package com.microsoft.azure.sdk.iot.provisioning.device.internal.contract.amqp;

import com.microsoft.azure.sdk.iot.deps.transport.amqp.SaslHandler;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.contract.ResponseCallback;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceClientException;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.exceptions.ProvisioningDeviceSecurityException;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.task.ContractState;
import com.microsoft.azure.sdk.iot.provisioning.device.internal.task.ResponseData;

/* loaded from: input_file:com/microsoft/azure/sdk/iot/provisioning/device/internal/contract/amqp/AmqpsProvisioningSaslHandler.class */
class AmqpsProvisioningSaslHandler implements SaslHandler {
    private static final String TPM_MECHANISM = "TPM";
    private static final byte NULL_BYTE = 0;
    private static final byte INIT_SEGMENT_CONTROL_BYTE = 0;
    private static final byte INTERMEDIATE_SEGMENT_CONTROL_BYTE = Byte.MIN_VALUE;
    private static final byte FINAL_SEGMENT_CONTROL_BYTE = -63;
    private static final long MAX_MILLISECONDS_TIMEOUT_FOR_SAS_TOKEN_WAIT = 60000;
    private static final long WAIT_INTERVALS = 4000;
    private final String idScope;
    private final String registrationId;
    private final byte[] endorsementKey;
    private final byte[] storageRootKey;
    private byte[] challengeKey;
    private ChallengeState challengeState;
    private final ResponseCallback responseCallback;
    private final Object authorizationCallbackContext;
    private String sasToken;

    /* renamed from: com.microsoft.azure.sdk.iot.provisioning.device.internal.contract.amqp.AmqpsProvisioningSaslHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/microsoft/azure/sdk/iot/provisioning/device/internal/contract/amqp/AmqpsProvisioningSaslHandler$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$azure$sdk$iot$deps$transport$amqp$SaslHandler$SaslOutcome = new int[SaslHandler.SaslOutcome.values().length];

        static {
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$deps$transport$amqp$SaslHandler$SaslOutcome[SaslHandler.SaslOutcome.OK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$deps$transport$amqp$SaslHandler$SaslOutcome[SaslHandler.SaslOutcome.AUTH.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$deps$transport$amqp$SaslHandler$SaslOutcome[SaslHandler.SaslOutcome.SYS_TEMP.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$deps$transport$amqp$SaslHandler$SaslOutcome[SaslHandler.SaslOutcome.SYS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$deps$transport$amqp$SaslHandler$SaslOutcome[SaslHandler.SaslOutcome.SYS_PERM.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState = new int[ChallengeState.values().length];
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState[ChallengeState.WAITING_FOR_FIRST_CHALLENGE.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState[ChallengeState.WAITING_FOR_SECOND_CHALLENGE.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState[ChallengeState.WAITING_FOR_THIRD_CHALLENGE.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState[ChallengeState.WAITING_FOR_MECHANISMS.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState[ChallengeState.WAITING_TO_BUILD_INIT.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState[ChallengeState.WAITING_TO_SEND_SAS_TOKEN.ordinal()] = 6;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$com$microsoft$azure$sdk$iot$provisioning$device$internal$contract$amqp$AmqpsProvisioningSaslHandler$ChallengeState[ChallengeState.WAITING_FOR_FINAL_OUTCOME.ordinal()] = 7;
            } catch (NoSuchFieldError e12) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/microsoft/azure/sdk/iot/provisioning/device/internal/contract/amqp/AmqpsProvisioningSaslHandler$ChallengeState.class */
    public enum ChallengeState {
        WAITING_FOR_MECHANISMS,
        WAITING_TO_BUILD_INIT,
        WAITING_FOR_FIRST_CHALLENGE,
        WAITING_FOR_SECOND_CHALLENGE,
        WAITING_FOR_THIRD_CHALLENGE,
        WAITING_TO_SEND_SAS_TOKEN,
        WAITING_FOR_FINAL_OUTCOME
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AmqpsProvisioningSaslHandler(String str, String str2, byte[] bArr, byte[] bArr2, ResponseCallback responseCallback, Object obj) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("IdScope cannot be null or empty");
        }
        if (str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("RegistrationId cannot be null or empty");
        }
        if (bArr == null || bArr.length == 0) {
            throw new IllegalArgumentException("Endorsement Key cannot be null or empty");
        }
        if (bArr2 == null || bArr2.length == 0) {
            throw new IllegalArgumentException("Storage root key cannot be null or empty");
        }
        if (responseCallback == null) {
            throw new IllegalArgumentException("responseCallback cannot be null");
        }
        this.idScope = str;
        this.registrationId = str2;
        this.endorsementKey = bArr;
        this.storageRootKey = bArr2;
        this.responseCallback = responseCallback;
        this.authorizationCallbackContext = obj;
        this.challengeState = ChallengeState.WAITING_FOR_MECHANISMS;
        this.sasToken = null;
    }

    public String chooseSaslMechanism(String[] strArr) throws ProvisioningDeviceSecurityException {
        if (this.challengeState != ChallengeState.WAITING_FOR_MECHANISMS) {
            throw new IllegalStateException("Handler is not in a state to handle choosing a mechanism");
        }
        boolean z = false;
        for (String str : strArr) {
            z |= str.equals(TPM_MECHANISM);
        }
        if (!z) {
            throw new ProvisioningDeviceSecurityException("Service endpoint does not support TPM authentication");
        }
        this.challengeState = ChallengeState.WAITING_TO_BUILD_INIT;
        return TPM_MECHANISM;
    }

    public byte[] getInitPayload(String str) {
        if (this.challengeState != ChallengeState.WAITING_TO_BUILD_INIT) {
            throw new IllegalStateException("Handler is not in a state to build the init payload");
        }
        byte[] buildSaslInitPayload = buildSaslInitPayload(this.idScope, this.registrationId, this.endorsementKey);
        this.challengeState = ChallengeState.WAITING_FOR_FIRST_CHALLENGE;
        return buildSaslInitPayload;
    }

    public byte[] handleChallenge(byte[] bArr) throws ProvisioningDeviceClientException {
        if (bArr == null) {
            throw new IllegalArgumentException("Challenge data cannot be null");
        }
        switch (this.challengeState) {
            case WAITING_FOR_FIRST_CHALLENGE:
                this.challengeState = ChallengeState.WAITING_FOR_SECOND_CHALLENGE;
                return handleFirstChallenge(bArr);
            case WAITING_FOR_SECOND_CHALLENGE:
                return handleSecondChallenge(bArr);
            case WAITING_FOR_THIRD_CHALLENGE:
                return handleThirdChallenge(bArr);
            case WAITING_FOR_MECHANISMS:
                throw new IllegalStateException("Unexpected challenge received when expecting to choose sasl mechanism");
            case WAITING_TO_BUILD_INIT:
                throw new IllegalStateException("Unexpected challenge received when expecting to build sasl init payload");
            case WAITING_TO_SEND_SAS_TOKEN:
                throw new IllegalStateException("Unexpected challenge received when expecting to send sas token");
            case WAITING_FOR_FINAL_OUTCOME:
                throw new IllegalStateException("Unexpected challenge received when expecting Sasl outcome");
            default:
                throw new IllegalStateException("Unexpected challenge received");
        }
    }

    public void handleOutcome(SaslHandler.SaslOutcome saslOutcome) throws ProvisioningDeviceSecurityException {
        if (this.challengeState != ChallengeState.WAITING_FOR_FINAL_OUTCOME) {
            throw new IllegalStateException("This handler is not ready to handle the sasl outcome");
        }
        switch (AnonymousClass1.$SwitchMap$com$microsoft$azure$sdk$iot$deps$transport$amqp$SaslHandler$SaslOutcome[saslOutcome.ordinal()]) {
            case 1:
                return;
            case 2:
                throw new ProvisioningDeviceSecurityException("Sas token was rejected by the service");
            case 3:
                throw new ProvisioningDeviceSecurityException("Sasl negotiation failed due to transient system error");
            case 4:
            case 5:
            default:
                throw new ProvisioningDeviceSecurityException("Sasl negotiation with service failed");
        }
    }

    public String getPlainUsername() {
        throw new UnsupportedOperationException("TPM sasl does not use plain mechanism for authentication");
    }

    public String getPlainPassword() {
        throw new UnsupportedOperationException("TPM sasl does not use plain mechanism for authentication");
    }

    public void setSasToken(String str) {
        this.sasToken = str;
    }

    private byte[] handleFirstChallenge(byte[] bArr) {
        if (bArr.length == 1 && bArr[0] == 0) {
            return buildFirstSaslChallengeResponsePayload(this.storageRootKey);
        }
        throw new IllegalStateException("Unexpected challenge data");
    }

    private byte[] handleSecondChallenge(byte[] bArr) {
        if (bArr.length < 1 || bArr[0] != INTERMEDIATE_SEGMENT_CONTROL_BYTE) {
            throw new IllegalStateException("Unexpected challenge data");
        }
        this.challengeState = ChallengeState.WAITING_FOR_THIRD_CHALLENGE;
        this.challengeKey = new byte[bArr.length - 1];
        System.arraycopy(bArr, 1, this.challengeKey, 0, bArr.length - 1);
        return new byte[]{0};
    }

    private byte[] handleThirdChallenge(byte[] bArr) throws ProvisioningDeviceClientException {
        if (bArr.length < 1 || bArr[0] != FINAL_SEGMENT_CONTROL_BYTE) {
            throw new IllegalStateException("Unexpected challenge data");
        }
        this.challengeKey = buildNonceFromThirdChallenge(bArr);
        this.responseCallback.run(new ResponseData(this.challengeKey, ContractState.DPS_REGISTRATION_RECEIVED, 0L), this.authorizationCallbackContext);
        this.challengeState = ChallengeState.WAITING_TO_SEND_SAS_TOKEN;
        long j = 0;
        long currentTimeMillis = System.currentTimeMillis();
        while (this.sasToken == null && j < MAX_MILLISECONDS_TIMEOUT_FOR_SAS_TOKEN_WAIT) {
            try {
                Thread.sleep(WAIT_INTERVALS);
                j = System.currentTimeMillis() - currentTimeMillis;
            } catch (InterruptedException e) {
                throw new ProvisioningDeviceClientException(e);
            }
        }
        if (j >= MAX_MILLISECONDS_TIMEOUT_FOR_SAS_TOKEN_WAIT) {
            throw new ProvisioningDeviceSecurityException("Sasl negotiation failed: Sas token was never supplied to finish negotiation");
        }
        this.challengeState = ChallengeState.WAITING_FOR_FINAL_OUTCOME;
        return prependByteArrayWithControlByte((byte) 0, this.sasToken.getBytes());
    }

    private byte[] buildNonceFromThirdChallenge(byte[] bArr) {
        byte[] bArr2 = new byte[(this.challengeKey.length + bArr.length) - 1];
        System.arraycopy(this.challengeKey, 0, bArr2, 0, this.challengeKey.length);
        System.arraycopy(bArr, 1, bArr2, this.challengeKey.length, bArr.length - 1);
        return bArr2;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [byte[], byte[][]] */
    private static byte[] buildSaslInitPayload(String str, String str2, byte[] bArr) {
        return prependByteArrayWithControlByte((byte) 0, concatBytesWithNullDelimiter(new byte[]{str.getBytes(), str2.getBytes(), bArr}));
    }

    private static byte[] buildFirstSaslChallengeResponsePayload(byte[] bArr) {
        return prependByteArrayWithControlByte((byte) 0, bArr);
    }

    private static byte[] concatBytesWithNullDelimiter(byte[]... bArr) {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i + (bArr.length - 1)];
        int i2 = 0;
        for (int i3 = 0; i3 < bArr.length - 1; i3++) {
            System.arraycopy(bArr[i3], 0, bArr3, i2, bArr[i3].length);
            bArr3[i2 + bArr[i3].length] = 0;
            i2 += bArr[i3].length + 1;
        }
        System.arraycopy(bArr[bArr.length - 1], 0, bArr3, i2, bArr[bArr.length - 1].length);
        return bArr3;
    }

    private static byte[] prependByteArrayWithControlByte(byte b, byte[] bArr) {
        byte[] bArr2 = new byte[bArr.length + 1];
        bArr2[0] = b;
        System.arraycopy(bArr, 0, bArr2, 1, bArr.length);
        return bArr2;
    }
}
