package org.wildfly.security.sasl.scram;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslException;
import org.wildfly.security.auth.callback.CredentialCallback;
import org.wildfly.security.auth.callback.FastUnsupportedCallbackException;
import org.wildfly.security.auth.callback.ParameterCallback;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.TwoWayPassword;
import org.wildfly.security.password.interfaces.ScramDigestPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.HashedPasswordAlgorithmSpec;
import org.wildfly.security.sasl.WildFlySasl;
import org.wildfly.security.sasl.digest.AbstractDigestMechanism;
import org.wildfly.security.sasl.util.AbstractSaslParticipant;
import org.wildfly.security.sasl.util.AbstractSaslServer;
import org.wildfly.security.sasl.util.ByteStringBuilder;
import org.wildfly.security.sasl.util.HexConverter;
import org.wildfly.security.sasl.util.StringPrep;
import org.wildfly.security.util.ByteIterator;
import org.wildfly.security.util.CodePointIterator;

/* loaded from: input_file:org/wildfly/security/sasl/scram/ScramSaslServer.class */
final class ScramSaslServer extends AbstractSaslServer {
    private static final int S_NO_MESSAGE = 1;
    private static final int S_FIRST_MESSAGE = 2;
    private static final int S_FINAL_MESSAGE = 3;
    private final boolean plus;
    private final MessageDigest messageDigest;
    private final Mac mac;
    private final SecureRandom secureRandom;
    private final int minimumIterationCount;
    private final int maximumIterationCount;
    private final String bindingType;
    private final byte[] bindingData;
    private int state;
    private String authorizationID;
    private byte[] clientFirstMessage;
    private byte[] serverFirstMessage;
    private byte[] saltedPassword;
    private final boolean sendErrors = false;
    private int clientFirstMessageBareStart;
    private static final boolean DEBUG = true;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramSaslServer(String str, String str2, String str3, CallbackHandler callbackHandler, boolean z, Map<String, ?> map, MessageDigest messageDigest, Mac mac, SecureRandom secureRandom, String str4, byte[] bArr) {
        super(str, str2, str3, callbackHandler);
        this.sendErrors = false;
        this.messageDigest = messageDigest;
        this.mac = mac;
        this.minimumIterationCount = getIntProperty(map, WildFlySasl.SCRAM_MIN_ITERATION_COUNT, 4096);
        this.maximumIterationCount = getIntProperty(map, WildFlySasl.SCRAM_MAX_ITERATION_COUNT, 32768);
        this.secureRandom = secureRandom;
        this.plus = z;
        this.bindingType = str4;
        this.bindingData = bArr;
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public void init() {
        setNegotiationState(1);
    }

    public String getAuthorizationID() {
        return this.authorizationID;
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    protected byte[] evaluateMessage(int i, byte[] bArr) throws SaslException {
        HashedPasswordAlgorithmSpec hashedPasswordAlgorithmSpec;
        int iterationCount;
        byte[] salt;
        try {
            try {
                switch (i) {
                    case AbstractSaslParticipant.FAILED_STATE /* -1 */:
                        throw new SaslException("Authentication failed");
                    case AbstractSaslParticipant.COMPLETE_STATE /* 0 */:
                        if (bArr != null && bArr.length != 0) {
                            throw new SaslException("Client sent extra response");
                        }
                        if (1 == 0) {
                            setNegotiationState(-1);
                        }
                        return null;
                    case 1:
                        if (bArr == null || bArr.length == 0) {
                            setNegotiationState(2);
                            byte[] bArr2 = NO_BYTES;
                            if (1 == 0) {
                                setNegotiationState(-1);
                            }
                            return bArr2;
                        }
                        break;
                    case 2:
                        break;
                    case 3:
                        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
                        ByteIterator ofBytes = ByteIterator.ofBytes(bArr);
                        ByteIterator delimitedBy = ofBytes.delimitedBy(44);
                        if (ofBytes.next() != 99 || ofBytes.next() != 61) {
                            throw invalidClientMessage();
                        }
                        ByteIterator base64Decode = delimitedBy.base64Decode();
                        switch (base64Decode.next()) {
                            case 110:
                                if (this.plus) {
                                    throw new SaslException("Channel binding not provided by client for mechanism " + getMechanismName());
                                }
                                if (base64Decode.next() != 44) {
                                    throw invalidClientMessage();
                                }
                                switch (base64Decode.next()) {
                                    case AbstractDigestMechanism.DELIMITER /* 44 */:
                                        break;
                                    case 97:
                                        if (base64Decode.next() == 61) {
                                            this.authorizationID = base64Decode.delimitedBy(44).asUtf8String().drainToString();
                                            break;
                                        } else {
                                            throw invalidClientMessage();
                                        }
                                    default:
                                        throw invalidClientMessage();
                                }
                                if (base64Decode.hasNext() && (base64Decode.next() != 44 || base64Decode.hasNext())) {
                                    throw invalidClientMessage();
                                }
                                break;
                            case 112:
                                if (!this.plus) {
                                    throw new SaslException("Channel binding not supported for mechanism " + getMechanismName());
                                }
                                if (base64Decode.next() != 61) {
                                    throw invalidClientMessage();
                                }
                                if (!this.bindingType.equals(base64Decode.delimitedBy(44).asUtf8String().drainToString())) {
                                    throw new SaslException("Channel binding type mismatch for mechanism " + getMechanismName());
                                }
                                if (base64Decode.next() != 44) {
                                    throw invalidClientMessage();
                                }
                                switch (base64Decode.next()) {
                                    case AbstractDigestMechanism.DELIMITER /* 44 */:
                                        break;
                                    case 97:
                                        if (base64Decode.next() == 61) {
                                            this.authorizationID = base64Decode.delimitedBy(44).asUtf8String().drainToString();
                                            break;
                                        } else {
                                            throw invalidClientMessage();
                                        }
                                    default:
                                        throw invalidClientMessage();
                                }
                                if (!base64Decode.contentEquals(ByteIterator.ofBytes(this.bindingData))) {
                                    throw new SaslException("Channel binding data mismatch for mechanism " + getMechanismName());
                                }
                                if (base64Decode.hasNext() && (base64Decode.next() != 44 || base64Decode.hasNext())) {
                                    throw invalidClientMessage();
                                }
                                break;
                            case 121:
                                if (this.plus) {
                                    throw new SaslException("Channel binding not provided by client for mechanism " + getMechanismName());
                                }
                                if (base64Decode.next() != 44) {
                                    throw invalidClientMessage();
                                }
                                switch (base64Decode.next()) {
                                    case AbstractDigestMechanism.DELIMITER /* 44 */:
                                        break;
                                    case 97:
                                        if (base64Decode.next() == 61) {
                                            this.authorizationID = base64Decode.delimitedBy(44).asUtf8String().drainToString();
                                            break;
                                        } else {
                                            throw invalidClientMessage();
                                        }
                                    default:
                                        throw invalidClientMessage();
                                }
                                if (base64Decode.hasNext() && (base64Decode.next() != 44 || base64Decode.hasNext())) {
                                    throw invalidClientMessage();
                                }
                                break;
                        }
                        ofBytes.next();
                        if (ofBytes.next() != 114 || ofBytes.next() != 61) {
                            throw invalidClientMessage();
                        }
                        while (delimitedBy.hasNext()) {
                            delimitedBy.next();
                        }
                        int offset = ofBytes.offset();
                        ofBytes.next();
                        if (ofBytes.next() != 112 || ofBytes.next() != 61) {
                            throw invalidClientMessage();
                        }
                        byte[] drain = delimitedBy.drain();
                        if (ofBytes.hasNext()) {
                            throw invalidClientMessage();
                        }
                        this.mac.reset();
                        this.mac.init(new SecretKeySpec(this.saltedPassword, this.mac.getAlgorithm()));
                        this.mac.update(Scram.CLIENT_KEY_BYTES);
                        byte[] doFinal = this.mac.doFinal();
                        System.out.printf("[S] Client key: %s%n", HexConverter.convertToHexString(doFinal));
                        this.messageDigest.reset();
                        this.messageDigest.update(doFinal);
                        byte[] digest = this.messageDigest.digest();
                        System.out.printf("[S] Stored key: %s%n", HexConverter.convertToHexString(digest));
                        this.mac.reset();
                        this.mac.init(new SecretKeySpec(digest, this.mac.getAlgorithm()));
                        this.mac.update(this.clientFirstMessage, this.clientFirstMessageBareStart, this.clientFirstMessage.length - this.clientFirstMessageBareStart);
                        System.out.printf("[S] Using client first message: %s%n", HexConverter.convertToHexString(Arrays.copyOfRange(this.clientFirstMessage, this.clientFirstMessageBareStart, this.clientFirstMessage.length)));
                        this.mac.update((byte) 44);
                        this.mac.update(this.serverFirstMessage);
                        System.out.printf("[S] Using server first message: %s%n", HexConverter.convertToHexString(this.serverFirstMessage));
                        this.mac.update((byte) 44);
                        this.mac.update(bArr, 0, offset);
                        System.out.printf("[S] Using client final message without proof: %s%n", HexConverter.convertToHexString(Arrays.copyOfRange(bArr, 0, offset)));
                        byte[] doFinal2 = this.mac.doFinal();
                        System.out.printf("[S] Client signature: %s%n", HexConverter.convertToHexString(doFinal2));
                        this.mac.reset();
                        this.mac.init(new SecretKeySpec(this.saltedPassword, this.mac.getAlgorithm()));
                        this.mac.update(Scram.SERVER_KEY_BYTES);
                        byte[] doFinal3 = this.mac.doFinal();
                        System.out.printf("[S] Server key: %s%n", HexConverter.convertToHexString(doFinal3));
                        this.mac.reset();
                        this.mac.init(new SecretKeySpec(doFinal3, this.mac.getAlgorithm()));
                        this.mac.update(this.clientFirstMessage, this.clientFirstMessageBareStart, this.clientFirstMessage.length - this.clientFirstMessageBareStart);
                        this.mac.update((byte) 44);
                        this.mac.update(this.serverFirstMessage);
                        this.mac.update((byte) 44);
                        this.mac.update(bArr, 0, offset);
                        byte[] doFinal4 = this.mac.doFinal();
                        System.out.printf("[S] Server signature: %s%n", HexConverter.convertToHexString(doFinal4));
                        System.out.printf("[S] Client proof string: %s%n", CodePointIterator.ofUtf8Bytes(drain).drainToString());
                        byteStringBuilder.setLength(0);
                        byte[] drain2 = ByteIterator.ofBytes(drain).base64Decode().drain();
                        System.out.printf("[S] Client proof: %s%n", HexConverter.convertToHexString(drain2));
                        byte[] bArr3 = (byte[]) doFinal2.clone();
                        ScramUtils.xor(bArr3, drain2);
                        System.out.printf("[S] Recovered client key: %s%n", HexConverter.convertToHexString(bArr3));
                        if (!Arrays.equals(bArr3, doFinal)) {
                            throw new SaslException("Authentication rejected (invalid proof)");
                        }
                        byteStringBuilder.setLength(0);
                        byteStringBuilder.append('v').append('=');
                        byteStringBuilder.appendUtf8(ByteIterator.ofBytes(doFinal4).base64Encode());
                        byte[] array = byteStringBuilder.toArray();
                        if (1 == 0) {
                            setNegotiationState(-1);
                        }
                        return array;
                    default:
                        throw new IllegalStateException();
                }
                if (bArr == null || bArr.length == 0) {
                    throw new SaslException("Client refuses to initiate authentication");
                }
                System.out.printf("[S] Client first message: %s%n", HexConverter.convertToHexString(bArr));
                ByteStringBuilder byteStringBuilder2 = new ByteStringBuilder();
                ByteIterator ofBytes2 = ByteIterator.ofBytes(bArr);
                ByteIterator delimitedBy2 = ofBytes2.delimitedBy(44);
                CodePointIterator asUtf8String = delimitedBy2.asUtf8String();
                int next = ofBytes2.next();
                if (next == 112 && this.plus) {
                    if (!$assertionsDisabled && this.bindingType == null) {
                        throw new AssertionError();
                    }
                    if (!$assertionsDisabled && this.bindingData == null) {
                        throw new AssertionError();
                    }
                    if (ofBytes2.next() != 61) {
                        throw invalidClientMessage();
                    }
                    if (!this.bindingType.equals(asUtf8String.drainToString())) {
                        throw new SaslException("Channel binding type mismatch between client and server");
                    }
                    ofBytes2.next();
                } else {
                    if ((next != 121 && next != 110) || this.plus) {
                        throw invalidClientMessage();
                    }
                    if (ofBytes2.next() != 44) {
                        throw invalidClientMessage();
                    }
                }
                int next2 = ofBytes2.next();
                if (next2 == 97) {
                    if (ofBytes2.next() != 61) {
                        throw invalidClientMessage();
                    }
                    this.authorizationID = asUtf8String.drainToString();
                    ofBytes2.next();
                } else if (next2 != 44) {
                    throw invalidClientMessage();
                }
                this.clientFirstMessageBareStart = ofBytes2.offset();
                if (ofBytes2.next() != 110) {
                    throw invalidClientMessage();
                }
                if (ofBytes2.next() != 61) {
                    throw invalidClientMessage();
                }
                String drainToString = asUtf8String.drainToString();
                ofBytes2.next();
                if (ofBytes2.next() != 114 || ofBytes2.next() != 61) {
                    throw invalidClientMessage();
                }
                byte[] drain3 = delimitedBy2.drain();
                System.out.printf("[S] Client nonce: %s%n", HexConverter.convertToHexString(drain3));
                if (ofBytes2.hasNext()) {
                    throw invalidClientMessage();
                }
                this.clientFirstMessage = bArr;
                Callback nameCallback = new NameCallback("Remote authentication name");
                nameCallback.setName(drainToString);
                CredentialCallback credentialCallback = new CredentialCallback(ScramDigestPassword.class);
                try {
                    tryHandleCallbacks(nameCallback, credentialCallback);
                    Password password = (Password) credentialCallback.getCredential();
                    if (password != null) {
                        iterationCount = ((ScramDigestPassword) password).getIterationCount();
                        salt = ((ScramDigestPassword) password).getSalt();
                        System.out.printf("[S] Salt (pre digested): %s%n", HexConverter.convertToHexString(salt));
                        if (iterationCount < this.minimumIterationCount) {
                            throw new SaslException("Iteration count " + iterationCount + " is below the minimum of " + this.minimumIterationCount);
                        }
                        if (iterationCount > this.maximumIterationCount) {
                            throw new SaslException("Iteration count " + iterationCount + " is above the maximum of " + this.maximumIterationCount);
                        }
                        if (salt == null) {
                            throw new SaslException("Salt must be specified");
                        }
                        this.saltedPassword = ((ScramDigestPassword) password).getDigest();
                        System.out.printf("[S] Salted password (pre digested): %s%n", HexConverter.convertToHexString(this.saltedPassword));
                    } else {
                        CredentialCallback credentialCallback2 = new CredentialCallback(TwoWayPassword.class);
                        ParameterCallback parameterCallback = new ParameterCallback(HashedPasswordAlgorithmSpec.class);
                        try {
                            tryHandleCallbacks(nameCallback, parameterCallback, credentialCallback2);
                            hashedPasswordAlgorithmSpec = (HashedPasswordAlgorithmSpec) parameterCallback.getParameterSpec();
                        } catch (UnsupportedCallbackException e) {
                            Callback callback = e.getCallback();
                            if (callback == nameCallback) {
                                throw new SaslException("Callback handler does not support user name", e);
                            }
                            if (callback == credentialCallback2) {
                                throw new SaslException("Callback handler does not support credential acquisition", e);
                            }
                            if (callback != parameterCallback) {
                                throw new SaslException("Callback handler failed for unknown reason", e);
                            }
                            byte[] bArr4 = new byte[16];
                            getRandom().nextBytes(bArr4);
                            System.out.printf("[S] Salt (random): %s%n", HexConverter.convertToHexString(bArr4));
                            hashedPasswordAlgorithmSpec = new HashedPasswordAlgorithmSpec(this.minimumIterationCount, bArr4);
                            try {
                                tryHandleCallbacks(nameCallback, credentialCallback2);
                            } catch (UnsupportedCallbackException e2) {
                                Callback callback2 = e.getCallback();
                                if (callback2 == nameCallback) {
                                    throw new SaslException("Callback handler does not support user name", e);
                                }
                                if (callback2 == credentialCallback2) {
                                    throw new SaslException("Callback handler does not support credential acquisition", e);
                                }
                                throw new SaslException("Callback handler failed for unknown reason", e);
                            }
                        }
                        if (hashedPasswordAlgorithmSpec == null) {
                            throw new FastUnsupportedCallbackException(parameterCallback);
                        }
                        Password password2 = (Password) credentialCallback2.getCredential();
                        try {
                            try {
                                StringPrep.encode(((ClearPasswordSpec) PasswordFactory.getInstance(password2.getAlgorithm()).getKeySpec(password2, ClearPasswordSpec.class)).getEncodedPassword(), byteStringBuilder2, 4L);
                                char[] charArray = new String(byteStringBuilder2.toArray(), StandardCharsets.UTF_8).toCharArray();
                                byteStringBuilder2.setLength(0);
                                iterationCount = hashedPasswordAlgorithmSpec.getIterationCount();
                                salt = hashedPasswordAlgorithmSpec.getSalt();
                                if (iterationCount < this.minimumIterationCount) {
                                    throw new SaslException("Iteration count " + iterationCount + " is below the minimum of " + this.minimumIterationCount);
                                }
                                if (iterationCount > this.maximumIterationCount) {
                                    throw new SaslException("Iteration count " + iterationCount + " is above the maximum of " + this.maximumIterationCount);
                                }
                                if (salt == null) {
                                    throw new SaslException("Salt must be specified");
                                }
                                try {
                                    this.saltedPassword = ScramUtils.calculateHi(this.mac, charArray, salt, 0, salt.length, iterationCount);
                                    System.out.printf("[S] Salted password: %s%n", HexConverter.convertToHexString(this.saltedPassword));
                                } catch (InvalidKeyException e3) {
                                    throw new SaslException("Invalid MAC initialization key");
                                }
                            } catch (InvalidKeySpecException e4) {
                                throw new SaslException("Unsupported password algorithm type");
                            }
                        } catch (NoSuchAlgorithmException e5) {
                            throw new SaslException("Invalid password algorithm");
                        }
                    }
                    byteStringBuilder2.append('r').append('=');
                    byteStringBuilder2.append(drain3);
                    byteStringBuilder2.append(ScramUtils.generateRandomString(28, getRandom()));
                    byteStringBuilder2.append(',');
                    byteStringBuilder2.append('s').append('=');
                    byteStringBuilder2.appendLatin1(ByteIterator.ofBytes(salt).base64Encode());
                    byteStringBuilder2.append(',');
                    byteStringBuilder2.append('i').append('=');
                    byteStringBuilder2.append(Integer.toString(iterationCount));
                    setNegotiationState(3);
                    byte[] array2 = byteStringBuilder2.toArray();
                    this.serverFirstMessage = array2;
                    if (1 == 0) {
                        setNegotiationState(-1);
                    }
                    return array2;
                } catch (UnsupportedCallbackException e6) {
                    Callback callback3 = e6.getCallback();
                    if (callback3 == nameCallback) {
                        throw new SaslException("Callback handler does not support user name", e6);
                    }
                    if (callback3 == credentialCallback) {
                        throw new SaslException("Callback handler does not support credential acquisition", e6);
                    }
                    throw new SaslException("Callback handler failed for unknown reason", e6);
                }
            } catch (ArrayIndexOutOfBoundsException | InvalidKeyException e7) {
                throw invalidClientMessage();
            }
        } catch (Throwable th) {
            if (0 == 0) {
                setNegotiationState(-1);
            }
            throw th;
        }
    }

    Random getRandom() {
        return this.secureRandom != null ? this.secureRandom : ThreadLocalRandom.current();
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public void dispose() throws SaslException {
        this.clientFirstMessage = null;
        this.serverFirstMessage = null;
        this.state = -1;
        this.mac.reset();
        this.messageDigest.reset();
    }

    @Override // org.wildfly.security.sasl.util.AbstractSaslParticipant
    public boolean isComplete() {
        return this.state == 0;
    }

    static SaslException invalidClientMessage() {
        return new SaslException("Invalid client message");
    }

    static {
        $assertionsDisabled = !ScramSaslServer.class.desiredAssertionStatus();
    }
}
