package org.redkalex.source.pgsql;

import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.redkale.net.client.ClientConnection;
import org.redkale.source.SourceException;
import org.redkale.util.ByteArray;
import org.redkalex.source.mysql.MysqlType;

/* loaded from: input_file:org/redkalex/source/pgsql/PgReqAuthScramSaslFinal.class */
public class PgReqAuthScramSaslFinal extends PgClientRequest {
    private static final byte[] CLIENT_KEY_HMAC_KEY = "Client Key".getBytes(StandardCharsets.UTF_8);
    private static final byte[] SERVER_KEY_HMAC_KEY = "Server Key".getBytes(StandardCharsets.UTF_8);
    protected final PgReqAuthScramSaslContinueResult bean;
    protected String authMessage;
    protected byte[] serverKey;
    protected String clientFinalMessage;

    public PgReqAuthScramSaslFinal(PgReqAuthScramSaslContinueResult pgReqAuthScramSaslContinueResult) {
        this.bean = pgReqAuthScramSaslContinueResult;
        String str = pgReqAuthScramSaslContinueResult.clientNonce + pgReqAuthScramSaslContinueResult.serverNonce;
        byte[] saltedPassword = saltedPassword(pgReqAuthScramSaslContinueResult.password, Base64.getDecoder().decode(pgReqAuthScramSaslContinueResult.salt), pgReqAuthScramSaslContinueResult.iteration);
        byte[] hmac = hmac(saltedPassword, CLIENT_KEY_HMAC_KEY);
        this.serverKey = hmac(saltedPassword, SERVER_KEY_HMAC_KEY);
        byte[] digest = digest(hmac);
        String str2 = "n=" + PgReqAuthScramPassword.toSaslName(pgReqAuthScramSaslContinueResult.username) + ",r=" + pgReqAuthScramSaslContinueResult.clientNonce;
        String str3 = "c=" + Base64.getEncoder().encodeToString("n,,".getBytes(StandardCharsets.UTF_8)) + ",r=" + str;
        this.authMessage = str2 + "," + pgReqAuthScramSaslContinueResult.saslmsg + "," + str3;
        this.clientFinalMessage = str3 + ",p=" + Base64.getEncoder().encodeToString(xor(hmac, hmac(digest, this.authMessage.getBytes(StandardCharsets.UTF_8))));
    }

    @Override // org.redkalex.source.pgsql.PgClientRequest
    public int getType() {
        return 2;
    }

    public void checkFinal(String str, ByteBuffer byteBuffer) {
        String[] split = str.split(",");
        if (!split[0].startsWith("v=")) {
            if (!split[0].startsWith("e=")) {
                throw new IllegalArgumentException("Invalid server SCRAM message");
            }
            throw new IllegalArgumentException(split[0].substring(2));
        }
        if (!Arrays.equals(hmac(this.serverKey, this.authMessage.getBytes(StandardCharsets.UTF_8)), Base64.getDecoder().decode(split[0].substring(2)))) {
            throw new IllegalArgumentException("Invalid server SCRAM signature in " + split[0] + ", buffer.remain = " + byteBuffer.remaining());
        }
    }

    public String toString() {
        return "PgReqAuthScramSaslFinal_" + Objects.hashCode(this) + "{msg=" + this.clientFinalMessage + "}";
    }

    public void writeTo(ClientConnection clientConnection, ByteArray byteArray) {
        byteArray.putByte('p');
        int length = byteArray.length();
        byteArray.putInt(0);
        byteArray.put(this.clientFinalMessage.getBytes(StandardCharsets.UTF_8));
        byteArray.putInt(length, byteArray.length() - length);
    }

    protected static byte[] xor(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    protected static byte[] digest(byte[] bArr) {
        try {
            return MessageDigest.getInstance("SHA-256").digest(bArr);
        } catch (Exception e) {
            throw new SourceException(e);
        }
    }

    protected static byte[] hmac(byte[] bArr, byte[] bArr2) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            return mac.doFinal(bArr2);
        } catch (Exception e) {
            throw new SourceException(e);
        }
    }

    protected static byte[] saltedPassword(String str, byte[] bArr, int i) {
        try {
            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec((str == null ? "" : str).toCharArray(), bArr, i, MysqlType.ColumnFlags.ENUM_FLAG)).getEncoded();
        } catch (Exception e) {
            throw new SourceException(e);
        }
    }
}
