package com.mongodb.connection;

import com.mongodb.AuthenticationMechanism;
import com.mongodb.MongoCredential;
import com.mongodb.ServerAddress;
import com.mongodb.internal.authentication.NativeAuthenticationHelper;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.HashMap;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslClient;
import javax.security.sasl.SaslException;

/* loaded from: input_file:sample-genericTechPriceSrc-war-1.1.2.war:WEB-INF/lib/mongo-java-driver-3.0.2.jar:com/mongodb/connection/ScramSha1Authenticator.class */
class ScramSha1Authenticator extends SaslAuthenticator {
    private final RandomStringGenerator randomStringGenerator;

    /* loaded from: input_file:sample-genericTechPriceSrc-war-1.1.2.war:WEB-INF/lib/mongo-java-driver-3.0.2.jar:com/mongodb/connection/ScramSha1Authenticator$DefaultRandomStringGenerator.class */
    public static class DefaultRandomStringGenerator implements RandomStringGenerator {
        @Override // com.mongodb.connection.ScramSha1Authenticator.RandomStringGenerator
        public String generate(int i) {
            int i2;
            int i3 = 126 - 33;
            SecureRandom secureRandom = new SecureRandom();
            char[] cArr = new char[i];
            for (int i4 = 0; i4 < i; i4++) {
                int nextInt = secureRandom.nextInt(i3);
                while (true) {
                    i2 = nextInt + 33;
                    if (i2 == 44) {
                        nextInt = secureRandom.nextInt(i3);
                    }
                }
                cArr[i4] = (char) i2;
            }
            return new String(cArr);
        }
    }

    /* loaded from: input_file:sample-genericTechPriceSrc-war-1.1.2.war:WEB-INF/lib/mongo-java-driver-3.0.2.jar:com/mongodb/connection/ScramSha1Authenticator$RandomStringGenerator.class */
    public interface RandomStringGenerator {
        String generate(int i);
    }

    /* loaded from: input_file:sample-genericTechPriceSrc-war-1.1.2.war:WEB-INF/lib/mongo-java-driver-3.0.2.jar:com/mongodb/connection/ScramSha1Authenticator$ScramSha1SaslClient.class */
    private static class ScramSha1SaslClient implements SaslClient {
        private static final String GS2_HEADER = "n,,";
        private static final int RANDOM_LENGTH = 24;
        private final Base64Codec base64Codec = new Base64Codec();
        private final MongoCredential credential;
        private String clientFirstMessageBare;
        private final RandomStringGenerator randomStringGenerator;
        private String rPrefix;
        private byte[] serverSignature;
        private int step;

        ScramSha1SaslClient(MongoCredential mongoCredential, RandomStringGenerator randomStringGenerator) {
            this.credential = mongoCredential;
            this.randomStringGenerator = randomStringGenerator;
        }

        public String getMechanismName() {
            return AuthenticationMechanism.SCRAM_SHA_1.getMechanismName();
        }

        public boolean hasInitialResponse() {
            return true;
        }

        public byte[] evaluateChallenge(byte[] bArr) throws SaslException {
            if (this.step == 0) {
                this.step++;
                return computeClientFirstMessage();
            }
            if (this.step == 1) {
                this.step++;
                return computeClientFinalMessage(bArr);
            }
            if (this.step != 2) {
                throw new SaslException("Too many steps involved in the SCRAM-SHA-1 negotiation.");
            }
            this.step++;
            if (parseServerResponse(encodeUTF8(bArr)).get("v").equals(encodeBase64(this.serverSignature))) {
                return bArr;
            }
            throw new SaslException("Server signature was invalid.");
        }

        public boolean isComplete() {
            return this.step > 2;
        }

        public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
            throw new UnsupportedOperationException("Not implemented yet!");
        }

        public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
            throw new UnsupportedOperationException("Not implemented yet!");
        }

        public Object getNegotiatedProperty(String str) {
            throw new UnsupportedOperationException("Not implemented yet!");
        }

        public void dispose() throws SaslException {
        }

        private byte[] computeClientFirstMessage() throws SaslException {
            String str = "n=" + prepUserName(this.credential.getUserName());
            this.rPrefix = this.randomStringGenerator.generate(24);
            this.clientFirstMessageBare = str + "," + ("r=" + this.rPrefix);
            return decodeUTF8(GS2_HEADER + this.clientFirstMessageBare);
        }

        private byte[] computeClientFinalMessage(byte[] bArr) throws SaslException {
            String encodeUTF8 = encodeUTF8(bArr);
            HashMap<String, String> parseServerResponse = parseServerResponse(encodeUTF8);
            String str = parseServerResponse.get("r");
            if (!str.startsWith(this.rPrefix)) {
                throw new SaslException("Server sent an invalid nonce.");
            }
            String str2 = parseServerResponse.get("s");
            String str3 = parseServerResponse.get("i");
            String str4 = ("c=" + encodeBase64(decodeUTF8(GS2_HEADER))) + "," + ("r=" + str);
            byte[] hi = hi(NativeAuthenticationHelper.createAuthenticationHash(this.credential.getUserName(), this.credential.getPassword()), decodeBase64(str2), Integer.parseInt(str3));
            byte[] hmac = hmac(hi, "Client Key");
            byte[] h = h(hmac);
            String str5 = this.clientFirstMessageBare + "," + encodeUTF8 + "," + str4;
            byte[] xor = xor(hmac, hmac(h, str5));
            this.serverSignature = hmac(hmac(hi, "Server Key"), str5);
            return decodeUTF8(str4 + "," + ("p=" + encodeBase64(xor)));
        }

        private byte[] decodeBase64(String str) {
            return this.base64Codec.decode(str);
        }

        private byte[] decodeUTF8(String str) throws SaslException {
            try {
                return str.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                throw new SaslException("UTF-8 is not a supported encoding.", e);
            }
        }

        private String encodeBase64(byte[] bArr) {
            return this.base64Codec.encode(bArr);
        }

        private String encodeUTF8(byte[] bArr) throws SaslException {
            try {
                return new String(bArr, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                throw new SaslException("UTF-8 is not a supported encoding.", e);
            }
        }

        private byte[] h(byte[] bArr) throws SaslException {
            try {
                return MessageDigest.getInstance("SHA-1").digest(bArr);
            } catch (NoSuchAlgorithmException e) {
                throw new SaslException("SHA-1 could not be found.", e);
            }
        }

        private byte[] hi(String str, byte[] bArr, int i) throws SaslException {
            try {
                try {
                    return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec(str.toCharArray(), bArr, i, 160)).getEncoded();
                } catch (InvalidKeySpecException e) {
                    throw new SaslException("Invalid key spec for PBKDC2WithHmacSHA1.", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new SaslException("Unable to find PBKDF2WithHmacSHA1.", e2);
            }
        }

        private byte[] hmac(byte[] bArr, String str) throws SaslException {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacSHA1");
            try {
                Mac mac = Mac.getInstance("HmacSHA1");
                try {
                    mac.init(secretKeySpec);
                    return mac.doFinal(decodeUTF8(str));
                } catch (InvalidKeyException e) {
                    throw new SaslException("Could not initialize mac.", e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new SaslException("Could not find HmacSHA1.", e2);
            }
        }

        private HashMap<String, String> parseServerResponse(String str) {
            HashMap<String, String> hashMap = new HashMap<>();
            for (String str2 : str.split(",")) {
                String[] split = str2.split("=", 2);
                hashMap.put(split[0], split[1]);
            }
            return hashMap;
        }

        private String prepUserName(String str) {
            return str.replace("=", "=3D").replace(",", "=2D");
        }

        private byte[] xor(byte[] bArr, byte[] bArr2) {
            byte[] bArr3 = new byte[bArr.length];
            for (int i = 0; i < bArr.length; i++) {
                bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
            }
            return bArr3;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ScramSha1Authenticator(MongoCredential mongoCredential) {
        this(mongoCredential, new DefaultRandomStringGenerator());
    }

    ScramSha1Authenticator(MongoCredential mongoCredential, RandomStringGenerator randomStringGenerator) {
        super(mongoCredential);
        this.randomStringGenerator = randomStringGenerator;
    }

    @Override // com.mongodb.connection.SaslAuthenticator
    public String getMechanismName() {
        return AuthenticationMechanism.SCRAM_SHA_1.getMechanismName();
    }

    @Override // com.mongodb.connection.SaslAuthenticator
    protected SaslClient createSaslClient(ServerAddress serverAddress) {
        return new ScramSha1SaslClient(getCredential(), this.randomStringGenerator);
    }
}
