package org.wildfly.security.sasl.digest;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.wildfly.security.sasl.digest.AbstractDigestMechanism;
import org.wildfly.security.sasl.digest._private.DigestUtils;
import org.wildfly.security.sasl.util.ByteStringBuilder;
import org.wildfly.security.util.DefaultTransformationMapper;
import org.wildfly.security.util.TransformationSpec;

/* loaded from: input_file:org/wildfly/security/sasl/digest/DigestSaslClient.class */
class DigestSaslClient extends AbstractDigestMechanism implements SaslClient {
    private static final int STEP_TWO = 2;
    private static final int STEP_FOUR = 4;
    private String[] realms;
    private boolean stale;
    private int maxbuf;
    private String cipher_opts;
    private final String authorizationId;
    private final boolean hasInitialResponse;
    private final String[] demandedCiphers;
    private final MessageDigest messageDigest;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigestSaslClient(String str, String str2, String str3, CallbackHandler callbackHandler, String str4, boolean z, Charset charset, String[] strArr) throws SaslException {
        super(str, str2, str3, callbackHandler, AbstractDigestMechanism.FORMAT.CLIENT, charset, strArr);
        this.stale = false;
        this.maxbuf = AbstractDigestMechanism.DEFAULT_MAXBUF;
        this.hasInitialResponse = z;
        this.authorizationId = str4;
        this.demandedCiphers = strArr == null ? new String[0] : strArr;
        try {
            this.messageDigest = MessageDigest.getInstance(DigestUtils.messageDigestAlgorithm(str));
        } catch (NoSuchAlgorithmException e) {
            throw new SaslException("Expected message digest algorithm is not available", e);
        }
    }

    private void noteChallengeData(HashMap<String, byte[]> hashMap) {
        LinkedList linkedList = new LinkedList();
        for (String str : hashMap.keySet()) {
            if (str.startsWith("realm")) {
                linkedList.add(new String(hashMap.get(str), StandardCharsets.UTF_8));
            } else if (str.equals("qop")) {
                selectQop(new String(hashMap.get(str), StandardCharsets.UTF_8));
            } else if (str.equals("stale")) {
                this.stale = Boolean.parseBoolean(new String(hashMap.get(str), StandardCharsets.UTF_8));
            } else if (str.equals("maxbuf")) {
                int parseInt = Integer.parseInt(new String(hashMap.get(str), StandardCharsets.UTF_8));
                if (parseInt > 0) {
                    this.maxbuf = parseInt;
                }
            } else if (str.equals("nonce")) {
                this.nonce = hashMap.get(str);
            } else if (str.equals("cipher")) {
                this.cipher_opts = new String(hashMap.get(str), StandardCharsets.UTF_8);
                selectCipher(this.cipher_opts);
            }
        }
        if (this.qop != null && !this.qop.equals(DigestUtils.QOP_AUTH)) {
            setWrapper(new AbstractDigestMechanism.DigestWrapper(this.qop.equals(DigestUtils.QOP_AUTH_CONF)));
        }
        this.realms = new String[linkedList.size()];
        linkedList.toArray(this.realms);
    }

    private void selectQop(String str) {
        String[] split = str.split(String.valueOf(','));
        if (arrayContains(split, DigestUtils.QOP_AUTH_CONF)) {
            this.qop = DigestUtils.QOP_AUTH_CONF;
        } else if (arrayContains(split, DigestUtils.QOP_AUTH_INT)) {
            this.qop = DigestUtils.QOP_AUTH_INT;
        } else {
            this.qop = DigestUtils.QOP_AUTH;
        }
    }

    private void selectCipher(String str) {
        if (str == null) {
            this.cipher = "";
            return;
        }
        for (TransformationSpec transformationSpec : new DefaultTransformationMapper().getTransformationSpecByStrength(Digest.DIGEST_MD5, str.split(String.valueOf(',')))) {
            for (String str2 : this.demandedCiphers) {
                if (str2.equals(transformationSpec.getToken())) {
                    this.cipher = transformationSpec.getToken();
                    return;
                }
            }
        }
        this.cipher = "";
    }

    private byte[] createResponse(HashMap<String, byte[]> hashMap) throws SaslException {
        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
        byte[] bArr = hashMap.get("charset");
        Charset charset = bArr != null ? "utf-8".equals(new String(bArr, StandardCharsets.UTF_8)) ? StandardCharsets.UTF_8 : StandardCharsets.ISO_8859_1 : StandardCharsets.ISO_8859_1;
        if (StandardCharsets.UTF_8.equals(charset)) {
            byteStringBuilder.append("charset=");
            byteStringBuilder.append("utf-8");
            byteStringBuilder.append(',');
        }
        Callback nameCallback = this.authorizationId != null ? new NameCallback("User name", this.authorizationId) : new NameCallback("User name");
        PasswordCallback passwordCallback = new PasswordCallback("User password", false);
        String str = null;
        if (this.realms != null && this.realms.length > 1) {
            Callback realmChoiceCallback = new RealmChoiceCallback("User realm", this.realms, 0, false);
            handleCallbacks(realmChoiceCallback, nameCallback, passwordCallback);
            str = this.realms[realmChoiceCallback.getSelectedIndexes()[0]];
        } else if (this.realms == null || this.realms.length != 1) {
            handleCallbacks(nameCallback, passwordCallback);
        } else {
            Callback realmCallback = new RealmCallback("User realm", this.realms[0]);
            handleCallbacks(realmCallback, nameCallback, passwordCallback);
            str = realmCallback.getText();
        }
        byteStringBuilder.append("username=\"");
        String name = nameCallback.getName();
        byteStringBuilder.append(SaslQuote.quote(name).getBytes(charset));
        byteStringBuilder.append("\"").append(',');
        if (str != null) {
            byteStringBuilder.append("realm=\"");
            byteStringBuilder.append(SaslQuote.quote(str).getBytes(charset));
            byteStringBuilder.append("\"").append(',');
        }
        if (this.nonce == null) {
            throw new SaslException("Nonce not provided by server");
        }
        byteStringBuilder.append("nonce=\"");
        byteStringBuilder.append(this.nonce);
        byteStringBuilder.append("\"").append(',');
        byteStringBuilder.append("nc=");
        int nonceCount = getNonceCount();
        byteStringBuilder.append(DigestUtils.convertToHexBytesWithLeftPadding(nonceCount, 8));
        byteStringBuilder.append(',');
        byteStringBuilder.append("cnonce=\"");
        byte[] generateNonce = generateNonce();
        byteStringBuilder.append(generateNonce);
        byteStringBuilder.append("\"").append(',');
        byteStringBuilder.append("digest-uri=\"");
        byteStringBuilder.append(this.digestURI);
        byteStringBuilder.append("\"").append(',');
        byteStringBuilder.append("maxbuf=");
        byteStringBuilder.append(String.valueOf(this.maxbuf));
        byteStringBuilder.append(',');
        char[] password = passwordCallback.getPassword();
        passwordCallback.clearPassword();
        this.hA1 = DigestUtils.H_A1(this.messageDigest, name, str, password, this.nonce, generateNonce, this.authorizationId, charset);
        byte[] digestResponse = DigestUtils.digestResponse(this.messageDigest, this.hA1, this.nonce, nonceCount, generateNonce, this.authorizationId, this.qop, this.digestURI);
        if (password != null) {
            Arrays.fill(password, (char) 0);
        }
        byteStringBuilder.append("response=");
        byteStringBuilder.append(digestResponse);
        byteStringBuilder.append(',');
        byteStringBuilder.append("qop=");
        byteStringBuilder.append(this.qop != null ? this.qop : DigestUtils.QOP_AUTH);
        if (this.cipher != null && this.cipher.length() != 0) {
            byteStringBuilder.append(',');
            byteStringBuilder.append("cipher=");
            byteStringBuilder.append(this.cipher);
        }
        if (this.authorizationId != null) {
            byteStringBuilder.append(',');
            byteStringBuilder.append("authzid=\"");
            byteStringBuilder.append(SaslQuote.quote(this.authorizationId).getBytes(charset));
            byteStringBuilder.append("\"");
        }
        createCiphersAndKeys();
        return byteStringBuilder.toArray();
    }

    private int getNonceCount() {
        return 1;
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public void init() {
        setNegotiationState(2);
    }

    public boolean hasInitialResponse() {
        return this.hasInitialResponse;
    }

    public byte[] evaluateChallenge(byte[] bArr) throws SaslException {
        return evaluateMessage(bArr);
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    protected byte[] evaluateMessage(int i, byte[] bArr) throws SaslException {
        switch (i) {
            case 2:
                HashMap<String, byte[]> parseResponse = parseResponse(bArr);
                noteChallengeData(parseResponse);
                setNegotiationState(4);
                return createResponse(parseResponse);
            case 4:
                negotiationComplete();
                return null;
            default:
                throw new SaslException("Invalid state");
        }
    }
}
