package eu.siacs.conversations.crypto.sasl;

import android.util.Base64;
import com.google.common.base.CaseFormat;
import com.google.common.base.Objects;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.hash.HashFunction;
import eu.siacs.conversations.crypto.sasl.SaslMechanism;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.utils.CryptoHelper;
import java.nio.charset.Charset;
import java.security.InvalidKeyException;
import java.util.Iterator;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLSocket;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public abstract class ScramMechanism extends SaslMechanism {
    protected final ChannelBinding channelBinding;
    private String clientFirstMessageBare;
    private final String clientNonce;
    private final String gs2Header;
    private byte[] serverSignature;
    protected SaslMechanism.State state;
    public static final SecretKey EMPTY_KEY = new SecretKey() { // from class: eu.siacs.conversations.crypto.sasl.ScramMechanism.1
        @Override // java.security.Key
        public String getAlgorithm() {
            return "HMAC";
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            return new byte[0];
        }

        @Override // java.security.Key
        public String getFormat() {
            return "RAW";
        }
    };
    private static final byte[] CLIENT_KEY_BYTES = "Client Key".getBytes();
    private static final byte[] SERVER_KEY_BYTES = "Server Key".getBytes();
    private static final Cache<CacheKey, KeyPair> CACHE = CacheBuilder.newBuilder().maximumSize(10).build();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: eu.siacs.conversations.crypto.sasl.ScramMechanism$2, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State;

        static {
            int[] iArr = new int[SaslMechanism.State.values().length];
            $SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State = iArr;
            try {
                iArr[SaslMechanism.State.AUTH_TEXT_SENT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State[SaslMechanism.State.RESPONSE_SENT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class CacheKey {
        final String algorithm;
        final int iterations;
        final String password;
        final String salt;

        private CacheKey(String str, String str2, String str3, int i) {
            this.algorithm = str;
            this.password = str2;
            this.salt = str3;
            this.iterations = i;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CacheKey cacheKey = (CacheKey) obj;
            return this.iterations == cacheKey.iterations && Objects.equal(this.algorithm, cacheKey.algorithm) && Objects.equal(this.password, cacheKey.password) && Objects.equal(this.salt, cacheKey.salt);
        }

        public int hashCode() {
            return Objects.hashCode(this.algorithm, this.password, this.salt, Integer.valueOf(this.iterations));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class KeyPair {
        final byte[] clientKey;
        final byte[] serverKey;

        KeyPair(byte[] bArr, byte[] bArr2) {
            this.clientKey = bArr;
            this.serverKey = bArr2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramMechanism(Account account, ChannelBinding channelBinding) {
        super(account);
        this.state = SaslMechanism.State.INITIAL;
        this.serverSignature = null;
        this.channelBinding = channelBinding;
        if (channelBinding == ChannelBinding.NONE) {
            this.gs2Header = "n,,";
        } else {
            this.gs2Header = String.format("p=%s,,", CaseFormat.UPPER_UNDERSCORE.converterTo(CaseFormat.LOWER_HYPHEN).convert(channelBinding.toString()));
        }
        this.clientNonce = CryptoHelper.random(100);
        this.clientFirstMessageBare = "";
    }

    private byte[] digest(byte[] bArr) {
        return getDigest().hashBytes(bArr).asBytes();
    }

    private KeyPair getKeyPair(final String str, final String str2, final int i) throws ExecutionException {
        return CACHE.get(new CacheKey(getMechanism(), str, str2, i), new Callable() { // from class: eu.siacs.conversations.crypto.sasl.ScramMechanism$$ExternalSyntheticLambda0
            @Override // java.util.concurrent.Callable
            public final Object call() {
                return ScramMechanism.this.m250x6f58cf99(str, str2, i);
            }
        });
    }

    private byte[] hi(byte[] bArr, byte[] bArr2, int i) throws InvalidKeyException {
        byte[] hmac = hmac(bArr, CryptoHelper.concatenateByteArrays(bArr2, CryptoHelper.ONE));
        byte[] bArr3 = (byte[]) hmac.clone();
        for (int i2 = 1; i2 < i; i2++) {
            hmac = hmac(bArr, hmac);
            for (int i3 = 0; i3 < hmac.length; i3++) {
                bArr3[i3] = (byte) (bArr3[i3] ^ hmac[i3]);
            }
        }
        return bArr3;
    }

    private byte[] hmac(byte[] bArr, byte[] bArr2) throws InvalidKeyException {
        return getHMac(bArr).hashBytes(bArr2).asBytes();
    }

    protected byte[] getChannelBindingData(SSLSocket sSLSocket) throws SaslMechanism.AuthenticationException {
        if (this.channelBinding == ChannelBinding.NONE) {
            return new byte[0];
        }
        throw new AssertionError("getChannelBindingData needs to be overwritten");
    }

    @Override // eu.siacs.conversations.crypto.sasl.SaslMechanism
    public String getClientFirstMessage(SSLSocket sSLSocket) {
        if (this.clientFirstMessageBare.isEmpty() && this.state == SaslMechanism.State.INITIAL) {
            this.clientFirstMessageBare = "n=" + CryptoHelper.saslEscape(CryptoHelper.saslPrep(this.account.getUsername())) + ",r=" + this.clientNonce;
            this.state = SaslMechanism.State.AUTH_TEXT_SENT;
        }
        return Base64.encodeToString((this.gs2Header + this.clientFirstMessageBare).getBytes(Charset.defaultCharset()), 2);
    }

    protected abstract HashFunction getDigest();

    protected abstract HashFunction getHMac(byte[] bArr);

    @Override // eu.siacs.conversations.crypto.sasl.SaslMechanism
    public String getResponse(String str, SSLSocket sSLSocket) throws SaslMechanism.AuthenticationException {
        int i = AnonymousClass2.$SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State[this.state.ordinal()];
        String str2 = "";
        if (i != 1) {
            if (i != 2) {
                throw new SaslMechanism.InvalidStateException(this.state);
            }
            try {
                if (!("v=" + Base64.encodeToString(this.serverSignature, 2)).equals(new String(Base64.decode(str, 0)))) {
                    throw new Exception();
                }
                this.state = SaslMechanism.State.VALID_SERVER_RESPONSE;
                return "";
            } catch (Exception unused) {
                throw new SaslMechanism.AuthenticationException("Server final message does not match calculated final message");
            }
        }
        if (str == null) {
            throw new SaslMechanism.AuthenticationException("challenge can not be null");
        }
        try {
            byte[] decode = Base64.decode(str, 0);
            Iterator<String> it = new Tokenizer(decode).iterator();
            int i2 = -1;
            String str3 = "";
            while (it.hasNext()) {
                String next = it.next();
                if (next.charAt(1) == '=') {
                    char charAt = next.charAt(0);
                    if (charAt == 'i') {
                        try {
                            i2 = Integer.parseInt(next.substring(2));
                        } catch (NumberFormatException e) {
                            throw new SaslMechanism.AuthenticationException(e);
                        }
                    } else {
                        if (charAt == 'm') {
                            throw new SaslMechanism.AuthenticationException("Server sent reserved token: `m'");
                        }
                        if (charAt == 'r') {
                            str2 = next.substring(2);
                        } else if (charAt == 's') {
                            str3 = next.substring(2);
                        }
                    }
                }
            }
            if (i2 < 0) {
                throw new SaslMechanism.AuthenticationException("Server did not send iteration count");
            }
            if (str2.isEmpty() || !str2.startsWith(this.clientNonce)) {
                throw new SaslMechanism.AuthenticationException("Server nonce does not contain client nonce: " + str2);
            }
            if (str3.isEmpty()) {
                throw new SaslMechanism.AuthenticationException("Server sent empty salt");
            }
            byte[] channelBindingData = getChannelBindingData(sSLSocket);
            int length = this.gs2Header.getBytes().length;
            byte[] bArr = new byte[channelBindingData.length + length];
            System.arraycopy(this.gs2Header.getBytes(), 0, bArr, 0, length);
            System.arraycopy(channelBindingData, 0, bArr, length, channelBindingData.length);
            String str4 = "c=" + Base64.encodeToString(bArr, 2) + ",r=" + str2;
            byte[] bytes = (this.clientFirstMessageBare + ',' + new String(decode) + ',' + str4).getBytes();
            try {
                KeyPair keyPair = getKeyPair(CryptoHelper.saslPrep(this.account.getPassword()), str3, i2);
                try {
                    this.serverSignature = hmac(keyPair.serverKey, bytes);
                    byte[] hmac = hmac(digest(keyPair.clientKey), bytes);
                    int length2 = keyPair.clientKey.length;
                    byte[] bArr2 = new byte[length2];
                    if (hmac.length < keyPair.clientKey.length) {
                        throw new SaslMechanism.AuthenticationException("client signature was shorter than clientKey");
                    }
                    for (int i3 = 0; i3 < length2; i3++) {
                        bArr2[i3] = (byte) (keyPair.clientKey[i3] ^ hmac[i3]);
                    }
                    String str5 = str4 + ",p=" + Base64.encodeToString(bArr2, 2);
                    this.state = SaslMechanism.State.RESPONSE_SENT;
                    return Base64.encodeToString(str5.getBytes(), 2);
                } catch (InvalidKeyException e2) {
                    throw new SaslMechanism.AuthenticationException(e2);
                }
            } catch (ExecutionException unused2) {
                throw new SaslMechanism.AuthenticationException("Invalid keys generated");
            }
        } catch (IllegalArgumentException e3) {
            throw new SaslMechanism.AuthenticationException("Unable to decode server challenge", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: lambda$getKeyPair$0$eu-siacs-conversations-crypto-sasl-ScramMechanism, reason: not valid java name */
    public /* synthetic */ KeyPair m250x6f58cf99(String str, String str2, int i) throws Exception {
        byte[] hi = hi(str.getBytes(), Base64.decode(str2, 0), i);
        return new KeyPair(hmac(hi, CLIENT_KEY_BYTES), hmac(hi, SERVER_KEY_BYTES));
    }
}
