package com.isode.stroke.sasl;

import com.beem.project.beem.smack.sasl.ScramSaslMechanism;
import com.isode.stroke.base.ByteArray;
import com.isode.stroke.stringcodecs.Base64;
import com.isode.stroke.stringcodecs.HMACSHA1;
import com.isode.stroke.stringcodecs.PBKDF2;
import com.isode.stroke.stringcodecs.SHA1;
import java.text.Normalizer;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes.dex */
public class SCRAMSHA1ClientAuthenticator extends ClientAuthenticator {
    private ByteArray authMessage;
    private String clientnonce;
    private ByteArray initialServerMessage;
    private ByteArray saltedPassword;
    private ByteArray serverNonce;
    private ByteArray serverSignature;
    private Step step;
    private ByteArray tlsChannelBindingData;
    private boolean useChannelBinding;

    /* loaded from: classes.dex */
    private enum Step {
        Initial,
        Proof,
        Final
    }

    public SCRAMSHA1ClientAuthenticator(String str) {
        this(str, false);
    }

    public SCRAMSHA1ClientAuthenticator(String str, boolean z) {
        super(z ? "SCRAM-SHA-1-PLUS" : ScramSaslMechanism.MECHANISM_NAME);
        this.clientnonce = "";
        this.initialServerMessage = new ByteArray();
        this.serverNonce = new ByteArray();
        this.authMessage = new ByteArray();
        this.saltedPassword = new ByteArray();
        this.serverSignature = new ByteArray();
        this.step = Step.Initial;
        this.clientnonce = str;
        this.useChannelBinding = z;
    }

    private String SASLPrep(String str) {
        return Normalizer.normalize(str, Normalizer.Form.NFKC);
    }

    static String escape(String str) {
        String str2 = "";
        for (int i = 0; i < str.length(); i++) {
            str2 = str.charAt(i) == ',' ? str2 + "=2C" : str.charAt(i) == '=' ? str2 + "=3D" : str2 + str.charAt(i);
        }
        return str2;
    }

    private ByteArray getFinalMessageWithoutProof() {
        ByteArray byteArray = new ByteArray();
        if (this.useChannelBinding && this.tlsChannelBindingData != null) {
            byteArray = this.tlsChannelBindingData;
        }
        return new ByteArray("c=" + Base64.encode(new ByteArray(getGS2Header()).append(byteArray)) + ",r=" + this.clientnonce).append(this.serverNonce);
    }

    private ByteArray getGS2Header() {
        ByteArray byteArray = new ByteArray("n");
        if (this.tlsChannelBindingData != null) {
            byteArray = this.useChannelBinding ? new ByteArray("p=tls-unique") : new ByteArray("y");
        }
        return new ByteArray().append(byteArray).append(",").append(getAuthorizationID().isEmpty() ? new ByteArray() : new ByteArray("a=" + escape(getAuthorizationID()))).append(",");
    }

    private ByteArray getInitialBareClientMessage() {
        return new ByteArray("n=" + escape(SASLPrep(getAuthenticationID())) + ",r=" + this.clientnonce);
    }

    private Map<Character, String> parseMap(String str) {
        HashMap hashMap = new HashMap();
        if (str.length() > 0) {
            char c = '~';
            String str2 = "";
            int i = 0;
            boolean z = true;
            while (i < str.length()) {
                if (z) {
                    c = str.charAt(i);
                    z = false;
                    i++;
                } else if (str.charAt(i) == ',') {
                    hashMap.put(Character.valueOf(c), str2);
                    str2 = "";
                    z = true;
                } else {
                    str2 = str2 + str.charAt(i);
                }
                i++;
            }
            hashMap.put(Character.valueOf(c), str2);
        }
        return hashMap;
    }

    @Override // com.isode.stroke.sasl.ClientAuthenticator
    public ByteArray getResponse() {
        if (this.step.equals(Step.Initial)) {
            return ByteArray.plus(getGS2Header(), getInitialBareClientMessage());
        }
        if (!this.step.equals(Step.Proof)) {
            return null;
        }
        ByteArray result = HMACSHA1.getResult(this.saltedPassword, new ByteArray("Client Key"));
        ByteArray result2 = HMACSHA1.getResult(SHA1.getHash(result), this.authMessage);
        byte[] data = result.getData();
        for (int i = 0; i < data.length; i++) {
            data[i] = (byte) (data[i] ^ result2.getData()[i]);
        }
        return getFinalMessageWithoutProof().append(",p=").append(Base64.encode(result));
    }

    @Override // com.isode.stroke.sasl.ClientAuthenticator
    public boolean setChallenge(ByteArray byteArray) {
        if (!this.step.equals(Step.Initial)) {
            Step step = this.step;
            Step step2 = this.step;
            if (!step.equals(Step.Proof)) {
                return true;
            }
            ByteArray append = new ByteArray("v=").append(new ByteArray(Base64.encode(this.serverSignature)));
            this.step = Step.Final;
            return byteArray != null && byteArray.equals(append);
        }
        if (byteArray == null) {
            return false;
        }
        this.initialServerMessage = byteArray;
        Map<Character, String> parseMap = parseMap(this.initialServerMessage.toString());
        ByteArray decode = Base64.decode(parseMap.get('s'));
        String str = parseMap.get('r');
        if (str.length() <= this.clientnonce.length() || !str.substring(0, this.clientnonce.length()).equals(this.clientnonce)) {
            return false;
        }
        this.serverNonce = new ByteArray(str.substring(this.clientnonce.length()));
        try {
            int parseInt = Integer.parseInt(parseMap.get('i'));
            if (parseInt <= 0) {
                return false;
            }
            new ByteArray();
            if (this.useChannelBinding && this.tlsChannelBindingData != null) {
                ByteArray byteArray2 = this.tlsChannelBindingData;
            }
            this.saltedPassword = PBKDF2.encode(new ByteArray(SASLPrep(getPassword())), decode, parseInt);
            this.authMessage = getInitialBareClientMessage().append(",").append(this.initialServerMessage).append(",").append(getFinalMessageWithoutProof());
            this.serverSignature = HMACSHA1.getResult(HMACSHA1.getResult(this.saltedPassword, new ByteArray("Server Key")), this.authMessage);
            this.step = Step.Proof;
            return true;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    public void setTLSChannelBindingData(ByteArray byteArray) {
        this.tlsChannelBindingData = byteArray;
    }
}
