package haven;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;

/* loaded from: input_file:haven/AuthClient.class */
public class AuthClient {
    private static final SslHelper ssl = new SslHelper();
    private final Socket sk;
    private final InputStream skin;
    private final OutputStream skout;

    /* loaded from: input_file:haven/AuthClient$Credentials.class */
    public static abstract class Credentials implements Serializable {

        /* loaded from: input_file:haven/AuthClient$Credentials$AuthException.class */
        public static class AuthException extends RuntimeException {
            public AuthException(String str) {
                super(str);
            }
        }

        public abstract String tryauth(AuthClient authClient) throws IOException;

        public abstract String name();

        public void discard() {
        }

        protected void finalize() {
            discard();
        }
    }

    /* loaded from: input_file:haven/AuthClient$NativeCred.class */
    public static class NativeCred extends Credentials {
        public final String username;
        private byte[] phash;

        public NativeCred(String str, byte[] bArr) {
            this.username = str;
            this.phash = bArr;
            if (bArr.length != 32) {
                throw new IllegalArgumentException("Password hash must be 32 bytes");
            }
        }

        private static byte[] ohdearjava(String str) {
            try {
                return AuthClient.digest(str.getBytes("utf-8"));
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        }

        public NativeCred(String str, String str2) {
            this(str, ohdearjava(str2));
        }

        @Override // haven.AuthClient.Credentials
        public String name() {
            return this.username;
        }

        @Override // haven.AuthClient.Credentials
        public String tryauth(AuthClient authClient) throws IOException {
            Message cmd = authClient.cmd("pw", this.username, this.phash);
            String string = cmd.string();
            if (string.equals("ok")) {
                return cmd.string();
            }
            if (string.equals("no")) {
                throw new Credentials.AuthException(cmd.string());
            }
            throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
        }

        @Override // haven.AuthClient.Credentials
        public void discard() {
            if (this.phash != null) {
                for (int i = 0; i < this.phash.length; i++) {
                    this.phash[i] = 0;
                }
                this.phash = null;
            }
        }
    }

    /* loaded from: input_file:haven/AuthClient$TokenCred.class */
    public static class TokenCred extends Credentials {
        public final String acctname;
        public final byte[] token;

        public TokenCred(String str, byte[] bArr) {
            this.acctname = str;
            this.token = bArr;
            if (bArr.length != 32) {
                throw new IllegalArgumentException("Token must be 32 bytes");
            }
        }

        @Override // haven.AuthClient.Credentials
        public String name() {
            return this.acctname;
        }

        @Override // haven.AuthClient.Credentials
        public String tryauth(AuthClient authClient) throws IOException {
            Message cmd = authClient.cmd("token", this.acctname, this.token);
            String string = cmd.string();
            if (string.equals("ok")) {
                return cmd.string();
            }
            if (string.equals("no")) {
                throw new Credentials.AuthException(cmd.string());
            }
            throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
        }
    }

    public AuthClient(String str, int i) throws IOException {
        boolean z = false;
        SSLSocket connect = ssl.connect(str, i);
        try {
            if (Config.authcertstrict) {
                checkname(str, connect.getSession());
            }
            this.sk = connect;
            this.skin = connect.getInputStream();
            this.skout = connect.getOutputStream();
            z = true;
            if (1 == 0) {
                connect.close();
            }
        } catch (Throwable th) {
            if (!z) {
                connect.close();
            }
            throw th;
        }
    }

    private void checkname(String str, SSLSession sSLSession) throws IOException {
        Certificate certificate = sSLSession.getPeerCertificates()[0];
        String str2 = null;
        InetAddress inetAddress = null;
        try {
            inetAddress = Utils.inet_pton(str);
        } catch (IllegalArgumentException e) {
            str2 = str;
        }
        if (!(certificate instanceof X509Certificate)) {
            throw new SSLException("Unknown certificate type, cannot validate: " + certificate.getClass().getName());
        }
        try {
            Collection<List<?>> subjectAlternativeNames = ((X509Certificate) certificate).getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                throw new SSLException("Unnamed authentication server certificate");
            }
            for (List<?> list : subjectAlternativeNames) {
                int intValue = ((Number) list.get(0)).intValue();
                if (intValue == 2 && str2 != null) {
                    if (Utils.eq(list.get(1), str2)) {
                        return;
                    }
                } else if (intValue == 7 && inetAddress != null) {
                    try {
                        if (Utils.eq(Utils.inet_pton((String) list.get(1)), inetAddress)) {
                            return;
                        }
                    } catch (IllegalArgumentException e2) {
                    }
                }
            }
            throw new SSLException("Authentication server name mismatch");
        } catch (CertificateException e3) {
            throw new SSLException("Illegal authentication server certificate", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] digest(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public String trypasswd(String str, byte[] bArr) throws IOException {
        Message cmd = cmd("pw", str, bArr);
        String string = cmd.string();
        if (string.equals("ok")) {
            return cmd.string();
        }
        if (string.equals("no")) {
            return null;
        }
        throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
    }

    public String trytoken(String str, byte[] bArr) throws IOException {
        Message cmd = cmd("token", str, bArr);
        String string = cmd.string();
        if (string.equals("ok")) {
            return cmd.string();
        }
        if (string.equals("no")) {
            return null;
        }
        throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
    }

    public byte[] getcookie() throws IOException {
        Message cmd = cmd("cookie");
        String string = cmd.string();
        if (string.equals("ok")) {
            return cmd.bytes(32);
        }
        throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
    }

    public byte[] gettoken() throws IOException {
        Message cmd = cmd("mktoken");
        String string = cmd.string();
        if (string.equals("ok")) {
            return cmd.bytes(32);
        }
        throw new RuntimeException("Unexpected reply `" + string + "' from auth server");
    }

    public void close() throws IOException {
        this.sk.close();
    }

    private void sendmsg(Message message) throws IOException {
        if (message.blob.length > 65535) {
            throw new RuntimeException("Too long message in AuthClient (" + message.blob.length + " bytes)");
        }
        byte[] bArr = new byte[message.blob.length + 2];
        bArr[0] = (byte) ((message.blob.length & 65280) >> 8);
        bArr[1] = (byte) (message.blob.length & Session.OD_END);
        System.arraycopy(message.blob, 0, bArr, 2, message.blob.length);
        this.skout.write(bArr);
    }

    private void esendmsg(Object... objArr) throws IOException {
        Message message = new Message(0);
        for (Object obj : objArr) {
            if (obj instanceof String) {
                message.addstring((String) obj);
            } else {
                if (!(obj instanceof byte[])) {
                    throw new RuntimeException("Illegal argument to esendmsg: " + obj.getClass());
                }
                message.addbytes((byte[]) obj);
            }
        }
        sendmsg(message);
    }

    private static void readall(InputStream inputStream, byte[] bArr) throws IOException {
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= bArr.length) {
                return;
            }
            int read = inputStream.read(bArr, i2, bArr.length - i2);
            if (read < 0) {
                throw new IOException("Premature end of input");
            }
            i = i2 + read;
        }
    }

    private Message recvmsg() throws IOException {
        byte[] bArr = new byte[2];
        readall(this.skin, bArr);
        byte[] bArr2 = new byte[(Utils.ub(bArr[0]) << 8) | Utils.ub(bArr[1])];
        readall(this.skin, bArr2);
        return new Message(0, bArr2);
    }

    public Message cmd(Object... objArr) throws IOException {
        esendmsg(objArr);
        return recvmsg();
    }

    public static void main(final String[] strArr) throws Exception {
        HackThread hackThread = new HackThread(new Runnable() { // from class: haven.AuthClient.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    AuthClient authClient = new AuthClient("127.0.0.1", 1871);
                    try {
                        String tryauth = new NativeCred(strArr[0], strArr[1]).tryauth(authClient);
                        if (tryauth == null) {
                            System.err.println("failed");
                            return;
                        }
                        System.out.println(tryauth);
                        System.out.println(Utils.byte2hex(authClient.getcookie()));
                        authClient.close();
                    } finally {
                        authClient.close();
                    }
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }
        }, "Test");
        hackThread.start();
        hackThread.join();
    }

    static {
        try {
            ssl.trust(Resource.class.getResourceAsStream("authsrv.crt"));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
