package gnu.crypto.sasl.srp;

import gnu.crypto.Registry;
import gnu.crypto.assembly.Direction;
import gnu.crypto.auth.Password;
import gnu.crypto.hash.MD5;
import gnu.crypto.key.IKeyAgreementParty;
import gnu.crypto.key.IncomingMessage;
import gnu.crypto.key.KeyAgreementException;
import gnu.crypto.key.KeyAgreementFactory;
import gnu.crypto.key.OutgoingMessage;
import gnu.crypto.key.srp6.SRP6KeyAgreement;
import gnu.crypto.sasl.ClientMechanism;
import gnu.crypto.sasl.IllegalMechanismStateException;
import gnu.crypto.sasl.InputBuffer;
import gnu.crypto.sasl.IntegrityException;
import gnu.crypto.sasl.OutputBuffer;
import gnu.crypto.util.PRNG;
import gnu.crypto.util.Util;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.util.Arrays;
import java.util.HashMap;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthenticationException;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

/* loaded from: classes2.dex */
public class SRPClient extends ClientMechanism implements SaslClient {
    private static final boolean DEBUG = true;
    private static final String INFO = " INFO";
    private static final String NAME = "SRPClient";
    private static final String TRACE = "DEBUG";
    private static final int debuglevel = 3;
    private static final PrintWriter err = new PrintWriter((OutputStream) System.out, true);
    BigInteger A;
    BigInteger B;
    private byte[] K;
    private String L;
    private byte[] M1;
    private byte[] M2;
    BigInteger N;
    private String U;
    private byte[] cIV;
    private String chosenConfidentialityAlgorithm;
    private String chosenIntegrityAlgorithm;
    private IKeyAgreementParty clientHandler;

    /* renamed from: cn, reason: collision with root package name */
    private byte[] f321cn;
    BigInteger g;
    private CALG inCipher;
    private int inCounter;
    private IALG inMac;
    private String o;
    private CALG outCipher;
    private int outCounter;
    private IALG outMac;
    private Password password;
    private int rawSendSize;
    private boolean replayDetection;
    private byte[] s;
    private byte[] sCB;
    private byte[] sIV;
    private byte[] sid;
    private byte[] sn;
    private SRP srp;
    private int ttl;
    private String uid;

    public SRPClient() {
        super(Registry.SASL_SRP_MECHANISM);
        m313this();
    }

    /* JADX WARN: Removed duplicated region for block: B:116:0x00b7  */
    /* JADX WARN: Removed duplicated region for block: B:119:0x00ee  */
    /* JADX WARN: Removed duplicated region for block: B:121:0x00f6  */
    /* JADX WARN: Removed duplicated region for block: B:123:0x0106  */
    /* JADX WARN: Removed duplicated region for block: B:126:0x00bc  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final java.lang.String createO(java.lang.String r15) throws javax.security.sasl.AuthenticationException {
        /*
            Method dump skipped, instructions count: 532
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: gnu.crypto.sasl.srp.SRPClient.createO(java.lang.String):java.lang.String");
    }

    private static final void debug(String str, Object obj) {
        PrintWriter printWriter = err;
        StringBuffer stringBuffer = new StringBuffer("[");
        stringBuffer.append(str);
        stringBuffer.append("] SRPClient: ");
        stringBuffer.append(String.valueOf(obj));
        printWriter.println(stringBuffer.toString());
    }

    private final void getUsernameAndPassword() throws AuthenticationException {
        try {
            if (this.properties.containsKey(Registry.SASL_USERNAME) || this.properties.containsKey(Registry.SASL_PASSWORD)) {
                if (this.properties.containsKey(Registry.SASL_USERNAME)) {
                    this.U = (String) this.properties.get(Registry.SASL_USERNAME);
                } else {
                    String property = System.getProperty("user.name");
                    NameCallback nameCallback = property == null ? new NameCallback("username: ") : new NameCallback("username: ", property);
                    this.handler.handle(new Callback[]{nameCallback});
                    this.U = nameCallback.getName();
                }
                if (this.properties.containsKey(Registry.SASL_PASSWORD)) {
                    Object obj = this.properties.get(Registry.SASL_PASSWORD);
                    if (obj instanceof char[]) {
                        this.password = new Password((char[]) obj);
                    } else if (obj instanceof Password) {
                        this.password = (Password) obj;
                    } else {
                        if (!(obj instanceof String)) {
                            StringBuffer stringBuffer = new StringBuffer();
                            stringBuffer.append(obj.getClass().getName());
                            stringBuffer.append("is not a valid password class");
                            throw new IllegalArgumentException(stringBuffer.toString());
                        }
                        this.password = new Password(((String) obj).toCharArray());
                    }
                } else {
                    PasswordCallback passwordCallback = new PasswordCallback("password: ", false);
                    this.handler.handle(new Callback[]{passwordCallback});
                    this.password = new Password(passwordCallback.getPassword());
                }
            } else {
                String property2 = System.getProperty("user.name");
                NameCallback nameCallback2 = property2 == null ? new NameCallback("username: ") : new NameCallback("username: ", property2);
                PasswordCallback passwordCallback2 = new PasswordCallback("password: ", false);
                this.handler.handle(new Callback[]{nameCallback2, passwordCallback2});
                this.U = nameCallback2.getName();
                this.password = new Password(passwordCallback2.getPassword());
            }
            if (this.U == null) {
                throw new AuthenticationException("null username supplied");
            }
            if (this.password == null) {
                throw new AuthenticationException("null password supplied");
            }
        } catch (IOException e) {
            throw new AuthenticationException("getUsernameAndPassword()", e);
        } catch (UnsupportedCallbackException e2) {
            throw new AuthenticationException("getUsernameAndPassword()", e2);
        }
    }

    private final byte[] receiveEvidence(byte[] bArr) throws SaslException {
        InputBuffer inputBuffer = new InputBuffer(bArr);
        try {
            this.M2 = inputBuffer.getOS();
            this.sIV = inputBuffer.getOS();
            this.sid = inputBuffer.getEOS();
            this.ttl = (int) inputBuffer.getScalar(4);
            this.sCB = inputBuffer.getEOS();
            try {
                if (!Arrays.equals(this.M2, this.srp.generateM2(this.A, this.M1, this.K, this.U, this.authorizationID, this.o, this.sid, this.ttl, this.cIV, this.sIV, this.sCB))) {
                    throw new AuthenticationException("M2 mismatch");
                }
                setupSecurityServices(false);
                return null;
            } catch (UnsupportedEncodingException e) {
                throw new AuthenticationException("receiveEvidence()", e);
            }
        } catch (IOException e2) {
            if (e2 instanceof SaslException) {
                throw e2;
            }
            throw new AuthenticationException("receiveEvidence()", e2);
        }
    }

    private final byte[] sendIdentities() throws SaslException {
        getUsernameAndPassword();
        if (this.sid.length != 0) {
            this.f321cn = new byte[16];
            PRNG.nextBytes(this.f321cn);
        } else {
            this.f321cn = new byte[0];
        }
        OutputBuffer outputBuffer = new OutputBuffer();
        try {
            outputBuffer.setText(this.U);
            outputBuffer.setText(this.authorizationID);
            outputBuffer.setEOS(this.sid);
            outputBuffer.setOS(this.f321cn);
            outputBuffer.setEOS(this.channelBinding);
            byte[] encode = outputBuffer.encode();
            StringBuffer stringBuffer = new StringBuffer("C: ");
            stringBuffer.append(Util.dumpString(encode));
            debug(INFO, stringBuffer.toString());
            StringBuffer stringBuffer2 = new StringBuffer("  U = ");
            stringBuffer2.append(this.U);
            debug(INFO, stringBuffer2.toString());
            StringBuffer stringBuffer3 = new StringBuffer("  I = ");
            stringBuffer3.append(this.authorizationID);
            debug(INFO, stringBuffer3.toString());
            StringBuffer stringBuffer4 = new StringBuffer("sid = ");
            stringBuffer4.append(new String(this.sid));
            debug(INFO, stringBuffer4.toString());
            StringBuffer stringBuffer5 = new StringBuffer(" cn = ");
            stringBuffer5.append(Util.dumpString(this.f321cn));
            debug(INFO, stringBuffer5.toString());
            StringBuffer stringBuffer6 = new StringBuffer("cCB = ");
            stringBuffer6.append(Util.dumpString(this.channelBinding));
            debug(INFO, stringBuffer6.toString());
            return encode;
        } catch (IOException e) {
            if (e instanceof SaslException) {
                throw e;
            }
            throw new AuthenticationException("sendIdentities()", e);
        }
    }

    private final byte[] sendPublicKey(byte[] bArr) throws SaslException {
        InputBuffer inputBuffer = new InputBuffer(bArr);
        try {
            int scalar = (int) inputBuffer.getScalar(1);
            if (scalar == 0) {
                this.N = inputBuffer.getMPI();
                this.g = inputBuffer.getMPI();
                this.s = inputBuffer.getOS();
                this.B = inputBuffer.getMPI();
                this.L = inputBuffer.getText();
            } else {
                if (scalar != 255) {
                    StringBuffer stringBuffer = new StringBuffer("sendPublicKey(): Invalid scalar (");
                    stringBuffer.append(scalar);
                    stringBuffer.append(") in server's request");
                    throw new SaslException(stringBuffer.toString());
                }
                this.sn = inputBuffer.getOS();
                this.sCB = inputBuffer.getEOS();
            }
            if (scalar != 0) {
                setupSecurityServices(true);
                debug(INFO, "Session re-use accepted...");
                return null;
            }
            this.o = createO(this.L.toLowerCase());
            byte[] bytes = this.password.getBytes();
            HashMap hashMap = new HashMap();
            hashMap.put(SRP6KeyAgreement.HASH_FUNCTION, this.srp.getAlgorithm());
            hashMap.put(SRP6KeyAgreement.USER_IDENTITY, this.U);
            hashMap.put(SRP6KeyAgreement.USER_PASSWORD, bytes);
            try {
                this.clientHandler.init(hashMap);
                this.clientHandler.processMessage(null);
                try {
                    OutgoingMessage outgoingMessage = new OutgoingMessage();
                    outgoingMessage.writeMPI(this.N);
                    outgoingMessage.writeMPI(this.g);
                    outgoingMessage.writeMPI(new BigInteger(1, this.s));
                    outgoingMessage.writeMPI(this.B);
                    this.A = new IncomingMessage(this.clientHandler.processMessage(new IncomingMessage(outgoingMessage.toByteArray())).toByteArray()).readMPI();
                    this.K = this.clientHandler.getSharedSecret();
                    try {
                        this.M1 = this.srp.generateM1(this.N, this.g, this.U, this.s, this.A, this.B, this.K, this.authorizationID, this.L, this.f321cn, this.channelBinding);
                        OutputBuffer outputBuffer = new OutputBuffer();
                        try {
                            outputBuffer.setMPI(this.A);
                            outputBuffer.setOS(this.M1);
                            outputBuffer.setText(this.o);
                            outputBuffer.setOS(this.cIV);
                            byte[] encode = outputBuffer.encode();
                            debug(INFO, "New session, or session re-use rejected...");
                            StringBuffer stringBuffer2 = new StringBuffer("C: ");
                            stringBuffer2.append(Util.dumpString(encode));
                            debug(INFO, stringBuffer2.toString());
                            StringBuffer stringBuffer3 = new StringBuffer("  A = 0x");
                            stringBuffer3.append(this.A.toString(16));
                            debug(INFO, stringBuffer3.toString());
                            StringBuffer stringBuffer4 = new StringBuffer(" M1 = ");
                            stringBuffer4.append(Util.dumpString(this.M1));
                            debug(INFO, stringBuffer4.toString());
                            StringBuffer stringBuffer5 = new StringBuffer("  o = ");
                            stringBuffer5.append(this.o);
                            debug(INFO, stringBuffer5.toString());
                            StringBuffer stringBuffer6 = new StringBuffer("cIV = ");
                            stringBuffer6.append(Util.dumpString(this.cIV));
                            debug(INFO, stringBuffer6.toString());
                            return encode;
                        } catch (IOException e) {
                            if (e instanceof SaslException) {
                                throw e;
                            }
                            throw new AuthenticationException("sendPublicKey()", e);
                        }
                    } catch (UnsupportedEncodingException e2) {
                        throw new AuthenticationException("sendPublicKey()", e2);
                    }
                } catch (KeyAgreementException e3) {
                    throw new SaslException("sendPublicKey()", e3);
                }
            } catch (KeyAgreementException e4) {
                throw new SaslException("sendPublicKey()", e4);
            }
        } catch (IOException e5) {
            if (e5 instanceof SaslException) {
                throw e5;
            }
            throw new SaslException("sendPublicKey()", e5);
        }
    }

    private final void setupSecurityServices(boolean z) throws SaslException {
        this.complete = true;
        if (z) {
            this.K = this.srp.generateKn(this.K, this.f321cn, this.sn);
        } else {
            this.inCounter = 0;
            this.outCounter = 0;
            if (this.chosenConfidentialityAlgorithm != null) {
                debug(INFO, "Activating confidentiality protection filter");
                this.inCipher = CALG.getInstance(this.chosenConfidentialityAlgorithm);
                this.outCipher = CALG.getInstance(this.chosenConfidentialityAlgorithm);
            }
            if (this.chosenIntegrityAlgorithm != null) {
                debug(INFO, "Activating integrity protection filter");
                this.inMac = IALG.getInstance(this.chosenIntegrityAlgorithm);
                this.outMac = IALG.getInstance(this.chosenIntegrityAlgorithm);
            }
        }
        KDF kdf = KDF.getInstance(this.K);
        CALG calg = this.inCipher;
        if (calg != null) {
            calg.init(kdf, this.sIV, Direction.REVERSED);
            this.outCipher.init(kdf, this.cIV, Direction.FORWARD);
        }
        IALG ialg = this.inMac;
        if (ialg != null) {
            ialg.init(kdf);
            this.outMac.init(kdf);
        }
        byte[] bArr = this.sid;
        if (bArr == null || bArr.length == 0) {
            return;
        }
        StringBuffer stringBuffer = new StringBuffer("Updating security context for UID = ");
        stringBuffer.append(this.uid);
        debug(INFO, stringBuffer.toString());
        ClientStore.instance().cacheSession(this.uid, this.ttl, new SecurityContext(this.srp.getAlgorithm(), this.sid, this.K, this.cIV, this.sIV, this.replayDetection, this.inCounter, this.outCounter, this.inMac, this.outMac, this.inCipher, this.outCipher));
    }

    /* renamed from: this, reason: not valid java name */
    private final /* synthetic */ void m313this() {
        this.rawSendSize = Registry.SASL_BUFFER_MAX_LIMIT;
        this.replayDetection = true;
        this.inCounter = 0;
        this.outCounter = 0;
        this.clientHandler = KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA);
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected byte[] engineUnwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.inMac == null && this.inCipher == null) {
            throw new IllegalStateException("connection is not protected");
        }
        try {
            if (this.inMac == null) {
                return this.inCipher.doFinal(bArr, i, i2);
            }
            int length = this.inMac.length();
            int i3 = i2 - length;
            byte[] bArr2 = new byte[length];
            System.arraycopy(bArr, i + i3, bArr2, 0, length);
            this.inMac.update(bArr, i, i3);
            if (this.replayDetection) {
                this.inCounter++;
                this.inMac.update(new byte[]{(byte) (this.inCounter >>> 24), (byte) (this.inCounter >>> 16), (byte) (this.inCounter >>> 8), (byte) this.inCounter});
            }
            if (!Arrays.equals(bArr2, this.inMac.doFinal())) {
                throw new IntegrityException("engineUnwrap()");
            }
            if (this.inCipher != null) {
                return this.inCipher.doFinal(bArr, i, i3);
            }
            byte[] bArr3 = new byte[i3];
            System.arraycopy(bArr, i, bArr3, 0, bArr3.length);
            return bArr3;
        } catch (IOException e) {
            if (e instanceof SaslException) {
                throw e;
            }
            throw new SaslException("engineUnwrap()", e);
        }
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected byte[] engineWrap(byte[] bArr, int i, int i2) throws SaslException {
        if (this.outMac == null && this.outCipher == null) {
            throw new IllegalStateException("connection is not protected");
        }
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (this.outCipher != null) {
                byte[] doFinal = this.outCipher.doFinal(bArr, i, i2);
                byteArrayOutputStream.write(doFinal);
                if (this.outMac != null) {
                    this.outMac.update(doFinal);
                    if (this.replayDetection) {
                        this.outCounter++;
                        this.outMac.update(new byte[]{(byte) (this.outCounter >>> 24), (byte) (this.outCounter >>> 16), (byte) (this.outCounter >>> 8), (byte) this.outCounter});
                    }
                    byteArrayOutputStream.write(this.outMac.doFinal());
                }
            } else {
                byteArrayOutputStream.write(bArr, i, i2);
                this.outMac.update(bArr, i, i2);
                if (this.replayDetection) {
                    this.outCounter++;
                    this.outMac.update(new byte[]{(byte) (this.outCounter >>> 24), (byte) (this.outCounter >>> 16), (byte) (this.outCounter >>> 8), (byte) this.outCounter});
                }
                byteArrayOutputStream.write(this.outMac.doFinal());
            }
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            if (e instanceof SaslException) {
                throw e;
            }
            throw new SaslException("engineWrap()", e);
        }
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    public byte[] evaluateChallenge(byte[] bArr) throws SaslException {
        int i = this.state;
        if (i == 0) {
            this.state++;
            return sendIdentities();
        }
        if (i != 1) {
            if (i != 2 || this.complete) {
                throw new IllegalMechanismStateException("evaluateChallenge()");
            }
            this.state++;
            return receiveEvidence(bArr);
        }
        this.state++;
        byte[] sendPublicKey = sendPublicKey(bArr);
        try {
            this.password.destroy();
            return sendPublicKey;
        } catch (DestroyFailedException unused) {
            SaslException saslException = new SaslException("sendPublicKey()");
            saslException.initCause(saslException);
            throw saslException;
        }
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getNegotiatedQOP() {
        return this.inMac != null ? this.inCipher != null ? Registry.QOP_AUTH_CONF : Registry.QOP_AUTH_INT : "auth";
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getNegotiatedRawSendSize() {
        return String.valueOf(this.rawSendSize);
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getNegotiatedStrength() {
        return this.inMac != null ? this.inCipher != null ? Registry.STRENGTH_HIGH : "medium" : Registry.STRENGTH_LOW;
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected String getReuse() {
        return "true";
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    public boolean hasInitialResponse() {
        return true;
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected void initMechanism() throws SaslException {
        MD5 md5 = new MD5();
        byte[] bytes = this.authorizationID.getBytes();
        md5.update(bytes, 0, bytes.length);
        byte[] bytes2 = this.serverName.getBytes();
        md5.update(bytes2, 0, bytes2.length);
        byte[] bytes3 = this.protocol.getBytes();
        md5.update(bytes3, 0, bytes3.length);
        if (this.channelBinding.length > 0) {
            md5.update(this.channelBinding, 0, this.channelBinding.length);
        }
        this.uid = Util.toBase64(md5.digest());
        if (!ClientStore.instance().isAlive(this.uid)) {
            this.sid = new byte[0];
            this.ttl = 0;
            this.K = null;
            this.cIV = null;
            this.sIV = null;
            this.f321cn = null;
            this.sn = null;
            return;
        }
        SecurityContext restoreSession = ClientStore.instance().restoreSession(this.uid);
        this.srp = SRP.instance(restoreSession.getMdName());
        this.sid = restoreSession.getSID();
        this.K = restoreSession.getK();
        this.cIV = restoreSession.getClientIV();
        this.sIV = restoreSession.getServerIV();
        this.replayDetection = restoreSession.hasReplayDetection();
        this.inCounter = restoreSession.getInCounter();
        this.outCounter = restoreSession.getOutCounter();
        this.inMac = restoreSession.getInMac();
        this.outMac = restoreSession.getOutMac();
        this.inCipher = restoreSession.getInCipher();
        this.outCipher = restoreSession.getOutCipher();
    }

    @Override // gnu.crypto.sasl.ClientMechanism
    protected void resetMechanism() throws SaslException {
        try {
            this.password.destroy();
            this.password = null;
            this.M1 = null;
            this.K = null;
            this.cIV = null;
            this.sIV = null;
            this.outMac = null;
            this.inMac = null;
            this.outCipher = null;
            this.inCipher = null;
            this.sid = null;
            this.ttl = 0;
            this.f321cn = null;
            this.sn = null;
        } catch (DestroyFailedException e) {
            SaslException saslException = new SaslException("resetMechanism()");
            saslException.initCause(e);
            throw saslException;
        }
    }
}
