package com.mysql.cj.sasl;

import com.alibaba.excel.constant.ExcelXmlConstants;
import com.mysql.cj.util.SaslPrep;
import com.mysql.cj.util.StringUtils;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

/* loaded from: input_file:WEB-INF/lib/mysql-connector-j-8.0.33.jar:com/mysql/cj/sasl/ScramShaSaslClient.class */
public abstract class ScramShaSaslClient implements SaslClient {
    protected static final int MINIMUM_ITERATIONS = 4096;
    protected static final String GS2_CBIND_FLAG = "n";
    protected static final byte[] CLIENT_KEY = "Client Key".getBytes();
    protected static final byte[] SERVER_KEY = "Server Key".getBytes();
    protected String authorizationId;
    protected String authenticationId;
    protected String password;
    protected ScramExchangeStage scramStage;
    protected String cNonce;
    protected String gs2Header;
    protected String clientFirstMessageBare;
    protected byte[] serverSignature;

    /* loaded from: input_file:WEB-INF/lib/mysql-connector-j-8.0.33.jar:com/mysql/cj/sasl/ScramShaSaslClient$ScramExchangeStage.class */
    protected enum ScramExchangeStage {
        TERMINATED(null),
        SERVER_FINAL(TERMINATED),
        SERVER_FIRST_CLIENT_FINAL(SERVER_FINAL),
        CLIENT_FIRST(SERVER_FIRST_CLIENT_FINAL);

        private ScramExchangeStage next;

        ScramExchangeStage(ScramExchangeStage scramExchangeStage) {
            this.next = scramExchangeStage;
        }

        public ScramExchangeStage getNext() {
            return this.next == null ? this : this.next;
        }
    }

    public ScramShaSaslClient(String str, String str2, String str3) throws SaslException {
        this.scramStage = ScramExchangeStage.CLIENT_FIRST;
        this.authorizationId = StringUtils.isNullOrEmpty(str) ? "" : str;
        this.authenticationId = StringUtils.isNullOrEmpty(str2) ? this.authorizationId : str2;
        if (StringUtils.isNullOrEmpty(this.authenticationId)) {
            throw new SaslException("The authenticationId cannot be null or empty.");
        }
        this.password = StringUtils.isNullOrEmpty(str3) ? "" : str3;
        this.scramStage = ScramExchangeStage.CLIENT_FIRST;
    }

    abstract String getIanaMechanismName();

    public boolean hasInitialResponse() {
        return true;
    }

    public byte[] evaluateChallenge(byte[] bArr) throws SaslException {
        try {
            try {
                switch (this.scramStage) {
                    case CLIENT_FIRST:
                        this.gs2Header = "n," + (StringUtils.isNullOrEmpty(this.authorizationId) ? "" : "a=" + prepUserName(this.authorizationId)) + ",";
                        this.cNonce = generateRandomPrintableAsciiString(32);
                        this.clientFirstMessageBare = "n=" + prepUserName(this.authenticationId) + ",r=" + this.cNonce;
                        byte[] bytes = StringUtils.getBytes(this.gs2Header + this.clientFirstMessageBare, "UTF-8");
                        this.scramStage = this.scramStage.getNext();
                        return bytes;
                    case SERVER_FIRST_CLIENT_FINAL:
                        String stringUtils = StringUtils.toString(bArr, StandardCharsets.UTF_8);
                        Map<String, String> parseChallenge = parseChallenge(stringUtils);
                        if (!parseChallenge.containsKey("r") || !parseChallenge.containsKey(ExcelXmlConstants.ATTRIBUTE_S) || !parseChallenge.containsKey("i")) {
                            throw new SaslException("Missing required SCRAM attribute from server first message.");
                        }
                        String str = parseChallenge.get("r");
                        if (!str.startsWith(this.cNonce)) {
                            throw new SaslException("Invalid server nonce for " + getIanaMechanismName() + " authentication.");
                        }
                        byte[] decode = Base64.getDecoder().decode(parseChallenge.get(ExcelXmlConstants.ATTRIBUTE_S));
                        int parseInt = Integer.parseInt(parseChallenge.get("i"));
                        if (parseInt < 4096) {
                            throw new SaslException("Announced " + getIanaMechanismName() + " iteration count is too low.");
                        }
                        String str2 = "c=" + Base64.getEncoder().encodeToString(StringUtils.getBytes(this.gs2Header, "UTF-8")) + ",r=" + str;
                        byte[] hi = hi(SaslPrep.prepare(this.password, SaslPrep.StringType.STORED), decode, parseInt);
                        byte[] hmac = hmac(hi, CLIENT_KEY);
                        byte[] h = h(hmac);
                        String str3 = this.clientFirstMessageBare + "," + stringUtils + "," + str2;
                        byte[] hmac2 = hmac(h, StringUtils.getBytes(str3, "UTF-8"));
                        byte[] bArr2 = (byte[]) hmac.clone();
                        xorInPlace(bArr2, hmac2);
                        String str4 = str2 + ",p=" + Base64.getEncoder().encodeToString(bArr2);
                        this.serverSignature = hmac(hmac(hi, SERVER_KEY), StringUtils.getBytes(str3, "UTF-8"));
                        byte[] bytes2 = StringUtils.getBytes(str4, "UTF-8");
                        this.scramStage = this.scramStage.getNext();
                        return bytes2;
                    case SERVER_FINAL:
                        Map<String, String> parseChallenge2 = parseChallenge(StringUtils.toString(bArr, "UTF-8"));
                        if (parseChallenge2.containsKey("e")) {
                            throw new SaslException("Authentication failed due to server error '" + parseChallenge2.get("e") + "'.");
                        }
                        if (!parseChallenge2.containsKey(ExcelXmlConstants.CELL_VALUE_TAG)) {
                            throw new SaslException("Missing required SCRAM attribute from server final message.");
                        }
                        if (MessageDigest.isEqual(this.serverSignature, Base64.getDecoder().decode(parseChallenge2.get(ExcelXmlConstants.CELL_VALUE_TAG)))) {
                            return null;
                        }
                        throw new SaslException(getIanaMechanismName() + " server signature could not be verified.");
                    default:
                        throw new SaslException("Unexpected SCRAM authentication message.");
                }
            } catch (Throwable th) {
                this.scramStage = ScramExchangeStage.TERMINATED;
                throw th;
            }
        } finally {
            this.scramStage = this.scramStage.getNext();
        }
    }

    public boolean isComplete() {
        return this.scramStage == ScramExchangeStage.TERMINATED;
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        throw new IllegalStateException("Integrity and/or privacy has not been negotiated.");
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        throw new IllegalStateException("Integrity and/or privacy has not been negotiated.");
    }

    public Object getNegotiatedProperty(String str) {
        return null;
    }

    public void dispose() throws SaslException {
    }

    private String prepUserName(String str) {
        return SaslPrep.prepare(str, SaslPrep.StringType.QUERY).replace("=", "=2D").replace(",", "=2C");
    }

    private Map<String, String> parseChallenge(String str) {
        HashMap hashMap = new HashMap();
        for (String str2 : str.split(",")) {
            String[] split = str2.split("=", 2);
            hashMap.put(split[0], split[1]);
        }
        return hashMap;
    }

    private String generateRandomPrintableAsciiString(int i) {
        SecureRandom secureRandom = new SecureRandom();
        char[] cArr = new char[i];
        int i2 = 0;
        while (i2 < i) {
            int nextInt = secureRandom.nextInt(93) + 33;
            if (nextInt != 44) {
                int i3 = i2;
                i2++;
                cArr[i3] = (char) nextInt;
            }
        }
        return new String(cArr);
    }

    abstract byte[] h(byte[] bArr);

    abstract byte[] hmac(byte[] bArr, byte[] bArr2);

    abstract byte[] hi(String str, byte[] bArr, int i);

    byte[] xorInPlace(byte[] bArr, byte[] bArr2) {
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ bArr2[i]);
        }
        return bArr;
    }
}
