package haven;

import haven.Config;
import haven.Digest;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

/* loaded from: input_file:haven/AuthClient.class */
public class AuthClient implements Closeable {
    public static final Config.Variable<Boolean> strictcert = Config.Variable.propb("haven.auth-cert-strict", true);
    private static final SslHelper ssl = new SslHelper();
    private final Socket sk;
    private final InputStream skin;
    private final OutputStream skout;

    /* loaded from: input_file:haven/AuthClient$Credentials.class */
    public static abstract class Credentials {

        /* loaded from: input_file:haven/AuthClient$Credentials$AuthException.class */
        public static class AuthException extends RuntimeException {
            public AuthException(String str) {
                super(str);
            }
        }

        public abstract String tryauth(AuthClient authClient) throws IOException;

        public abstract String name();

        public void discard() {
        }
    }

    /* loaded from: input_file:haven/AuthClient$NativeCred.class */
    public static class NativeCred extends Credentials {
        public final String username;
        private final byte[] pw;
        private final Runnable clean;

        public NativeCred(String str, byte[] bArr) {
            this.username = str;
            this.pw = bArr;
            this.clean = Finalizer.finalize(this, () -> {
                Arrays.fill(bArr, (byte) 0);
            });
        }

        public NativeCred(String str, String str2) {
            this(str, str2.getBytes(Utils.utf8));
        }

        @Override // haven.AuthClient.Credentials
        public String name() {
            return this.username;
        }

        /* JADX WARN: Type inference failed for: r1v11, types: [byte[], byte[][]] */
        public static byte[] prehash(byte[] bArr, Object[] objArr) {
            if (Utils.eq(objArr[0], "sha256")) {
                return Digest.hash(Digest.SHA256, new byte[]{bArr});
            }
            if (Utils.eq(objArr[0], "pbkdf2")) {
                return Digest.pbkdf2(Digest.HMAC.of(Digest.SHA256, bArr), (byte[]) objArr[2], 1 << Utils.iv(objArr[1]), 32);
            }
            throw new Credentials.AuthException("Unknown password prehash: " + objArr[0]);
        }

        private byte[] hashpw(AuthClient authClient) throws IOException {
            Message cmd = authClient.cmd("pwdata", this.username);
            String string = cmd.string();
            if (string.equals("no")) {
                throw new Credentials.AuthException(cmd.string());
            }
            if (!string.equals("ok")) {
                throw new RuntimeException("Unexpected reply " + string + " from auth server");
            }
            Object[] list = cmd.list();
            if (Utils.eq(list[0], "prehash")) {
                return prehash(this.pw, Utils.splice(list, 1));
            }
            if (!Utils.eq(list[0], "srp")) {
                return prehash(this.pw, list);
            }
            byte[] prehash = prehash(this.pw, (Object[]) list[1]);
            byte[] bArr = (byte[]) list[2];
            byte[] bArr2 = (byte[]) list[3];
            SrpAssertion srpAssertion = new SrpAssertion(prehash, bArr);
            MessageBuf messageBuf = new MessageBuf();
            messageBuf.addlist(srpAssertion.A, bArr2, srpAssertion.sign(bArr2));
            return messageBuf.fin();
        }

        @Override // haven.AuthClient.Credentials
        public String tryauth(AuthClient authClient) throws IOException {
            Message cmd = authClient.cmd("pw", this.username, hashpw(authClient));
            String string = cmd.string();
            if (string.equals("ok")) {
                return cmd.string();
            }
            if (string.equals("no")) {
                throw new Credentials.AuthException(cmd.string());
            }
            throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
        }

        @Override // haven.AuthClient.Credentials
        public void discard() {
            this.clean.run();
        }
    }

    /* loaded from: input_file:haven/AuthClient$SrpAssertion.class */
    public static class SrpAssertion {
        public static final Digest.Algorithm digest = Digest.SHA256;
        public static final BigInteger N = b2i(new byte[]{-1, -1, -1, -1, -1, -1, -1, -1, -55, 15, -38, -94, 33, 104, -62, 52, -60, -58, 98, -117, Byte.MIN_VALUE, -36, 28, -47, 41, 2, 78, 8, -118, 103, -52, 116, 2, 11, -66, -90, 59, 19, -101, 34, 81, 74, 8, 121, -114, 52, 4, -35, -17, -107, 25, -77, -51, 58, 67, 27, 48, 43, 10, 109, -14, 95, 20, 55, 79, -31, 53, 109, 109, 81, -62, 69, -28, -123, -75, 118, 98, 94, 126, -58, -12, 76, 66, -23, -90, 55, -19, 107, 11, -1, 92, -74, -12, 6, -73, -19, -18, 56, 107, -5, 90, -119, -97, -91, -82, -97, 36, 17, 124, 75, 31, -26, 73, 40, 102, 81, -20, -28, 91, 61, -62, 0, 124, -72, -95, 99, -65, 5, -104, -38, 72, 54, 28, 85, -45, -102, 105, 22, 63, -88, -3, 36, -49, 95, -125, 101, 93, 35, -36, -93, -83, -106, 28, 98, -13, 86, 32, -123, 82, -69, -98, -43, 41, 7, 112, -106, -106, 109, 103, 12, 53, 78, 74, -68, -104, 4, -15, 116, 108, 8, -54, 24, 33, 124, 50, -112, 94, 70, 46, 54, -50, 59, -29, -98, 119, 44, 24, 14, -122, 3, -101, 39, -125, -94, -20, 7, -94, -113, -75, -59, 93, -16, 111, 76, 82, -55, -34, 43, -53, -10, -107, 88, 23, 24, 57, -107, 73, 124, -22, -107, 106, -27, 21, -46, 38, 24, -104, -6, 5, 16, 21, 114, -114, 90, -118, -86, -60, 45, -83, 51, 23, 13, 4, 80, 122, 51, -88, 85, 33, -85, -33, 28, -70, 100, -20, -5, -123, 4, 88, -37, -17, 10, -118, -22, 113, 87, 93, 6, 12, 125, -77, -105, 15, -123, -90, -31, -28, -57, -85, -11, -82, -116, -37, 9, 51, -41, 30, -116, -108, -32, 74, 37, 97, -99, -50, -29, -46, 38, 26, -46, -18, 107, -15, 47, -6, 6, -39, -118, 8, 100, -40, 118, 2, 115, 62, -56, 106, 100, 82, 31, 43, 24, 23, 123, 32, 12, -69, -31, 23, 87, 122, 97, 93, 108, 119, 9, -120, -64, -70, -39, 70, -30, 8, -30, 79, -96, 116, -27, -85, 49, 67, -37, 91, -4, -32, -3, 16, -114, 75, -126, -47, 32, -87, 33, 8, 1, 26, 114, 60, 18, -89, -121, -26, -41, -120, 113, -102, 16, -67, -70, 91, 38, -103, -61, 39, 24, 106, -12, -30, 60, 26, -108, 104, 52, -74, 21, 11, -38, 37, -125, -23, -54, 42, -44, 76, -24, -37, -69, -62, -37, 4, -34, -114, -7, 46, -114, -4, 20, 31, -66, -54, -90, 40, 124, 89, 71, 78, 107, -64, 93, -103, -78, -106, 79, -96, -112, -61, -94, 35, 59, -95, -122, 81, 91, -25, -19, 31, 97, 41, 112, -50, -30, -41, -81, -72, 27, -35, 118, 33, 112, 72, 28, -48, 6, -111, 39, -43, -80, 90, -87, -109, -76, -22, -104, -115, -113, -35, -63, -122, -1, -73, -36, -112, -90, -64, -113, 77, -12, 53, -55, 52, 6, 49, -103, -1, -1, -1, -1, -1, -1, -1, -1});
        public static final BigInteger g = n(2);
        public static final BigInteger k = b2i(Digest.hash(digest, new byte[]{i2b(N), i2b(g)}));
        public final byte[] A;
        public final byte[] K;

        public static BigInteger n(long j) {
            return BigInteger.valueOf(j);
        }

        public static BigInteger b2i(byte[] bArr) {
            return new BigInteger(1, bArr);
        }

        public static byte[] i2b(BigInteger bigInteger) {
            byte[] byteArray = bigInteger.toByteArray();
            if (byteArray[0] == 0) {
                byteArray = Utils.splice(byteArray, 1);
            }
            return byteArray;
        }

        /* JADX WARN: Type inference failed for: r1v8, types: [byte[], byte[][]] */
        /* JADX WARN: Type inference failed for: r2v9, types: [byte[], byte[][]] */
        public SrpAssertion(byte[] bArr, byte[] bArr2) {
            BigInteger mod = b2i(bArr2).mod(N);
            if (mod.equals(n(0L))) {
                throw new Credentials.AuthException("Invalid SRP challenge");
            }
            BigInteger b2i = b2i(bArr);
            byte[] bArr3 = new byte[32];
            new SecureRandom().nextBytes(bArr3);
            BigInteger mod2 = b2i(bArr3).mod(N);
            BigInteger modPow = g.modPow(mod2, N);
            BigInteger modPow2 = mod.subtract(k.multiply(g.modPow(b2i, N))).mod(N).modPow(mod2.add(b2i(Digest.hash(digest, new byte[]{i2b(modPow), i2b(mod)})).multiply(b2i)), N);
            this.A = i2b(modPow);
            this.K = Digest.hash(digest, new byte[]{i2b(modPow2)});
        }

        /* JADX WARN: Type inference failed for: r1v3, types: [byte[], byte[][]] */
        public byte[] sign(byte[] bArr) {
            return Digest.hash(Digest.HMAC.of(Digest.SHA256, this.K), new byte[]{bArr});
        }
    }

    /* loaded from: input_file:haven/AuthClient$TokenCred.class */
    public static class TokenCred extends Credentials implements Serializable {
        public final String acctname;
        public final byte[] token;
        private final Runnable clean;

        public TokenCred(String str, byte[] bArr) {
            this.acctname = str;
            this.token = bArr;
            if (bArr.length != 32) {
                throw new IllegalArgumentException("Token must be 32 bytes");
            }
            this.clean = Finalizer.finalize(this, () -> {
                Arrays.fill(bArr, (byte) 0);
            });
        }

        @Override // haven.AuthClient.Credentials
        public String name() {
            return this.acctname;
        }

        @Override // haven.AuthClient.Credentials
        public String tryauth(AuthClient authClient) throws IOException {
            Message cmd = authClient.cmd("token", this.acctname, this.token);
            String string = cmd.string();
            if (string.equals("ok")) {
                return cmd.string();
            }
            if (string.equals("no")) {
                throw new Credentials.AuthException(cmd.string());
            }
            throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
        }

        @Override // haven.AuthClient.Credentials
        public void discard() {
            this.clean.run();
        }
    }

    /* loaded from: input_file:haven/AuthClient$TokenInfo.class */
    public static class TokenInfo {
        public byte[] id = new byte[0];
        public String desc = "";

        public TokenInfo id(byte[] bArr) {
            this.id = bArr;
            return this;
        }

        public TokenInfo desc(String str) {
            this.desc = str;
            return this;
        }

        public Object[] encode() {
            Object[] objArr = new Object[0];
            if (this.id.length > 0) {
                objArr = Utils.extend(objArr, new Object[]{new Object[]{"id", this.id}});
            }
            if (this.desc.length() > 0) {
                objArr = Utils.extend(objArr, new Object[]{new Object[]{"desc", this.desc}});
            }
            return objArr;
        }

        public static TokenInfo forhost() {
            TokenInfo tokenInfo = new TokenInfo();
            byte[] bArr = Utils.getprefb("token-id", tokenInfo.id);
            tokenInfo.id = bArr;
            if (bArr.length == 0) {
                tokenInfo.id = new byte[16];
                new SecureRandom().nextBytes(tokenInfo.id);
                Utils.setprefb("token-id", tokenInfo.id);
            }
            String str = Utils.getpref("token-desc", null);
            tokenInfo.desc = str;
            if (str == null) {
                try {
                    tokenInfo.desc = InetAddress.getLocalHost().getHostName();
                } catch (UnknownHostException e) {
                    tokenInfo.desc = "";
                }
            }
            return tokenInfo;
        }
    }

    public AuthClient(String str, int i) throws IOException {
        boolean z = false;
        SSLSocket connect = ssl.connect(str, i);
        try {
            if (strictcert.get().booleanValue()) {
                checkname(str, connect.getSession());
            }
            this.sk = connect;
            this.skin = connect.getInputStream();
            this.skout = connect.getOutputStream();
            z = true;
            if (1 == 0) {
                connect.close();
            }
        } catch (Throwable th) {
            if (!z) {
                connect.close();
            }
            throw th;
        }
    }

    private void checkname(String str, SSLSession sSLSession) throws IOException {
        Certificate certificate = sSLSession.getPeerCertificates()[0];
        String str2 = null;
        InetAddress inetAddress = null;
        try {
            inetAddress = Utils.inet_pton(str);
        } catch (IllegalArgumentException e) {
            str2 = str;
        }
        if (!(certificate instanceof X509Certificate)) {
            throw new SSLException("Unknown certificate type, cannot validate: " + certificate.getClass().getName());
        }
        try {
            Collection<List<?>> subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                throw new SSLException("Unnamed authentication server certificate");
            }
            for (List<?> list : subjectAlternativeNames) {
                int intValue = ((Number) list.get(0)).intValue();
                if (intValue == 2 && str2 != null) {
                    if (Utils.eq(list.get(1), str2)) {
                        return;
                    }
                } else if (intValue == 7 && inetAddress != null) {
                    try {
                        if (Utils.eq(Utils.inet_pton((String) list.get(1)), inetAddress)) {
                            return;
                        }
                    } catch (IllegalArgumentException e2) {
                    }
                }
            }
            throw new SSLException("Authentication server name mismatch");
        } catch (CertificateException e3) {
            throw new SSLException("Illegal authentication server certificate", e3);
        }
    }

    public SocketAddress address() {
        return this.sk.getRemoteSocketAddress();
    }

    public byte[] getcookie() throws IOException {
        Message cmd = cmd("cookie");
        String string = cmd.string();
        if (string.equals("ok")) {
            return cmd.bytes(32);
        }
        throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
    }

    public byte[] gettoken(TokenInfo tokenInfo) throws IOException {
        Message cmd = cmd("mktoken", tokenInfo.encode());
        String string = cmd.string();
        if (string.equals("ok")) {
            return cmd.bytes(32);
        }
        throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
    }

    public byte[] gettoken() throws IOException {
        return gettoken(TokenInfo.forhost());
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        this.sk.close();
    }

    private void sendmsg(MessageBuf messageBuf) throws IOException {
        if (messageBuf.size() > 65535) {
            throw new RuntimeException("Too long message in AuthClient (" + messageBuf.size() + " bytes)");
        }
        byte[] bArr = new byte[messageBuf.size() + 2];
        bArr[0] = (byte) ((messageBuf.size() & 65280) >> 8);
        bArr[1] = (byte) (messageBuf.size() & OCache.OD_END);
        messageBuf.fin(bArr, 2);
        this.skout.write(bArr);
    }

    private void esendmsg(Object... objArr) throws IOException {
        MessageBuf messageBuf = new MessageBuf();
        for (Object obj : objArr) {
            if (obj instanceof String) {
                messageBuf.addstring((String) obj);
            } else if (obj instanceof byte[]) {
                messageBuf.addbytes((byte[]) obj);
            } else {
                if (!(obj instanceof Object[])) {
                    throw new RuntimeException("Illegal argument to esendmsg: " + obj.getClass());
                }
                messageBuf.addlist((Object[]) obj);
            }
        }
        sendmsg(messageBuf);
    }

    private static void readall(InputStream inputStream, byte[] bArr) throws IOException {
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= bArr.length) {
                return;
            }
            int read = inputStream.read(bArr, i2, bArr.length - i2);
            if (read < 0) {
                throw new IOException("Premature end of input");
            }
            i = i2 + read;
        }
    }

    private Message recvmsg() throws IOException {
        byte[] bArr = new byte[2];
        readall(this.skin, bArr);
        byte[] bArr2 = new byte[(Utils.ub(bArr[0]) << 8) | Utils.ub(bArr[1])];
        readall(this.skin, bArr2);
        return new MessageBuf(bArr2);
    }

    public Message cmd(Object... objArr) throws IOException {
        esendmsg(objArr);
        return recvmsg();
    }

    public static void main(final String[] strArr) throws Exception {
        HackThread hackThread = new HackThread(new Runnable() { // from class: haven.AuthClient.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    AuthClient authClient = new AuthClient("127.0.0.1", 1871);
                    try {
                        String tryauth = new NativeCred(strArr[0], strArr[1]).tryauth(authClient);
                        if (tryauth == null) {
                            System.err.println("failed");
                            return;
                        }
                        System.out.println(tryauth);
                        System.out.println(Utils.byte2hex(authClient.getcookie()));
                        authClient.close();
                    } finally {
                        authClient.close();
                    }
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        }, "Test");
        hackThread.start();
        hackThread.join();
    }

    static {
        try {
            ssl.trust(Resource.class.getResourceAsStream("authsrv.crt"));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
