package org.jivesoftware.openfire.sasl;

import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.jivesoftware.openfire.Connection;
import org.jivesoftware.openfire.auth.AuthorizationManager;
import org.jivesoftware.openfire.session.LocalClientSession;
import org.jivesoftware.util.CertificateManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/jivesoftware/openfire/sasl/ExternalClientSaslServer.class */
public class ExternalClientSaslServer implements SaslServer {
    public static final Logger Log = LoggerFactory.getLogger(ExternalClientSaslServer.class);
    public static final String NAME = "EXTERNAL";
    private boolean complete = false;
    private String authorizationID = null;
    private LocalClientSession session;

    public ExternalClientSaslServer(LocalClientSession localClientSession) throws SaslException {
        this.session = localClientSession;
    }

    public String getMechanismName() {
        return "EXTERNAL";
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        String str;
        if (isComplete()) {
            throw new IllegalStateException("Authentication exchange already completed.");
        }
        this.complete = true;
        Connection connection = this.session.getConnection();
        Certificate[] peerCertificates = connection.getPeerCertificates();
        if (peerCertificates == null || peerCertificates.length < 1) {
            throw new SaslException("No peer certificates.");
        }
        X509Certificate endEntityCertificate = connection.getConfiguration().getTrustStore().getEndEntityCertificate(peerCertificates);
        if (endEntityCertificate == null) {
            throw new SaslException("Certificate chain of peer is not trusted.");
        }
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(CertificateManager.getClientIdentities(endEntityCertificate));
        switch (arrayList.size()) {
            case 0:
                str = "";
                break;
            default:
                Log.debug("More than one principal found, using the first one.");
            case 1:
                str = (String) arrayList.get(0);
                break;
        }
        String str2 = (bArr == null || bArr.length <= 0) ? null : new String(bArr, StandardCharsets.UTF_8);
        if (str2 == null || str2.length() == 0) {
            Iterator it = arrayList.iterator();
            while (true) {
                if (it.hasNext()) {
                    String str3 = (String) it.next();
                    String map = AuthorizationManager.map(str3);
                    if (!map.equals(str3)) {
                        str2 = map;
                        str = str3;
                    }
                }
            }
            if (str2 == null || str2.length() == 0) {
                str2 = str;
            }
            Log.debug("No username requested, using: {}", str2);
        }
        if (!AuthorizationManager.authorize(str2, str)) {
            throw new SaslException();
        }
        Log.debug("Principal {} authorized to username {}", str, str2);
        this.authorizationID = str2;
        return null;
    }

    public boolean isComplete() {
        return this.complete;
    }

    public String getAuthorizationID() {
        if (isComplete()) {
            return this.authorizationID;
        }
        throw new IllegalStateException("Authentication exchange not completed.");
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("SASL Mechanism '" + getMechanismName() + " does not support integrity nor privacy.");
        }
        throw new IllegalStateException("Authentication exchange not completed.");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("SASL Mechanism '" + getMechanismName() + " does not support integrity nor privacy.");
        }
        throw new IllegalStateException("Authentication exchange not completed.");
    }

    public Object getNegotiatedProperty(String str) {
        if (!isComplete()) {
            throw new IllegalStateException("Authentication exchange not completed.");
        }
        if (str.equals("javax.security.sasl.qop")) {
            return "auth";
        }
        return null;
    }

    public void dispose() throws SaslException {
        this.complete = false;
        this.authorizationID = null;
        this.session = null;
    }
}
