package com.sun.mail.imap.protocol;

import com.sun.mail.auth.OAuth2SaslClientFactory;
import com.sun.mail.iap.Argument;
import com.sun.mail.iap.ProtocolException;
import com.sun.mail.iap.Response;
import com.sun.mail.util.ASCIIUtility;
import com.sun.mail.util.BASE64DecoderStream;
import com.sun.mail.util.BASE64EncoderStream;
import com.sun.mail.util.MailLogger;
import com.sun.mail.util.PropUtil;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Properties;
import java.util.logging.Level;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.sasl.RealmCallback;
import javax.security.sasl.RealmChoiceCallback;
import javax.security.sasl.Sasl;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;
import org.apache.batik.util.XMLConstants;

/* loaded from: input_file:WEB-INF/lib/javax.mail-1.5.6.jar:com/sun/mail/imap/protocol/IMAPSaslAuthenticator.class */
public class IMAPSaslAuthenticator implements SaslAuthenticator {
    private IMAPProtocol pr;
    private String name;
    private Properties props;
    private MailLogger logger;
    private String host;

    public IMAPSaslAuthenticator(IMAPProtocol iMAPProtocol, String str, Properties properties, MailLogger mailLogger, String str2) {
        this.pr = iMAPProtocol;
        this.name = str;
        this.props = properties;
        this.logger = mailLogger;
        this.host = str2;
    }

    @Override // com.sun.mail.imap.protocol.SaslAuthenticator
    public boolean authenticate(String[] strArr, final String str, String str2, final String str3, final String str4) throws ProtocolException {
        String str5;
        String str6;
        synchronized (this.pr) {
            ArrayList arrayList = new ArrayList();
            Response response = null;
            boolean z = false;
            if (this.logger.isLoggable(Level.FINE)) {
                this.logger.fine("SASL Mechanisms:");
                for (String str7 : strArr) {
                    this.logger.fine(" " + str7);
                }
                this.logger.fine("");
            }
            try {
                SaslClient createSaslClient = Sasl.createSaslClient(strArr, str2, this.name, this.host, this.props, new CallbackHandler() { // from class: com.sun.mail.imap.protocol.IMAPSaslAuthenticator.1
                    @Override // javax.security.auth.callback.CallbackHandler
                    public void handle(Callback[] callbackArr) {
                        if (IMAPSaslAuthenticator.this.logger.isLoggable(Level.FINE)) {
                            IMAPSaslAuthenticator.this.logger.fine("SASL callback length: " + callbackArr.length);
                        }
                        for (int i = 0; i < callbackArr.length; i++) {
                            if (IMAPSaslAuthenticator.this.logger.isLoggable(Level.FINE)) {
                                IMAPSaslAuthenticator.this.logger.fine("SASL callback " + i + ": " + callbackArr[i]);
                            }
                            if (callbackArr[i] instanceof NameCallback) {
                                ((NameCallback) callbackArr[i]).setName(str3);
                            } else if (callbackArr[i] instanceof PasswordCallback) {
                                ((PasswordCallback) callbackArr[i]).setPassword(str4.toCharArray());
                            } else if (callbackArr[i] instanceof RealmCallback) {
                                RealmCallback realmCallback = (RealmCallback) callbackArr[i];
                                realmCallback.setText(str != null ? str : realmCallback.getDefaultText());
                            } else if (callbackArr[i] instanceof RealmChoiceCallback) {
                                RealmChoiceCallback realmChoiceCallback = (RealmChoiceCallback) callbackArr[i];
                                if (str == null) {
                                    realmChoiceCallback.setSelectedIndex(realmChoiceCallback.getDefaultChoice());
                                } else {
                                    String[] choices = realmChoiceCallback.getChoices();
                                    int i2 = 0;
                                    while (true) {
                                        if (i2 >= choices.length) {
                                            break;
                                        }
                                        if (choices[i2].equals(str)) {
                                            realmChoiceCallback.setSelectedIndex(i2);
                                            break;
                                        }
                                        i2++;
                                    }
                                }
                            }
                        }
                    }
                });
                if (createSaslClient == null) {
                    this.logger.fine("No SASL support");
                    throw new UnsupportedOperationException("No SASL support");
                }
                if (this.logger.isLoggable(Level.FINE)) {
                    this.logger.fine("SASL client " + createSaslClient.getMechanismName());
                }
                try {
                    Argument argument = new Argument();
                    argument.writeAtom(createSaslClient.getMechanismName());
                    if (this.pr.hasCapability("SASL-IR") && createSaslClient.hasInitialResponse()) {
                        byte[] evaluateChallenge = createSaslClient.evaluateChallenge(new byte[0]);
                        if (evaluateChallenge.length > 0) {
                            byte[] encode = BASE64EncoderStream.encode(evaluateChallenge);
                            str6 = ASCIIUtility.toString(encode, 0, encode.length);
                        } else {
                            str6 = XMLConstants.XML_EQUAL_SIGN;
                        }
                        argument.writeAtom(str6);
                    }
                    String writeCommand = this.pr.writeCommand("AUTHENTICATE", argument);
                    OutputStream iMAPOutputStream = this.pr.getIMAPOutputStream();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    byte[] bArr = {13, 10};
                    boolean z2 = createSaslClient.getMechanismName().equals("XGWTRUSTEDAPP") && PropUtil.getBooleanProperty(this.props, new StringBuilder().append("mail.").append(this.name).append(".sasl.xgwtrustedapphack.enable").toString(), true);
                    while (!z) {
                        try {
                            response = this.pr.readResponse();
                            if (response.isContinuation()) {
                                byte[] bArr2 = null;
                                if (!createSaslClient.isComplete()) {
                                    byte[] newBytes = response.readByteArray().getNewBytes();
                                    if (newBytes.length > 0) {
                                        newBytes = BASE64DecoderStream.decode(newBytes);
                                    }
                                    if (this.logger.isLoggable(Level.FINE)) {
                                        this.logger.fine("SASL challenge: " + ASCIIUtility.toString(newBytes, 0, newBytes.length) + " :");
                                    }
                                    bArr2 = createSaslClient.evaluateChallenge(newBytes);
                                }
                                if (bArr2 == null) {
                                    this.logger.fine("SASL no response");
                                    iMAPOutputStream.write(bArr);
                                    iMAPOutputStream.flush();
                                    byteArrayOutputStream.reset();
                                } else {
                                    if (this.logger.isLoggable(Level.FINE)) {
                                        this.logger.fine("SASL response: " + ASCIIUtility.toString(bArr2, 0, bArr2.length) + " :");
                                    }
                                    byte[] encode2 = BASE64EncoderStream.encode(bArr2);
                                    if (z2) {
                                        byteArrayOutputStream.write(ASCIIUtility.getBytes("XGWTRUSTEDAPP "));
                                    }
                                    byteArrayOutputStream.write(encode2);
                                    byteArrayOutputStream.write(bArr);
                                    iMAPOutputStream.write(byteArrayOutputStream.toByteArray());
                                    iMAPOutputStream.flush();
                                    byteArrayOutputStream.reset();
                                }
                            } else if (response.isTagged() && response.getTag().equals(writeCommand)) {
                                z = true;
                            } else if (response.isBYE()) {
                                z = true;
                            } else {
                                arrayList.add(response);
                            }
                        } catch (Exception e) {
                            this.logger.log(Level.FINE, "SASL Exception", (Throwable) e);
                            response = Response.byeResponse(e);
                            z = true;
                        }
                    }
                    if (createSaslClient.isComplete() && (str5 = (String) createSaslClient.getNegotiatedProperty("javax.security.sasl.qop")) != null && (str5.equalsIgnoreCase("auth-int") || str5.equalsIgnoreCase("auth-conf"))) {
                        this.logger.fine("SASL Mechanism requires integrity or confidentiality");
                        return false;
                    }
                    this.pr.notifyResponseHandlers((Response[]) arrayList.toArray(new Response[arrayList.size()]));
                    this.pr.handleLoginResult(response);
                    this.pr.setCapabilities(response);
                    if (z2 && str2 != null) {
                        Argument argument2 = new Argument();
                        argument2.writeString(str2);
                        Response[] command = this.pr.command("LOGIN", argument2);
                        this.pr.notifyResponseHandlers(command);
                        this.pr.handleResult(command[command.length - 1]);
                        this.pr.setCapabilities(command[command.length - 1]);
                    }
                    return true;
                } catch (Exception e2) {
                    this.logger.log(Level.FINE, "SASL AUTHENTICATE Exception", (Throwable) e2);
                    return false;
                }
            } catch (SaslException e3) {
                this.logger.log(Level.FINE, "Failed to create SASL client", e3);
                throw new UnsupportedOperationException(e3.getMessage(), e3);
            }
        }
    }

    static {
        try {
            OAuth2SaslClientFactory.init();
        } catch (Throwable th) {
        }
    }
}
