package rocks.xmpp.core.sasl;

import java.io.IOException;
import java.security.Security;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Condition;
import java.util.concurrent.locks.Lock;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.CredentialExpiredException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import rocks.xmpp.core.sasl.model.Auth;
import rocks.xmpp.core.sasl.model.Challenge;
import rocks.xmpp.core.sasl.model.Failure;
import rocks.xmpp.core.sasl.model.Mechanisms;
import rocks.xmpp.core.sasl.model.Response;
import rocks.xmpp.core.sasl.model.Success;
import rocks.xmpp.core.session.XmppSession;
import rocks.xmpp.core.stream.FeatureNegotiator;

/* loaded from: input_file:rocks/xmpp/core/sasl/AuthenticationManager.class */
public final class AuthenticationManager extends FeatureNegotiator {
    private final XmppSession xmppSession;
    private final Condition authenticationComplete;
    private final LinkedHashSet<String> supportedMechanisms;
    private final Lock lock;
    private LinkedHashSet<String> preferredMechanisms;
    private SaslClient saslClient;
    private volatile Failure authenticationFailure;
    private volatile boolean authenticated;
    private String lastPassword;
    private String lastUsername;
    private String lastAuthorizationId;
    private String[] lastMechanisms;
    private CallbackHandler lastCallbackHandler;

    public AuthenticationManager(XmppSession xmppSession, Lock lock) {
        super(Mechanisms.class);
        this.authenticationFailure = null;
        if (xmppSession == null) {
            throw new IllegalArgumentException("connection must not be null.");
        }
        this.xmppSession = xmppSession;
        this.lock = lock;
        this.authenticationComplete = lock.newCondition();
        this.supportedMechanisms = new LinkedHashSet<>();
        this.preferredMechanisms = new LinkedHashSet<>();
        this.preferredMechanisms.add("SCRAM-SHA-1");
        this.preferredMechanisms.add("DIGEST-MD5");
        this.preferredMechanisms.add("GSSAPI");
        this.preferredMechanisms.add("CRAM-MD5");
        this.preferredMechanisms.add("PLAIN");
        this.preferredMechanisms.add("ANONYMOUS");
    }

    public LinkedHashSet<String> getPreferredMechanisms() {
        return this.preferredMechanisms;
    }

    public void setPreferredMechanisms(LinkedHashSet<String> linkedHashSet) {
        this.preferredMechanisms = linkedHashSet;
    }

    public void authenticate(String str, String str2, String str3, CallbackHandler callbackHandler) throws LoginException, SaslException {
        authenticate(getCommonMechanisms(), str, str2, str3, callbackHandler);
    }

    public void authenticateAnonymously() throws LoginException {
        try {
            authenticate(new String[]{"ANONYMOUS"}, null, null, null, null);
        } catch (SaslException e) {
            throw new LoginException(e.getMessage());
        }
    }

    private void authenticate(String[] strArr, String str, String str2, String str3, CallbackHandler callbackHandler) throws SaslException, LoginException {
        this.authenticationFailure = null;
        this.authenticated = false;
        this.lastMechanisms = strArr;
        this.lastAuthorizationId = str;
        this.lastUsername = str2;
        this.lastPassword = str3;
        this.lastCallbackHandler = callbackHandler;
        this.saslClient = createSaslClient(strArr, str, str2, str3, callbackHandler);
        if (this.saslClient == null) {
            throw new SaslException("No SASL client found.");
        }
        byte[] bArr = new byte[0];
        if (this.saslClient.hasInitialResponse()) {
            bArr = this.saslClient.evaluateChallenge(new byte[0]);
        }
        this.xmppSession.send(new Auth(this.saslClient.getMechanismName(), bArr));
        this.lock.lock();
        try {
            try {
                this.authenticationComplete.await(20L, TimeUnit.SECONDS);
                this.lock.unlock();
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                this.lock.unlock();
            }
            if (this.authenticated) {
                return;
            }
            if (this.authenticationFailure == null) {
                throw new LoginException(this.saslClient.getMechanismName() + " authentication failed for an unknown reason, but probably due to timeout.");
            }
            String str4 = this.authenticationFailure.getText() != null ? this.saslClient.getMechanismName() + " authentication failed: " + this.authenticationFailure.getText() : this.saslClient.getMechanismName() + " authentication failed.";
            if (this.authenticationFailure.getCondition() instanceof Failure.NotAuthorized) {
                throw new FailedLoginException(str4);
            }
            if (this.authenticationFailure.getCondition() instanceof Failure.AccountDisabled) {
                throw new AccountLockedException(str4);
            }
            if (this.authenticationFailure.getCondition() instanceof Failure.CredentialsExpired) {
                throw new CredentialExpiredException(str4);
            }
            throw new LoginException(this.saslClient.getMechanismName() + " authentication failed with condition: " + (this.authenticationFailure.getCondition() != null ? this.authenticationFailure.getCondition().getClass().getSimpleName() : "unknown"));
        } catch (Throwable th) {
            this.lock.unlock();
            throw th;
        }
    }

    public void reAuthenticate() throws SaslException, LoginException {
        authenticate(this.lastMechanisms, this.lastAuthorizationId, this.lastUsername, this.lastPassword, this.lastCallbackHandler);
    }

    private String[] getCommonMechanisms() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator<String> it = this.preferredMechanisms.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (this.supportedMechanisms.contains(next)) {
                linkedHashSet.add(next);
            }
        }
        return (String[]) linkedHashSet.toArray(new String[linkedHashSet.size()]);
    }

    @Override // rocks.xmpp.core.stream.FeatureNegotiator
    public FeatureNegotiator.Status processNegotiation(Object obj) throws Exception {
        FeatureNegotiator.Status status = FeatureNegotiator.Status.INCOMPLETE;
        try {
            try {
                if (obj instanceof Mechanisms) {
                    this.supportedMechanisms.clear();
                    this.supportedMechanisms.addAll(((Mechanisms) obj).getMechanisms());
                } else if (obj instanceof Challenge) {
                    sendResponse((Challenge) obj);
                } else if (obj instanceof Failure) {
                    this.authenticationFailure = (Failure) obj;
                    this.authenticated = false;
                    releaseLock();
                    status = FeatureNegotiator.Status.FAILURE;
                } else if (obj instanceof Success) {
                    this.authenticated = true;
                    releaseLock();
                    status = FeatureNegotiator.Status.SUCCESS;
                }
                notifyFeatureNegotiated(status, obj);
                return status;
            } catch (Exception e) {
                releaseLock();
                throw e;
            }
        } catch (Throwable th) {
            notifyFeatureNegotiated(status, obj);
            throw th;
        }
    }

    private void releaseLock() {
        this.lock.lock();
        try {
            this.authenticationComplete.signal();
        } finally {
            this.lock.unlock();
        }
    }

    @Override // rocks.xmpp.core.stream.FeatureNegotiator
    public boolean needsRestart() {
        return true;
    }

    @Override // rocks.xmpp.core.stream.FeatureNegotiator
    public boolean canProcess(Object obj) {
        return (obj instanceof Challenge) || (obj instanceof Failure) || (obj instanceof Success);
    }

    private SaslClient createSaslClient(String[] strArr, String str, final String str2, final String str3, CallbackHandler callbackHandler) throws SaslException {
        if (callbackHandler == null) {
            callbackHandler = new CallbackHandler() { // from class: rocks.xmpp.core.sasl.AuthenticationManager.1
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                    for (Callback callback : callbackArr) {
                        if (callback instanceof NameCallback) {
                            ((NameCallback) callback).setName(str2);
                        }
                        if (callback instanceof PasswordCallback) {
                            ((PasswordCallback) callback).setPassword(str3.toCharArray());
                        }
                        if (callback instanceof RealmCallback) {
                            ((RealmCallback) callback).setText(((RealmCallback) callback).getDefaultText());
                        }
                    }
                }
            };
        }
        return Sasl.createSaslClient(strArr, str, "xmpp", this.xmppSession.getDomain(), new HashMap(), callbackHandler);
    }

    private void sendResponse(Challenge challenge) throws SaslException {
        this.xmppSession.send(new Response(this.saslClient.evaluateChallenge(challenge.getValue())));
    }

    static {
        Security.addProvider(new SaslProvider());
    }
}
