package org.jivesoftware.openfire.sasl;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.jivesoftware.openfire.auth.AuthFactory;
import org.jivesoftware.openfire.auth.ConnectionException;
import org.jivesoftware.openfire.auth.InternalUnauthenticatedException;
import org.jivesoftware.openfire.auth.ScramUtils;
import org.jivesoftware.openfire.user.UserNotFoundException;
import org.logicalcobwebs.proxool.ConnectionPoolDefinitionIF;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/sasl/ScramSha1SaslServer.class */
public class ScramSha1SaslServer implements SaslServer {
    private static final Logger Log = LoggerFactory.getLogger(ScramSha1SaslServer.class);
    private static final Pattern CLIENT_FIRST_MESSAGE = Pattern.compile("^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
    private static final Pattern CLIENT_FINAL_MESSAGE = Pattern.compile("(c=([^,]*),r=([^,]*)),p=(.*)$");
    private String username;
    private String nonce;
    private String serverFirstMessage;
    private String clientFirstMessageBare;
    private State state = State.INITIAL;
    private SecureRandom random = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/jivesoftware/openfire/sasl/ScramSha1SaslServer$State.class */
    public enum State {
        INITIAL,
        IN_PROGRESS,
        COMPLETE
    }

    public String getMechanismName() {
        return "SCRAM-SHA-1";
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:3:0x000b. Please report as an issue. */
    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        byte[] bArr2;
        try {
            switch (this.state) {
                case INITIAL:
                    bArr2 = generateServerFirstMessage(bArr);
                    this.state = State.IN_PROGRESS;
                    return bArr2;
                case IN_PROGRESS:
                    bArr2 = generateServerFinalMessage(bArr);
                    this.state = State.COMPLETE;
                    return bArr2;
                case COMPLETE:
                    if (bArr == null || bArr.length == 0) {
                        bArr2 = new byte[0];
                        return bArr2;
                    }
                    break;
                default:
                    throw new SaslException("No response expected in state " + this.state);
            }
        } catch (RuntimeException e) {
            throw new SaslException("Unexpected exception while evaluating SASL response.", e);
        }
    }

    private byte[] generateServerFirstMessage(byte[] bArr) throws SaslException {
        Matcher matcher = CLIENT_FIRST_MESSAGE.matcher(new String(bArr, StandardCharsets.UTF_8));
        if (!matcher.matches()) {
            throw new SaslException("Invalid first client message");
        }
        this.clientFirstMessageBare = matcher.group(5);
        this.username = matcher.group(6);
        this.nonce = matcher.group(7) + UUID.randomUUID().toString();
        try {
            this.serverFirstMessage = String.format("r=%s,s=%s,i=%d", this.nonce, DatatypeConverter.printBase64Binary(getSalt(this.username)), Integer.valueOf(getIterations(this.username)));
            return this.serverFirstMessage.getBytes(StandardCharsets.UTF_8);
        } catch (UserNotFoundException e) {
            throw new SaslException(e.getMessage(), e);
        }
    }

    private byte[] generateServerFinalMessage(byte[] bArr) throws SaslException {
        Matcher matcher = CLIENT_FINAL_MESSAGE.matcher(new String(bArr, StandardCharsets.UTF_8));
        if (!matcher.matches()) {
            throw new SaslException("Invalid client final message");
        }
        String group = matcher.group(1);
        String group2 = matcher.group(3);
        String group3 = matcher.group(4);
        if (!this.nonce.equals(group2)) {
            throw new SaslException("Client final message has incorrect nonce value");
        }
        try {
            String str = this.clientFirstMessageBare + ConnectionPoolDefinitionIF.FATAL_SQL_EXCEPTIONS_DELIMITER + this.serverFirstMessage + ConnectionPoolDefinitionIF.FATAL_SQL_EXCEPTIONS_DELIMITER + group;
            byte[] storedKey = getStoredKey(this.username);
            if (storedKey == null) {
                throw new SaslException("No stored key for user '" + this.username + "'");
            }
            byte[] serverKey = getServerKey(this.username);
            if (serverKey == null) {
                throw new SaslException("No server key for user '" + this.username + "'");
            }
            byte[] computeHmac = ScramUtils.computeHmac(storedKey, str);
            byte[] computeHmac2 = ScramUtils.computeHmac(serverKey, str);
            byte[] bArr2 = (byte[]) computeHmac.clone();
            byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(group3);
            for (int i = 0; i < bArr2.length; i++) {
                int i2 = i;
                bArr2[i2] = (byte) (bArr2[i2] ^ parseBase64Binary[i]);
            }
            if (Arrays.equals(storedKey, MessageDigest.getInstance(MessageDigestAlgorithms.SHA_1).digest(bArr2))) {
                return ("v=" + DatatypeConverter.printBase64Binary(computeHmac2)).getBytes(StandardCharsets.UTF_8);
            }
            throw new SaslException("Authentication failed");
        } catch (NoSuchAlgorithmException | UserNotFoundException e) {
            throw new SaslException(e.getMessage(), e);
        }
    }

    public boolean isComplete() {
        return this.state == State.COMPLETE;
    }

    public String getAuthorizationID() {
        if (isComplete()) {
            return this.username;
        }
        throw new IllegalStateException("SCRAM-SHA-1 authentication not completed");
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("SCRAM-SHA-1 does not support integrity or privacy");
        }
        throw new IllegalStateException("SCRAM-SHA-1 authentication not completed");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("SCRAM-SHA-1 does not support integrity or privacy");
        }
        throw new IllegalStateException("SCRAM-SHA-1 authentication not completed");
    }

    public Object getNegotiatedProperty(String str) {
        if (!isComplete()) {
            throw new IllegalStateException("SCRAM-SHA-1 authentication not completed");
        }
        if (str.equals("javax.security.sasl.qop")) {
            return "auth";
        }
        return null;
    }

    public void dispose() throws SaslException {
        this.username = null;
        this.state = State.INITIAL;
    }

    private byte[] getSalt(String str) {
        byte[] parseBase64Binary;
        try {
            String salt = AuthFactory.getSalt(str);
            if (salt == null) {
                Log.debug("No salt found, so resetting password.");
                AuthFactory.setPassword(str, AuthFactory.getPassword(str));
                parseBase64Binary = DatatypeConverter.parseBase64Binary(AuthFactory.getSalt(str));
            } else {
                parseBase64Binary = DatatypeConverter.parseBase64Binary(salt);
            }
            return parseBase64Binary;
        } catch (UnsupportedOperationException | ConnectionException | InternalUnauthenticatedException | UserNotFoundException e) {
            Log.warn("Exception in SCRAM.getSalt():", e);
            byte[] bArr = new byte[24];
            this.random.nextBytes(bArr);
            return bArr;
        }
    }

    private int getIterations(String str) throws UserNotFoundException {
        return AuthFactory.getIterations(str);
    }

    private byte[] getServerKey(String str) throws UserNotFoundException {
        String serverKey = AuthFactory.getServerKey(str);
        if (serverKey == null) {
            return null;
        }
        return DatatypeConverter.parseBase64Binary(serverKey);
    }

    private byte[] getStoredKey(String str) throws UserNotFoundException {
        String storedKey = AuthFactory.getStoredKey(str);
        if (storedKey == null) {
            return null;
        }
        return DatatypeConverter.parseBase64Binary(storedKey);
    }
}
