package net.java.sip.communicator.impl.protocol.sip.security;

import java.text.ParseException;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.ListIterator;
import net.java.sip.communicator.impl.protocol.sip.SipActivator;
import net.java.sip.communicator.service.protocol.AccountID;
import net.java.sip.communicator.service.protocol.OperationFailedException;
import net.java.sip.communicator.service.protocol.ProtocolProviderFactory;
import net.java.sip.communicator.service.protocol.SecurityAuthority;
import net.java.sip.communicator.service.protocol.UserCredentials;
import net.java.sip.communicator.util.Logger;
import org.jitsi.gov.nist.javax.sip.header.SIPHeader;
import org.jitsi.gov.nist.javax.sip.header.SIPHeaderList;
import org.jitsi.gov.nist.javax.sip.message.SIPRequest;
import org.jitsi.javax.sip.ClientTransaction;
import org.jitsi.javax.sip.Dialog;
import org.jitsi.javax.sip.InvalidArgumentException;
import org.jitsi.javax.sip.SipException;
import org.jitsi.javax.sip.SipProvider;
import org.jitsi.javax.sip.TransactionUnavailableException;
import org.jitsi.javax.sip.header.AuthorizationHeader;
import org.jitsi.javax.sip.header.CSeqHeader;
import org.jitsi.javax.sip.header.CallIdHeader;
import org.jitsi.javax.sip.header.HeaderFactory;
import org.jitsi.javax.sip.header.ProxyAuthenticateHeader;
import org.jitsi.javax.sip.header.ViaHeader;
import org.jitsi.javax.sip.header.WWWAuthenticateHeader;
import org.jitsi.javax.sip.message.Request;
import org.jitsi.javax.sip.message.Response;

/* loaded from: classes.dex */
public class SipSecurityManager {
    private static final Logger logger = Logger.getLogger((Class<?>) SipSecurityManager.class);
    private final AccountID accountID;
    private SecurityAuthority securityAuthority = null;
    private HeaderFactory headerFactory = null;
    private CredentialsCache cachedCredentials = new CredentialsCache();

    public SipSecurityManager(AccountID accountID) {
        this.accountID = accountID;
    }

    private Request cloneReqForAuthentication(Request request, Response response) {
        Request request2 = (Request) request.clone();
        removeBranchID(request2);
        if (response.getStatusCode() == 401) {
            request2.removeHeader("Authorization");
        } else if (response.getStatusCode() == 407) {
            request2.removeHeader("Proxy-Authorization");
        }
        return request2;
    }

    private AuthorizationHeader createAuthorizationHeader(String str, String str2, String str3, WWWAuthenticateHeader wWWAuthenticateHeader, UserCredentials userCredentials) throws OperationFailedException {
        String str4 = wWWAuthenticateHeader.getQop() != null ? "auth" : null;
        try {
            String calculateResponse = MessageDigestAlgorithm.calculateResponse(wWWAuthenticateHeader.getAlgorithm(), userCredentials.getUserName(), wWWAuthenticateHeader.getRealm(), new String(userCredentials.getPassword()), wWWAuthenticateHeader.getNonce(), "00000001", "xyz", str, str2, str3, str4);
            try {
                AuthorizationHeader createProxyAuthorizationHeader = wWWAuthenticateHeader instanceof ProxyAuthenticateHeader ? this.headerFactory.createProxyAuthorizationHeader(wWWAuthenticateHeader.getScheme()) : this.headerFactory.createAuthorizationHeader(wWWAuthenticateHeader.getScheme());
                createProxyAuthorizationHeader.setUsername(userCredentials.getUserName());
                createProxyAuthorizationHeader.setRealm(wWWAuthenticateHeader.getRealm());
                createProxyAuthorizationHeader.setNonce(wWWAuthenticateHeader.getNonce());
                createProxyAuthorizationHeader.setParameter("uri", str2);
                createProxyAuthorizationHeader.setResponse(calculateResponse);
                if (wWWAuthenticateHeader.getAlgorithm() != null) {
                    createProxyAuthorizationHeader.setAlgorithm(wWWAuthenticateHeader.getAlgorithm());
                }
                if (wWWAuthenticateHeader.getOpaque() != null) {
                    createProxyAuthorizationHeader.setOpaque(wWWAuthenticateHeader.getOpaque());
                }
                if (str4 != null) {
                    createProxyAuthorizationHeader.setQop(str4);
                    createProxyAuthorizationHeader.setCNonce("xyz");
                    createProxyAuthorizationHeader.setNonceCount(Integer.parseInt("00000001"));
                }
                createProxyAuthorizationHeader.setResponse(calculateResponse);
                return createProxyAuthorizationHeader;
            } catch (ParseException e) {
                throw new SecurityException("Failed to create an authorization header!");
            }
        } catch (NullPointerException e2) {
            throw new OperationFailedException("The authenticate header was malformatted", 1, e2);
        }
    }

    private CredentialsCacheEntry createCcEntryWithNewCredentials(String str, int i) {
        CredentialsCacheEntry credentialsCacheEntry = new CredentialsCacheEntry();
        UserCredentials userCredentials = new UserCredentials();
        String accountPropertyString = this.accountID.getAccountPropertyString(ProtocolProviderFactory.AUTHORIZATION_NAME);
        if (accountPropertyString == null || accountPropertyString.length() <= 0) {
            userCredentials.setUserName(this.accountID.getUserID());
        } else {
            userCredentials.setUserName(accountPropertyString);
        }
        UserCredentials obtainCredentials = getSecurityAuthority().obtainCredentials(this.accountID.getDisplayName(), userCredentials, i);
        if (obtainCredentials != null && obtainCredentials.getPassword() != null) {
            credentialsCacheEntry.userCredentials = obtainCredentials;
            if (credentialsCacheEntry.userCredentials == null || !credentialsCacheEntry.userCredentials.isPasswordPersistent()) {
                return credentialsCacheEntry;
            }
            SipActivator.getProtocolProviderFactory().storePassword(this.accountID, credentialsCacheEntry.userCredentials.getPasswordAsString());
            return credentialsCacheEntry;
        }
        return null;
    }

    private CredentialsCacheEntry createCcEntryWithStoredPassword(String str) {
        CredentialsCacheEntry credentialsCacheEntry = new CredentialsCacheEntry();
        credentialsCacheEntry.userCredentials = new UserCredentials();
        String accountPropertyString = this.accountID.getAccountPropertyString(ProtocolProviderFactory.AUTHORIZATION_NAME);
        if (accountPropertyString == null || accountPropertyString.length() <= 0) {
            credentialsCacheEntry.userCredentials.setUserName(this.accountID.getUserID());
        } else {
            credentialsCacheEntry.userCredentials.setUserName(accountPropertyString);
        }
        credentialsCacheEntry.userCredentials.setPassword(str.toCharArray());
        return credentialsCacheEntry;
    }

    private ListIterator<WWWAuthenticateHeader> extractChallenges(Response response) {
        if (response.getStatusCode() == 401) {
            return response.getHeaders("WWW-Authenticate");
        }
        if (response.getStatusCode() == 407) {
            return response.getHeaders("Proxy-Authenticate");
        }
        return null;
    }

    private long getRequestSeqNo(Request request) {
        return ((CSeqHeader) request.getHeader("CSeq")).getSeqNumber();
    }

    private void incrementRequestSeqNo(Request request, long j) throws InvalidArgumentException {
        CSeqHeader cSeqHeader = (CSeqHeader) request.getHeader("CSeq");
        if (j == -1) {
            cSeqHeader.setSeqNumber(cSeqHeader.getSeqNumber() + 1);
        } else {
            cSeqHeader.setSeqNumber(j);
        }
    }

    private List<String> removeAuthHeaders(Request request) {
        Iterator<SIPHeader> headers = ((SIPRequest) request).getHeaders();
        LinkedList linkedList = new LinkedList();
        removeAuthHeaders(headers, linkedList);
        request.removeHeader("Authorization");
        request.removeHeader("Proxy-Authorization");
        return linkedList;
    }

    private void removeAuthHeaders(Iterator<SIPHeader> it, List<String> list) {
        while (it.hasNext()) {
            Cloneable cloneable = (SIPHeader) it.next();
            if (cloneable instanceof AuthorizationHeader) {
                list.add(((AuthorizationHeader) cloneable).getRealm());
            } else if (cloneable instanceof SIPHeaderList) {
                removeAuthHeaders(((SIPHeaderList) cloneable).iterator(), list);
            }
        }
    }

    private void removeBranchID(Request request) {
        ViaHeader viaHeader = (ViaHeader) request.getHeader("Via");
        request.removeHeader("Via");
        try {
            request.setHeader(this.headerFactory.createViaHeader(viaHeader.getHost(), viaHeader.getPort(), viaHeader.getTransport(), null));
        } catch (Exception e) {
            if (logger.isDebugEnabled()) {
                logger.debug("failed to reset a Via header");
            }
        }
    }

    public void cacheCredentials(String str, UserCredentials userCredentials) {
        CredentialsCacheEntry credentialsCacheEntry = new CredentialsCacheEntry();
        credentialsCacheEntry.userCredentials = userCredentials;
        this.cachedCredentials.cacheEntry(str, credentialsCacheEntry);
    }

    public AuthorizationHeader getCachedAuthorizationHeader(String str) {
        return this.cachedCredentials.getCachedAuthorizationHeader(str);
    }

    public SecurityAuthority getSecurityAuthority() {
        return this.securityAuthority;
    }

    public synchronized ClientTransaction handleChallenge(Response response, ClientTransaction clientTransaction, SipProvider sipProvider) throws SipException, InvalidArgumentException, OperationFailedException, NullPointerException {
        return handleChallenge(response, clientTransaction, sipProvider, -1L);
    }

    public synchronized ClientTransaction handleChallenge(Response response, ClientTransaction clientTransaction, SipProvider sipProvider, long j) throws SipException, InvalidArgumentException, OperationFailedException, NullPointerException {
        ClientTransaction newClientTransaction;
        String branchId = clientTransaction.getBranchId();
        Request cloneReqForAuthentication = cloneReqForAuthentication(clientTransaction.getRequest(), response);
        incrementRequestSeqNo(cloneReqForAuthentication, j);
        ListIterator<WWWAuthenticateHeader> extractChallenges = extractChallenges(response);
        newClientTransaction = sipProvider.getNewClientTransaction(cloneReqForAuthentication);
        Dialog dialog = newClientTransaction.getDialog();
        if (dialog != null && dialog.getLocalSeqNumber() != getRequestSeqNo(cloneReqForAuthentication)) {
            dialog.incrementLocalSequenceNumber();
        }
        while (extractChallenges.hasNext()) {
            WWWAuthenticateHeader next = extractChallenges.next();
            String realm = next.getRealm();
            CredentialsCacheEntry remove = this.cachedCredentials.remove(realm);
            boolean popBranchID = remove != null ? remove.popBranchID(branchId) : false;
            long currentTimeMillis = System.currentTimeMillis();
            String loadPassword = SipActivator.getProtocolProviderFactory().loadPassword(this.accountID);
            if (remove == null) {
                if (loadPassword != null) {
                    remove = createCcEntryWithStoredPassword(loadPassword);
                    if (logger.isTraceEnabled()) {
                        logger.trace("seem to have a stored pass! Try with it.");
                    }
                } else {
                    if (logger.isTraceEnabled()) {
                        logger.trace("We don't seem to have a good pass! Get one.");
                    }
                    remove = createCcEntryWithNewCredentials(realm, 0);
                    if (remove == null) {
                        throw new OperationFailedException("User has canceled the authentication process.", 15);
                    }
                }
            } else if (popBranchID && !next.isStale()) {
                SipActivator.getProtocolProviderFactory().storePassword(this.accountID, null);
                remove = createCcEntryWithNewCredentials(realm, 1);
                if (remove == null) {
                    throw new OperationFailedException("User has canceled the authentication process.", 15);
                }
            } else if (logger.isTraceEnabled()) {
                logger.trace("We seem to have a pass in the cache. Let's try with it.");
            }
            if (remove.userCredentials == null) {
                throw new OperationFailedException("Unable to authenticate with realm " + realm + ". User did not provide credentials.", 401);
            }
            boolean z = System.currentTimeMillis() - currentTimeMillis > 25000;
            AuthorizationHeader createAuthorizationHeader = createAuthorizationHeader(cloneReqForAuthentication.getMethod(), cloneReqForAuthentication.getRequestURI().toString(), cloneReqForAuthentication.getContent() == null ? "" : cloneReqForAuthentication.getContent().toString(), next, remove.userCredentials);
            if (!z) {
                remove.pushBranchID(newClientTransaction.getBranchId());
            }
            this.cachedCredentials.cacheEntry(realm, remove);
            if (logger.isDebugEnabled()) {
                logger.debug("Created authorization header: " + createAuthorizationHeader.toString());
            }
            CallIdHeader callIdHeader = (CallIdHeader) cloneReqForAuthentication.getHeader("Call-ID");
            if (callIdHeader != null) {
                this.cachedCredentials.cacheAuthorizationHeader(callIdHeader.getCallId(), createAuthorizationHeader);
            }
            cloneReqForAuthentication.addHeader(createAuthorizationHeader);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Returning authorization transaction.");
        }
        return newClientTransaction;
    }

    public synchronized ClientTransaction handleForbiddenResponse(Response response, ClientTransaction clientTransaction, SipProvider sipProvider) throws InvalidArgumentException, TransactionUnavailableException {
        ClientTransaction newClientTransaction;
        this.cachedCredentials.clear();
        SipActivator.getProtocolProviderFactory().storePassword(this.accountID, null);
        Request request = (Request) clientTransaction.getRequest().clone();
        removeBranchID(request);
        List<String> removeAuthHeaders = removeAuthHeaders(request);
        incrementRequestSeqNo(request, -1L);
        newClientTransaction = sipProvider.getNewClientTransaction(request);
        Dialog dialog = newClientTransaction.getDialog();
        if (dialog != null && dialog.getLocalSeqNumber() != getRequestSeqNo(request)) {
            dialog.incrementLocalSequenceNumber();
        }
        Iterator<String> it = removeAuthHeaders.iterator();
        while (it.hasNext()) {
            CredentialsCacheEntry createCcEntryWithStoredPassword = createCcEntryWithStoredPassword("");
            createCcEntryWithStoredPassword.pushBranchID(newClientTransaction.getBranchId());
            this.cachedCredentials.cacheEntry(it.next(), createCcEntryWithStoredPassword);
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Returning authorization transaction.");
        }
        return newClientTransaction;
    }

    public void setHeaderFactory(HeaderFactory headerFactory) {
        this.headerFactory = headerFactory;
    }

    public void setSecurityAuthority(SecurityAuthority securityAuthority) {
        this.securityAuthority = securityAuthority;
    }
}
