package org.wildfly.security.mechanism.scram;

import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.NoSuchElementException;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import java.util.function.Supplier;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import org.wildfly.common.Assert;
import org.wildfly.common.bytes.ByteStringBuilder;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.security.auth.callback.ChannelBindingCallback;
import org.wildfly.security.mechanism.AuthenticationMechanismException;
import org.wildfly.security.mechanism.ScramServerErrorCode;
import org.wildfly.security.mechanism.ScramServerException;
import org.wildfly.security.mechanism._private.ElytronMessages;
import org.wildfly.security.mechanism._private.MechanismUtil;
import org.wildfly.security.password.interfaces.ScramDigestPassword;
import org.wildfly.security.password.spec.IteratedPasswordAlgorithmSpec;
import org.wildfly.security.sasl.util.StringPrep;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-1.15.5.Final.jar:org/wildfly/security/mechanism/scram/ScramServer.class */
public final class ScramServer {
    private final Supplier<Provider[]> providers;
    private final ScramMechanism mechanism;
    private final CallbackHandler callbackHandler;
    private final SecureRandom random;
    private final byte[] bindingData;
    private final String bindingType;
    private final int minimumIterationCount;
    private final int maximumIterationCount;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramServer(ScramMechanism scramMechanism, CallbackHandler callbackHandler, SecureRandom secureRandom, byte[] bArr, String str, int i, int i2, Supplier<Provider[]> supplier) {
        this.mechanism = scramMechanism;
        this.callbackHandler = callbackHandler;
        this.random = secureRandom;
        this.bindingData = bArr;
        this.bindingType = str;
        this.minimumIterationCount = i;
        this.maximumIterationCount = i2;
        this.providers = supplier;
    }

    public ScramInitialClientMessage parseInitialClientMessage(ChannelBindingCallback channelBindingCallback, byte[] bArr) throws AuthenticationMechanismException {
        String str;
        byte[] bArr2;
        boolean z;
        String str2;
        byte[] bArr3 = (byte[]) bArr.clone();
        ByteIterator ofBytes = ByteIterator.ofBytes(bArr3);
        try {
            char next = (char) ofBytes.next();
            if (channelBindingCallback != null) {
                str = channelBindingCallback.getBindingType();
                bArr2 = channelBindingCallback.getBindingData();
            } else {
                str = null;
                bArr2 = null;
            }
            if (next == 'p') {
                if (!this.mechanism.isPlus()) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotSupported(), ScramServerErrorCode.SERVER_DOES_NOT_SUPPORT_CHANNEL_BINDING);
                }
                if (str == null || bArr2 == null) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.CHANNEL_BINDING_NOT_PROVIDED);
                }
                if (ofBytes.next() != 61) {
                    throw ElytronMessages.saslScram.mechInvalidMessageReceived();
                }
                if (!str.equals(ofBytes.delimitedBy(new int[]{44}).asUtf8String().drainToString())) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingTypeMismatch(), ScramServerErrorCode.UNSUPPORTED_CHANNEL_BINDING_TYPE);
                }
                z = true;
            } else if (next == 'y') {
                if (this.mechanism.isPlus()) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
                if (str != null || bArr2 != null) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
                z = true;
            } else {
                if (next != 'n') {
                    throw ElytronMessages.saslScram.mechInvalidMessageReceived();
                }
                if (this.mechanism.isPlus()) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
                if (str != null || bArr2 != null) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
                z = false;
            }
            if (ofBytes.next() != 44) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            int next2 = ofBytes.next();
            if (next2 == 97) {
                if (ofBytes.next() != 61) {
                    throw ElytronMessages.saslScram.mechInvalidClientMessage();
                }
                str2 = ofBytes.delimitedBy(new int[]{44}).asUtf8String().drainToString();
                ofBytes.next();
            } else {
                if (next2 != 44) {
                    throw ElytronMessages.saslScram.mechInvalidClientMessage();
                }
                str2 = null;
            }
            int index = (int) ofBytes.getIndex();
            if (ofBytes.next() != 110) {
                throw ElytronMessages.saslScram.mechInvalidClientMessage();
            }
            if (ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidClientMessage();
            }
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
            StringPrep.encode(ofBytes.delimitedBy(new int[]{44}).asUtf8String().drainToString(), byteStringBuilder, 268443647L);
            String str3 = new String(byteStringBuilder.toArray(), StandardCharsets.UTF_8);
            ofBytes.next();
            if (ofBytes.next() != 114 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidClientMessage();
            }
            byte[] drain = ofBytes.delimitedBy(new int[]{44}).drain();
            if (ofBytes.hasNext()) {
                throw ElytronMessages.saslScram.mechInvalidClientMessage();
            }
            return new ScramInitialClientMessage(this.mechanism, str2, str3, z, str, bArr2, drain, index, bArr3);
        } catch (NoSuchElementException e) {
            throw ElytronMessages.saslScram.mechInvalidMessageReceived();
        }
    }

    public ScramInitialServerResult evaluateInitialResponse(ScramInitialClientMessage scramInitialClientMessage) throws AuthenticationMechanismException {
        boolean isTraceEnabled = ElytronMessages.saslScram.isTraceEnabled();
        if (scramInitialClientMessage.getMechanism() != this.mechanism) {
            throw ElytronMessages.saslScram.mechUnmatchedMechanism(this.mechanism.toString(), scramInitialClientMessage.getMechanism().toString());
        }
        try {
            MechanismUtil.handleCallbacks(ElytronMessages.saslScram, this.callbackHandler, new NameCallback("Remote authentication name", scramInitialClientMessage.getAuthenticationName()));
            ScramDigestPassword scramDigestPassword = (ScramDigestPassword) MechanismUtil.getPasswordCredential(scramInitialClientMessage.getAuthenticationName(), this.callbackHandler, ScramDigestPassword.class, this.mechanism.getPasswordAlgorithm(), null, new IteratedPasswordAlgorithmSpec(Math.max(this.minimumIterationCount, Math.min(this.maximumIterationCount, 20000))), this.providers, ElytronMessages.saslScram);
            byte[] digest = scramDigestPassword.getDigest();
            int iterationCount = scramDigestPassword.getIterationCount();
            if (iterationCount < this.minimumIterationCount) {
                throw ElytronMessages.saslScram.mechIterationCountIsTooLow(iterationCount, this.minimumIterationCount);
            }
            if (iterationCount > this.maximumIterationCount) {
                throw ElytronMessages.saslScram.mechIterationCountIsTooHigh(iterationCount, this.maximumIterationCount);
            }
            byte[] salt = scramDigestPassword.getSalt();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Salt: %s%n", ByteIterator.ofBytes(salt).hexEncode().drainToString());
            }
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Salted password: %s%n", ByteIterator.ofBytes(digest).hexEncode().drainToString());
            }
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
            byteStringBuilder.append('r').append('=');
            byteStringBuilder.append(scramInitialClientMessage.getRawNonce());
            byte[] generateNonce = ScramUtil.generateNonce(28, getRandom());
            byteStringBuilder.append(generateNonce);
            byteStringBuilder.append(',');
            byteStringBuilder.append('s').append('=');
            byteStringBuilder.appendLatin1(ByteIterator.ofBytes(salt).base64Encode());
            byteStringBuilder.append(',');
            byteStringBuilder.append('i').append('=');
            byteStringBuilder.append(Integer.toString(iterationCount));
            return new ScramInitialServerResult(new ScramInitialServerMessage(scramInitialClientMessage, generateNonce, salt, iterationCount, byteStringBuilder.toArray()), scramDigestPassword);
        } catch (UnsupportedCallbackException e) {
            throw ElytronMessages.saslScram.mechCallbackHandlerDoesNotSupportUserName(e);
        }
    }

    public ScramFinalClientMessage parseFinalClientMessage(ScramInitialClientMessage scramInitialClientMessage, ScramInitialServerResult scramInitialServerResult, byte[] bArr) throws AuthenticationMechanismException {
        ScramInitialServerMessage scramInitialChallenge = scramInitialServerResult.getScramInitialChallenge();
        Assert.checkNotNullParam("initialResponse", scramInitialClientMessage);
        Assert.checkNotNullParam("initialChallenge", scramInitialChallenge);
        ScramMechanism mechanism = scramInitialClientMessage.getMechanism();
        if (mechanism != scramInitialChallenge.getMechanism()) {
            throw ElytronMessages.saslScram.mechUnmatchedMechanism(mechanism.toString(), scramInitialChallenge.getMechanism().toString());
        }
        byte[] bArr2 = (byte[]) bArr.clone();
        ByteIterator ofBytes = ByteIterator.ofBytes(bArr2);
        try {
            if (ofBytes.next() != 99 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            ByteIterator base64Decode = ofBytes.delimitedBy(new int[]{44}).asUtf8String().base64Decode();
            char next = (char) base64Decode.next();
            String bindingType = scramInitialClientMessage.getBindingType();
            byte[] rawBindingData = scramInitialClientMessage.getRawBindingData();
            boolean isBinding = scramInitialClientMessage.isBinding();
            if (next == 'p') {
                if (!isBinding) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotSupported(), ScramServerErrorCode.CHANNEL_BINDING_NOT_SUPPORTED);
                }
                if (bindingType == null || rawBindingData == null) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.CHANNEL_BINDING_NOT_PROVIDED);
                }
                if (base64Decode.next() != 61) {
                    throw ElytronMessages.saslScram.mechInvalidMessageReceived();
                }
                if (!bindingType.equals(base64Decode.delimitedBy(new int[]{44}).asUtf8String().drainToString())) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingTypeMismatch(), ScramServerErrorCode.UNSUPPORTED_CHANNEL_BINDING_TYPE);
                }
            } else if (next == 'y') {
                if (mechanism.isPlus()) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
                if (bindingType != null || rawBindingData != null) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
            } else {
                if (next != 'n') {
                    throw ElytronMessages.saslScram.mechInvalidMessageReceived();
                }
                if (isBinding) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
                if (mechanism.isPlus()) {
                    throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingNotProvided(), ScramServerErrorCode.SERVER_DOES_SUPPORT_CHANNEL_BINDING);
                }
            }
            if (base64Decode.next() != 44) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            int next2 = base64Decode.next();
            if (next2 == 97) {
                if (base64Decode.next() != 61) {
                    throw ElytronMessages.saslScram.mechInvalidClientMessage();
                }
                String drainToString = base64Decode.delimitedBy(new int[]{44}).asUtf8String().drainToString();
                base64Decode.next();
                if (!drainToString.equals(scramInitialClientMessage.getAuthorizationId())) {
                    throw ElytronMessages.saslScram.mechAuthorizationIdChanged();
                }
            } else {
                if (next2 != 44) {
                    throw ElytronMessages.saslScram.mechInvalidClientMessage();
                }
                if (scramInitialClientMessage.getAuthorizationId() != null) {
                    throw ElytronMessages.saslScram.mechAuthorizationIdChanged();
                }
            }
            if (rawBindingData != null && !base64Decode.contentEquals(ByteIterator.ofBytes(rawBindingData))) {
                throw new ScramServerException(ElytronMessages.saslScram.mechChannelBindingChanged(), ScramServerErrorCode.CHANNEL_BINDINGS_DONT_MATCH);
            }
            ofBytes.next();
            if (ofBytes.next() != 114 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidClientMessage();
            }
            byte[] rawNonce = scramInitialClientMessage.getRawNonce();
            byte[] rawServerNonce = scramInitialChallenge.getRawServerNonce();
            if (!MessageDigest.isEqual(ofBytes.delimitedBy(new int[]{44}).drain(), ByteBuffer.allocate(rawNonce.length + rawServerNonce.length).put(rawNonce).put(rawServerNonce).array())) {
                throw ElytronMessages.saslScram.mechNoncesDoNotMatch();
            }
            int index = (int) ofBytes.getIndex();
            ofBytes.next();
            if (ofBytes.next() != 112 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidClientMessage();
            }
            byte[] drain = ofBytes.delimitedBy(new int[]{44}).asUtf8String().base64Decode().drain();
            if (ofBytes.hasNext()) {
                throw ElytronMessages.saslScram.mechInvalidClientMessage();
            }
            return new ScramFinalClientMessage(scramInitialClientMessage, scramInitialChallenge, scramInitialServerResult.getScramDigestPassword(), drain, bArr2, index);
        } catch (NoSuchElementException e) {
            throw ElytronMessages.saslScram.mechInvalidMessageReceived();
        }
    }

    public ScramFinalServerMessage evaluateFinalClientMessage(ScramInitialServerResult scramInitialServerResult, ScramFinalClientMessage scramFinalClientMessage) throws AuthenticationMechanismException {
        String str;
        boolean isTraceEnabled = ElytronMessages.saslScram.isTraceEnabled();
        if (scramFinalClientMessage.getMechanism() != this.mechanism) {
            throw ElytronMessages.saslScram.mechUnmatchedMechanism(this.mechanism.toString(), scramFinalClientMessage.getMechanism().toString());
        }
        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
        try {
            Mac mac = Mac.getInstance(getMechanism().getHmacName());
            MessageDigest messageDigest = MessageDigest.getInstance(getMechanism().getMessageDigestName());
            mac.reset();
            byte[] digest = scramInitialServerResult.getScramDigestPassword().getDigest();
            mac.init(new SecretKeySpec(digest, mac.getAlgorithm()));
            mac.update(ScramUtil.CLIENT_KEY_BYTES);
            byte[] doFinal = mac.doFinal();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Client key: %s%n", ByteIterator.ofBytes(doFinal).hexEncode().drainToString());
            }
            messageDigest.reset();
            messageDigest.update(doFinal);
            byte[] digest2 = messageDigest.digest();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Stored key: %s%n", ByteIterator.ofBytes(digest2).hexEncode().drainToString());
            }
            mac.reset();
            mac.init(new SecretKeySpec(digest2, mac.getAlgorithm()));
            byte[] rawMessageBytes = scramFinalClientMessage.getInitialResponse().getRawMessageBytes();
            int initialPartIndex = scramFinalClientMessage.getInitialResponse().getInitialPartIndex();
            mac.update(rawMessageBytes, initialPartIndex, rawMessageBytes.length - initialPartIndex);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Using client first message: %s%n", ByteIterator.ofBytes(Arrays.copyOfRange(rawMessageBytes, initialPartIndex, rawMessageBytes.length)).hexEncode().drainToString());
            }
            mac.update((byte) 44);
            byte[] rawMessageBytes2 = scramInitialServerResult.getScramInitialChallenge().getRawMessageBytes();
            mac.update(rawMessageBytes2);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Using server first message: %s%n", ByteIterator.ofBytes(rawMessageBytes2).hexEncode().drainToString());
            }
            mac.update((byte) 44);
            byte[] rawMessageBytes3 = scramFinalClientMessage.getRawMessageBytes();
            int proofOffset = scramFinalClientMessage.getProofOffset();
            mac.update(rawMessageBytes3, 0, proofOffset);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Using client final message without proof: %s%n", ByteIterator.ofBytes(Arrays.copyOfRange(rawMessageBytes3, 0, proofOffset)).hexEncode().drainToString());
            }
            byte[] doFinal2 = mac.doFinal();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Client signature: %s%n", ByteIterator.ofBytes(doFinal2).hexEncode().drainToString());
            }
            mac.reset();
            mac.init(new SecretKeySpec(digest, mac.getAlgorithm()));
            mac.update(ScramUtil.SERVER_KEY_BYTES);
            byte[] doFinal3 = mac.doFinal();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Server key: %s%n", ByteIterator.ofBytes(doFinal3).hexEncode().drainToString());
            }
            mac.reset();
            mac.init(new SecretKeySpec(doFinal3, mac.getAlgorithm()));
            mac.update(rawMessageBytes, initialPartIndex, rawMessageBytes.length - initialPartIndex);
            mac.update((byte) 44);
            mac.update(rawMessageBytes2);
            mac.update((byte) 44);
            mac.update(rawMessageBytes3, 0, proofOffset);
            byte[] doFinal4 = mac.doFinal();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Server signature: %s%n", ByteIterator.ofBytes(doFinal4).hexEncode().drainToString());
            }
            byte[] rawClientProof = scramFinalClientMessage.getRawClientProof();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Client proof: %s%n", ByteIterator.ofBytes(rawClientProof).hexEncode().drainToString());
            }
            byte[] bArr = (byte[]) doFinal2.clone();
            ScramUtil.xor(bArr, rawClientProof);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[S] Recovered client key: %s%n", ByteIterator.ofBytes(bArr).hexEncode().drainToString());
            }
            if (!MessageDigest.isEqual(bArr, doFinal)) {
                throw ElytronMessages.saslScram.mechAuthenticationRejectedInvalidProof();
            }
            String authenticationName = scramFinalClientMessage.getInitialResponse().getAuthenticationName();
            String authorizationId = scramFinalClientMessage.getInitialResponse().getAuthorizationId();
            if (authorizationId == null || authorizationId.isEmpty()) {
                str = authenticationName;
            } else {
                ByteStringBuilder byteStringBuilder2 = new ByteStringBuilder();
                StringPrep.encode(authorizationId, byteStringBuilder2, 268443647L);
                str = new String(byteStringBuilder2.toArray(), StandardCharsets.UTF_8);
            }
            Callback authorizeCallback = new AuthorizeCallback(authenticationName, str);
            try {
                MechanismUtil.handleCallbacks(ElytronMessages.saslScram, this.callbackHandler, authorizeCallback);
                if (!authorizeCallback.isAuthorized()) {
                    throw ElytronMessages.saslScram.mechAuthorizationFailed(authenticationName, str);
                }
                byteStringBuilder.setLength(0);
                byteStringBuilder.append('v').append('=');
                byteStringBuilder.appendUtf8(ByteIterator.ofBytes(doFinal4).base64Encode());
                return new ScramFinalServerMessage(doFinal4, byteStringBuilder.toArray());
            } catch (UnsupportedCallbackException e) {
                throw ElytronMessages.saslScram.mechAuthorizationUnsupported(e);
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException e2) {
            throw ElytronMessages.saslScram.mechMacAlgorithmNotSupported(e2);
        }
    }

    public ScramMechanism getMechanism() {
        return this.mechanism;
    }

    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    Random getRandom() {
        return this.random != null ? this.random : ThreadLocalRandom.current();
    }

    public byte[] getBindingData() {
        if (this.bindingData == null) {
            return null;
        }
        return (byte[]) this.bindingData.clone();
    }

    byte[] getRawBindingData() {
        return this.bindingData;
    }

    public String getBindingType() {
        return this.bindingType;
    }
}
