package org.apache.activemq.artemis.protocol.amqp.sasl.scram;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality;
import org.apache.activemq.artemis.spi.core.security.scram.ScramException;
import org.apache.activemq.artemis.spi.core.security.scram.ScramUtils;
import org.apache.activemq.artemis.spi.core.security.scram.UserData;
import org.fusesource.jansi.AnsiRenderer;

/* loaded from: input_file:org/apache/activemq/artemis/protocol/amqp/sasl/scram/ScramServerFunctionalityImpl.class */
public class ScramServerFunctionalityImpl implements ScramServerFunctionality {
    private static final Pattern CLIENT_FIRST_MESSAGE = Pattern.compile("^(([pny])=?([^,]*),([^,]*),)(m?=?[^,]*,?n=([^,]*),r=([^,]*),?.*)$");
    private static final Pattern CLIENT_FINAL_MESSAGE = Pattern.compile("(c=([^,]*),r=([^,]*)),p=(.*)$");
    private final String mServerPartNonce;
    private boolean mIsSuccessful;
    private ScramServerFunctionality.State mState;
    private String mClientFirstMessageBare;
    private String mNonce;
    private String mServerFirstMessage;
    private UserData mUserData;
    private final MessageDigest digest;
    private final Mac hmac;

    public ScramServerFunctionalityImpl(String str, String str2) throws NoSuchAlgorithmException {
        this(str, str2, UUID.randomUUID().toString());
    }

    public ScramServerFunctionalityImpl(String str, String str2, String str3) throws NoSuchAlgorithmException {
        this.mIsSuccessful = false;
        this.mState = ScramServerFunctionality.State.INITIAL;
        if (ScramUtils.isNullOrEmpty(str)) {
            throw new NullPointerException("digestName cannot be null or empty");
        }
        if (ScramUtils.isNullOrEmpty(str2)) {
            throw new NullPointerException("hmacName cannot be null or empty");
        }
        if (ScramUtils.isNullOrEmpty(str3)) {
            throw new NullPointerException("serverPartNonce cannot be null or empty");
        }
        this.digest = MessageDigest.getInstance(str);
        this.hmac = Mac.getInstance(str2);
        this.mServerPartNonce = str3;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public String handleClientFirstMessage(String str) throws ScramException {
        Matcher matcher = CLIENT_FIRST_MESSAGE.matcher(str);
        if (!matcher.matches()) {
            this.mState = ScramServerFunctionality.State.ENDED;
            throw new ScramException("Invalid message received");
        }
        this.mClientFirstMessageBare = matcher.group(5);
        String group = matcher.group(6);
        this.mNonce = matcher.group(7) + this.mServerPartNonce;
        this.mState = ScramServerFunctionality.State.FIRST_CLIENT_MESSAGE_HANDLED;
        return group;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public String prepareFirstMessage(UserData userData) {
        this.mUserData = userData;
        this.mState = ScramServerFunctionality.State.PREPARED_FIRST;
        this.mServerFirstMessage = String.format("r=%s,s=%s,i=%d", this.mNonce, userData.salt, Integer.valueOf(userData.iterations));
        return this.mServerFirstMessage;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public String prepareFinalMessage(String str) throws ScramException {
        String prepareFinalMessageUnchecked = prepareFinalMessageUnchecked(str);
        if (this.mIsSuccessful) {
            return prepareFinalMessageUnchecked;
        }
        throw new ScramException("client credentials missmatch");
    }

    public String prepareFinalMessageUnchecked(String str) throws ScramException {
        this.mState = ScramServerFunctionality.State.ENDED;
        Matcher matcher = CLIENT_FINAL_MESSAGE.matcher(str);
        if (!matcher.matches()) {
            throw new ScramException("Invalid message received");
        }
        String group = matcher.group(1);
        String group2 = matcher.group(3);
        String group3 = matcher.group(4);
        if (!this.mNonce.equals(group2)) {
            throw new ScramException("Nonce mismatch");
        }
        String str2 = this.mClientFirstMessageBare + AnsiRenderer.CODE_LIST_SEPARATOR + this.mServerFirstMessage + AnsiRenderer.CODE_LIST_SEPARATOR + group;
        byte[] decode = Base64.getDecoder().decode(this.mUserData.storedKey);
        byte[] computeHmac = ScramUtils.computeHmac(decode, this.hmac, str2);
        byte[] computeHmac2 = ScramUtils.computeHmac(Base64.getDecoder().decode(this.mUserData.serverKey), this.hmac, str2);
        byte[] bArr = (byte[]) computeHmac.clone();
        byte[] decode2 = Base64.getDecoder().decode(group3);
        for (int i = 0; i < bArr.length; i++) {
            int i2 = i;
            bArr[i2] = (byte) (bArr[i2] ^ decode2[i]);
        }
        this.mIsSuccessful = Arrays.equals(decode, this.digest.digest(bArr));
        return "v=" + Base64.getEncoder().encodeToString(computeHmac2);
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public boolean isSuccessful() {
        if (this.mState == ScramServerFunctionality.State.ENDED) {
            return this.mIsSuccessful;
        }
        throw new IllegalStateException("You cannot call this method before authentication is ended. Use isEnded() to check that");
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public boolean isEnded() {
        return this.mState == ScramServerFunctionality.State.ENDED;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public ScramServerFunctionality.State getState() {
        return this.mState;
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public MessageDigest getDigest() {
        try {
            return (MessageDigest) this.digest.clone();
        } catch (CloneNotSupportedException e) {
            try {
                return MessageDigest.getInstance(this.digest.getAlgorithm());
            } catch (NoSuchAlgorithmException e2) {
                throw new AssertionError(e2);
            }
        }
    }

    @Override // org.apache.activemq.artemis.protocol.amqp.sasl.scram.ScramServerFunctionality
    public Mac getHmac() {
        try {
            return (Mac) this.hmac.clone();
        } catch (CloneNotSupportedException e) {
            try {
                return Mac.getInstance(this.hmac.getAlgorithm());
            } catch (NoSuchAlgorithmException e2) {
                throw new AssertionError(e2);
            }
        }
    }
}
