentials.Encoder
        public String encode(BareJID bareJID, String str) {
            byte[] bArr = new byte[10];
            this.random.nextBytes(bArr);
            try {
                SCRAMHelper.AuthenticationData encodePlainPassword = SCRAMHelper.encodePlainPassword(this.algorithm, bArr, ConnectionManager.SOCKET_BUFFER_ST_PROP_VAL, str);
                return encode(bArr, ConnectionManager.SOCKET_BUFFER_ST_PROP_VAL, encodePlainPassword.storedKey(), encodePlainPassword.serverKey());
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new RuntimeException("Could not encode password", e);
            }
        }

        @Override // tigase.auth.credentials.Credentials.Encoder
        public String getName() {
            return this.name;
        }
    }

    public ScramCredentialsEntry(String str, PlainCredentialsEntry plainCredentialsEntry) throws NoSuchAlgorithmException, InvalidKeyException {
        SecureRandom secureRandom = new SecureRandom();
        this.algorithm = str;
        this.iterations = ConnectionManager.SOCKET_BUFFER_ST_PROP_VAL;
        this.salt = new byte[10];
        secureRandom.nextBytes(this.salt);
        SCRAMHelper.AuthenticationData encodePlainPassword = SCRAMHelper.encodePlainPassword(str, this.salt, this.iterations, plainCredentialsEntry.getPassword());
        this.storedKey = encodePlainPassword.storedKey();
        this.serverKey = encodePlainPassword.serverKey();
    }

    public ScramCredentialsEntry(String str, byte[] bArr, int i, byte[] bArr2) throws NoSuchAlgorithmException, InvalidKeyException {
        this.algorithm = str;
        this.iterations = i;
        this.salt = bArr;
        SCRAMHelper.AuthenticationData transcode = SCRAMHelper.transcode(str, bArr2);
        this.storedKey = transcode.storedKey();
        this.serverKey = transcode.serverKey();
    }

    public ScramCredentialsEntry(String str, byte[] bArr, int i, byte[] bArr2, byte[] bArr3) {
        this.algorithm = str;
        this.iterations = i;
        this.salt = bArr;
        this.storedKey = bArr2;
        this.serverKey = bArr3;
    }

    public int getIterations() {
        return this.iterations;
    }

    @Override // tigase.auth.credentials.Credentials.Entry
    public String getMechanism() {
        return "SCRAM-" + this.algorithm;
    }

    public byte[] getSalt() {
        return this.salt;
    }

    public byte[] getServerKey() {
        return this.serverKey;
    }

    public byte[] getStoredKey() {
        return this.storedKey;
    }

    @Override // tigase.auth.credentials.Credentials.Entry
    public boolean verifyPlainPassword(String str) {
        try {
            SCRAMHelper.AuthenticationData encodePlainPassword = SCRAMHelper.encodePlainPassword(this.algorithm, this.salt, this.iterations, str);
            if (Arrays.equals(this.serverKey, encodePlainPassword.serverKey())) {
                if (Arrays.equals(this.storedKey, encodePlainPassword.storedKey())) {
                    return true;
                }
            }
            return false;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            log.log(Level.FINE, "Password comparison failed", e);
            return false;
        }
    }
}
