package eu.siacs.conversations.crypto.sasl;

import android.util.Log;
import com.google.common.base.Preconditions;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import com.google.common.hash.Hashing;
import com.google.common.io.BaseEncoding;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.crypto.sasl.SaslMechanism;
import eu.siacs.conversations.entities.Account;
import eu.siacs.conversations.utils.CryptoHelper;
import java.nio.charset.Charset;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLSocket;
import org.conscrypt.BuildConfig;

/* loaded from: classes.dex */
public class DigestMd5 extends SaslMechanism {
    private String precalculatedRSPAuth;
    private SaslMechanism.State state;

    /* renamed from: eu.siacs.conversations.crypto.sasl.DigestMd5$1, reason: invalid class name */
    /* loaded from: classes.dex */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State;

        static {
            int[] iArr = new int[SaslMechanism.State.values().length];
            $SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State = iArr;
            try {
                iArr[SaslMechanism.State.AUTH_TEXT_SENT.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State[SaslMechanism.State.RESPONSE_SENT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State[SaslMechanism.State.VALID_SERVER_RESPONSE.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public DigestMd5(Account account) {
        super(account);
        this.state = SaslMechanism.State.INITIAL;
    }

    private static Map messageToAttributes(String str) {
        try {
            try {
                return splitToAttributes(new String(BaseEncoding.base64().decode(str)));
            } catch (IllegalArgumentException unused) {
                throw new SaslMechanism.AuthenticationException("Duplicate attributes");
            }
        } catch (IllegalArgumentException e) {
            throw new SaslMechanism.AuthenticationException("Unable to decode server challenge", e);
        }
    }

    private String processChallenge(String str, SSLSocket sSLSocket) {
        Log.d(Config.LOGTAG, "DigestMd5.processChallenge()");
        this.state = SaslMechanism.State.RESPONSE_SENT;
        String str2 = (String) messageToAttributes(str).get("nonce");
        if (Strings.isNullOrEmpty(str2)) {
            throw new SaslMechanism.AuthenticationException("Server nonce missing");
        }
        String str3 = "xmpp/" + this.account.getServer();
        byte[] asBytes = Hashing.md5().hashBytes((this.account.getUsername() + ":" + this.account.getServer() + ":" + this.account.getPassword()).getBytes(Charset.defaultCharset())).asBytes();
        String random = CryptoHelper.random(100);
        String bytesToHex = CryptoHelper.bytesToHex(Hashing.md5().hashBytes(CryptoHelper.concatenateByteArrays(asBytes, (":" + str2 + ":" + random).getBytes(Charset.defaultCharset()))).asBytes());
        String str4 = bytesToHex + ":" + str2 + ":00000001:" + random + ":auth:" + CryptoHelper.bytesToHex(Hashing.md5().hashBytes(("AUTHENTICATE:" + str3).getBytes(Charset.defaultCharset())).asBytes());
        this.precalculatedRSPAuth = CryptoHelper.bytesToHex(Hashing.md5().hashBytes((bytesToHex + ":" + str2 + ":00000001:" + random + ":auth:" + CryptoHelper.bytesToHex(Hashing.md5().hashBytes((":" + str3).getBytes(Charset.defaultCharset())).asBytes())).getBytes(Charset.defaultCharset())).asBytes());
        return BaseEncoding.base64().encode(("username=\"" + this.account.getUsername() + "\",realm=\"" + this.account.getServer() + "\",nonce=\"" + str2 + "\",cnonce=\"" + random + "\",nc=00000001,qop=auth,digest-uri=\"" + str3 + "\",response=" + CryptoHelper.bytesToHex(Hashing.md5().hashBytes(str4.getBytes(Charset.defaultCharset())).asBytes()) + ",charset=utf-8").getBytes());
    }

    private static Map splitToAttributes(String str) {
        ImmutableMap.Builder builder = new ImmutableMap.Builder();
        Iterator it = Splitter.on(',').split(str).iterator();
        while (it.hasNext()) {
            List splitToList = Splitter.on('=').limit(2).splitToList((String) it.next());
            if (splitToList.size() == 2) {
                builder.put((String) splitToList.get(0), trimQuotes((String) splitToList.get(1)));
            }
        }
        return builder.buildOrThrow();
    }

    public static String trimQuotes(String str) {
        return (str.length() >= 2 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') ? str.substring(1, str.length() - 1) : str;
    }

    private String validateServerResponse(String str) {
        String str2 = Config.LOGTAG;
        Log.d(str2, "DigestMd5.validateServerResponse(" + str + ")");
        Map messageToAttributes = messageToAttributes(str);
        Log.d(str2, "attributes: " + messageToAttributes);
        String str3 = (String) messageToAttributes.get("rspauth");
        if (Strings.isNullOrEmpty(str3)) {
            throw new SaslMechanism.AuthenticationException("no rspauth in server finish message");
        }
        if (Strings.isNullOrEmpty(this.precalculatedRSPAuth) || !this.precalculatedRSPAuth.equals(str3)) {
            throw new SaslMechanism.AuthenticationException("RSPAuth mismatch");
        }
        this.state = SaslMechanism.State.VALID_SERVER_RESPONSE;
        return BuildConfig.FLAVOR;
    }

    private String validateUnnecessarySuccessMessage(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return BuildConfig.FLAVOR;
        }
        throw new SaslMechanism.AuthenticationException("Success message must be empty");
    }

    @Override // eu.siacs.conversations.crypto.sasl.SaslMechanism
    public String getClientFirstMessage(SSLSocket sSLSocket) {
        Preconditions.checkState(this.state == SaslMechanism.State.INITIAL, "Calling getClientFirstMessage from invalid state");
        this.state = SaslMechanism.State.AUTH_TEXT_SENT;
        return BuildConfig.FLAVOR;
    }

    @Override // eu.siacs.conversations.crypto.sasl.SaslMechanism
    public String getMechanism() {
        return "DIGEST-MD5";
    }

    @Override // eu.siacs.conversations.crypto.sasl.SaslMechanism
    public int getPriority() {
        return 10;
    }

    @Override // eu.siacs.conversations.crypto.sasl.SaslMechanism
    public String getResponse(String str, SSLSocket sSLSocket) {
        int i = AnonymousClass1.$SwitchMap$eu$siacs$conversations$crypto$sasl$SaslMechanism$State[this.state.ordinal()];
        if (i == 1) {
            return processChallenge(str, sSLSocket);
        }
        if (i == 2) {
            return validateServerResponse(str);
        }
        if (i == 3) {
            return validateUnnecessarySuccessMessage(str);
        }
        throw new SaslMechanism.InvalidStateException(this.state);
    }
}
