package org.jboss.sasl.digest;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.resource.spi.work.WorkException;
import javax.security.auth.callback.CallbackHandler;
import javax.security.sasl.SaslException;
import org.jboss.logging.Logger;
import org.jboss.sasl.util.UsernamePasswordHashUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/jboss/sasl/digest/DigestMD5Base.class */
public abstract class DigestMD5Base extends AbstractSaslImpl {
    protected static final int MAX_CHALLENGE_LENGTH = 2048;
    protected static final int MAX_RESPONSE_LENGTH = 4096;
    protected static final int DEFAULT_MAXBUF = 65536;
    protected static final int DES3 = 0;
    protected static final int RC4 = 1;
    protected static final int DES = 2;
    protected static final int RC4_56 = 3;
    protected static final int RC4_40 = 4;
    protected static final byte DES_3_STRENGTH = 4;
    protected static final byte RC4_STRENGTH = 4;
    protected static final byte DES_STRENGTH = 2;
    protected static final byte RC4_56_STRENGTH = 2;
    protected static final byte RC4_40_STRENGTH = 1;
    protected static final byte UNSET = 0;
    private static final String SECURITY_LAYER_MARKER = ":00000000000000000000000000000000";
    protected static final String PRE_DIGESTED_PROPERTY = "org.jboss.sasl.digest.pre_digested";
    protected int step;
    protected CallbackHandler cbh;
    protected SecurityCtx secCtx;
    protected byte[] H_A1;
    protected byte[] nonce;
    protected String negotiatedStrength;
    protected String negotiatedCipher;
    protected String negotiatedQop;
    protected String negotiatedRealm;
    protected boolean useUTF8;
    protected String encoding;
    protected String authzid;
    private static final int RAW_NONCE_SIZE = 30;
    private static final int ENCODED_NONCE_SIZE = 40;
    private static final Logger log = Logger.getLogger("org.jboss.sasl.digest");
    private static final String DI_CLASS_NAME = DigestIntegrity.class.getName();
    private static final String DP_CLASS_NAME = DigestPrivacy.class.getName();
    protected static final String[] CIPHER_TOKENS = {"3des", "rc4", "des", "rc4-56", "rc4-40"};
    private static final String[] JCE_CIPHER_NAME = {"DESede/CBC/NoPadding", "RC4", "DES/CBC/NoPadding"};
    protected static final byte[] CIPHER_MASKS = {4, 4, 2, 2, 1};
    protected static final byte[] EMPTY_BYTE_ARRAY = new byte[0];
    private static final char[] pem_array = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'};
    private static final BigInteger MASK = new BigInteger("7f", 16);

    /* loaded from: input_file:org/jboss/sasl/digest/DigestMD5Base$DigestIntegrity.class */
    class DigestIntegrity implements SecurityCtx {
        private static final String CLIENT_INT_MAGIC = "Digest session key to client-to-server signing key magic constant";
        private static final String SVR_INT_MAGIC = "Digest session key to server-to-client signing key magic constant";
        protected byte[] myKi;
        protected byte[] peerKi;
        protected int mySeqNum = 0;
        protected int peerSeqNum = 0;
        protected final byte[] messageType = new byte[2];
        protected final byte[] sequenceNum = new byte[4];

        /* JADX INFO: Access modifiers changed from: package-private */
        public DigestIntegrity(boolean z) throws SaslException {
            try {
                generateIntegrityKeyPair(z);
                AbstractSaslImpl.intToNetworkByteOrder(1, this.messageType, 0, 2);
            } catch (UnsupportedEncodingException e) {
                throw new SaslException("DIGEST-MD5: Error encoding strings into UTF-8", e);
            } catch (IOException e2) {
                throw new SaslException("DIGEST-MD5: Error accessing buffers required to create integrity key pairs", e2);
            } catch (NoSuchAlgorithmException e3) {
                throw new SaslException("DIGEST-MD5: Unsupported digest algorithm used to create integrity key pairs", e3);
            }
        }

        private void generateIntegrityKeyPair(boolean z) throws IOException, NoSuchAlgorithmException {
            byte[] bytes = CLIENT_INT_MAGIC.getBytes(DigestMD5Base.this.encoding);
            byte[] bytes2 = SVR_INT_MAGIC.getBytes(DigestMD5Base.this.encoding);
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            byte[] bArr = new byte[DigestMD5Base.this.H_A1.length + bytes.length];
            System.arraycopy(DigestMD5Base.this.H_A1, 0, bArr, 0, DigestMD5Base.this.H_A1.length);
            System.arraycopy(bytes, 0, bArr, DigestMD5Base.this.H_A1.length, bytes.length);
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            System.arraycopy(bytes2, 0, bArr, DigestMD5Base.this.H_A1.length, bytes2.length);
            messageDigest.update(bArr);
            byte[] digest2 = messageDigest.digest();
            if (z) {
                this.myKi = digest;
                this.peerKi = digest2;
            } else {
                this.myKi = digest2;
                this.peerKi = digest;
            }
        }

        @Override // org.jboss.sasl.digest.SecurityCtx
        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            if (i2 == 0) {
                return DigestMD5Base.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr2 = new byte[i2 + 10 + 2 + 4];
            System.arraycopy(bArr, i, bArr2, 0, i2);
            incrementSeqNum();
            System.arraycopy(getHMAC(this.myKi, this.sequenceNum, bArr, i, i2), 0, bArr2, i2, 10);
            System.arraycopy(this.messageType, 0, bArr2, i2 + 10, 2);
            System.arraycopy(this.sequenceNum, 0, bArr2, i2 + 12, 4);
            return bArr2;
        }

        @Override // org.jboss.sasl.digest.SecurityCtx
        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            if (i2 == 0) {
                return DigestMD5Base.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr2 = new byte[10];
            byte[] bArr3 = new byte[i2 - 16];
            byte[] bArr4 = new byte[2];
            byte[] bArr5 = new byte[4];
            System.arraycopy(bArr, i, bArr3, 0, bArr3.length);
            System.arraycopy(bArr, i + bArr3.length, bArr2, 0, 10);
            System.arraycopy(bArr, i + bArr3.length + 10, bArr4, 0, 2);
            System.arraycopy(bArr, i + bArr3.length + 12, bArr5, 0, 4);
            if (!Arrays.equals(bArr2, getHMAC(this.peerKi, bArr5, bArr3, 0, bArr3.length))) {
                DigestMD5Base.log.trace("Unmatched MACs");
                return DigestMD5Base.EMPTY_BYTE_ARRAY;
            }
            if (this.peerSeqNum != AbstractSaslImpl.networkByteOrderToInt(bArr5, 0, 4)) {
                throw new SaslException("DIGEST-MD5: Out of order sequencing of messages from server. Got: " + AbstractSaslImpl.networkByteOrderToInt(bArr5, 0, 4) + " Expected: " + this.peerSeqNum);
            }
            if (!Arrays.equals(this.messageType, bArr4)) {
                throw new SaslException("DIGEST-MD5: invalid message type: " + AbstractSaslImpl.networkByteOrderToInt(bArr4, 0, 2));
            }
            this.peerSeqNum++;
            return bArr3;
        }

        protected byte[] getHMAC(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) throws SaslException {
            byte[] bArr4 = new byte[4 + i2];
            System.arraycopy(bArr2, 0, bArr4, 0, 4);
            System.arraycopy(bArr3, i, bArr4, 4, i2);
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacMD5");
                Mac mac = Mac.getInstance("HmacMD5");
                mac.init(secretKeySpec);
                mac.update(bArr4);
                byte[] doFinal = mac.doFinal();
                byte[] bArr5 = new byte[10];
                System.arraycopy(doFinal, 0, bArr5, 0, 10);
                return bArr5;
            } catch (InvalidKeyException e) {
                throw new SaslException("DIGEST-MD5: Invalid bytes used for key of HMAC-MD5 hash.", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SaslException("DIGEST-MD5: Error creating instance of MD5 digest algorithm", e2);
            }
        }

        protected void incrementSeqNum() {
            int i = this.mySeqNum;
            this.mySeqNum = i + 1;
            AbstractSaslImpl.intToNetworkByteOrder(i, this.sequenceNum, 0, 4);
        }
    }

    /* loaded from: input_file:org/jboss/sasl/digest/DigestMD5Base$DigestPrivacy.class */
    final class DigestPrivacy extends DigestIntegrity implements SecurityCtx {
        private static final String CLIENT_CONF_MAGIC = "Digest H(A1) to client-to-server sealing key magic constant";
        private static final String SVR_CONF_MAGIC = "Digest H(A1) to server-to-client sealing key magic constant";
        private Cipher encCipher;
        private Cipher decCipher;

        /* JADX INFO: Access modifiers changed from: package-private */
        public DigestPrivacy(boolean z) throws SaslException {
            super(z);
            try {
                generatePrivacyKeyPair(z);
            } catch (SaslException e) {
                throw e;
            } catch (UnsupportedEncodingException e2) {
                throw new SaslException("DIGEST-MD5: Error encoding string value into UTF-8", e2);
            } catch (IOException e3) {
                throw new SaslException("DIGEST-MD5: Error accessing buffers required to generate cipher keys", e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new SaslException("DIGEST-MD5: Error creating instance of required cipher or digest", e4);
            }
        }

        private void generatePrivacyKeyPair(boolean z) throws IOException, NoSuchAlgorithmException {
            byte[] bArr;
            byte[] bArr2;
            String str;
            String str2;
            byte[] bytes = CLIENT_CONF_MAGIC.getBytes(DigestMD5Base.this.encoding);
            byte[] bytes2 = SVR_CONF_MAGIC.getBytes(DigestMD5Base.this.encoding);
            MessageDigest messageDigest = MessageDigest.getInstance("MD5");
            int i = DigestMD5Base.this.negotiatedCipher.equals(DigestMD5Base.CIPHER_TOKENS[4]) ? 5 : DigestMD5Base.this.negotiatedCipher.equals(DigestMD5Base.CIPHER_TOKENS[3]) ? 7 : 16;
            byte[] bArr3 = new byte[i + bytes.length];
            System.arraycopy(DigestMD5Base.this.H_A1, 0, bArr3, 0, i);
            System.arraycopy(bytes, 0, bArr3, i, bytes.length);
            messageDigest.update(bArr3);
            byte[] digest = messageDigest.digest();
            System.arraycopy(bytes2, 0, bArr3, i, bytes2.length);
            messageDigest.update(bArr3);
            byte[] digest2 = messageDigest.digest();
            if (z) {
                bArr = digest;
                bArr2 = digest2;
            } else {
                bArr = digest2;
                bArr2 = digest;
            }
            try {
                if (DigestMD5Base.this.negotiatedCipher.indexOf(DigestMD5Base.CIPHER_TOKENS[1]) > -1) {
                    this.encCipher = Cipher.getInstance("RC4");
                    this.decCipher = Cipher.getInstance("RC4");
                    SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "RC4");
                    SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr2, "RC4");
                    this.encCipher.init(1, secretKeySpec);
                    this.decCipher.init(2, secretKeySpec2);
                } else if (DigestMD5Base.this.negotiatedCipher.equals(DigestMD5Base.CIPHER_TOKENS[2]) || DigestMD5Base.this.negotiatedCipher.equals(DigestMD5Base.CIPHER_TOKENS[0])) {
                    if (DigestMD5Base.this.negotiatedCipher.equals(DigestMD5Base.CIPHER_TOKENS[2])) {
                        str = "DES/CBC/NoPadding";
                        str2 = "des";
                    } else {
                        str = "DESede/CBC/NoPadding";
                        str2 = "desede";
                    }
                    this.encCipher = Cipher.getInstance(str);
                    this.decCipher = Cipher.getInstance(str);
                    SecretKey makeDesKeys = DigestMD5Base.makeDesKeys(bArr, str2);
                    SecretKey makeDesKeys2 = DigestMD5Base.makeDesKeys(bArr2, str2);
                    IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr, 8, 8);
                    IvParameterSpec ivParameterSpec2 = new IvParameterSpec(bArr2, 8, 8);
                    this.encCipher.init(1, makeDesKeys, ivParameterSpec);
                    this.decCipher.init(2, makeDesKeys2, ivParameterSpec2);
                }
            } catch (InvalidAlgorithmParameterException e) {
                throw new SaslException("DIGEST-MD5: Invalid cipher algorithem parameter used to create cipher instance", e);
            } catch (InvalidKeyException e2) {
                throw new SaslException("DIGEST-MD5: Invalid data used to initialize keys", e2);
            } catch (InvalidKeySpecException e3) {
                throw new SaslException("DIGEST-MD5: Unsupported key specification used.", e3);
            } catch (NoSuchPaddingException e4) {
                throw new SaslException("DIGEST-MD5: Unsupported padding used for chosen cipher", e4);
            }
        }

        @Override // org.jboss.sasl.digest.DigestMD5Base.DigestIntegrity, org.jboss.sasl.digest.SecurityCtx
        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            byte[] bArr2;
            if (i2 == 0) {
                return DigestMD5Base.EMPTY_BYTE_ARRAY;
            }
            incrementSeqNum();
            byte[] hmac = getHMAC(this.myKi, this.sequenceNum, bArr, i, i2);
            int blockSize = this.encCipher.getBlockSize();
            if (blockSize > 1) {
                int i3 = blockSize - ((i2 + 10) % blockSize);
                bArr2 = new byte[i3];
                for (int i4 = 0; i4 < i3; i4++) {
                    bArr2[i4] = (byte) i3;
                }
            } else {
                bArr2 = DigestMD5Base.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr3 = new byte[i2 + bArr2.length + 10];
            System.arraycopy(bArr, i, bArr3, 0, i2);
            System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
            System.arraycopy(hmac, 0, bArr3, i2 + bArr2.length, 10);
            try {
                byte[] update = this.encCipher.update(bArr3);
                if (update == null) {
                    throw new IllegalBlockSizeException("" + bArr3.length);
                }
                byte[] bArr4 = new byte[update.length + 2 + 4];
                System.arraycopy(update, 0, bArr4, 0, update.length);
                System.arraycopy(this.messageType, 0, bArr4, update.length, 2);
                System.arraycopy(this.sequenceNum, 0, bArr4, update.length + 2, 4);
                return bArr4;
            } catch (IllegalBlockSizeException e) {
                throw new SaslException("DIGEST-MD5: Invalid block size for cipher", e);
            }
        }

        @Override // org.jboss.sasl.digest.DigestMD5Base.DigestIntegrity, org.jboss.sasl.digest.SecurityCtx
        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            if (i2 == 0) {
                return DigestMD5Base.EMPTY_BYTE_ARRAY;
            }
            byte[] bArr2 = new byte[i2 - 6];
            byte[] bArr3 = new byte[2];
            byte[] bArr4 = new byte[4];
            System.arraycopy(bArr, i, bArr2, 0, bArr2.length);
            System.arraycopy(bArr, i + bArr2.length, bArr3, 0, 2);
            System.arraycopy(bArr, i + bArr2.length + 2, bArr4, 0, 4);
            if (DigestMD5Base.log.isTraceEnabled()) {
                DigestMD5Base.log.tracef("Expecting sequence num: %d", Integer.valueOf(this.peerSeqNum));
            }
            try {
                byte[] update = this.decCipher.update(bArr2);
                if (update == null) {
                    throw new IllegalBlockSizeException("" + bArr2.length);
                }
                byte[] bArr5 = new byte[update.length - 10];
                byte[] bArr6 = new byte[10];
                System.arraycopy(update, 0, bArr5, 0, bArr5.length);
                System.arraycopy(update, bArr5.length, bArr6, 0, 10);
                int length = bArr5.length;
                if (this.decCipher.getBlockSize() > 1) {
                    length -= bArr5[bArr5.length - 1];
                    if (length < 0) {
                        if (DigestMD5Base.log.isTraceEnabled()) {
                            DigestMD5Base.log.tracef("Incorrect padding: %02x", Byte.valueOf(bArr5[bArr5.length - 1]));
                        }
                        return DigestMD5Base.EMPTY_BYTE_ARRAY;
                    }
                }
                if (!Arrays.equals(bArr6, getHMAC(this.peerKi, bArr4, bArr5, 0, length))) {
                    DigestMD5Base.log.trace("Unmatched MACs");
                    return DigestMD5Base.EMPTY_BYTE_ARRAY;
                }
                if (this.peerSeqNum != AbstractSaslImpl.networkByteOrderToInt(bArr4, 0, 4)) {
                    throw new SaslException("DIGEST-MD5: Out of order sequencing of messages from server. Got: " + AbstractSaslImpl.networkByteOrderToInt(bArr4, 0, 4) + " Expected: " + this.peerSeqNum);
                }
                if (!Arrays.equals(this.messageType, bArr3)) {
                    throw new SaslException("DIGEST-MD5: invalid message type: " + AbstractSaslImpl.networkByteOrderToInt(bArr3, 0, 2));
                }
                this.peerSeqNum++;
                if (length == bArr5.length) {
                    return bArr5;
                }
                byte[] bArr7 = new byte[length];
                System.arraycopy(bArr5, 0, bArr7, 0, length);
                return bArr7;
            } catch (IllegalBlockSizeException e) {
                throw new SaslException("DIGEST-MD5: Illegal block sizes used with chosen cipher", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DigestMD5Base(Map<String, ?> map, String str, int i, CallbackHandler callbackHandler) throws SaslException {
        super(map, str);
        this.useUTF8 = false;
        this.encoding = "8859_1";
        this.step = i;
        this.cbh = callbackHandler;
    }

    public String getMechanismName() {
        return AbstractDigestMD5Factory.DIGEST_MD5;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (!this.completed) {
            throw new IllegalStateException("DIGEST-MD5 authentication not completed");
        }
        if (this.secCtx == null) {
            throw new IllegalStateException("Neither integrity nor privacy was negotiated");
        }
        return this.secCtx.unwrap(bArr, i, i2);
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (!this.completed) {
            throw new IllegalStateException("DIGEST-MD5 authentication not completed");
        }
        if (this.secCtx == null) {
            throw new IllegalStateException("Neither integrity nor privacy was negotiated");
        }
        return this.secCtx.wrap(bArr, i, i2);
    }

    public void dispose() throws SaslException {
        if (this.secCtx != null) {
            this.secCtx = null;
        }
    }

    @Override // org.jboss.sasl.digest.AbstractSaslImpl
    public Object getNegotiatedProperty(String str) {
        if (this.completed) {
            return str.equals("javax.security.sasl.strength") ? this.negotiatedStrength : super.getNegotiatedProperty(str);
        }
        throw new IllegalStateException("DIGEST-MD5 authentication not completed");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] generateNonce() {
        byte[] bArr = new byte[30];
        new Random().nextBytes(bArr);
        byte[] bArr2 = new byte[40];
        int i = 0;
        for (int i2 = 0; i2 < bArr.length; i2 += 3) {
            byte b = bArr[i2];
            byte b2 = bArr[i2 + 1];
            byte b3 = bArr[i2 + 2];
            int i3 = i;
            int i4 = i + 1;
            bArr2[i3] = (byte) pem_array[(b >>> 2) & 63];
            int i5 = i4 + 1;
            bArr2[i4] = (byte) pem_array[((b << 4) & 48) + ((b2 >>> 4) & 15)];
            int i6 = i5 + 1;
            bArr2[i5] = (byte) pem_array[((b2 << 2) & 60) + ((b3 >>> 6) & 3)];
            i = i6 + 1;
            bArr2[i6] = (byte) pem_array[b3 & 63];
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void writeQuotedStringValue(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) {
        for (byte b : bArr) {
            if (needEscape((char) b)) {
                byteArrayOutputStream.write(92);
            }
            byteArrayOutputStream.write(b);
        }
    }

    private static boolean needEscape(String str) {
        int length = str.length();
        for (int i = 0; i < length; i++) {
            if (needEscape(str.charAt(i))) {
                return true;
            }
        }
        return false;
    }

    private static boolean needEscape(char c) {
        return c == '\"' || c == '\\' || c == 127 || !(c < 0 || c > 31 || c == '\r' || c == '\t' || c == '\n');
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String quotedStringValue(String str) {
        if (!needEscape(str)) {
            return str;
        }
        int length = str.length();
        char[] cArr = new char[length + length];
        int i = 0;
        for (int i2 = 0; i2 < length; i2++) {
            char charAt = str.charAt(i2);
            if (needEscape(charAt)) {
                int i3 = i;
                i++;
                cArr[i3] = '\\';
            }
            int i4 = i;
            i++;
            cArr[i4] = charAt;
        }
        return new String(cArr, 0, i);
    }

    protected byte[] binaryToHex(byte[] bArr) throws UnsupportedEncodingException {
        StringBuilder sb = new StringBuilder();
        for (byte b : bArr) {
            if ((b & 255) < 16) {
                sb.append(WorkException.UNDEFINED + Integer.toHexString(b & 255));
            } else {
                sb.append(Integer.toHexString(b & 255));
            }
        }
        return sb.toString().getBytes(this.encoding);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static byte[] getPlatformCiphers() {
        byte[] bArr = new byte[CIPHER_TOKENS.length];
        for (int i = 0; i < JCE_CIPHER_NAME.length; i++) {
            try {
                Cipher.getInstance(JCE_CIPHER_NAME[i]);
                log.tracef("Platform supports %s", JCE_CIPHER_NAME[i]);
                int i2 = i;
                bArr[i2] = (byte) (bArr[i2] | CIPHER_MASKS[i]);
            } catch (NoSuchAlgorithmException e) {
            } catch (NoSuchPaddingException e2) {
            }
        }
        if (bArr[1] != 0) {
            bArr[3] = (byte) (bArr[3] | CIPHER_MASKS[3]);
            bArr[4] = (byte) (bArr[4] | CIPHER_MASKS[4]);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateResponseValue(String str, String str2, String str3, String str4, String str5, char[] cArr, byte[] bArr, byte[] bArr2, int i, byte[] bArr3) throws NoSuchAlgorithmException, IOException {
        return generateResponseValue(str, str2, str3, new UsernamePasswordHashUtil().generateHashedURP(str4, str5, cArr, this.useUTF8), bArr, bArr2, i, bArr3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] generateResponseValue(String str, String str2, String str3, byte[] bArr, byte[] bArr2, byte[] bArr3, int i, byte[] bArr4) throws NoSuchAlgorithmException, IOException {
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write((str + ":" + str2).getBytes(this.encoding));
        if (str3.equals("auth-conf") || str3.equals("auth-int")) {
            log.tracef("QOP: %s", str3);
            byteArrayOutputStream.write(SECURITY_LAYER_MARKER.getBytes(this.encoding));
        }
        log.tracef("A2: %s", byteArrayOutputStream);
        messageDigest.update(byteArrayOutputStream.toByteArray());
        byte[] binaryToHex = binaryToHex(messageDigest.digest());
        if (log.isTraceEnabled()) {
            log.tracef("HEX(H(A2)): %s", new String(binaryToHex));
        }
        if (log.isTraceEnabled()) {
            log.tracef("H(%s) = %s", new String(bArr), new String(binaryToHex(bArr)));
        }
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        byteArrayOutputStream2.write(bArr);
        byteArrayOutputStream2.write(58);
        byteArrayOutputStream2.write(bArr2);
        byteArrayOutputStream2.write(58);
        byteArrayOutputStream2.write(bArr3);
        if (bArr4 != null) {
            byteArrayOutputStream2.write(58);
            byteArrayOutputStream2.write(bArr4);
        }
        messageDigest.update(byteArrayOutputStream2.toByteArray());
        byte[] digest = messageDigest.digest();
        this.H_A1 = digest;
        byte[] binaryToHex2 = binaryToHex(digest);
        if (log.isTraceEnabled()) {
            log.tracef("H(A1): %s", new String(binaryToHex2));
        }
        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
        byteArrayOutputStream3.write(binaryToHex2);
        byteArrayOutputStream3.write(58);
        byteArrayOutputStream3.write(bArr2);
        byteArrayOutputStream3.write(58);
        byteArrayOutputStream3.write(nonceCountToHex(i).getBytes(this.encoding));
        byteArrayOutputStream3.write(58);
        byteArrayOutputStream3.write(bArr3);
        byteArrayOutputStream3.write(58);
        byteArrayOutputStream3.write(str3.getBytes(this.encoding));
        byteArrayOutputStream3.write(58);
        byteArrayOutputStream3.write(binaryToHex);
        log.tracef("KD: %s", byteArrayOutputStream3);
        messageDigest.update(byteArrayOutputStream3.toByteArray());
        byte[] binaryToHex3 = binaryToHex(messageDigest.digest());
        if (log.isTraceEnabled()) {
            log.tracef("response-value: %s", new String(binaryToHex3));
        }
        return binaryToHex3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String nonceCountToHex(int i) {
        String hexString = Integer.toHexString(i);
        StringBuilder sb = new StringBuilder();
        if (hexString.length() < 8) {
            for (int i2 = 0; i2 < 8 - hexString.length(); i2++) {
                sb.append(WorkException.UNDEFINED);
            }
        }
        return sb.toString() + hexString;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v2, types: [byte[], byte[][]] */
    public static byte[][] parseDirectives(byte[] bArr, String[] strArr, List<byte[]> list, int i) throws SaslException {
        ?? r0 = new byte[strArr.length];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(10);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream(10);
        boolean z = true;
        boolean z2 = false;
        boolean z3 = false;
        int skipLws = skipLws(bArr, 0);
        while (skipLws < bArr.length) {
            byte b = bArr[skipLws];
            if (z) {
                if (b == 44) {
                    if (byteArrayOutputStream.size() != 0) {
                        throw new SaslException("Directive key contains a ',':" + byteArrayOutputStream);
                    }
                    skipLws = skipLws(bArr, skipLws + 1);
                } else if (b == 61) {
                    if (byteArrayOutputStream.size() == 0) {
                        throw new SaslException("Empty directive key");
                    }
                    z = false;
                    skipLws = skipLws(bArr, skipLws + 1);
                    if (skipLws >= bArr.length) {
                        throw new SaslException("Valueless directive found: " + byteArrayOutputStream.toString());
                    }
                    if (bArr[skipLws] == 34) {
                        z2 = true;
                        skipLws++;
                    }
                } else if (isLws(b)) {
                    skipLws = skipLws(bArr, skipLws + 1);
                    if (skipLws >= bArr.length) {
                        throw new SaslException("'=' expected after key: " + byteArrayOutputStream.toString());
                    }
                    if (bArr[skipLws] != 61) {
                        throw new SaslException("'=' expected after key: " + byteArrayOutputStream.toString());
                    }
                } else {
                    byteArrayOutputStream.write(b);
                    skipLws++;
                }
            } else if (z2) {
                switch (b) {
                    case 34:
                        skipLws++;
                        z2 = false;
                        z3 = true;
                        break;
                    case 92:
                        int i2 = skipLws + 1;
                        if (i2 >= bArr.length) {
                            throw new SaslException("Unmatched quote found for directive: " + byteArrayOutputStream.toString() + " with value: " + byteArrayOutputStream2.toString());
                        }
                        byteArrayOutputStream2.write(bArr[i2]);
                        skipLws = i2 + 1;
                        break;
                    default:
                        byteArrayOutputStream2.write(b);
                        skipLws++;
                        break;
                }
            } else if (isLws(b) || b == 44) {
                extractDirective(byteArrayOutputStream.toString(), byteArrayOutputStream2.toByteArray(), strArr, r0, list, i);
                byteArrayOutputStream.reset();
                byteArrayOutputStream2.reset();
                z = true;
                z3 = false;
                z2 = false;
                skipLws = skipLws(bArr, skipLws + 1);
            } else {
                if (z3) {
                    throw new SaslException("Expecting comma or linear whitespace after quoted string: \"" + byteArrayOutputStream2.toString() + "\"");
                }
                byteArrayOutputStream2.write(b);
                skipLws++;
            }
        }
        if (z2) {
            throw new SaslException("Unmatched quote found for directive: " + byteArrayOutputStream.toString() + " with value: " + byteArrayOutputStream2.toString());
        }
        if (byteArrayOutputStream.size() > 0) {
            extractDirective(byteArrayOutputStream.toString(), byteArrayOutputStream2.toByteArray(), strArr, r0, list, i);
        }
        return r0;
    }

    private static boolean isLws(byte b) {
        switch (b) {
            case 9:
            case 10:
            case 13:
            case 32:
                return true;
            default:
                return false;
        }
    }

    private static int skipLws(byte[] bArr, int i) {
        int i2 = i;
        while (i2 < bArr.length && isLws(bArr[i2])) {
            i2++;
        }
        return i2;
    }

    private static void extractDirective(String str, byte[] bArr, String[] strArr, byte[][] bArr2, List<byte[]> list, int i) throws SaslException {
        for (int i2 = 0; i2 < strArr.length; i2++) {
            if (str.equalsIgnoreCase(strArr[i2])) {
                if (bArr2[i2] == null) {
                    bArr2[i2] = bArr;
                    if (log.isTraceEnabled()) {
                        log.tracef("DIGEST11:Directive %s = %s", strArr[i2], new String(bArr2[i2]));
                        return;
                    }
                    return;
                }
                if (list == null || i2 != i) {
                    throw new SaslException("DIGEST-MD5: peer sent more than one " + str + " directive: " + new String(bArr));
                }
                if (list.size() == 0) {
                    list.add(bArr2[i2]);
                }
                list.add(bArr);
                return;
            }
        }
    }

    private static void setParityBit(byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            int i2 = bArr[i] & 254;
            bArr[i] = (byte) (i2 | ((Integer.bitCount(i2) & 1) ^ 1));
        }
    }

    private static byte[] addDesParity(byte[] bArr, int i, int i2) {
        if (i2 != 7) {
            throw new IllegalArgumentException("Invalid length of DES Key Value:" + i2);
        }
        byte[] bArr2 = new byte[7];
        System.arraycopy(bArr, i, bArr2, 0, i2);
        byte[] bArr3 = new byte[8];
        BigInteger bigInteger = new BigInteger(bArr2);
        for (int length = bArr3.length - 1; length >= 0; length--) {
            bArr3[length] = bigInteger.and(MASK).toByteArray()[0];
            int i3 = length;
            bArr3[i3] = (byte) (bArr3[i3] << 1);
            bigInteger = bigInteger.shiftRight(7);
        }
        setParityBit(bArr3);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretKey makeDesKeys(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        KeySpec dESedeKeySpec;
        byte[] addDesParity = addDesParity(bArr, 0, 7);
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(str);
        if (str.equals("des")) {
            dESedeKeySpec = new DESKeySpec(addDesParity, 0);
            if (log.isTraceEnabled()) {
                log.tracef("is parity-adjusted? %s", Boolean.valueOf(DESKeySpec.isParityAdjusted(addDesParity, 0)));
            }
        } else {
            if (!str.equals("desede")) {
                throw new IllegalArgumentException("Invalid DES strength:" + str);
            }
            byte[] addDesParity2 = addDesParity(bArr, 7, 7);
            byte[] bArr2 = new byte[(addDesParity.length * 2) + addDesParity2.length];
            System.arraycopy(addDesParity, 0, bArr2, 0, addDesParity.length);
            System.arraycopy(addDesParity2, 0, bArr2, addDesParity.length, addDesParity2.length);
            System.arraycopy(addDesParity, 0, bArr2, addDesParity.length + addDesParity2.length, addDesParity.length);
            dESedeKeySpec = new DESedeKeySpec(bArr2, 0);
            if (log.isTraceEnabled()) {
                log.tracef("is parity-adjusted? %s", Boolean.valueOf(DESedeKeySpec.isParityAdjusted(bArr2, 0)));
            }
        }
        return secretKeyFactory.generateSecret(dESedeKeySpec);
    }
}
