package org.apache.james.protocols.smtp.core.esmtp;

import com.google.common.base.Joiner;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.StringTokenizer;
import java.util.function.Function;
import org.apache.commons.lang3.StringUtils;
import org.apache.james.core.Username;
import org.apache.james.protocols.api.OidcSASLConfiguration;
import org.apache.james.protocols.api.Request;
import org.apache.james.protocols.api.Response;
import org.apache.james.protocols.api.handler.CommandHandler;
import org.apache.james.protocols.api.handler.ExtensibleHandler;
import org.apache.james.protocols.api.handler.LineHandler;
import org.apache.james.protocols.api.handler.WiringException;
import org.apache.james.protocols.smtp.SMTPResponse;
import org.apache.james.protocols.smtp.SMTPRetCode;
import org.apache.james.protocols.smtp.SMTPSession;
import org.apache.james.protocols.smtp.dsn.DSNStatus;
import org.apache.james.protocols.smtp.hook.AuthHook;
import org.apache.james.protocols.smtp.hook.HookResult;
import org.apache.james.protocols.smtp.hook.HookResultHook;
import org.apache.james.protocols.smtp.hook.HookReturnCode;
import org.apache.james.protocols.smtp.hook.MailParametersHook;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler.class */
public class AuthCmdHandler implements CommandHandler<SMTPSession>, EhloExtension, ExtensibleHandler, MailParametersHook {
    private static final String AUTH_TYPES_DELIMITER = " ";
    protected static final String AUTH_TYPE_PLAIN = "PLAIN";
    protected static final String AUTH_TYPE_LOGIN = "LOGIN";
    protected static final String AUTH_TYPE_OAUTHBEARER = "OAUTHBEARER";
    protected static final String AUTH_TYPE_XOAUTH2 = "XOAUTH2";
    private List<AuthHook> hooks;
    private List<HookResultHook> rHooks;
    private static final Collection<String> COMMANDS = ImmutableSet.of("AUTH");
    private static final Logger LOGGER = LoggerFactory.getLogger(CommandHandler.class);
    private static final String[] MAIL_PARAMS = {"AUTH"};
    private static final Response AUTH_ABORTED = new SMTPResponse(SMTPRetCode.SYNTAX_ERROR_ARGUMENTS, DSNStatus.getStatus(5, DSNStatus.SECURITY_AUTH) + " Authentication aborted").immutable();
    private static final Response ALREADY_AUTH = new SMTPResponse(SMTPRetCode.BAD_SEQUENCE, DSNStatus.getStatus(5, DSNStatus.DELIVERY_OTHER) + " User has previously authenticated.  Further authentication is not required!").immutable();
    private static final Response SYNTAX_ERROR = new SMTPResponse(SMTPRetCode.SYNTAX_ERROR_ARGUMENTS, DSNStatus.getStatus(5, DSNStatus.DELIVERY_INVALID_ARG) + " Usage: AUTH (authentication type) <challenge>").immutable();
    private static final Response AUTH_READY_PLAIN = new SMTPResponse(SMTPRetCode.AUTH_READY, "OK. Continue authentication").immutable();
    private static final Response AUTH_READY_USERNAME_LOGIN = new SMTPResponse(SMTPRetCode.AUTH_READY, "VXNlcm5hbWU6").immutable();
    private static final Response AUTH_READY_PASSWORD_LOGIN = new SMTPResponse(SMTPRetCode.AUTH_READY, "UGFzc3dvcmQ6").immutable();
    private static final Response AUTH_FAILED = new SMTPResponse(SMTPRetCode.AUTH_FAILED, "Authentication Failed").immutable();
    private static final Response UNKNOWN_AUTH_TYPE = new SMTPResponse(SMTPRetCode.PARAMETER_NOT_IMPLEMENTED, "Unrecognized Authentication Type").immutable();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$5, reason: invalid class name */
    /* loaded from: input_file:org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler$5.class */
    public static /* synthetic */ class AnonymousClass5 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action = new int[HookReturnCode.Action.values().length];

        static {
            try {
                $SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action[HookReturnCode.Action.DENY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action[HookReturnCode.Action.DENYSOFT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action[HookReturnCode.Action.OK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action[HookReturnCode.Action.DECLINED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action[HookReturnCode.Action.NONE.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/apache/james/protocols/smtp/core/esmtp/AuthCmdHandler$AbstractSMTPLineHandler.class */
    private static abstract class AbstractSMTPLineHandler implements LineHandler<SMTPSession> {
        private AbstractSMTPLineHandler() {
        }

        public Response onLine(SMTPSession sMTPSession, ByteBuffer byteBuffer) {
            byte[] bArr;
            String name = sMTPSession.getCharset().name();
            try {
                if (byteBuffer.hasArray()) {
                    bArr = byteBuffer.array();
                } else {
                    bArr = new byte[byteBuffer.remaining()];
                    byteBuffer.get(bArr);
                }
                return handleCommand(sMTPSession, new String(bArr, name));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException("No " + name + " support!");
            }
        }

        private Response handleCommand(SMTPSession sMTPSession, String str) {
            if (!str.equals("*\r\n")) {
                return onCommand(sMTPSession, str);
            }
            sMTPSession.popLineHandler();
            return AuthCmdHandler.AUTH_ABORTED;
        }

        protected abstract Response onCommand(SMTPSession sMTPSession, String str);
    }

    public Response onCommand(SMTPSession sMTPSession, Request request) {
        return doAUTH(sMTPSession, request.getArgument());
    }

    private Response doAUTH(SMTPSession sMTPSession, String str) {
        if (sMTPSession.getUsername() != null) {
            return ALREADY_AUTH;
        }
        if (str == null) {
            return SYNTAX_ERROR;
        }
        String str2 = null;
        if (str.indexOf(AUTH_TYPES_DELIMITER) > 0) {
            str2 = str.substring(str.indexOf(AUTH_TYPES_DELIMITER) + 1);
            str = str.substring(0, str.indexOf(AUTH_TYPES_DELIMITER));
        }
        String upperCase = str.toUpperCase(Locale.US);
        if (upperCase.equals(AUTH_TYPE_PLAIN) && sMTPSession.mo1getConfiguration().isPlainAuthEnabled()) {
            if (str2 != null) {
                return doPlainAuthPass(sMTPSession, str2.trim());
            }
            sMTPSession.pushLineHandler(new AbstractSMTPLineHandler() { // from class: org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.1
                @Override // org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.AbstractSMTPLineHandler
                protected Response onCommand(SMTPSession sMTPSession2, String str3) {
                    return AuthCmdHandler.this.doPlainAuthPass(sMTPSession2, str3);
                }
            });
            return AUTH_READY_PLAIN;
        }
        if (!upperCase.equals(AUTH_TYPE_LOGIN) || !sMTPSession.mo1getConfiguration().isPlainAuthEnabled()) {
            return ((upperCase.equals(AUTH_TYPE_OAUTHBEARER) || upperCase.equals(AUTH_TYPE_XOAUTH2)) && sMTPSession.supportsOAuth()) ? doSASLAuthentication(sMTPSession, str2) : doUnknownAuth(upperCase);
        }
        if (str2 != null) {
            return doLoginAuthPass(sMTPSession, str2.trim());
        }
        sMTPSession.pushLineHandler(new AbstractSMTPLineHandler() { // from class: org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.2
            @Override // org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.AbstractSMTPLineHandler
            protected Response onCommand(SMTPSession sMTPSession2, String str3) {
                return AuthCmdHandler.this.doLoginAuthPass(sMTPSession2, str3);
            }
        });
        return AUTH_READY_USERNAME_LOGIN;
    }

    private Response doSASLAuthentication(SMTPSession sMTPSession, String str) {
        return (Response) sMTPSession.mo1getConfiguration().saslConfiguration().map(oidcSASLConfiguration -> {
            return (Response) this.hooks.stream().flatMap(authHook -> {
                return Optional.ofNullable(executeHook(sMTPSession, authHook, authHook -> {
                    return authHook.doSasl(sMTPSession, oidcSASLConfiguration, str);
                })).stream();
            }).filter(response -> {
                return !SMTPRetCode.AUTH_FAILED.equals(response.getRetCode());
            }).findFirst().orElseGet(() -> {
                return failSasl(oidcSASLConfiguration, sMTPSession);
            });
        }).orElse(doUnknownAuth(AUTH_TYPE_OAUTHBEARER));
    }

    private Response failSasl(OidcSASLConfiguration oidcSASLConfiguration, SMTPSession sMTPSession) {
        String format = String.format("{\"status\":\"invalid_token\",\"scope\":\"%s\",\"schemes\":\"%s\"}", oidcSASLConfiguration.getScope(), oidcSASLConfiguration.getOidcConfigurationURL().toString());
        sMTPSession.pushLineHandler(new AbstractSMTPLineHandler() { // from class: org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.3
            @Override // org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.AbstractSMTPLineHandler
            protected Response onCommand(SMTPSession sMTPSession2, String str) {
                sMTPSession2.popLineHandler();
                return AuthCmdHandler.AUTH_FAILED;
            }
        });
        return new SMTPResponse(SMTPRetCode.AUTH_READY, Base64.getEncoder().encodeToString(format.getBytes()));
    }

    private Response doPlainAuthPass(SMTPSession sMTPSession, String str) {
        String str2 = null;
        String str3 = null;
        try {
            String decodeBase64 = decodeBase64(str);
            if (decodeBase64 != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(decodeBase64, "��");
                String nextToken = stringTokenizer.nextToken();
                str2 = stringTokenizer.nextToken();
                try {
                    str3 = stringTokenizer.nextToken();
                } catch (NoSuchElementException e) {
                    str3 = str2;
                    str2 = nextToken;
                }
            }
        } catch (Exception e2) {
        }
        Response doAuthTest = doAuthTest(sMTPSession, Username.of(str2), str3, AUTH_TYPE_PLAIN);
        sMTPSession.popLineHandler();
        return doAuthTest;
    }

    private String decodeBase64(String str) {
        if (str == null) {
            return null;
        }
        return new String(Base64.getDecoder().decode(StringUtils.replace(str, "\r\n", "")), StandardCharsets.UTF_8);
    }

    /* JADX WARN: Type inference failed for: r1v1, types: [org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler$4] */
    private Response doLoginAuthPass(SMTPSession sMTPSession, String str) {
        if (str != null) {
            try {
                str = decodeBase64(str);
            } catch (Exception e) {
                str = null;
            }
        }
        sMTPSession.popLineHandler();
        sMTPSession.pushLineHandler(new AbstractSMTPLineHandler() { // from class: org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.4
            private Username username;

            public LineHandler<SMTPSession> setUsername(Username username) {
                this.username = username;
                return this;
            }

            @Override // org.apache.james.protocols.smtp.core.esmtp.AuthCmdHandler.AbstractSMTPLineHandler
            protected Response onCommand(SMTPSession sMTPSession2, String str2) {
                return AuthCmdHandler.this.doLoginAuthPassCheck(sMTPSession2, this.username, str2);
            }
        }.setUsername(Username.of(str)));
        return AUTH_READY_PASSWORD_LOGIN;
    }

    private Response doLoginAuthPassCheck(SMTPSession sMTPSession, Username username, String str) {
        if (str != null) {
            try {
                str = decodeBase64(str);
            } catch (Exception e) {
                str = null;
            }
        }
        sMTPSession.popLineHandler();
        return doAuthTest(sMTPSession, username, str, AUTH_TYPE_LOGIN);
    }

    protected Response doAuthTest(SMTPSession sMTPSession, Username username, String str, String str2) {
        if (username == null || str == null) {
            return new SMTPResponse(SMTPRetCode.SYNTAX_ERROR_ARGUMENTS, "Could not decode parameters for AUTH " + str2);
        }
        List<AuthHook> hooks = getHooks();
        if (hooks != null) {
            Iterator<AuthHook> it = hooks.iterator();
            while (it.hasNext()) {
                Response executeHook = executeHook(sMTPSession, it.next(), authHook -> {
                    return authHook.doAuth(sMTPSession, username, str);
                });
                if (executeHook != null) {
                    if (SMTPRetCode.AUTH_FAILED.equals(executeHook.getRetCode())) {
                        LOGGER.info("AUTH method {} failed", str2);
                    } else if (SMTPRetCode.AUTH_OK.equals(executeHook.getRetCode())) {
                        LOGGER.debug("AUTH method {} succeeded", str2);
                    }
                    return executeHook;
                }
            }
        }
        Response response = AUTH_FAILED;
        LOGGER.error("AUTH method {} failed from {}@{}", new Object[]{str2, username, sMTPSession.getRemoteAddress().getAddress().getHostAddress()});
        return response;
    }

    private Response executeHook(SMTPSession sMTPSession, AuthHook authHook, Function<AuthHook, HookResult> function) {
        LOGGER.debug("executing  hook {}", authHook);
        long currentTimeMillis = System.currentTimeMillis();
        HookResult apply = function.apply(authHook);
        long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
        return calcDefaultSMTPResponse((HookResult) ((List) Optional.ofNullable(this.rHooks).orElse(ImmutableList.of())).stream().peek(hookResultHook -> {
            LOGGER.debug("executing  hook {}", hookResultHook);
        }).reduce(apply, (hookResult, hookResultHook2) -> {
            return hookResultHook2.onHookResult(sMTPSession, hookResult, currentTimeMillis2, authHook);
        }, (hookResult2, hookResult3) -> {
            throw new UnsupportedOperationException();
        }));
    }

    protected Response calcDefaultSMTPResponse(HookResult hookResult) {
        if (hookResult == null) {
            return null;
        }
        HookReturnCode result = hookResult.getResult();
        String str = (String) Optional.ofNullable(hookResult.getSmtpRetCode()).or(() -> {
            return retrieveDefaultSmtpReturnCode(result);
        }).orElse(null);
        String str2 = (String) Optional.ofNullable(hookResult.getSmtpDescription()).or(() -> {
            return retrieveDefaultSmtpDescription(result);
        }).orElse(null);
        if (!HookReturnCode.Action.ACTIVE_ACTIONS.contains(result.getAction())) {
            if (result.isDisconnected()) {
                return Response.DISCONNECT;
            }
            return null;
        }
        SMTPResponse sMTPResponse = new SMTPResponse(str, str2);
        if (result.isDisconnected()) {
            sMTPResponse.setEndSession(true);
        }
        return sMTPResponse;
    }

    private Optional<String> retrieveDefaultSmtpDescription(HookReturnCode hookReturnCode) {
        switch (AnonymousClass5.$SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action[hookReturnCode.getAction().ordinal()]) {
            case DSNStatus.ADDRESS /* 1 */:
                return Optional.of("Authentication Failed");
            case 2:
                return Optional.of("Temporary problem. Please try again later");
            case 3:
                return Optional.of("Authentication Succesfull");
            case 4:
            case 5:
            default:
                return Optional.empty();
        }
    }

    private Optional<String> retrieveDefaultSmtpReturnCode(HookReturnCode hookReturnCode) {
        switch (AnonymousClass5.$SwitchMap$org$apache$james$protocols$smtp$hook$HookReturnCode$Action[hookReturnCode.getAction().ordinal()]) {
            case DSNStatus.ADDRESS /* 1 */:
                return Optional.of(SMTPRetCode.AUTH_FAILED);
            case 2:
                return Optional.of(SMTPRetCode.LOCAL_ERROR);
            case 3:
                return Optional.of(SMTPRetCode.AUTH_OK);
            case 4:
            case 5:
            default:
                return Optional.empty();
        }
    }

    private Response doUnknownAuth(String str) {
        LOGGER.info("AUTH method {} is an unrecognized authentication type", str);
        return UNKNOWN_AUTH_TYPE;
    }

    public Collection<String> getImplCommands() {
        return COMMANDS;
    }

    @Override // org.apache.james.protocols.smtp.core.esmtp.EhloExtension
    public List<String> getImplementedEsmtpFeatures(SMTPSession sMTPSession) {
        if (!sMTPSession.isAuthAnnounced()) {
            return Collections.emptyList();
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        if (sMTPSession.mo1getConfiguration().isPlainAuthEnabled()) {
            builder.add(new String[]{AUTH_TYPE_LOGIN, AUTH_TYPE_PLAIN});
        }
        if (sMTPSession.mo1getConfiguration().saslConfiguration().isPresent()) {
            builder.add(AUTH_TYPE_OAUTHBEARER);
            builder.add(AUTH_TYPE_XOAUTH2);
        }
        ImmutableList build = builder.build();
        if (build.isEmpty()) {
            return Collections.emptyList();
        }
        String join = Joiner.on(AUTH_TYPES_DELIMITER).join(build);
        return ImmutableList.of("AUTH " + join, "AUTH=" + join);
    }

    public List<Class<?>> getMarkerInterfaces() {
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(AuthHook.class);
        return arrayList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void wireExtensions(Class<?> cls, List<?> list) throws WiringException {
        if (!AuthHook.class.equals(cls)) {
            if (HookResultHook.class.equals(cls)) {
                this.rHooks = list;
            }
        } else {
            this.hooks = list;
            if (this.hooks == null || this.hooks.size() == 0) {
                throw new WiringException("AuthCmdHandler used without AuthHooks");
            }
        }
    }

    protected List<AuthHook> getHooks() {
        return this.hooks;
    }

    @Override // org.apache.james.protocols.smtp.hook.MailParametersHook
    public HookResult doMailParameter(SMTPSession sMTPSession, String str, String str2) {
        return HookResult.DECLINED;
    }

    @Override // org.apache.james.protocols.smtp.hook.MailParametersHook
    public String[] getMailParamNames() {
        return MAIL_PARAMS;
    }
}
