package org.projecthaystack.auth;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import org.projecthaystack.util.Base64;
import org.projecthaystack.util.CryptoUtil;

/* loaded from: input_file:org/projecthaystack/auth/ScramScheme.class */
public final class ScramScheme extends AuthScheme {
    private static final int clientNonceBytes = 16;
    private static final String gs2_header = "n,,";

    public ScramScheme() {
        super("scram");
    }

    @Override // org.projecthaystack.auth.AuthScheme
    public AuthMsg onClient(AuthClientContext authClientContext, AuthMsg authMsg) {
        return authMsg.param("data", false) == null ? firstMsg(authClientContext, authMsg) : finalMsg(authClientContext, authMsg);
    }

    private AuthMsg firstMsg(AuthClientContext authClientContext, AuthMsg authMsg) {
        String genNonce = genNonce();
        String str = "n=" + authClientContext.user + ",r=" + genNonce;
        String str2 = gs2_header + str;
        authClientContext.stash.put("c_nonce", genNonce);
        authClientContext.stash.put("c1_bare", str);
        HashMap hashMap = new HashMap();
        hashMap.put("data", Base64.URI.encodeUTF8(str2));
        return new AuthMsg(this.name, injectHandshakeToken(authMsg, hashMap));
    }

    private AuthMsg finalMsg(AuthClientContext authClientContext, AuthMsg authMsg) {
        String decodeUTF8 = Base64.URI.decodeUTF8(authMsg.param("data"));
        Map decodeMsg = decodeMsg(decodeUTF8);
        String str = "c=" + Base64.URI.encodeUTF8(gs2_header) + ",r=" + ((String) decodeMsg.get("r"));
        String param = authMsg.param("hash");
        try {
            String str2 = str + ",p=" + createClientProof(param, pbk(param, authClientContext.pass, (String) decodeMsg.get("s"), Integer.parseInt((String) decodeMsg.get("i"))), strBytes(((String) authClientContext.stash.get("c1_bare")) + "," + decodeUTF8 + "," + str));
            HashMap hashMap = new HashMap();
            hashMap.put("data", Base64.URI.encodeUTF8(str2));
            return new AuthMsg(this.name, injectHandshakeToken(authMsg, hashMap));
        } catch (Exception e) {
            throw new AuthException("Failed to compute scram", e);
        }
    }

    @Override // org.projecthaystack.auth.AuthScheme
    public void onClientSuccess(AuthClientContext authClientContext, AuthMsg authMsg) {
        super.onClientSuccess(authClientContext, authMsg);
    }

    private String genNonce() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.URI.encodeBytes(bArr);
    }

    private static Map injectHandshakeToken(AuthMsg authMsg, Map map) {
        String param = authMsg.param("handshakeToken", false);
        if (param != null) {
            map.put("handshakeToken", param);
        }
        return map;
    }

    private static Map decodeMsg(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split(",")) {
            int indexOf = str2.indexOf(61);
            if (indexOf >= 0) {
                hashMap.put(str2.substring(0, indexOf), str2.substring(indexOf + 1));
            }
        }
        return hashMap;
    }

    private static byte[] pbk(String str, String str2, String str3, int i) throws Exception {
        String str4 = "PBKDF2WithHmac" + str.replace("-", "");
        int keyBits = keyBits(str) / 8;
        Base64.STANDARD.decodeBytes(str3);
        return CryptoUtil.pbk(str4, strBytes(str2), Base64.STANDARD.decodeBytes(str3), i, keyBits);
    }

    private static int keyBits(String str) {
        if ("SHA-1".equals(str)) {
            return 160;
        }
        if ("SHA-256".equals(str)) {
            return 256;
        }
        if ("SHA-512".equals(str)) {
            return 512;
        }
        throw new IllegalArgumentException("Unsupported hash function: " + str);
    }

    private static String createClientProof(String str, byte[] bArr, byte[] bArr2) throws Exception {
        byte[] hmac = CryptoUtil.hmac(str, strBytes("Client Key"), bArr);
        byte[] hmac2 = CryptoUtil.hmac(str, bArr2, MessageDigest.getInstance(str).digest(hmac));
        byte[] bArr3 = new byte[hmac.length];
        for (int i = 0; i < hmac.length; i++) {
            bArr3[i] = (byte) (hmac[i] ^ hmac2[i]);
        }
        return Base64.STANDARD.encodeBytes(bArr3);
    }

    private static byte[] strBytes(String str) throws UnsupportedEncodingException {
        return str.getBytes("UTF-8");
    }
}
