package io.mapsmessaging.security.sasl.provider.scram;

import io.mapsmessaging.security.passwords.PasswordHandler;
import io.mapsmessaging.security.sasl.provider.scram.crypto.CryptoHelper;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;

/* loaded from: input_file:io/mapsmessaging/security/sasl/provider/scram/SessionContext.class */
public class SessionContext {
    private static final String[] HMAC_NAMES = {"sha3", "sha"};
    private boolean receivedClientMessage = false;
    private String clientNonce;
    private String serverNonce;
    private byte[] passwordSalt;
    private String username;
    private State state;
    private int iterations;
    private String prepPassword;
    private Mac mac;
    private String algorithm;
    private int keySize;
    private PasswordHandler passwordHasher;
    private String initialClientChallenge;
    private String initialServerChallenge;
    private byte[] clientKey;
    private byte[] storedKey;
    private byte[] clientSignature;
    private byte[] clientProof;
    private byte[] serverSignature;

    public void reset() {
        this.mac.reset();
        this.state = null;
        this.mac = null;
        this.passwordHasher = null;
        this.username = "";
        this.passwordSalt = new byte[0];
        this.clientNonce = "";
        this.serverNonce = "";
        this.initialServerChallenge = "";
        this.algorithm = "";
        this.keySize = 0;
        this.prepPassword = "";
        Arrays.fill(this.clientKey, (byte) 0);
        Arrays.fill(this.clientSignature, (byte) 0);
        Arrays.fill(this.storedKey, (byte) 0);
        Arrays.fill(this.serverSignature, (byte) 0);
    }

    public void setServerNonce(String str) throws SaslException {
        if (!str.startsWith(this.clientNonce)) {
            throw new SaslException("Server Nonce must start with client nonce");
        }
        this.serverNonce = str;
    }

    public void setMac(Mac mac) {
        this.mac = mac;
        this.algorithm = mac.getAlgorithm().substring("hmac".length());
        String replace = this.algorithm.toLowerCase().replace("-", "");
        String str = "";
        String[] strArr = HMAC_NAMES;
        int length = strArr.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str2 = strArr[i];
            if (replace.startsWith(str2)) {
                str = replace.substring(str2.length());
                break;
            }
            i++;
        }
        this.keySize = Integer.parseInt(str);
    }

    public byte[] generateSaltedPassword(byte[] bArr, byte[] bArr2, int i) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA" + this.keySize).generateSecret(new PBEKeySpec(new String(bArr).toCharArray(), bArr2, i, this.keySize)).getEncoded();
    }

    public byte[] computeHmac(byte[] bArr, String str) throws InvalidKeyException {
        this.mac.reset();
        this.mac.init(new SecretKeySpec(bArr, this.mac.getAlgorithm()));
        this.mac.update(str.getBytes(StandardCharsets.UTF_8));
        return this.mac.doFinal();
    }

    public void computeServerSignature(byte[] bArr, String str) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException {
        this.serverSignature = computeHmac(CryptoHelper.findDigest(this.algorithm).digest(computeHmac(generateSaltedPassword(bArr, Base64.getDecoder().decode(this.passwordSalt), this.iterations), "Server Key")), str);
    }

    public void computeClientKey(byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException {
        this.clientKey = computeHmac(generateSaltedPassword(bArr, Base64.getDecoder().decode(this.passwordSalt), this.iterations), "Client Key");
    }

    public void computeStoredKeyAndSignature(String str) throws NoSuchAlgorithmException, InvalidKeyException {
        this.storedKey = CryptoHelper.findDigest(this.algorithm).digest(this.clientKey);
        this.clientSignature = computeHmac(this.storedKey, str);
    }

    public void computeClientHashes(String str, String str2) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException {
        computeClientKey(str.getBytes(StandardCharsets.UTF_8));
        computeStoredKeyAndSignature(str2);
        this.clientProof = (byte[]) this.clientKey.clone();
        for (int i = 0; i < this.clientProof.length; i++) {
            byte[] bArr = this.clientProof;
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ this.clientSignature[i]);
        }
    }

    public boolean isReceivedClientMessage() {
        return this.receivedClientMessage;
    }

    public String getClientNonce() {
        return this.clientNonce;
    }

    public String getServerNonce() {
        return this.serverNonce;
    }

    public byte[] getPasswordSalt() {
        return this.passwordSalt;
    }

    public String getUsername() {
        return this.username;
    }

    public State getState() {
        return this.state;
    }

    public int getIterations() {
        return this.iterations;
    }

    public String getPrepPassword() {
        return this.prepPassword;
    }

    public Mac getMac() {
        return this.mac;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public int getKeySize() {
        return this.keySize;
    }

    public PasswordHandler getPasswordHasher() {
        return this.passwordHasher;
    }

    public String getInitialClientChallenge() {
        return this.initialClientChallenge;
    }

    public String getInitialServerChallenge() {
        return this.initialServerChallenge;
    }

    public byte[] getClientKey() {
        return this.clientKey;
    }

    public byte[] getStoredKey() {
        return this.storedKey;
    }

    public byte[] getClientSignature() {
        return this.clientSignature;
    }

    public byte[] getClientProof() {
        return this.clientProof;
    }

    public byte[] getServerSignature() {
        return this.serverSignature;
    }

    public void setReceivedClientMessage(boolean z) {
        this.receivedClientMessage = z;
    }

    public void setClientNonce(String str) {
        this.clientNonce = str;
    }

    public void setPasswordSalt(byte[] bArr) {
        this.passwordSalt = bArr;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public void setState(State state) {
        this.state = state;
    }

    public void setIterations(int i) {
        this.iterations = i;
    }

    public void setPrepPassword(String str) {
        this.prepPassword = str;
    }

    public void setAlgorithm(String str) {
        this.algorithm = str;
    }

    public void setKeySize(int i) {
        this.keySize = i;
    }

    public void setPasswordHasher(PasswordHandler passwordHandler) {
        this.passwordHasher = passwordHandler;
    }

    public void setInitialClientChallenge(String str) {
        this.initialClientChallenge = str;
    }

    public void setInitialServerChallenge(String str) {
        this.initialServerChallenge = str;
    }

    public void setClientKey(byte[] bArr) {
        this.clientKey = bArr;
    }

    public void setStoredKey(byte[] bArr) {
        this.storedKey = bArr;
    }

    public void setClientSignature(byte[] bArr) {
        this.clientSignature = bArr;
    }

    public void setClientProof(byte[] bArr) {
        this.clientProof = bArr;
    }

    public void setServerSignature(byte[] bArr) {
        this.serverSignature = bArr;
    }
}
