package org.wildfly.security.mechanism.scram;

import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.NoSuchElementException;
import java.util.Random;
import java.util.concurrent.ThreadLocalRandom;
import java.util.function.Supplier;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.wildfly.common.bytes.ByteStringBuilder;
import org.wildfly.common.codec.DecodeException;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.security.mechanism.AuthenticationMechanismException;
import org.wildfly.security.mechanism.ScramServerErrorCode;
import org.wildfly.security.mechanism._private.ElytronMessages;
import org.wildfly.security.mechanism._private.MechanismUtil;
import org.wildfly.security.password.interfaces.ScramDigestPassword;
import org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec;
import org.wildfly.security.sasl.util.StringPrep;

/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-mechanism-scram-2.2.3.Final.jar:org/wildfly/security/mechanism/scram/ScramClient.class */
public final class ScramClient {
    private final Supplier<Provider[]> providers;
    private final ScramMechanism mechanism;
    private final String authorizationId;
    private final CallbackHandler callbackHandler;
    private final SecureRandom secureRandom;
    private final byte[] bindingData;
    private final String bindingType;
    private final int minimumIterationCount;
    private final int maximumIterationCount;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramClient(ScramMechanism scramMechanism, String str, CallbackHandler callbackHandler, SecureRandom secureRandom, byte[] bArr, String str2, int i, int i2, Supplier<Provider[]> supplier) {
        this.mechanism = scramMechanism;
        this.authorizationId = str;
        this.callbackHandler = callbackHandler;
        this.secureRandom = secureRandom;
        this.bindingData = bArr;
        this.bindingType = str2;
        this.minimumIterationCount = i;
        this.maximumIterationCount = i2;
        this.providers = supplier;
    }

    Random getRandom() {
        return this.secureRandom != null ? this.secureRandom : ThreadLocalRandom.current();
    }

    public ScramMechanism getMechanism() {
        return this.mechanism;
    }

    public String getAuthorizationId() {
        return this.authorizationId;
    }

    public String getBindingType() {
        return this.bindingType;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] getRawBindingData() {
        return this.bindingData;
    }

    public byte[] getBindingData() {
        byte[] bArr = this.bindingData;
        if (bArr == null) {
            return null;
        }
        return (byte[]) bArr.clone();
    }

    public ScramInitialClientMessage getInitialResponse() throws AuthenticationMechanismException {
        boolean z;
        NameCallback nameCallback = (this.authorizationId == null || this.authorizationId.isEmpty()) ? new NameCallback("User name") : new NameCallback("User name", this.authorizationId);
        try {
            MechanismUtil.handleCallbacks(ElytronMessages.saslScram, this.callbackHandler, nameCallback);
            String name = nameCallback.getName();
            if (name == null) {
                throw ElytronMessages.saslScram.mechNoLoginNameGiven();
            }
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
            if (this.bindingData != null) {
                z = true;
                if (this.mechanism.isPlus()) {
                    byteStringBuilder.append("p=");
                    byteStringBuilder.append(this.bindingType);
                    byteStringBuilder.append(',');
                } else {
                    byteStringBuilder.append("y,");
                }
            } else {
                z = false;
                byteStringBuilder.append("n,");
            }
            if (this.authorizationId != null) {
                byteStringBuilder.append('a').append('=');
                StringPrep.encode(this.authorizationId, byteStringBuilder, 1073758207L);
            }
            byteStringBuilder.append(',');
            int length = byteStringBuilder.length();
            byteStringBuilder.append('n').append('=');
            StringPrep.encode(name, byteStringBuilder, 1073758207L);
            byteStringBuilder.append(',').append('r').append('=');
            byte[] generateNonce = ScramUtil.generateNonce(48, getRandom());
            byteStringBuilder.append(generateNonce);
            return new ScramInitialClientMessage(this, name, z, generateNonce, length, byteStringBuilder.toArray());
        } catch (UnsupportedCallbackException e) {
            throw ElytronMessages.saslScram.mechCallbackHandlerDoesNotSupportUserName(e);
        }
    }

    public ScramInitialServerMessage parseInitialServerMessage(ScramInitialClientMessage scramInitialClientMessage, byte[] bArr) throws AuthenticationMechanismException {
        byte[] bArr2 = (byte[]) bArr.clone();
        ByteIterator ofBytes = ByteIterator.ofBytes(bArr2);
        try {
            if (ofBytes.peekNext() == 101) {
                ofBytes.next();
                if (ofBytes.next() == 61) {
                    throw ElytronMessages.saslScram.scramServerRejectedAuthentication(ScramServerErrorCode.fromErrorString(ofBytes.delimitedBy(44).asUtf8String().drainToString()));
                }
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            if (ofBytes.next() != 114 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            byte[] rawNonce = scramInitialClientMessage.getRawNonce();
            if (!ofBytes.limitedTo(rawNonce.length).contentEquals(ByteIterator.ofBytes(rawNonce))) {
                throw ElytronMessages.saslScram.mechNoncesDoNotMatch();
            }
            byte[] drain = ofBytes.delimitedBy(44).drain();
            ofBytes.next();
            if (ofBytes.next() != 115 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            byte[] drain2 = ofBytes.delimitedBy(44).asUtf8String().base64Decode().drain();
            ofBytes.next();
            if (ofBytes.next() != 105 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            int parsePosInt = ScramUtil.parsePosInt(ofBytes);
            if (parsePosInt < this.minimumIterationCount) {
                throw ElytronMessages.saslScram.mechIterationCountIsTooLow(parsePosInt, this.minimumIterationCount);
            }
            if (parsePosInt > this.maximumIterationCount) {
                throw ElytronMessages.saslScram.mechIterationCountIsTooHigh(parsePosInt, this.maximumIterationCount);
            }
            return new ScramInitialServerMessage(scramInitialClientMessage, drain, drain2, parsePosInt, bArr2);
        } catch (NumberFormatException | NoSuchElementException | DecodeException e) {
            throw ElytronMessages.saslScram.mechInvalidMessageReceived();
        }
    }

    public ScramFinalClientMessage handleInitialChallenge(ScramInitialClientMessage scramInitialClientMessage, ScramInitialServerMessage scramInitialServerMessage) throws AuthenticationMechanismException {
        boolean isTraceEnabled = ElytronMessages.saslScram.isTraceEnabled();
        if (scramInitialClientMessage.getMechanism() != this.mechanism) {
            throw ElytronMessages.saslScram.mechUnmatchedMechanism(this.mechanism.toString(), scramInitialClientMessage.getMechanism().toString());
        }
        if (scramInitialServerMessage.getMechanism() != this.mechanism) {
            throw ElytronMessages.saslScram.mechUnmatchedMechanism(this.mechanism.toString(), scramInitialServerMessage.getMechanism().toString());
        }
        boolean isPlus = this.mechanism.isPlus();
        ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
        byteStringBuilder.append('c').append('=');
        ByteStringBuilder byteStringBuilder2 = new ByteStringBuilder();
        if (this.bindingData != null) {
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Binding data: %s%n", ByteIterator.ofBytes(this.bindingData).hexEncode().drainToString());
            }
            if (isPlus) {
                byteStringBuilder2.append("p=");
                byteStringBuilder2.append(this.bindingType);
            } else {
                byteStringBuilder2.append('y');
            }
            byteStringBuilder2.append(',');
            if (getAuthorizationId() != null) {
                byteStringBuilder2.append("a=");
                StringPrep.encode(getAuthorizationId(), byteStringBuilder2, 1073758207L);
            }
            byteStringBuilder2.append(',');
            if (isPlus) {
                byteStringBuilder2.append(this.bindingData);
            }
            byteStringBuilder.appendLatin1(byteStringBuilder2.iterate().base64Encode());
        } else {
            byteStringBuilder2.append('n');
            byteStringBuilder2.append(',');
            if (getAuthorizationId() != null) {
                byteStringBuilder2.append("a=");
                StringPrep.encode(getAuthorizationId(), byteStringBuilder2, 1073758207L);
            }
            byteStringBuilder2.append(',');
            if (!$assertionsDisabled && isPlus) {
                throw new AssertionError();
            }
            byteStringBuilder.appendLatin1(byteStringBuilder2.iterate().base64Encode());
        }
        byteStringBuilder.append(',').append('r').append('=').append(scramInitialClientMessage.getRawNonce()).append(scramInitialServerMessage.getRawServerNonce());
        IteratedSaltedPasswordAlgorithmSpec iteratedSaltedPasswordAlgorithmSpec = new IteratedSaltedPasswordAlgorithmSpec(scramInitialServerMessage.getIterationCount(), scramInitialServerMessage.getRawSalt());
        ScramDigestPassword scramDigestPassword = (ScramDigestPassword) MechanismUtil.getPasswordCredential(scramInitialClientMessage.getAuthenticationName(), this.callbackHandler, ScramDigestPassword.class, this.mechanism.getPasswordAlgorithm(), iteratedSaltedPasswordAlgorithmSpec, iteratedSaltedPasswordAlgorithmSpec, this.providers, ElytronMessages.saslScram);
        byte[] digest = scramDigestPassword.getDigest();
        if (isTraceEnabled) {
            ElytronMessages.saslScram.tracef("[C] Client salted password: %s", ByteIterator.ofBytes(digest).hexEncode().drainToString());
        }
        try {
            Mac mac = Mac.getInstance(getMechanism().getHmacName());
            MessageDigest messageDigest = MessageDigest.getInstance(getMechanism().getMessageDigestName());
            mac.init(new SecretKeySpec(digest, mac.getAlgorithm()));
            byte[] doFinal = mac.doFinal(ScramUtil.CLIENT_KEY_BYTES);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Client key: %s", ByteIterator.ofBytes(doFinal).hexEncode().drainToString());
            }
            byte[] digest2 = messageDigest.digest(doFinal);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Stored key: %s%n", ByteIterator.ofBytes(digest2).hexEncode().drainToString());
            }
            mac.init(new SecretKeySpec(digest2, mac.getAlgorithm()));
            byte[] rawMessageBytes = scramInitialClientMessage.getRawMessageBytes();
            mac.update(rawMessageBytes, scramInitialClientMessage.getInitialPartIndex(), rawMessageBytes.length - scramInitialClientMessage.getInitialPartIndex());
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Using client first message: %s%n", ByteIterator.ofBytes(rawMessageBytes, scramInitialClientMessage.getInitialPartIndex(), rawMessageBytes.length - scramInitialClientMessage.getInitialPartIndex()).hexEncode().drainToString());
            }
            mac.update((byte) 44);
            mac.update(scramInitialServerMessage.getRawMessageBytes());
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Using server first message: %s%n", ByteIterator.ofBytes(scramInitialServerMessage.getRawMessageBytes()).hexEncode().drainToString());
            }
            mac.update((byte) 44);
            byteStringBuilder.updateMac(mac);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Using client final message without proof: %s%n", ByteIterator.ofBytes(byteStringBuilder.toArray()).hexEncode().drainToString());
            }
            byte[] doFinal2 = mac.doFinal();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Client signature: %s%n", ByteIterator.ofBytes(doFinal2).hexEncode().drainToString());
            }
            ScramUtil.xor(doFinal2, doFinal);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Client proof: %s%n", ByteIterator.ofBytes(doFinal2).hexEncode().drainToString());
            }
            int length = byteStringBuilder.length();
            byteStringBuilder.append(',').append('p').append('=');
            byteStringBuilder.appendLatin1(ByteIterator.ofBytes(doFinal2).base64Encode());
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Client final message: %s%n", ByteIterator.ofBytes(byteStringBuilder.toArray()).hexEncode().drainToString());
            }
            return new ScramFinalClientMessage(scramInitialClientMessage, scramInitialServerMessage, scramDigestPassword, doFinal2, byteStringBuilder.toArray(), length);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw ElytronMessages.saslScram.mechMacAlgorithmNotSupported(e);
        }
    }

    public ScramFinalServerMessage parseFinalServerMessage(byte[] bArr) throws AuthenticationMechanismException {
        ByteIterator ofBytes = ByteIterator.ofBytes(bArr);
        try {
            int next = ofBytes.next();
            if (next == 101) {
                if (ofBytes.next() == 61) {
                    throw ElytronMessages.saslScram.scramServerRejectedAuthentication(ScramServerErrorCode.fromErrorString(ofBytes.delimitedBy(44).asUtf8String().drainToString()));
                }
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            if (next != 118 || ofBytes.next() != 61) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            byte[] drain = ofBytes.delimitedBy(44).asUtf8String().base64Decode().drain();
            if (ofBytes.hasNext()) {
                throw ElytronMessages.saslScram.mechInvalidMessageReceived();
            }
            return new ScramFinalServerMessage(drain, bArr);
        } catch (IllegalArgumentException e) {
            throw ElytronMessages.saslScram.mechInvalidMessageReceived();
        }
    }

    public void verifyFinalChallenge(ScramFinalClientMessage scramFinalClientMessage, ScramFinalServerMessage scramFinalServerMessage) throws AuthenticationMechanismException {
        boolean isTraceEnabled = ElytronMessages.saslScram.isTraceEnabled();
        try {
            Mac mac = Mac.getInstance(getMechanism().getHmacName());
            mac.init(new SecretKeySpec(scramFinalClientMessage.getPassword().getDigest(), mac.getAlgorithm()));
            byte[] doFinal = mac.doFinal(ScramUtil.SERVER_KEY_BYTES);
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Server key: %s%n", ByteIterator.ofBytes(doFinal).hexEncode().drainToString());
            }
            mac.init(new SecretKeySpec(doFinal, mac.getAlgorithm()));
            byte[] rawMessageBytes = scramFinalClientMessage.getInitialResponse().getRawMessageBytes();
            int initialPartIndex = scramFinalClientMessage.getInitialResponse().getInitialPartIndex();
            mac.update(rawMessageBytes, initialPartIndex, rawMessageBytes.length - initialPartIndex);
            mac.update((byte) 44);
            mac.update(scramFinalClientMessage.getInitialChallenge().getRawMessageBytes());
            mac.update((byte) 44);
            mac.update(scramFinalClientMessage.getRawMessageBytes(), 0, scramFinalClientMessage.getProofOffset());
            byte[] doFinal2 = mac.doFinal();
            if (isTraceEnabled) {
                ElytronMessages.saslScram.tracef("[C] Recovered server signature: %s%n", ByteIterator.ofBytes(doFinal2).hexEncode().drainToString());
            }
            if (Arrays.equals(scramFinalServerMessage.getRawServerSignature(), doFinal2)) {
            } else {
                throw ElytronMessages.saslScram.mechServerAuthenticityCannotBeVerified();
            }
        } catch (IllegalArgumentException | InvalidKeyException | NoSuchAlgorithmException e) {
            throw ElytronMessages.saslScram.mechMacAlgorithmNotSupported(e);
        }
    }

    static {
        $assertionsDisabled = !ScramClient.class.desiredAssertionStatus();
    }
}
