package org.tiki.tikitoken;

import java.nio.charset.StandardCharsets;
import java.util.StringTokenizer;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/tikitoken-lib.jar:org/tiki/tikitoken/TikiTokenSaslServer.class */
public class TikiTokenSaslServer implements SaslServer {
    private static final Logger Log = LoggerFactory.getLogger(TikiTokenSaslServer.class);
    public static final String MECHANISM_NAME = "TIKITOKEN";
    private String authorizationID = null;
    private State state = State.PRE_INITIAL_RESPONSE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/tikitoken-lib.jar:org/tiki/tikitoken/TikiTokenSaslServer$State.class */
    public enum State {
        PRE_INITIAL_RESPONSE,
        POST_INITIAL_RESPONSE,
        COMPLETED
    }

    public String getMechanismName() {
        return MECHANISM_NAME;
    }

    public byte[] evaluateResponse(byte[] bArr) throws SaslException {
        Log.trace("Evaluating new response...");
        if (isComplete()) {
            throw new IllegalStateException("TIKITOKEN authentication was already completed.");
        }
        Log.trace("Current state: {}", this.state);
        switch (this.state) {
            case POST_INITIAL_RESPONSE:
                if (bArr.length == 0) {
                    this.state = State.COMPLETED;
                    throw new SaslException("The TIKITOKEN SASL mechanism expects response data in either the initial or second client response. Neither had any data.");
                }
                break;
            case PRE_INITIAL_RESPONSE:
                break;
            default:
                throw new IllegalStateException("Instance is in an unrecognized state (please report this incident as a bug in class: " + getClass().getCanonicalName() + "). Unrecognized value: " + this.state);
        }
        if (bArr.length == 0) {
            this.state = State.POST_INITIAL_RESPONSE;
            return null;
        }
        this.state = State.COMPLETED;
        Log.trace("Parsing data from client response...");
        StringTokenizer stringTokenizer = new StringTokenizer(new String(bArr, StandardCharsets.UTF_8), "��");
        if (stringTokenizer.countTokens() != 2) {
            throw new SaslException("Exactly two NUL (U+0000) character-separated values are expected (a username, followed by a Tiki access token). Instead " + stringTokenizer.countTokens() + " were found.");
        }
        String nextToken = stringTokenizer.nextToken();
        String nextToken2 = stringTokenizer.nextToken();
        Log.trace("Parsed data from client response for user '{}'. Verifying Tiki token...", nextToken);
        if (!new TikiTokenQuery(nextToken, nextToken2).isValid()) {
            throw new SaslException("Tiki token based authentication failed for: " + nextToken);
        }
        Log.debug("Authentication successful for user '{}'!", nextToken);
        this.authorizationID = nextToken;
        return null;
    }

    public boolean isComplete() {
        return this.state == State.COMPLETED;
    }

    public String getAuthorizationID() {
        if (isComplete()) {
            return this.authorizationID;
        }
        throw new IllegalStateException("TIKITOKEN authentication has not completed.");
    }

    public Object getNegotiatedProperty(String str) {
        if (!isComplete()) {
            throw new IllegalStateException("TIKITOKEN authentication has not completed.");
        }
        if ("javax.security.sasl.qop".equals(str)) {
            return "auth";
        }
        return null;
    }

    public void dispose() throws SaslException {
        this.state = null;
        this.authorizationID = null;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("TIKITOKEN supports neither integrity nor privacy.");
        }
        throw new IllegalStateException("TIKITOKEN authentication has not completed.");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        if (isComplete()) {
            throw new IllegalStateException("TIKITOKEN supports neither integrity nor privacy.");
        }
        throw new IllegalStateException("TIKITOKEN authentication has not completed.");
    }
}
