package com.ibm.security.sasl;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Random;
import java.util.logging.Level;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.AuthorizeCallback;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;

/* loaded from: input_file:jre/lib/ext/ibmsaslprovider.jar:com/ibm/security/sasl/CramMD5Server.class */
final class CramMD5Server extends CramMD5Base implements SaslServer {
    private String fqdn;
    private byte[] challengeData = null;
    private String authzid;
    private CallbackHandler cbh;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CramMD5Server(String str, String str2, Map map, CallbackHandler callbackHandler) throws SaslException {
        if (str2 == null) {
            throw new SaslException("CRAM-MD5: fully qualified server name must be specified");
        }
        this.fqdn = str2;
        this.cbh = callbackHandler;
    }

    @Override // javax.security.sasl.SaslServer
    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        if (this.completed) {
            throw new IllegalStateException("CRAM-MD5 authentication already completed");
        }
        if (this.aborted) {
            throw new IllegalStateException("CRAM-MD5 authentication previously aborted due to error");
        }
        try {
            if (this.challengeData == null) {
                if (bArr.length != 0) {
                    this.aborted = true;
                    throw new SaslException("CRAM-MD5 does not expect any initial response");
                }
                long nextLong = new Random().nextLong();
                long currentTimeMillis = System.currentTimeMillis();
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append('<');
                stringBuffer.append(nextLong);
                stringBuffer.append('.');
                stringBuffer.append(currentTimeMillis);
                stringBuffer.append('@');
                stringBuffer.append(this.fqdn);
                stringBuffer.append('>');
                String stringBuffer2 = stringBuffer.toString();
                logger.log(Level.FINE, "CRAMSRV01:Generated challenge: {0}", stringBuffer2);
                this.challengeData = stringBuffer2.getBytes("UTF8");
                return (byte[]) this.challengeData.clone();
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.log(Level.FINE, "CRAMSRV02:Received response: {0}", new String(bArr, "UTF8"));
            }
            int i = 0;
            int i2 = 0;
            while (true) {
                if (i2 >= bArr.length) {
                    break;
                }
                if (bArr[i2] == 32) {
                    i = i2;
                    break;
                }
                i2++;
            }
            if (i == 0) {
                this.aborted = true;
                throw new SaslException("CRAM-MD5: Invalid response; space missing");
            }
            String str = new String(bArr, 0, i, "UTF8");
            logger.log(Level.FINE, "CRAMSRV03:Extracted username: {0}", str);
            NameCallback nameCallback = new NameCallback("CRAM-MD5 authentication ID: ", str);
            PasswordCallback passwordCallback = new PasswordCallback("CRAM-MD5 password: ", false);
            this.cbh.handle(new Callback[]{nameCallback, passwordCallback});
            char[] password = passwordCallback.getPassword();
            if (password == null || password.length == 0) {
                this.aborted = true;
                throw new SaslException("CRAM-MD5: username not found: " + str);
            }
            passwordCallback.clearPassword();
            String str2 = new String(password);
            for (int i3 = 0; i3 < password.length; i3++) {
                password[i3] = 0;
            }
            this.pw = str2.getBytes("UTF8");
            String HMAC_MD5 = HMAC_MD5(this.pw, this.challengeData);
            logger.log(Level.FINE, "CRAMSRV04:Expecting digest: {0}", HMAC_MD5);
            clearPassword();
            byte[] bytes = HMAC_MD5.getBytes("UTF8");
            if (bytes.length != (bArr.length - i) - 1) {
                this.aborted = true;
                throw new SaslException("Invalid response");
            }
            int i4 = 0;
            for (int i5 = i + 1; i5 < bArr.length; i5++) {
                int i6 = i4;
                i4++;
                if (bytes[i6] != bArr[i5]) {
                    this.aborted = true;
                    throw new SaslException("Invalid response");
                }
            }
            AuthorizeCallback authorizeCallback = new AuthorizeCallback(str, str);
            this.cbh.handle(new Callback[]{authorizeCallback});
            if (!authorizeCallback.isAuthorized()) {
                this.aborted = true;
                throw new SaslException("CRAM-MD5: user not authorized: " + str);
            }
            this.authzid = authorizeCallback.getAuthorizedID();
            logger.log(Level.FINE, "CRAMSRV05:Authorization id: {0}", this.authzid);
            this.completed = true;
            return null;
        } catch (UnsupportedEncodingException e) {
            this.aborted = true;
            throw new SaslException("UTF8 not available on platform", e);
        } catch (IOException e2) {
            this.aborted = true;
            throw new SaslException("CRAM-MD5 authentication failed", e2);
        } catch (NoSuchAlgorithmException e3) {
            this.aborted = true;
            throw new SaslException("MD5 algorithm not available on platform", e3);
        } catch (UnsupportedCallbackException e4) {
            this.aborted = true;
            throw new SaslException("CRAM-MD5 authentication failed", e4);
        } catch (SaslException e5) {
            throw e5;
        }
    }

    @Override // javax.security.sasl.SaslServer
    public String getAuthorizationID() {
        if (this.completed) {
            return this.authzid;
        }
        throw new IllegalStateException("CRAM-MD5 authentication not completed");
    }
}
