package org.firebirdsql.gds.ng.wire.auth;

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.sql.SQLException;
import java.util.Arrays;
import org.firebirdsql.gds.ISCConstants;
import org.firebirdsql.gds.JaybirdErrorCodes;
import org.firebirdsql.gds.VaxEncoding;
import org.firebirdsql.gds.ng.FbExceptionBuilder;
import org.firebirdsql.util.ByteArrayHelper;

/* loaded from: input_file:org/firebirdsql/gds/ng/wire/auth/SrpClient.class */
public final class SrpClient {
    private static final int SRP_KEY_SIZE = 128;
    private static final int SRP_SALT_SIZE = 32;
    private static final int EXPECTED_AUTH_DATA_LENGTH = 324;
    private static final BigInteger N = new BigInteger("E67D2E994B2F900C3F41F08F5BB2627ED0D49EE1FE767A52EFCD565CD6E768812C3E1E9CE8F0A8BEA6CB13CD29DDEBF7A96D4A93B55D488DF099A15C89DCB0640738EB2CBDD9A8F7BAB561AB1B0DC1C6CDABF303264A08D1BCA932D1F1EE428B619D970F342ABA9A65793B8B2F041AE5364350C16F735F56ECBCA87BD57B29E7", 16);
    private static final BigInteger g = new BigInteger("2");
    private static final BigInteger k = new BigInteger("1277432915985975349439481660349303019122249719989");
    private static final SecureRandom random = new SecureRandom();
    private static final byte SEPARATOR_BYTE = 58;
    private final MessageDigest sha1Md;
    private final String clientProofHashAlgorithm;
    private byte[] sessionKey;
    private final BigInteger privateKey = getSecret();
    private final BigInteger publicKey = g.modPow(this.privateKey, N);

    /* loaded from: input_file:org/firebirdsql/gds/ng/wire/auth/SrpClient$KeyPair.class */
    static class KeyPair {
        private BigInteger pub;
        private BigInteger secret;

        private KeyPair(BigInteger bigInteger, BigInteger bigInteger2) {
            this.pub = bigInteger;
            this.secret = bigInteger2;
        }

        BigInteger getPublicKey() {
            return this.pub;
        }

        BigInteger getPrivateKey() {
            return this.secret;
        }
    }

    public SrpClient(String str) {
        this.clientProofHashAlgorithm = str;
        try {
            this.sha1Md = MessageDigest.getInstance("SHA-1");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("SHA-1 MessageDigest not available", e);
        }
    }

    private static BigInteger fromBigByteArray(byte[] bArr) {
        return new BigInteger(1, bArr);
    }

    private static byte[] toBigByteArray(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        if (byteArray[0] != 0) {
            return byteArray;
        }
        int i = 1;
        while (byteArray[i] == 0) {
            i++;
        }
        return Arrays.copyOfRange(byteArray, i, byteArray.length);
    }

    private static String padHexBinary(String str) {
        return str.length() % 2 != 0 ? '0' + str : str;
    }

    private byte[] sha1(byte[] bArr) {
        try {
            byte[] digest = this.sha1Md.digest(bArr);
            this.sha1Md.reset();
            return digest;
        } catch (Throwable th) {
            this.sha1Md.reset();
            throw th;
        }
    }

    private byte[] sha1(byte[] bArr, byte[] bArr2) {
        try {
            this.sha1Md.update(bArr);
            byte[] digest = this.sha1Md.digest(bArr2);
            this.sha1Md.reset();
            return digest;
        } catch (Throwable th) {
            this.sha1Md.reset();
            throw th;
        }
    }

    private static byte[] pad(BigInteger bigInteger) {
        byte[] bigByteArray = toBigByteArray(bigInteger);
        return bigByteArray.length > 128 ? Arrays.copyOfRange(bigByteArray, bigByteArray.length - 128, bigByteArray.length) : bigByteArray;
    }

    private BigInteger getScramble(BigInteger bigInteger, BigInteger bigInteger2) {
        return fromBigByteArray(sha1(pad(bigInteger), pad(bigInteger2)));
    }

    private static BigInteger getSecret() {
        return new BigInteger(128, random);
    }

    static byte[] getSalt() {
        byte[] bArr = new byte[32];
        random.nextBytes(bArr);
        return bArr;
    }

    private BigInteger getUserHash(String str, String str2, byte[] bArr) {
        try {
            this.sha1Md.update(str.toUpperCase().getBytes(StandardCharsets.UTF_8));
            this.sha1Md.update((byte) 58);
            byte[] digest = this.sha1Md.digest(str2.getBytes(StandardCharsets.UTF_8));
            this.sha1Md.reset();
            return fromBigByteArray(sha1(bArr, digest));
        } catch (Throwable th) {
            this.sha1Md.reset();
            throw th;
        }
    }

    KeyPair serverSeed(String str, String str2, byte[] bArr) {
        BigInteger modPow = g.modPow(getUserHash(str, str2, bArr), N);
        BigInteger secret = getSecret();
        return new KeyPair(k.multiply(modPow).mod(N).add(g.modPow(secret, N)).mod(N), secret);
    }

    byte[] getServerSessionKey(String str, String str2, byte[] bArr, BigInteger bigInteger, BigInteger bigInteger2, BigInteger bigInteger3) {
        return sha1(toBigByteArray(bigInteger.multiply(g.modPow(getUserHash(str, str2, bArr), N).modPow(getScramble(bigInteger, bigInteger2), N)).mod(N).modPow(bigInteger3, N)));
    }

    public BigInteger getPublicKey() {
        return this.publicKey;
    }

    public BigInteger getPrivateKey() {
        return this.privateKey;
    }

    private byte[] getClientSessionKey(String str, String str2, byte[] bArr, BigInteger bigInteger) {
        BigInteger scramble = getScramble(this.publicKey, bigInteger);
        BigInteger userHash = getUserHash(str, str2, bArr);
        return sha1(toBigByteArray(bigInteger.subtract(k.multiply(g.modPow(userHash, N)).mod(N)).mod(N).modPow(this.privateKey.add(scramble.multiply(userHash).mod(N)).mod(N), N)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getPublicKeyHex() {
        return ByteArrayHelper.toHexString(pad(this.publicKey));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v6, types: [byte[], byte[][]] */
    byte[] clientProof(String str, String str2, byte[] bArr, BigInteger bigInteger) throws SQLException {
        byte[] clientSessionKey = getClientSessionKey(str, str2, bArr, bigInteger);
        byte[] clientProofHash = clientProofHash(new byte[]{toBigByteArray(fromBigByteArray(sha1(toBigByteArray(N))).modPow(fromBigByteArray(sha1(toBigByteArray(g))), N)), sha1(str.toUpperCase().getBytes(StandardCharsets.UTF_8)), bArr, toBigByteArray(this.publicKey), toBigByteArray(bigInteger), clientSessionKey});
        this.sessionKey = clientSessionKey;
        return clientProofHash;
    }

    private byte[] clientProofHash(byte[]... bArr) throws SQLException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(this.clientProofHashAlgorithm);
            for (byte[] bArr2 : bArr) {
                messageDigest.update(bArr2);
            }
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw FbExceptionBuilder.forException(JaybirdErrorCodes.jb_hashAlgorithmNotAvailable).messageParameter(this.clientProofHashAlgorithm).cause(e).toFlatSQLException();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] clientProof(String str, String str2, byte[] bArr) throws SQLException {
        if (bArr == null || bArr.length == 0) {
            throw new FbExceptionBuilder().exception(ISCConstants.isc_auth_data).toFlatSQLException();
        }
        if (bArr.length > EXPECTED_AUTH_DATA_LENGTH) {
            throw new FbExceptionBuilder().exception(ISCConstants.isc_auth_datalength).messageParameter(bArr.length).messageParameter(EXPECTED_AUTH_DATA_LENGTH).messageParameter("data").toFlatSQLException();
        }
        int iscVaxInteger2 = VaxEncoding.iscVaxInteger2(bArr, 0);
        if (iscVaxInteger2 > 64) {
            throw new FbExceptionBuilder().exception(ISCConstants.isc_auth_datalength).messageParameter(iscVaxInteger2).messageParameter(64).messageParameter("salt").toFlatSQLException();
        }
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 2, iscVaxInteger2 + 2);
        int iscVaxInteger22 = VaxEncoding.iscVaxInteger2(bArr, iscVaxInteger2 + 2);
        int i = iscVaxInteger2 + 4;
        if (bArr.length - i != iscVaxInteger22) {
            throw new FbExceptionBuilder().exception(ISCConstants.isc_auth_datalength).messageParameter(iscVaxInteger22).messageParameter(bArr.length - i).messageParameter("key").toFlatSQLException();
        }
        return clientProof(str.toUpperCase(), str2, copyOfRange, new BigInteger(padHexBinary(new String(bArr, i, bArr.length - i, StandardCharsets.US_ASCII)), 16));
    }

    public byte[] getSessionKey() {
        return this.sessionKey;
    }
}
