package org.jivesoftware.openfire.plugin.rest.sasl;

import com.j256.twofactorauth.TimeBasedOneTimePasswordUtil;
import gov.nist.core.Separators;
import java.nio.charset.StandardCharsets;
import java.util.StringTokenizer;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.ifsoft.sso.Password;
import org.jivesoftware.openfire.SessionManager;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.user.User;
import org.jivesoftware.util.JiveGlobals;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/ofmeet-0.9.7.jar:org/jivesoftware/openfire/plugin/rest/sasl/OfChatSaslServer.class */
public class OfChatSaslServer implements SaslServer {
    private static final Logger Log = LoggerFactory.getLogger((Class<?>) OfChatSaslServer.class);
    public static final String MECHANISM_NAME = "PADE";
    private String authorizationID = null;

    public String getMechanismName() {
        return MECHANISM_NAME;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        this.authorizationID = null;
        if (bArr == null) {
            throw new IllegalArgumentException("Argument 'response' cannot be null.");
        }
        Log.debug("Parsing data from client response...");
        StringTokenizer stringTokenizer = new StringTokenizer(new String(bArr, StandardCharsets.UTF_8), Separators.COLON);
        if (stringTokenizer.countTokens() != 2) {
            throw new SaslException("Exactly two colon-separated values are expected (a username, followed by a TOTP token). Instead " + stringTokenizer.countTokens() + " were found.");
        }
        String nextToken = stringTokenizer.nextToken();
        String trim = stringTokenizer.nextToken().trim();
        Log.debug("PADE authentication " + nextToken + ":" + trim);
        try {
            boolean booleanProperty = JiveGlobals.getBooleanProperty("ofmeet.webauthn.enabled", false);
            User user = XMPPServer.getInstance().getUserManager().getUser(nextToken);
            String str = (String) user.getProperties().get("ofchat.totp.secret");
            String str2 = (String) user.getProperties().get("ofchat.totp.passcode");
            if (booleanProperty) {
                Log.debug("PADE web authentication " + ((String) user.getProperties().get("webauthn-key-" + trim)));
                if (!user.getProperties().containsKey("webauthn-key-" + trim)) {
                    throw new SaslException("Web authentication failure");
                }
            } else if (str != null) {
                String generateCurrentNumberString = TimeBasedOneTimePasswordUtil.generateCurrentNumberString(str);
                if (!trim.equals(generateCurrentNumberString)) {
                    Log.debug("code=" + generateCurrentNumberString + ", token=" + trim);
                    if (SessionManager.getInstance().getSessions(nextToken).size() == 0 || str2 == null || !trim.equals(str2)) {
                        throw new SaslException("TOTP authentication failure");
                    }
                }
                Log.debug("Authentication successful for user " + nextToken + ", code=" + generateCurrentNumberString + ", token=" + trim);
                user.getProperties().put("ofchat.totp.passcode", trim);
            } else {
                if (!Password.passwords.containsKey(nextToken)) {
                    throw new SaslException("PADE authentication failure");
                }
                String trim2 = Password.passwords.get(nextToken).trim();
                Log.debug("PADE winsso authentication " + trim + " " + trim2);
                if (!trim.equals(trim2)) {
                    throw new SaslException("Windows SSO authentication failure");
                }
            }
            this.authorizationID = nextToken;
            return null;
        } catch (Exception e) {
            Log.error("PADE authentication failure", (Throwable) e);
            throw new SaslException("PADE authentication failure");
        }
    }

    public boolean isComplete() {
        return true;
    }

    public String getAuthorizationID() {
        if (isComplete()) {
            return this.authorizationID;
        }
        throw new IllegalStateException("PADE authentication has not completed.");
    }

    public Object getNegotiatedProperty(String str) {
        if (!isComplete()) {
            throw new IllegalStateException("PADE authentication has not completed.");
        }
        if ("javax.security.sasl.qop".equals(str)) {
            return "auth";
        }
        return null;
    }

    public void dispose() throws SaslException {
        this.authorizationID = null;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("PADE supports neither integrity nor privacy.");
        }
        throw new IllegalStateException("PADE authentication has not completed.");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("PADE supports neither integrity nor privacy.");
        }
        throw new IllegalStateException("PADE authentication has not completed.");
    }
}
