package tigase.jaxmpp.core.client.xmpp.modules.auth.scram;

import com.xiaomi.mipush.sdk.Constants;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Random;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import tigase.jaxmpp.core.client.BareJID;
import tigase.jaxmpp.core.client.Base64;
import tigase.jaxmpp.core.client.SessionObject;
import tigase.jaxmpp.core.client.xmpp.modules.auth.AuthModule;
import tigase.jaxmpp.core.client.xmpp.modules.auth.ClientSaslException;
import tigase.jaxmpp.core.client.xmpp.modules.auth.CredentialsCallback;
import tigase.jaxmpp.core.client.xmpp.modules.auth.saslmechanisms.AbstractSaslMechanism;

/* loaded from: classes3.dex */
public abstract class AbstractScram extends AbstractSaslMechanism {
    private static /* synthetic */ int[] $SWITCH_TABLE$tigase$jaxmpp$core$client$xmpp$modules$auth$scram$AbstractScram$BindType = null;
    private static final String ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
    private static final String SCRAM_SASL_DATA_KEY = "SCRAM_SASL_DATA_KEY";
    private final String algorithm;
    private final byte[] clientKeyData;
    private final String mechanismName;
    private final Random random = new SecureRandom();
    private final byte[] serverKeyData;
    protected static final Charset UTF_CHARSET = Charset.forName("UTF-8");
    private static final Pattern SERVER_FIRST_MESSAGE = Pattern.compile("^(m=[^\\000=]+,)?r=([\\x21-\\x2B\\x2D-\\x7E]+),s=([a-zA-Z0-9/+=]+),i=(\\d+)(?:,.*)?$");
    private static final Pattern SERVER_LAST_MESSAGE = Pattern.compile("^(?:e=([^,]+)|v=([a-zA-Z0-9/+=]+)(?:,.*)?)$");

    /* loaded from: classes3.dex */
    public enum BindType {
        n,
        y,
        tls_unique,
        tls_server_end_point;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static BindType[] valuesCustom() {
            BindType[] valuesCustom = values();
            int length = valuesCustom.length;
            BindType[] bindTypeArr = new BindType[length];
            System.arraycopy(valuesCustom, 0, bindTypeArr, 0, length);
            return bindTypeArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public class Data {
        private String authMessage;
        private byte[] bindData;
        private BindType bindType;
        private String cb;
        private String clientFirstMessageBare;
        private String conce;
        private byte[] saltedPassword;
        private int stage;

        private Data() {
            this.stage = 0;
        }

        /* synthetic */ Data(AbstractScram abstractScram, Data data) {
            this();
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$tigase$jaxmpp$core$client$xmpp$modules$auth$scram$AbstractScram$BindType() {
        int[] iArr = $SWITCH_TABLE$tigase$jaxmpp$core$client$xmpp$modules$auth$scram$AbstractScram$BindType;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[BindType.valuesCustom().length];
        try {
            iArr2[BindType.n.ordinal()] = 1;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[BindType.tls_server_end_point.ordinal()] = 4;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[BindType.tls_unique.ordinal()] = 3;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[BindType.y.ordinal()] = 2;
        } catch (NoSuchFieldError unused4) {
        }
        $SWITCH_TABLE$tigase$jaxmpp$core$client$xmpp$modules$auth$scram$AbstractScram$BindType = iArr2;
        return iArr2;
    }

    protected AbstractScram(String str, String str2, byte[] bArr, byte[] bArr2) {
        this.clientKeyData = bArr;
        this.serverKeyData = bArr2;
        this.algorithm = str2;
        this.mechanismName = str;
    }

    public static byte[] hi(String str, byte[] bArr, byte[] bArr2, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "Hmac" + str);
        byte[] bArr3 = new byte[bArr2.length + 4];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        byte[] bArr4 = new byte[4];
        bArr4[3] = 1;
        System.arraycopy(bArr4, 0, bArr3, bArr2.length, 4);
        byte[] hmac = hmac(secretKeySpec, bArr3);
        int length = hmac.length;
        byte[] bArr5 = new byte[length];
        System.arraycopy(hmac, 0, bArr5, 0, length);
        for (int i2 = 1; i2 < i; i2++) {
            hmac = hmac(secretKeySpec, hmac);
            for (int i3 = 0; i3 < hmac.length; i3++) {
                bArr5[i3] = (byte) (bArr5[i3] ^ hmac[i3]);
            }
        }
        return bArr5;
    }

    protected static byte[] hmac(SecretKey secretKey, byte[] bArr) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance(secretKey.getAlgorithm());
        mac.init(secretKey);
        return mac.doFinal(bArr);
    }

    public static byte[] normalize(String str) {
        return str.getBytes(UTF_CHARSET);
    }

    @Override // tigase.jaxmpp.core.client.xmpp.modules.auth.SaslMechanism
    public String evaluateChallenge(String str, SessionObject sessionObject) throws ClientSaslException {
        Data data = getData(sessionObject);
        try {
            if (data.stage == 0) {
                BareJID bareJID = (BareJID) sessionObject.getProperty(SessionObject.USER_BARE_JID);
                data.conce = randomString();
                data.bindType = getBindType(sessionObject);
                data.bindData = getBindData(data.bindType, sessionObject);
                StringBuilder sb = new StringBuilder();
                int i = $SWITCH_TABLE$tigase$jaxmpp$core$client$xmpp$modules$auth$scram$AbstractScram$BindType()[data.bindType.ordinal()];
                if (i == 1) {
                    sb.append("n");
                } else if (i == 2) {
                    sb.append("y");
                } else if (i == 3) {
                    sb.append("p=tls-unique");
                } else if (i == 4) {
                    sb.append("p=tls-server-end-point");
                }
                sb.append(Constants.ACCEPT_TIME_SEPARATOR_SP);
                sb.append(',');
                data.cb = sb.toString();
                data.clientFirstMessageBare = "n=" + bareJID.getLocalpart() + ",r=" + data.conce;
                data.stage = data.stage + 1;
                return Base64.encode((String.valueOf(data.cb) + data.clientFirstMessageBare).getBytes(UTF_CHARSET));
            }
            if (data.stage != 1) {
                if (data.stage != 2) {
                    if (isComplete(sessionObject) && str == null) {
                        return null;
                    }
                    throw new ClientSaslException(String.valueOf(name()) + ": Client at illegal state");
                }
                Matcher matcher = SERVER_LAST_MESSAGE.matcher(new String(Base64.decode(str)));
                if (!matcher.matches()) {
                    throw new ClientSaslException("Bad challenge syntax");
                }
                String group = matcher.group(1);
                String group2 = matcher.group(2);
                if (group != null) {
                    throw new ClientSaslException("Error: " + group);
                }
                if (!Arrays.equals(hmac(key(hmac(key(data.saltedPassword), this.serverKeyData)), data.authMessage.getBytes(UTF_CHARSET)), Base64.decode(group2))) {
                    throw new ClientSaslException("Invalid Server Signature");
                }
                data.stage++;
                setComplete(sessionObject, true);
                return null;
            }
            String str2 = new String(Base64.decode(str));
            Matcher matcher2 = SERVER_FIRST_MESSAGE.matcher(str2);
            if (!matcher2.matches()) {
                throw new ClientSaslException("Bad challenge syntax");
            }
            matcher2.group(1);
            String group3 = matcher2.group(2);
            byte[] decode = Base64.decode(matcher2.group(3));
            int parseInt = Integer.parseInt(matcher2.group(4));
            if (!group3.startsWith(data.conce)) {
                throw new ClientSaslException("Wrong nonce");
            }
            CredentialsCallback credentialsCallback = (CredentialsCallback) sessionObject.getProperty(AuthModule.CREDENTIALS_CALLBACK);
            if (credentialsCallback == null) {
                credentialsCallback = new AuthModule.DefaultCredentialsCallback(sessionObject);
            }
            StringBuilder sb2 = new StringBuilder();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(data.cb.getBytes());
            if (data.bindData != null) {
                byteArrayOutputStream.write(data.bindData);
            }
            sb2.append("c=");
            sb2.append(Base64.encode(byteArrayOutputStream.toByteArray()));
            sb2.append(',');
            sb2.append("r=");
            sb2.append(group3);
            data.authMessage = String.valueOf(data.clientFirstMessageBare) + Constants.ACCEPT_TIME_SEPARATOR_SP + str2 + Constants.ACCEPT_TIME_SEPARATOR_SP + sb2.toString();
            data.saltedPassword = hi(this.algorithm, normalize(credentialsCallback.getCredential()), decode, parseInt);
            byte[] hmac = hmac(key(data.saltedPassword), this.clientKeyData);
            SecretKey key = key(h(hmac));
            String str3 = data.authMessage;
            Charset charset = UTF_CHARSET;
            byte[] xor = xor(hmac, hmac(key, str3.getBytes(charset)));
            sb2.append(',');
            sb2.append("p=");
            sb2.append(Base64.encode(xor));
            data.stage++;
            return Base64.encode(sb2.toString().getBytes(charset));
        } catch (ClientSaslException e) {
            throw e;
        } catch (Exception e2) {
            throw new ClientSaslException("Error in SASL", e2);
        }
    }

    protected abstract byte[] getBindData(BindType bindType, SessionObject sessionObject);

    protected abstract BindType getBindType(SessionObject sessionObject);

    protected Data getData(SessionObject sessionObject) {
        Data data = (Data) sessionObject.getProperty(SCRAM_SASL_DATA_KEY);
        if (data != null) {
            return data;
        }
        Data data2 = new Data(this, null);
        sessionObject.setProperty(SessionObject.Scope.stream, SCRAM_SASL_DATA_KEY, data2);
        return data2;
    }

    protected byte[] h(byte[] bArr) throws NoSuchAlgorithmException {
        return MessageDigest.getInstance(this.algorithm).digest(bArr);
    }

    @Override // tigase.jaxmpp.core.client.xmpp.modules.auth.SaslMechanism
    public boolean isAllowedToUse(SessionObject sessionObject) {
        return ((sessionObject.getProperty(SessionObject.PASSWORD) == null && sessionObject.getProperty(AuthModule.CREDENTIALS_CALLBACK) == null) || sessionObject.getProperty(SessionObject.USER_BARE_JID) == null) ? false : true;
    }

    protected SecretKey key(byte[] bArr) {
        return new SecretKeySpec(bArr, "Hmac" + this.algorithm);
    }

    @Override // tigase.jaxmpp.core.client.xmpp.modules.auth.SaslMechanism
    public String name() {
        return this.mechanismName;
    }

    protected String randomString() {
        char[] cArr = new char[20];
        for (int i = 0; i < 20; i++) {
            cArr[i] = ALPHABET.charAt(this.random.nextInt(62));
        }
        return new String(cArr);
    }

    protected byte[] xor(byte[] bArr, byte[] bArr2) {
        int length = bArr.length;
        byte[] bArr3 = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }
}
