package com.ibm.nosql.wireListener.auth;

import com.ibm.nosql.db2wire.server.DB2Security;
import com.ibm.nosql.json.api.BasicDBObject;
import com.ibm.nosql.json.api.DBObject;
import com.ibm.nosql.json.util.Base64;
import com.ibm.nosql.socket.Listener;
import com.ibm.nosql.utils.RequestContext;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;

/* loaded from: input_file:com/ibm/nosql/wireListener/auth/Scram.class */
public class Scram {
    private static final SecureRandom RANDOM = new SecureRandom();
    private static String hAlgorithm = null;
    private static String hmacAlgorithm = null;
    private static final byte[] INT_1 = {0, 0, 0, 1};

    public static String getNextSalt(int i) {
        byte[] bArr = new byte[i];
        RANDOM.nextBytes(bArr);
        return getBase64String(bArr);
    }

    public static DBObject getScramCredentials(int i, String str) {
        BasicDBObject basicDBObject = new BasicDBObject();
        int i2 = 10000;
        int i3 = 16;
        if (i == DB2Security.AUTH_MECH_SHA_1) {
            hAlgorithm = "SHA-1";
            hmacAlgorithm = "HmacSHA1";
        } else {
            hAlgorithm = "SHA-256";
            hmacAlgorithm = "HmacSHA256";
            i2 = 15000;
            i3 = 28;
        }
        basicDBObject.put("iterationCount", Integer.valueOf(i2));
        String nextSalt = getNextSalt(i3);
        basicDBObject.put("salt", nextSalt);
        try {
            byte[] HI = HI(getUTF8Bytes(str), getBase64Bytes(nextSalt), i2);
            byte[] H = H(HMAC(HI, "Client Key"));
            byte[] HMAC = HMAC(HI, "Server Key");
            basicDBObject.put("storedKey", Base64.encode(H));
            basicDBObject.put("serverKey", Base64.encode(HMAC));
        } catch (SaslException e) {
            e.printStackTrace();
        }
        return basicDBObject;
    }

    private static byte[] H(byte[] bArr) throws SaslException {
        try {
            return MessageDigest.getInstance(hAlgorithm).digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new SaslException("Algorithm for " + hmacAlgorithm + " could not be found.", e);
        }
    }

    private static byte[] HMAC(byte[] bArr, String str) throws SaslException {
        try {
            Mac mac = Mac.getInstance(hmacAlgorithm);
            mac.init(new SecretKeySpec(bArr, hmacAlgorithm));
            return mac.doFinal(str.getBytes());
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            throw new SaslException("Could not initialize mac.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SaslException("Algorithm for " + hmacAlgorithm + " could not be found.", e2);
        }
    }

    private static byte[] HI(byte[] bArr, byte[] bArr2, int i) throws SaslException {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, hmacAlgorithm);
            Mac mac = Mac.getInstance(hmacAlgorithm);
            mac.init(secretKeySpec);
            mac.update(bArr2);
            mac.update(INT_1);
            byte[] doFinal = mac.doFinal();
            byte[] bArr3 = null;
            for (int i2 = 1; i2 < i; i2++) {
                mac.update(bArr3 != null ? bArr3 : doFinal);
                bArr3 = mac.doFinal();
                XOR(doFinal, bArr3);
            }
            return doFinal;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            throw new SaslException("Invalid key for " + hmacAlgorithm, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new SaslException("Algorithm for " + hmacAlgorithm + " could not be found.", e2);
        }
    }

    private static byte[] XOR(byte[] bArr, byte[] bArr2) {
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ bArr2[i]);
        }
        return bArr;
    }

    public static String verifyClientProof(RequestContext requestContext, String str) {
        UserAuthentication userAuthentication = requestContext.getUserAuthentication();
        String authMessage = userAuthentication.getAuthMessage();
        String storedKey = userAuthentication.getStoredKey();
        String serverKey = userAuthentication.getServerKey();
        int mechanism = userAuthentication.getMechanism();
        if (authMessage == null) {
            return null;
        }
        if (mechanism == DB2Security.AUTH_MECH_SHA_1) {
            hAlgorithm = "SHA-1";
            hmacAlgorithm = "HmacSHA1";
        } else {
            hAlgorithm = "SHA-256";
            hmacAlgorithm = "HmacSHA256";
        }
        try {
            byte[] H = H(XOR(HMAC(getBase64Bytes(storedKey), authMessage), getBase64Bytes(str)));
            byte[] HMAC = HMAC(getBase64Bytes(serverKey), authMessage);
            if (!MessageDigest.isEqual(H, getBase64Bytes(storedKey))) {
                throw new SaslException("Invalid client proof.");
            }
            userAuthentication.setAuthenticated(true);
            userAuthentication.removeAuthKeys();
            requestContext.setUserAuthentication(requestContext.getDBName(), userAuthentication);
            return getBase64String(HMAC);
        } catch (SaslException e) {
            e.printStackTrace();
            return null;
        }
    }

    private static byte[] getBase64Bytes(String str) {
        return Base64.decode(str.toCharArray(), str.length());
    }

    public static byte[] getUTF8Bytes(String str) throws SaslException {
        try {
            return str.getBytes(Listener.ENCODING_UTF8);
        } catch (UnsupportedEncodingException e) {
            throw new SaslException("UTF-8 is not a supported encoding.", e);
        }
    }

    private static String getBase64String(byte[] bArr) {
        return Base64.encode(bArr);
    }

    public static String getUTF8String(byte[] bArr) throws SaslException {
        try {
            return new String(bArr, Listener.ENCODING_UTF8);
        } catch (UnsupportedEncodingException e) {
            throw new SaslException("UTF-8 is not a supported encoding.", e);
        }
    }
}
