package rocks.xmpp.core.sasl.scram;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:rocks/xmpp/core/sasl/scram/ScramClient.class */
public final class ScramClient extends ScramBase implements SaslClient {
    private static final String GS2_CBIND_FLAG = "n";
    private final String gs2Header;
    String username;
    private String authorizationId;
    private char[] passwd;
    private byte[] serverSignature;

    public ScramClient(String str, String str2, CallbackHandler callbackHandler) {
        super(str, callbackHandler);
        if (str2 != null) {
            this.authorizationId = new String(str2.getBytes(StandardCharsets.UTF_8), StandardCharsets.UTF_8);
        }
        this.gs2Header = "n," + (str2 != null ? "a=" + str2 : "") + ",";
    }

    static String replaceUsername(String str) {
        if (str != null) {
            return str.replace("=", "=3D").replace(",", "=2C");
        }
        return null;
    }

    public final boolean hasInitialResponse() {
        return true;
    }

    public final byte[] evaluateChallenge(byte[] bArr) throws SaslException {
        if (bArr.length == 0) {
            NameCallback nameCallback = this.authorizationId == null ? new NameCallback("SCRAM username: ") : new NameCallback("SCRAM username: ", this.authorizationId);
            PasswordCallback passwordCallback = new PasswordCallback("SCRAM-SHA-1 password: ", false);
            try {
                this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
                this.passwd = passwordCallback.getPassword();
                passwordCallback.clearPassword();
                this.username = nameCallback.getName();
                if (this.passwd == null || this.username == null) {
                    throw new SaslException("SCRAM: Username and password must not be null.");
                }
                this.username = SaslPrep.prepare(this.username);
                if ("".equals(this.username)) {
                    throw new SaslException("SCRAM: Username must not be empty.");
                }
                this.username = replaceUsername(this.username);
                this.clientFirstMessageBare = createClientFirstMessageBare(this.username, generateNonce());
                return (this.gs2Header + this.clientFirstMessageBare).getBytes(StandardCharsets.UTF_8);
            } catch (IOException e) {
                throw new SaslException("SCRAM: Error acquiring user name or password.", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SaslException("SCRAM: Failed to generate nonce.", e2);
            } catch (UnsupportedCallbackException e3) {
                throw new SaslException("SCRAM: Cannot perform callback to acquire username or password", e3);
            }
        }
        try {
            String str = new String(bArr, StandardCharsets.UTF_8);
            Map<Character, String> attributes = getAttributes(str);
            String str2 = attributes.get('e');
            if (str2 != null) {
                throw new SaslException(str2);
            }
            String str3 = attributes.get('v');
            if (str3 != null) {
                if (!Arrays.equals(this.serverSignature, DatatypeConverter.parseBase64Binary(str3))) {
                    throw new SaslException("SCRAM: Verification failed");
                }
                this.complete = true;
                return null;
            }
            this.serverFirstMessage = str;
            this.nonce = attributes.get('r');
            String str4 = attributes.get('s');
            try {
                int parseInt = Integer.parseInt(attributes.get('i'));
                if (this.nonce == null) {
                    throw new SaslException("SCRAM: nonce was null in the server response.");
                }
                if (str4 == null) {
                    throw new SaslException("SCRAM: salt was null in the server response.");
                }
                byte[] parseBase64Binary = DatatypeConverter.parseBase64Binary(str4);
                try {
                    this.channelBinding = DatatypeConverter.printBase64Binary(this.gs2Header.getBytes(StandardCharsets.UTF_8));
                    byte[] computeSaltedPassword = computeSaltedPassword(this.passwd, parseBase64Binary, parseInt);
                    String computeAuthMessage = computeAuthMessage();
                    byte[] computeClientKey = computeClientKey(computeSaltedPassword);
                    byte[] xor = xor(computeClientKey, computeClientSignature(computeClientKey, computeAuthMessage()));
                    this.serverSignature = hmac(computeServerKey(computeSaltedPassword), computeAuthMessage.getBytes(StandardCharsets.UTF_8));
                    return (("c=" + this.channelBinding + ",r=" + this.nonce) + ",p=" + DatatypeConverter.printBase64Binary(xor)).getBytes(StandardCharsets.UTF_8);
                } catch (GeneralSecurityException e4) {
                    throw new SaslException(e4.getMessage(), e4);
                }
            } catch (NumberFormatException e5) {
                throw new SaslException("iterationCount could not be parsed.");
            }
        } catch (SaslException e6) {
            this.complete = true;
            throw e6;
        }
    }
}
