package org.wildfly.security.sasl.scram;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.ThreadLocalRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.SaslException;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.sasl.util.AbstractSaslClient;
import org.wildfly.security.sasl.util.ByteStringBuilder;
import org.wildfly.security.sasl.util.HexConverter;
import org.wildfly.security.sasl.util.StringPrep;
import org.wildfly.security.util.ByteIterator;

/* loaded from: input_file:org/wildfly/security/sasl/scram/ScramSaslClient.class */
class ScramSaslClient extends AbstractSaslClient {
    private static final int ST_NEW = 1;
    private static final int ST_R1_SENT = 2;
    private static final int ST_R2_SENT = 3;
    private final int minimumIterationCount;
    private final int maximumIterationCount;
    private final MessageDigest messageDigest;
    private final Mac mac;
    private final SecureRandom secureRandom;
    private final boolean plus;
    private final byte[] bindingData;
    private final String bindingType;
    private byte[] clientFirstMessage;
    private int bareStart;
    private byte[] clientFinalMessage;
    private byte[] nonce;
    private PasswordCallback passwordCallback;
    private int proofStart;
    private byte[] saltedPassword;
    private byte[] serverFirstMessage;
    private static final boolean DEBUG = true;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramSaslClient(String str, MessageDigest messageDigest, Mac mac, SecureRandom secureRandom, String str2, String str3, CallbackHandler callbackHandler, String str4, Map<String, ?> map, boolean z, String str5, byte[] bArr) {
        super(str, str2, str3, callbackHandler, str4, true);
        this.bindingType = str5;
        this.minimumIterationCount = getIntProperty(map, WildFlySasl.SCRAM_MIN_ITERATION_COUNT, 4096);
        this.maximumIterationCount = getIntProperty(map, WildFlySasl.SCRAM_MAX_ITERATION_COUNT, 32768);
        this.secureRandom = secureRandom;
        this.messageDigest = messageDigest;
        this.mac = mac;
        this.plus = z;
        this.bindingData = bArr;
    }

    MessageDigest getMessageDigest() {
        return this.messageDigest;
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public void dispose() throws SaslException {
        this.messageDigest.reset();
        setNegotiationState(-1);
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public void init() {
        setNegotiationState(1);
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    protected byte[] evaluateMessage(int i, byte[] bArr) throws SaslException {
        Mac mac;
        MessageDigest messageDigest;
        int next;
        switch (i) {
            case 1:
                if (bArr.length != 0) {
                    throw new SaslException("Initial challenge must be empty");
                }
                ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
                String authorizationId = getAuthorizationId();
                Callback nameCallback = authorizationId == null ? new NameCallback("User name") : new NameCallback("User name", authorizationId);
                PasswordCallback passwordCallback = new PasswordCallback("Password", false);
                this.passwordCallback = passwordCallback;
                handleCallbacks(nameCallback, passwordCallback);
                if (this.bindingData == null) {
                    byteStringBuilder.append("n,");
                } else if (this.plus) {
                    byteStringBuilder.append("p=");
                    byteStringBuilder.append(this.bindingType);
                    byteStringBuilder.append(',');
                } else {
                    byteStringBuilder.append("y,");
                }
                if (authorizationId != null) {
                    byteStringBuilder.append('a').append('=');
                    StringPrep.encode(authorizationId, byteStringBuilder, 1073758207L);
                }
                byteStringBuilder.append(',');
                this.bareStart = byteStringBuilder.length();
                byteStringBuilder.append('n').append('=');
                StringPrep.encode(nameCallback.getName(), byteStringBuilder, 1073758207L);
                byteStringBuilder.append(',').append('r').append('=');
                byte[] generateRandomString = ScramUtils.generateRandomString(48, this.secureRandom != null ? this.secureRandom : ThreadLocalRandom.current());
                this.nonce = generateRandomString;
                byteStringBuilder.append(generateRandomString);
                System.out.printf("[C] Client nonce: %s%n", HexConverter.convertToHexString(this.nonce));
                setNegotiationState(2);
                System.out.printf("[C] Client first message: %s%n", HexConverter.convertToHexString(byteStringBuilder.toArray()));
                byte[] array = byteStringBuilder.toArray();
                this.clientFirstMessage = array;
                return array;
            case 2:
                this.serverFirstMessage = bArr;
                ByteIterator ofBytes = ByteIterator.ofBytes(bArr);
                ByteIterator delimitedBy = ofBytes.delimitedBy(44);
                System.out.printf("[C] Server first message: %s%n", HexConverter.convertToHexString(bArr));
                ByteStringBuilder byteStringBuilder2 = new ByteStringBuilder();
                mac = this.mac;
                messageDigest = this.messageDigest;
                try {
                    try {
                        if (ofBytes.next() == 114 && ofBytes.next() == 61) {
                            if (!delimitedBy.limitedTo(this.nonce.length).contentEquals(ByteIterator.ofBytes(this.nonce))) {
                                throw new SaslException("Nonces do not match");
                            }
                            byte[] drain = delimitedBy.drain();
                            if (drain.length < 18) {
                                throw new SaslException("Server nonce is too short");
                            }
                            ofBytes.next();
                            if (ofBytes.next() == 115 && ofBytes.next() == 61) {
                                byte[] drain2 = delimitedBy.base64Decode().drain();
                                ofBytes.next();
                                System.out.printf("[C] Server sent salt: %s%n", HexConverter.convertToHexString(drain2));
                                if (ofBytes.next() == 105 && ofBytes.next() == 61) {
                                    int parsePosInt = ScramUtils.parsePosInt(delimitedBy);
                                    if (parsePosInt < this.minimumIterationCount) {
                                        throw new SaslException("Iteration count is too low");
                                    }
                                    if (parsePosInt > this.maximumIterationCount) {
                                        throw new SaslException("Iteration count is too high");
                                    }
                                    if (ofBytes.hasNext()) {
                                        if (ofBytes.next() == 44) {
                                            throw new SaslException("Extensions unsupported");
                                        }
                                        throw new SaslException("Invalid server message");
                                    }
                                    byteStringBuilder2.append('c').append('=');
                                    ByteStringBuilder byteStringBuilder3 = new ByteStringBuilder();
                                    if (this.bindingData != null) {
                                        System.out.printf("[C] Binding data: %s%n", HexConverter.convertToHexString(this.bindingData));
                                        if (this.plus) {
                                            byteStringBuilder3.append("p=");
                                            byteStringBuilder3.append(this.bindingType);
                                        } else {
                                            byteStringBuilder3.append('y');
                                        }
                                        byteStringBuilder3.append(',');
                                        if (getAuthorizationId() != null) {
                                            byteStringBuilder3.append("a=").append(getAuthorizationId());
                                        }
                                        byteStringBuilder3.append(',');
                                        if (this.plus) {
                                            byteStringBuilder3.append(this.bindingData);
                                        }
                                        byteStringBuilder2.appendLatin1(byteStringBuilder3.iterate().base64Encode());
                                    } else {
                                        byteStringBuilder3.append('n');
                                        byteStringBuilder3.append(',');
                                        if (getAuthorizationId() != null) {
                                            byteStringBuilder3.append("a=").append(getAuthorizationId());
                                        }
                                        byteStringBuilder3.append(',');
                                        if (!$assertionsDisabled && this.plus) {
                                            throw new AssertionError();
                                        }
                                        byteStringBuilder2.appendLatin1(byteStringBuilder3.iterate().base64Encode());
                                    }
                                    byteStringBuilder2.append(',').append('r').append('=').append(this.nonce).append(drain);
                                    this.saltedPassword = ScramUtils.calculateHi(mac, this.passwordCallback.getPassword(), drain2, 0, drain2.length, parsePosInt);
                                    System.out.printf("[C] Client salted password: %s%n", HexConverter.convertToHexString(this.saltedPassword));
                                    mac.init(new SecretKeySpec(this.saltedPassword, mac.getAlgorithm()));
                                    byte[] doFinal = mac.doFinal(Scram.CLIENT_KEY_BYTES);
                                    System.out.printf("[C] Client key: %s%n", HexConverter.convertToHexString(doFinal));
                                    byte[] digest = messageDigest.digest(doFinal);
                                    System.out.printf("[C] Stored key: %s%n", HexConverter.convertToHexString(digest));
                                    mac.init(new SecretKeySpec(digest, mac.getAlgorithm()));
                                    mac.update(this.clientFirstMessage, this.bareStart, this.clientFirstMessage.length - this.bareStart);
                                    System.out.printf("[C] Using client first message: %s%n", HexConverter.convertToHexString(Arrays.copyOfRange(this.clientFirstMessage, this.bareStart, this.clientFirstMessage.length)));
                                    mac.update((byte) 44);
                                    mac.update(bArr);
                                    System.out.printf("[C] Using server first message: %s%n", HexConverter.convertToHexString(bArr));
                                    mac.update((byte) 44);
                                    byteStringBuilder2.updateMac(mac);
                                    System.out.printf("[C] Using client final message without proof: %s%n", HexConverter.convertToHexString(byteStringBuilder2.toArray()));
                                    byte[] doFinal2 = mac.doFinal();
                                    System.out.printf("[C] Client signature: %s%n", HexConverter.convertToHexString(doFinal2));
                                    ScramUtils.xor(doFinal2, doFinal);
                                    System.out.printf("[C] Client proof: %s%n", HexConverter.convertToHexString(doFinal2));
                                    this.proofStart = byteStringBuilder2.length();
                                    byteStringBuilder2.append(',').append('p').append('=');
                                    byteStringBuilder2.appendLatin1(ByteIterator.ofBytes(doFinal2).base64Encode());
                                    setNegotiationState(3);
                                    System.out.printf("[C] Client final message: %s%n", HexConverter.convertToHexString(byteStringBuilder2.toArray()));
                                    byte[] array2 = byteStringBuilder2.toArray();
                                    this.clientFinalMessage = array2;
                                    messageDigest.reset();
                                    mac.reset();
                                    return array2;
                                }
                            }
                        }
                        messageDigest.reset();
                        mac.reset();
                        throw new SaslException("Invalid server message");
                    } catch (ArrayIndexOutOfBoundsException | IllegalArgumentException | InvalidKeyException e) {
                        throw new SaslException("Invalid server message");
                    }
                } finally {
                    messageDigest.reset();
                    mac.reset();
                }
            case 3:
                System.out.printf("[C] Server final message: %s%n", new String(bArr, StandardCharsets.UTF_8));
                mac = this.mac;
                messageDigest = this.messageDigest;
                ByteIterator ofBytes2 = ByteIterator.ofBytes(bArr);
                ByteIterator delimitedBy2 = ofBytes2.delimitedBy(44);
                try {
                    next = ofBytes2.next();
                } catch (IllegalArgumentException | InvalidKeyException e2) {
                    messageDigest.reset();
                    mac.reset();
                } catch (Throwable th) {
                    messageDigest.reset();
                    mac.reset();
                    throw th;
                }
                if (next == 101) {
                    if (ofBytes2.next() == 61) {
                        throw new SaslException("Server rejected authentication: " + delimitedBy2.asUtf8String().drainToString());
                    }
                    throw new SaslException("Server rejected authentication");
                }
                if (next != 118 || ofBytes2.next() != 61) {
                    messageDigest.reset();
                    mac.reset();
                    setNegotiationState(-1);
                    throw new SaslException("Invalid server message");
                }
                mac.init(new SecretKeySpec(this.saltedPassword, mac.getAlgorithm()));
                byte[] doFinal3 = mac.doFinal(Scram.SERVER_KEY_BYTES);
                System.out.printf("[C] Server key: %s%n", HexConverter.convertToHexString(doFinal3));
                mac.init(new SecretKeySpec(doFinal3, mac.getAlgorithm()));
                mac.update(this.clientFirstMessage, this.bareStart, this.clientFirstMessage.length - this.bareStart);
                mac.update((byte) 44);
                mac.update(this.serverFirstMessage);
                mac.update((byte) 44);
                mac.update(this.clientFinalMessage, 0, this.proofStart);
                byte[] doFinal4 = mac.doFinal();
                System.out.printf("[C] Recovered server signature: %s%n", HexConverter.convertToHexString(doFinal4));
                if (delimitedBy2.base64Decode().contentEquals(ByteIterator.ofBytes(doFinal4))) {
                    setNegotiationState(0);
                    return null;
                }
                setNegotiationState(-1);
                throw new SaslException("Server authenticity cannot be verified");
            default:
                throw new IllegalStateException();
        }
    }

    static {
        $assertionsDisabled = !ScramSaslClient.class.desiredAssertionStatus();
    }
}
