package com.sun.security.sasl.digest;

import com.itextpdf.tool.xml.css.CSS;
import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer;
import com.sun.security.sasl.digest.DigestMD5Base;
import com.sun.xml.internal.stream.writers.WriterUtility;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;

/* loaded from: classes2.dex */
final class DigestMD5Server extends DigestMD5Base implements SaslServer {
    private static final String ALGORITHM_DIRECTIVE = "algorithm=md5-sess";
    private static final int AUTHZID = 11;
    private static final int AUTH_PARAM = 12;
    private static final int CHARSET = 9;
    private static final int CIPHER = 10;
    private static final int CNONCE = 3;
    private static final int DIGEST_URI = 6;
    private static final String[] DIRECTIVE_KEY = {"username", "realm", "nonce", "cnonce", "nonce-count", "qop", "digest-uri", "response", "maxbuf", "charset", "cipher", "authzid", "auth-param"};
    private static final int MAXBUF = 8;
    private static final String MY_CLASS_NAME = "com.sun.security.sasl.digest.DigestMD5Server";
    private static final int NONCE = 2;
    private static final int NONCE_COUNT = 4;
    private static final int NONCE_COUNT_VALUE = 1;
    private static final int QOP = 5;
    private static final int REALM = 1;
    private static final String REALM_PROPERTY = "com.sun.security.sasl.digest.realm";
    private static final int RESPONSE = 7;
    private static final int USERNAME = 0;
    private static final String UTF8_DIRECTIVE = "charset=utf-8,";
    private static final String UTF8_PROPERTY = "com.sun.security.sasl.digest.utf8";
    private byte[] myCiphers;
    private List serverRealms;
    private String specifiedQops;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DigestMD5Server(String str, String str2, Map map, CallbackHandler callbackHandler) throws SaslException {
        super(map, MY_CLASS_NAME, 1, str + "/" + str2, callbackHandler);
        this.serverRealms = new ArrayList();
        this.useUTF8 = true;
        if (map != null) {
            this.specifiedQops = (String) map.get(Sasl.QOP);
            if ("false".equals((String) map.get(UTF8_PROPERTY))) {
                this.useUTF8 = false;
                logger.log(Level.FINE, "DIGEST80:Server supports ISO-Latin-1");
            }
            String str3 = (String) map.get(REALM_PROPERTY);
            if (str3 != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(str3, ", \t\n");
                int countTokens = stringTokenizer.countTokens();
                for (int i = 0; i < countTokens; i++) {
                    String nextToken = stringTokenizer.nextToken();
                    logger.log(Level.FINE, "DIGEST81:Server supports realm {0}", nextToken);
                    this.serverRealms.add(nextToken);
                }
            }
        }
        this.encoding = this.useUTF8 ? Canonicalizer.ENCODING : "8859_1";
        if (this.serverRealms.size() == 0) {
            this.serverRealms.add(str2);
        }
    }

    private byte[] generateChallenge(List list, String str, String str2) throws UnsupportedEncodingException, IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (int i = 0; list != null && i < list.size(); i++) {
            byteArrayOutputStream.write("realm=\"".getBytes(this.encoding));
            writeQuotedStringValue(byteArrayOutputStream, ((String) list.get(i)).getBytes(this.encoding));
            byteArrayOutputStream.write(34);
            byteArrayOutputStream.write(44);
        }
        byteArrayOutputStream.write("nonce=\"".getBytes(this.encoding));
        this.nonce = generateNonce();
        writeQuotedStringValue(byteArrayOutputStream, this.nonce);
        byteArrayOutputStream.write(34);
        byteArrayOutputStream.write(44);
        if (str != null) {
            byteArrayOutputStream.write("qop=\"".getBytes(this.encoding));
            writeQuotedStringValue(byteArrayOutputStream, str.getBytes(this.encoding));
            byteArrayOutputStream.write(34);
            byteArrayOutputStream.write(44);
        }
        if (this.recvMaxBufSize != 65536) {
            byteArrayOutputStream.write(("maxbuf=\"" + this.recvMaxBufSize + "\",").getBytes(this.encoding));
        }
        if (this.useUTF8) {
            byteArrayOutputStream.write(UTF8_DIRECTIVE.getBytes(this.encoding));
        }
        if (str2 != null) {
            byteArrayOutputStream.write("cipher=\"".getBytes(this.encoding));
            writeQuotedStringValue(byteArrayOutputStream, str2.getBytes(this.encoding));
            byteArrayOutputStream.write(34);
            byteArrayOutputStream.write(44);
        }
        byteArrayOutputStream.write(ALGORITHM_DIRECTIVE.getBytes(this.encoding));
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] generateResponseAuth(String str, char[] cArr, byte[] bArr, int i, byte[] bArr2) throws SaslException {
        try {
            byte[] generateResponseValue = generateResponseValue("", this.digestUri, this.negotiatedQop, str, this.negotiatedRealm, cArr, this.nonce, bArr, i, bArr2);
            byte[] bArr3 = new byte[generateResponseValue.length + 8];
            System.arraycopy("rspauth=".getBytes(this.encoding), 0, bArr3, 0, 8);
            System.arraycopy(generateResponseValue, 0, bArr3, 8, generateResponseValue.length);
            return bArr3;
        } catch (IOException e) {
            throw new SaslException("DIGEST-MD5: problem generating response", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SaslException("DIGEST-MD5: problem generating response", e2);
        }
    }

    /* JADX WARN: Type inference failed for: r1v15 */
    /* JADX WARN: Type inference failed for: r1v29 */
    /* JADX WARN: Type inference failed for: r1v35 */
    private byte[] validateClientResponse(byte[][] bArr) throws SaslException, UnsupportedEncodingException {
        byte b;
        if (bArr[9] != null && (!this.useUTF8 || !WriterUtility.UTF_8.equals(new String(bArr[9], this.encoding)))) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Incompatible charset value: " + new String(bArr[9]));
        }
        int parseInt = bArr[8] == null ? 65536 : Integer.parseInt(new String(bArr[8], this.encoding));
        if (this.sendMaxBufSize != 0) {
            parseInt = Math.min(this.sendMaxBufSize, parseInt);
        }
        this.sendMaxBufSize = parseInt;
        if (bArr[0] == null) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Missing username.");
        }
        String str = new String(bArr[0], this.encoding);
        logger.log(Level.FINE, "DIGEST82:Username: {0}", str);
        this.negotiatedRealm = bArr[1] != null ? new String(bArr[1], this.encoding) : "";
        logger.log(Level.FINE, "DIGEST83:Client negotiated realm: {0}", this.negotiatedRealm);
        if (!this.serverRealms.contains(this.negotiatedRealm)) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Nonexistent realm: " + this.negotiatedRealm);
        }
        char[] cArr = 2;
        if (bArr[2] == null) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Missing nonce.");
        }
        if (!Arrays.equals(bArr[2], this.nonce)) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Mismatched nonce.");
        }
        if (bArr[3] == null) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Missing cnonce.");
        }
        byte[] bArr2 = bArr[3];
        if (bArr[4] != null && 1 != Integer.parseInt(new String(bArr[4], this.encoding), 16)) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Nonce count does not match: " + new String(bArr[4]));
        }
        this.negotiatedQop = bArr[5] != null ? new String(bArr[5], this.encoding) : "auth";
        logger.log(Level.FINE, "DIGEST84:Client negotiated qop: {0}", this.negotiatedQop);
        if (this.negotiatedQop.equals("auth")) {
            b = 1;
        } else if (this.negotiatedQop.equals("auth-int")) {
            this.integrity = true;
            this.rawSendSize = this.sendMaxBufSize - 16;
            b = 2;
        } else {
            if (!this.negotiatedQop.equals("auth-conf")) {
                throw new SaslException("DIGEST-MD5: digest response format violation. Invalid QOP: " + this.negotiatedQop);
            }
            this.privacy = true;
            this.integrity = true;
            this.rawSendSize = this.sendMaxBufSize - 26;
            b = 4;
        }
        if ((b & this.allQop) == 0) {
            throw new SaslException("DIGEST-MD5: server does not support  qop: " + this.negotiatedQop);
        }
        if (this.privacy) {
            this.negotiatedCipher = bArr[10] != null ? new String(bArr[10], this.encoding) : null;
            if (this.negotiatedCipher == null) {
                throw new SaslException("DIGEST-MD5: digest response format violation. No cipher specified.");
            }
            logger.log(Level.FINE, "DIGEST85:Client negotiated cipher: {0}", this.negotiatedCipher);
            int i = 0;
            while (true) {
                if (i >= CIPHER_TOKENS.length) {
                    i = -1;
                    break;
                }
                if (this.negotiatedCipher.equals(CIPHER_TOKENS[i]) && this.myCiphers[i] != 0) {
                    break;
                }
                i++;
            }
            if (i == -1) {
                throw new SaslException("DIGEST-MD5: server does not support cipher: " + this.negotiatedCipher);
            }
            if ((4 & CIPHER_MASKS[i]) != 0) {
                this.negotiatedStrength = "high";
            } else if ((CIPHER_MASKS[i] & 2) != 0) {
                this.negotiatedStrength = CSS.Value.MEDIUM;
            } else {
                this.negotiatedStrength = "low";
            }
            logger.log(Level.FINE, "DIGEST86:Negotiated strength: {0}", this.negotiatedStrength);
        }
        String str2 = bArr[6] != null ? new String(bArr[6], this.encoding) : null;
        if (str2 != null) {
            logger.log(Level.FINE, "DIGEST87:digest URI: {0}", str2);
        }
        if (!this.digestUri.equalsIgnoreCase(str2)) {
            throw new SaslException("DIGEST-MD5: digest response format violation. Mismatched URI: " + str2 + "; expecting: " + this.digestUri);
        }
        this.digestUri = str2;
        byte[] bArr3 = bArr[7];
        if (bArr3 == null) {
            throw new SaslException("DIGEST-MD5: digest response format  violation. Missing response.");
        }
        byte[] bArr4 = bArr[11];
        String str3 = bArr4 != null ? new String(bArr4, this.encoding) : str;
        if (bArr4 != null) {
            logger.log(Level.FINE, "DIGEST88:Authzid: {0}", new String(bArr4));
        }
        try {
            RealmCallback realmCallback = new RealmCallback("DIGEST-MD5 realm: ", this.negotiatedRealm);
            NameCallback nameCallback = new NameCallback("DIGEST-MD5 authentication ID: ", str);
            PasswordCallback passwordCallback = new PasswordCallback("DIGEST-MD5 password: ", false);
            this.cbh.handle(new Callback[]{realmCallback, nameCallback, passwordCallback});
            char[] password = passwordCallback.getPassword();
            passwordCallback.clearPassword();
            try {
                if (password == null) {
                    throw new SaslException("DIGEST-MD5: cannot acquire password for " + str + " in realm : " + this.negotiatedRealm);
                }
                try {
                    String str4 = str3;
                    try {
                        try {
                            if (!Arrays.equals(bArr3, generateResponseValue("AUTHENTICATE", this.digestUri, this.negotiatedQop, str, this.negotiatedRealm, password, this.nonce, bArr2, 1, bArr4))) {
                                throw new SaslException("DIGEST-MD5: digest response format violation. Mismatched response.");
                            }
                            try {
                                AuthorizeCallback authorizeCallback = new AuthorizeCallback(str, str4);
                                this.cbh.handle(new Callback[]{authorizeCallback});
                                if (authorizeCallback.isAuthorized()) {
                                    this.authzid = authorizeCallback.getAuthorizedID();
                                    byte[] generateResponseAuth = generateResponseAuth(str, password, bArr2, 1, bArr4);
                                    for (int i2 = 0; i2 < password.length; i2++) {
                                        password[i2] = 0;
                                    }
                                    return generateResponseAuth;
                                }
                                try {
                                    throw new SaslException("DIGEST-MD5: " + str + " is not authorized to act as " + str4);
                                } catch (IOException e) {
                                    e = e;
                                    throw new SaslException("DIGEST-MD5: IO error checking authzid", e);
                                } catch (UnsupportedCallbackException e2) {
                                    e = e2;
                                    throw new SaslException("DIGEST-MD5: Cannot perform callback to check authzid", e);
                                } catch (SaslException e3) {
                                    throw e3;
                                }
                            } catch (SaslException e4) {
                                throw e4;
                            } catch (IOException e5) {
                                e = e5;
                            } catch (UnsupportedCallbackException e6) {
                                e = e6;
                            }
                        } catch (Throwable th) {
                            th = th;
                            cArr = password;
                            for (int i3 = 0; i3 < cArr.length; i3++) {
                                cArr[i3] = 0;
                            }
                            throw th;
                        }
                    } catch (IOException e7) {
                        e = e7;
                        throw new SaslException("DIGEST-MD5: problem duplicating client response", e);
                    } catch (NoSuchAlgorithmException e8) {
                        e = e8;
                        throw new SaslException("DIGEST-MD5: problem duplicating client response", e);
                    }
                } catch (IOException e9) {
                    e = e9;
                } catch (NoSuchAlgorithmException e10) {
                    e = e10;
                } catch (Throwable th2) {
                    th = th2;
                    cArr = password;
                }
            } catch (Throwable th3) {
                th = th3;
            }
        } catch (IOException e11) {
            throw new SaslException("DIGEST-MD5: IO error acquiring password", e11);
        } catch (UnsupportedCallbackException e12) {
            throw new SaslException("DIGEST-MD5: Cannot perform callback to acquire password", e12);
        }
    }

    @Override // javax.security.sasl.SaslServer
    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (bArr.length > 4096) {
            throw new SaslException("DIGEST-MD5: Invalid digest response length. Got:  " + bArr.length + " Expected < 4096");
        }
        int i = this.step;
        String str = null;
        if (i != 1) {
            try {
                if (i != 3) {
                    throw new SaslException("DIGEST-MD5: Server at illegal state");
                }
                try {
                    byte[] validateClientResponse = validateClientResponse(parseDirectives(bArr, DIRECTIVE_KEY, null, 1));
                    this.step = 0;
                    this.completed = true;
                    if (this.integrity && this.privacy) {
                        this.secCtx = new DigestMD5Base.DigestPrivacy(false);
                    } else if (this.integrity) {
                        this.secCtx = new DigestMD5Base.DigestIntegrity(false);
                    }
                    return validateClientResponse;
                } catch (UnsupportedEncodingException e) {
                    throw new SaslException("DIGEST-MD5: Error validating client response", e);
                } catch (SaslException e2) {
                    throw e2;
                }
            } catch (Throwable th) {
                this.step = 0;
                throw th;
            }
        }
        if (bArr.length != 0) {
            throw new SaslException("DIGEST-MD5 must not have an initial response");
        }
        if ((this.allQop & 4) != 0) {
            this.myCiphers = getPlatformCiphers();
            StringBuffer stringBuffer = new StringBuffer();
            for (int i2 = 0; i2 < CIPHER_TOKENS.length; i2++) {
                if (this.myCiphers[i2] != 0) {
                    if (stringBuffer.length() > 0) {
                        stringBuffer.append(',');
                    }
                    stringBuffer.append(CIPHER_TOKENS[i2]);
                }
            }
            str = stringBuffer.toString();
        }
        try {
            byte[] generateChallenge = generateChallenge(this.serverRealms, this.specifiedQops, str);
            this.step = 3;
            return generateChallenge;
        } catch (UnsupportedEncodingException e3) {
            throw new SaslException("DIGEST-MD5: Error encoding challenge", e3);
        } catch (IOException e4) {
            throw new SaslException("DIGEST-MD5: Error generating challenge", e4);
        }
    }

    @Override // javax.security.sasl.SaslServer
    public String getAuthorizationID() {
        if (this.completed) {
            return this.authzid;
        }
        throw new IllegalStateException("DIGEST-MD5 server negotiation not complete");
    }
}
