package tigase.auth.mechanisms;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import tigase.auth.SaslInvalidLoginExcepion;
import tigase.auth.XmppSaslException;
import tigase.auth.callbacks.AuthorizationIdCallback;
import tigase.auth.callbacks.ReplaceServerKeyCallback;
import tigase.auth.callbacks.ServerKeyCallback;
import tigase.auth.callbacks.SharedSecretKeyCallback;

/* loaded from: input_file:tigase/auth/mechanisms/SaslXTOKEN.class */
public class SaslXTOKEN extends AbstractSasl {
    public static final String NAME = "XTOKEN-HMAC-SHA-256";
    private static final SecureRandom secureRandom = new SecureRandom();
    private Step step;

    /* loaded from: input_file:tigase/auth/mechanisms/SaslXTOKEN$Step.class */
    enum Step {
        firstMessage,
        secondMessage,
        finished
    }

    public static byte[] generateSecretKey() {
        byte[] bArr = new byte[32];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SaslXTOKEN(Map<? super String, ?> map, CallbackHandler callbackHandler) {
        super(map, callbackHandler);
        this.step = Step.firstMessage;
    }

    public String getMechanismName() {
        return NAME;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (bArr.length <= 64 || bArr[32] != 0 || bArr[65] != 0) {
            throw new XmppSaslException(XmppSaslException.SaslError.malformed_request, "Invalid token format - too short");
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, 32);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, 33, 65);
        String str = new String(Arrays.copyOfRange(bArr, 66, bArr.length), StandardCharsets.UTF_8);
        Callback nameCallback = new NameCallback("Authentication identity", str);
        AuthorizationIdCallback authorizationIdCallback = new AuthorizationIdCallback("Authorization identity", null);
        ServerKeyCallback serverKeyCallback = new ServerKeyCallback(null);
        SharedSecretKeyCallback sharedSecretKeyCallback = new SharedSecretKeyCallback();
        handleCallbacks(nameCallback, authorizationIdCallback, serverKeyCallback, sharedSecretKeyCallback);
        if (serverKeyCallback.getServerKey() == null) {
            throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.not_authorized, nameCallback.getName(), PASSWORD_NOT_VERIFIED_MSG);
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(serverKeyCallback.getServerKey(), "SHA-256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            mac.update(copyOfRange);
            if (sharedSecretKeyCallback.getSecret() != null) {
                mac.update(sharedSecretKeyCallback.getSecret());
            }
            if (!Arrays.equals(mac.doFinal(), copyOfRange2)) {
                throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.not_authorized, str, PASSWORD_NOT_VERIFIED_MSG);
            }
            String name = authorizationIdCallback.getAuthzId() == null ? nameCallback.getName() : authorizationIdCallback.getAuthzId();
            Callback authorizeCallback = new AuthorizeCallback(nameCallback.getName(), name);
            handleCallbacks(authorizeCallback);
            if (!authorizeCallback.isAuthorized()) {
                throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.invalid_authzid, nameCallback.getName(), getMechanismName() + ": " + str + " is not authorized to act as " + name);
            }
            this.authorizedId = authorizeCallback.getAuthorizedID();
            ReplaceServerKeyCallback replaceServerKeyCallback = new ReplaceServerKeyCallback();
            handleCallbacks(replaceServerKeyCallback);
            this.complete = true;
            byte[] bytes = this.authorizedId.getBytes(StandardCharsets.UTF_8);
            if (replaceServerKeyCallback.getNewServerKey() == null) {
                return bytes;
            }
            byte[] bArr2 = new byte[bytes.length + 1 + replaceServerKeyCallback.getNewServerKey().length];
            System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
            bArr2[bytes.length] = 0;
            System.arraycopy(replaceServerKeyCallback.getNewServerKey(), 0, bArr2, bytes.length + 1, replaceServerKeyCallback.getNewServerKey().length);
            return bArr2;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new SaslInvalidLoginExcepion(XmppSaslException.SaslError.invalid_authzid, nameCallback.getName(), getMechanismName() + ": " + e.getMessage());
        }
    }

    public String getAuthorizationID() {
        return this.authorizedId;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        return null;
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        return null;
    }
}
