package gnu.crypto.sasl.srp;

import com.google.android.exoplayer2.C;
import gnu.crypto.Registry;
import gnu.crypto.assembly.Direction;
import gnu.crypto.cipher.CipherFactory;
import gnu.crypto.cipher.IBlockCipher;
import gnu.crypto.hash.MD5;
import gnu.crypto.key.IKeyAgreementParty;
import gnu.crypto.key.IncomingMessage;
import gnu.crypto.key.KeyAgreementException;
import gnu.crypto.key.KeyAgreementFactory;
import gnu.crypto.key.OutgoingMessage;
import gnu.crypto.key.srp6.SRP6KeyAgreement;
import gnu.crypto.sasl.ClientMechanism;
import gnu.crypto.sasl.IllegalMechanismStateException;
import gnu.crypto.sasl.InputBuffer;
import gnu.crypto.sasl.IntegrityException;
import gnu.crypto.sasl.OutputBuffer;
import gnu.crypto.util.PRNG;
import gnu.crypto.util.Util;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.StringTokenizer;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthenticationException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

/* loaded from: classes2.dex */
public class SRPClient extends ClientMechanism implements SaslClient {
    private static final boolean DEBUG = true;
    private static final String INFO = " INFO";
    private static final String NAME = "SRPClient";
    private static final String TRACE = "DEBUG";
    private static final int debuglevel = 3;
    private static final PrintWriter err = new PrintWriter((OutputStream) System.out, true);
    BigInteger A;
    BigInteger B;
    private byte[] K;
    private String L;
    private byte[] M1;
    private byte[] M2;
    BigInteger N;
    private String U;
    private byte[] cIV;
    private String chosenConfidentialityAlgorithm;
    private String chosenIntegrityAlgorithm;
    private IKeyAgreementParty clientHandler;
    private byte[] cn;
    BigInteger g;
    private CALG inCipher;
    private int inCounter;
    private IALG inMac;
    private String o;
    private CALG outCipher;
    private int outCounter;
    private IALG outMac;
    private char[] password;
    private int rawSendSize;
    private boolean replayDetection;
    private byte[] s;
    private byte[] sCB;
    private byte[] sIV;
    private byte[] sid;
    private byte[] sn;
    private SRP srp;
    private int ttl;
    private String uid;

    public SRPClient() {
        super(Registry.SASL_SRP_MECHANISM);
        this.rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT;
        this.replayDetection = true;
        this.inCounter = 0;
        this.outCounter = 0;
        this.clientHandler = KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA);
    }

    private String createO(String str) throws AuthenticationException {
        String str2 = SRPRegistry.SRP_DEFAULT_DIGEST_NAME;
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        boolean z = true;
        String str3 = "replay_detection";
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.startsWith("mda=")) {
                String substring = nextToken.substring(nextToken.indexOf(61) + 1);
                int i = 0;
                while (true) {
                    if (i >= SRPRegistry.INTEGRITY_ALGORITHMS.length) {
                        break;
                    }
                    if (SRPRegistry.SRP_ALGORITHMS[i].equals(substring)) {
                        str2 = substring;
                        break;
                    }
                    i++;
                }
            } else if (nextToken.equals("replay_detection")) {
                z2 = true;
            } else if (nextToken.startsWith("integrity=")) {
                String substring2 = nextToken.substring(nextToken.indexOf(61) + 1);
                int i2 = 0;
                while (true) {
                    if (i2 >= SRPRegistry.INTEGRITY_ALGORITHMS.length) {
                        break;
                    }
                    if (SRPRegistry.INTEGRITY_ALGORITHMS[i2].equals(substring2)) {
                        this.chosenIntegrityAlgorithm = substring2;
                        z3 = true;
                        break;
                    }
                    i2++;
                }
            } else if (nextToken.startsWith("confidentiality=")) {
                String substring3 = nextToken.substring(nextToken.indexOf(61) + 1);
                int i3 = 0;
                while (true) {
                    if (i3 >= SRPRegistry.CONFIDENTIALITY_ALGORITHMS.length) {
                        break;
                    }
                    if (SRPRegistry.CONFIDENTIALITY_ALGORITHMS[i3].equals(substring3)) {
                        this.chosenConfidentialityAlgorithm = substring3;
                        z4 = true;
                        break;
                    }
                    i3++;
                }
            } else if (nextToken.startsWith("mandatory=")) {
                str3 = nextToken.substring(nextToken.indexOf(61) + 1);
            } else if (nextToken.startsWith("maxbuffersize=")) {
                String substring4 = nextToken.substring(nextToken.indexOf(61) + 1);
                try {
                    int parseInt = Integer.parseInt(substring4);
                    this.rawSendSize = parseInt;
                    if (parseInt > 2147483643 || parseInt < 1) {
                        throw new AuthenticationException("Illegal value for 'maxbuffersize' option");
                    }
                } catch (NumberFormatException e) {
                    throw new AuthenticationException("maxbuffersize=" + String.valueOf(substring4), e);
                }
            } else {
                continue;
            }
        }
        this.replayDetection = z2 && Boolean.valueOf((String) this.properties.get(SRPRegistry.SRP_REPLAY_DETECTION)).booleanValue();
        boolean z5 = z3 && Boolean.valueOf((String) this.properties.get(SRPRegistry.SRP_INTEGRITY_PROTECTION)).booleanValue();
        boolean z6 = z4 && Boolean.valueOf((String) this.properties.get(SRPRegistry.SRP_CONFIDENTIALITY)).booleanValue();
        if ("replay_detection".equals(str3)) {
            this.replayDetection = true;
        } else if (!SRPRegistry.OPTION_INTEGRITY.equals(str3)) {
            z = z5;
            if (SRPRegistry.OPTION_CONFIDENTIALITY.equals(str3)) {
                z6 = true;
            }
        }
        if (this.replayDetection && this.chosenIntegrityAlgorithm == null) {
            throw new AuthenticationException("Replay detection is required but no integrity protection algorithm was chosen");
        }
        if (z && this.chosenIntegrityAlgorithm == null) {
            throw new AuthenticationException("Integrity protection is required but no algorithm was chosen");
        }
        if (z6 && this.chosenConfidentialityAlgorithm == null) {
            throw new AuthenticationException("Confidentiality protection is required but no algorithm was chosen");
        }
        String str4 = this.chosenConfidentialityAlgorithm;
        if (str4 == null) {
            this.cIV = new byte[0];
        } else {
            IBlockCipher cipherFactory = CipherFactory.getInstance(str4);
            if (cipherFactory == null) {
                throw new AuthenticationException("createO()", new NoSuchAlgorithmException());
            }
            byte[] bArr = new byte[cipherFactory.defaultBlockSize()];
            this.cIV = bArr;
            PRNG.nextBytes(bArr);
        }
        this.srp = SRP.instance(str2);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(SRPRegistry.OPTION_SRP_DIGEST);
        stringBuffer.append("=");
        stringBuffer.append(str2);
        stringBuffer.append(",");
        if (this.replayDetection) {
            stringBuffer.append("replay_detection");
            stringBuffer.append(",");
        }
        if (z) {
            stringBuffer.append(SRPRegistry.OPTION_INTEGRITY);
            stringBuffer.append("=");
            stringBuffer.append(this.chosenIntegrityAlgorithm);
            stringBuffer.append(",");
        }
        if (z6) {
            stringBuffer.append(SRPRegistry.OPTION_CONFIDENTIALITY);
            stringBuffer.append("=");
            stringBuffer.append(this.chosenConfidentialityAlgorithm);
            stringBuffer.append(",");
        }
        stringBuffer.append(SRPRegistry.OPTION_MAX_BUFFER_SIZE);
        stringBuffer.append("=");
        stringBuffer.append(Registry.SASL_BUFFER_MAX_LIMIT);
        return stringBuffer.toString();
    }

    private static void debug(String str, Object obj) {
        err.println("[" + str + "] " + NAME + ": " + String.valueOf(obj));
    }

    private void getUsernameAndPassword() throws AuthenticationException {
        try {
            if (this.properties.containsKey(Registry.SASL_USERNAME) || this.properties.containsKey(Registry.SASL_PASSWORD)) {
                if (this.properties.containsKey(Registry.SASL_USERNAME)) {
                    this.U = (String) this.properties.get(Registry.SASL_USERNAME);
                } else {
                    String property = System.getProperty("user.name");
                    NameCallback nameCallback = property == null ? new NameCallback("username: ") : new NameCallback("username: ", property);
                    this.handler.handle(new Callback[]{nameCallback});
                    this.U = nameCallback.getName();
                }
                if (this.properties.containsKey(Registry.SASL_PASSWORD)) {
                    this.password = ((String) this.properties.get(Registry.SASL_PASSWORD)).toCharArray();
                } else {
                    PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
                    this.handler.handle(new Callback[]{passwordCallback});
                    this.password = passwordCallback.getPassword();
                }
            } else {
                String property2 = System.getProperty("user.name");
                NameCallback nameCallback2 = property2 == null ? new NameCallback("username: ") : new NameCallback("username: ", property2);
                PasswordCallback passwordCallback2 = new PasswordCallback("password: ", false);
                this.handler.handle(new Callback[]{nameCallback2, passwordCallback2});
                this.U = nameCallback2.getName();
                this.password = passwordCallback2.getPassword();
            }
            if (this.U == null) {
                throw new AuthenticationException("null username supplied");
            }
            if (this.password == null) {
                throw new AuthenticationException("null password supplied");
            }
        } catch (IOException e) {
            throw new AuthenticationException("getUsernameAndPassword()", e);
        } catch (UnsupportedCallbackException e2) {
            throw new AuthenticationException("getUsernameAndPassword()", e2);
        }
    }

    private byte[] receiveEvidence(byte[] bArr) throws SaslException {
        InputBuffer inputBuffer = new InputBuffer(bArr);
        try {
            this.M2 = inputBuffer.getOS();
            this.sIV = inputBuffer.getOS();
            this.sid = inputBuffer.getEOS();
            this.ttl = (int) inputBuffer.getScalar(4);
            this.sCB = inputBuffer.getEOS();
            try {
                if (!Arrays.equals(this.M2, this.srp.generateM2(this.A, this.M1, this.K, this.U, this.authorizationID, this.o, this.sid, this.ttl, this.cIV, this.sIV, this.sCB))) {
                    throw new AuthenticationException("M2 mismatch");
                }
                setupSecurityServices(false);
                return null;
            } catch (UnsupportedEncodingException e) {
                throw new AuthenticationException("receiveEvidence()", e);
            }
        } catch (IOException e2) {
            if (e2 instanceof SaslException) {
                throw e2;
            }
            throw new AuthenticationException("receiveEvidence()", e2);
        }
    }

    private byte[] sendIdentities() throws SaslException {
        getUsernameAndPassword();
        if (this.sid.length != 0) {
            byte[] bArr = new byte[16];
            this.cn = bArr;
            PRNG.nextBytes(bArr);
        } else {
            this.cn = new byte[0];
        }
        OutputBuffer outputBuffer = new OutputBuffer();
        try {
            outputBuffer.setText(this.U);
            outputBuffer.setText(this.authorizationID);
            outputBuffer.setEOS(this.sid);
            outputBuffer.setOS(this.cn);
            outputBuffer.setEOS(this.channelBinding);
            byte[] encode = outputBuffer.encode();
            debug(INFO, "C: " + Util.dumpString(encode));
            debug(INFO, "  U = " + this.U);
            debug(INFO, "  I = " + this.authorizationID);
            debug(INFO, "sid = " + new String(this.sid));
            debug(INFO, " cn = " + Util.dumpString(this.cn));
            debug(INFO, "cCB = " + Util.dumpString(this.channelBinding));
            return encode;
        } catch (IOException e) {
            if (e instanceof SaslException) {
                throw e;
            }
            throw new AuthenticationException("sendIdentities()", e);
        }
    }

    private byte[] sendPublicKey(byte[] bArr) throws SaslException {
        InputBuffer inputBuffer = new InputBuffer(bArr);
        try {
            int scalar = (int) inputBuffer.getScalar(1);
            if (scalar == 0) {
                this.N = inputBuffer.getMPI();
                this.g = inputBuffer.getMPI();
                this.s = inputBuffer.getOS();
                this.B = inputBuffer.getMPI();
                this.L = inputBuffer.getText();
            } else {
                if (scalar != 255) {
                    throw new SaslException("sendPublicKey(): Invalid scalar (" + scalar + ") in server's request");
                }
                this.sn = inputBuffer.getOS();
                this.sCB = inputBuffer.getEOS();
            }
            if (scalar != 0) {
                setupSecurityServices(true);
                debug(INFO, "Session re-use accepted...");
                return null;
            }
            this.o = createO(this.L.toLowerCase());
            try {
                byte[] bytes = new String(this.password).getBytes(C.ASCII_NAME);
                HashMap hashMap = new HashMap();
                hashMap.put(SRP6KeyAgreement.HASH_FUNCTION, this.srp.getAlgorithm());
                hashMap.put(SRP6KeyAgreement.USER_IDENTITY, this.U);
                hashMap.put(SRP6KeyAgreement.USER_PASSWORD, bytes);
                try {
                    this.clientHandler.init(hashMap);
                    this.clientHandler.processMessage(null);
                    try {
                        OutgoingMessage outgoingMessage = new OutgoingMessage();
                        outgoingMessage.writeMPI(this.N);
                        outgoingMessage.writeMPI(this.g);
                        outgoingMessage.writeMPI(new BigInteger(1, this.s));
                        outgoingMessage.writeMPI(this.B);
                        this.A = new IncomingMessage(this.clientHandler.processMessage(new IncomingMessage(outgoingMessage.toByteArray())).toByteArray()).readMPI();
                        byte[] sharedSecret = this.clientHandler.getSharedSecret();
                        this.K = sharedSecret;
                        try {
                            this.M1 = this.srp.generateM1(this.N, this.g, this.U, this.s, this.A, this.B, sharedSecret, this.authorizationID, this.L, this.cn, this.channelBinding);
                            OutputBuffer outputBuffer = new OutputBuffer();
                            try {
                                outputBuffer.setMPI(this.A);
                                outputBuffer.setOS(this.M1);
                                outputBuffer.setText(this.o);
                                outputBuffer.setOS(this.cIV);
                                byte[] encode = outputBuffer.encode();
                                debug(INFO, "New session, or session re-use rejected...");
                                debug(INFO, "C: " + Util.dumpString(encode));
                                debug(INFO, "  A = 0x" + this.A.toString(16));
                                debug(INFO, " M1 = " + Util.dumpString(this.M1));
                                debug(INFO, "  o = " + this.o);
                                debug(INFO, "cIV = " + Util.dumpString(this.cIV));
                                return encode;
                            } catch (IOException e) {
                                if (e instanceof SaslException) {
                                    throw e;
                                }
                                throw new AuthenticationException("sendPublicKey()", e);
                            }
                        } catch (UnsupportedEncodingException e2) {
                            throw new AuthenticationException("sendPublicKey()", e2);
                        }
                    } catch (KeyAgreementException e3) {
                        throw new SaslException("sendPublicKey()", e3);
                    }
                } catch (KeyAgreementException e4) {
                    throw new SaslException("sendPublicKey()", e4);
                }
            } catch (UnsupportedEncodingException e5) {
                throw new SaslException("sendPublicKey()", e5);
            }
        } catch (IOException e6) {
            if (e6 instanceof SaslException) {
                throw e6;
            }
            throw new SaslException("sendPublicKey()", e6);
        }
    }

    private void setupSecurityServices(boolean z) throws SaslException {
        this.complete = true;
        if (z) {
            this.K = this.srp.generateKn(this.K, this.cn, this.sn);
        } else {
            this.inCounter = 0;
            this.outCounter = 0;
            if (this.chosenConfidentialityAlgorithm != null) {
                debug(INFO, "Activating confidentiality protection filter");
                this.inCipher = CALG.getInstance(this.chosenConfidentialityAlgorithm);
                this.outCipher = CALG.getInstance(this.chosenConfidentialityAlgorithm);
            }
            if (this.chosenIntegrityAlgorithm != null) {
                debug(INFO, "Activating integrity protection filter");
                this.inMac = IALG.getInstance(this.chosenIntegrityAlgorithm);
                this.outMac = IALG.getInstance(this.chosenIntegrityAlgorithm);
            }
        }
        KDF kdf = KDF.getInstance(this.K);
        CALG calg = this.inCipher;
        if (calg != null) {
            calg.init(kdf, this.sIV, Direction.REVERSED);
            this.outCipher.init(kdf, this.cIV, Direction.FORWARD);
        }
        IALG ialg = this.inMac;
        if (ialg != null) {
            ialg.init(kdf);
            this.outMac.init(kdf);
        }
        byte[] bArr = this.sid;
        if (bArr == null || bArr.length == 0) {
            return;
        }
        debug(INFO, "Updating security context for UID = " + this.uid);
        ClientStore.instance().cacheSession(this.uid, this.ttl, new SecurityContext(this.srp.getAlgorithm(), this.sid, this.K, this.cIV, this.sIV, this.replayDetection, this.inCounter, this.outCounter, this.inMac, this.outMac, this.inCipher, this.outCipher));
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected byte[] engineUnwrap(byte[] bArr, int i, int i2) throws SaslException {
        IALG ialg = this.inMac;
        if (ialg == null && this.inCipher == null) {
            throw new IllegalStateException("connection is not protected");
        }
        try {
            if (ialg == null) {
                return this.inCipher.doFinal(bArr, i, i2);
            }
            int length = ialg.length();
            int i3 = i2 - length;
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, i + i3, bArr2, 0, length);
            this.inMac.update(bArr, i, i3);
            if (this.replayDetection) {
                int i4 = this.inCounter + 1;
                this.inCounter = i4;
                this.inMac.update(new byte[]{(byte) (i4 >>> 24), (byte) (i4 >>> 16), (byte) (i4 >>> 8), (byte) i4});
            }
            if (!Arrays.equals(bArr2, this.inMac.doFinal())) {
                throw new IntegrityException("engineUnwrap()");
            }
            CALG calg = this.inCipher;
            if (calg != null) {
                return calg.doFinal(bArr, i, i3);
            }
            byte[] bArr3 = new byte[i3];
            System.arraycopy(bArr, i, bArr3, 0, i3);
            return bArr3;
        } catch (IOException e) {
            if (e instanceof SaslException) {
                throw e;
            }
            throw new SaslException("engineUnwrap()", e);
        }
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected byte[] engineWrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.outMac == null && this.outCipher == null) {
            throw new IllegalStateException("connection is not protected");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            CALG calg = this.outCipher;
            if (calg != null) {
                byte[] doFinal = calg.doFinal(bArr, i, i2);
                byteArrayOutputStream.write(doFinal);
                IALG ialg = this.outMac;
                if (ialg != null) {
                    ialg.update(doFinal);
                    if (this.replayDetection) {
                        int i3 = this.outCounter + 1;
                        this.outCounter = i3;
                        this.outMac.update(new byte[]{(byte) (i3 >>> 24), (byte) (i3 >>> 16), (byte) (i3 >>> 8), (byte) i3});
                    }
                    byteArrayOutputStream.write(this.outMac.doFinal());
                }
            } else {
                byteArrayOutputStream.write(bArr, i, i2);
                this.outMac.update(bArr, i, i2);
                if (this.replayDetection) {
                    int i4 = this.outCounter + 1;
                    this.outCounter = i4;
                    this.outMac.update(new byte[]{(byte) (i4 >>> 24), (byte) (i4 >>> 16), (byte) (i4 >>> 8), (byte) i4});
                }
                byteArrayOutputStream.write(this.outMac.doFinal());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            if (e instanceof SaslException) {
                throw e;
            }
            throw new SaslException("engineWrap()", e);
        }
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    public byte[] evaluateChallenge(byte[] bArr) throws SaslException {
        int i = this.state;
        if (i == 0) {
            this.state++;
            return sendIdentities();
        }
        if (i == 1) {
            this.state++;
            return sendPublicKey(bArr);
        }
        if (i != 2 || this.complete) {
            throw new IllegalMechanismStateException("evaluateChallenge()");
        }
        this.state++;
        return receiveEvidence(bArr);
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getNegotiatedQOP() {
        return this.inMac != null ? this.inCipher != null ? Registry.QOP_AUTH_CONF : Registry.QOP_AUTH_INT : Registry.QOP_AUTH;
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getNegotiatedRawSendSize() {
        return String.valueOf(this.rawSendSize);
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getNegotiatedStrength() {
        return this.inMac != null ? this.inCipher != null ? Registry.STRENGTH_HIGH : Registry.STRENGTH_MEDIUM : Registry.STRENGTH_LOW;
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getReuse() {
        return "true";
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    public boolean hasInitialResponse() {
        return true;
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected void initMechanism() throws SaslException {
        MD5 md5 = new MD5();
        byte[] bytes = this.authorizationID.getBytes();
        md5.update(bytes, 0, bytes.length);
        byte[] bytes2 = this.serverName.getBytes();
        md5.update(bytes2, 0, bytes2.length);
        byte[] bytes3 = this.protocol.getBytes();
        md5.update(bytes3, 0, bytes3.length);
        if (this.channelBinding.length > 0) {
            md5.update(this.channelBinding, 0, this.channelBinding.length);
        }
        this.uid = Util.toBase64(md5.digest());
        if (!ClientStore.instance().isAlive(this.uid)) {
            this.sid = new byte[0];
            this.ttl = 0;
            this.K = null;
            this.cIV = null;
            this.sIV = null;
            this.cn = null;
            this.sn = null;
            return;
        }
        SecurityContext restoreSession = ClientStore.instance().restoreSession(this.uid);
        this.srp = SRP.instance(restoreSession.getMdName());
        this.sid = restoreSession.getSID();
        this.K = restoreSession.getK();
        this.cIV = restoreSession.getClientIV();
        this.sIV = restoreSession.getServerIV();
        this.replayDetection = restoreSession.hasReplayDetection();
        this.inCounter = restoreSession.getInCounter();
        this.outCounter = restoreSession.getOutCounter();
        this.inMac = restoreSession.getInMac();
        this.outMac = restoreSession.getOutMac();
        this.inCipher = restoreSession.getInCipher();
        this.outCipher = restoreSession.getOutCipher();
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected void resetMechanism() throws SaslException {
        this.password = null;
        this.M1 = null;
        this.K = null;
        this.cIV = null;
        this.sIV = null;
        this.outMac = null;
        this.inMac = null;
        this.outCipher = null;
        this.inCipher = null;
        this.sid = null;
        this.ttl = 0;
        this.cn = null;
        this.sn = null;
    }
}
