package rere.sasl.scram.server.impl;

import rere.sasl.gs2.ChannelBindingFlag;
import rere.sasl.gs2.ChannelBindingFlag$NotSupports$;
import rere.sasl.scram.crypto.ScramAuthMechanism;
import rere.sasl.scram.crypto.package$;
import rere.sasl.scram.messages.ClientFinalMessage;
import rere.sasl.scram.messages.ClientFirstMessage;
import rere.sasl.scram.messages.InternalAuthMessage;
import rere.sasl.scram.messages.ServerError;
import rere.sasl.scram.messages.ServerErrorType;
import rere.sasl.scram.messages.ServerErrorType$ChannelBindingsDontMatch$;
import rere.sasl.scram.messages.ServerErrorType$InvalidEncoding$;
import rere.sasl.scram.messages.ServerErrorType$InvalidProof$;
import rere.sasl.scram.messages.ServerErrorType$ServerDoesSupportChannelBinding$;
import rere.sasl.scram.messages.ServerErrorType$UnknownUser$;
import rere.sasl.scram.messages.ServerFinalMessage;
import rere.sasl.scram.messages.ServerFirstMessage;
import rere.sasl.scram.rendering.SCRAMRenderer$;
import rere.sasl.scram.rendering.SCRAMRendering$;
import rere.sasl.scram.server.AuthData;
import rere.sasl.scram.server.ServerFinalStep;
import rere.sasl.util.Base64$;
import rere.sasl.util.Base64String;
import rere.sasl.util.Base64String$;
import rere.sasl.util.PrintableAndSafe;
import rere.sasl.util.UTF8$;
import scala.MatchError;
import scala.Predef$;
import scala.collection.immutable.Nil$;
import scala.reflect.ScalaSignature;
import scala.util.Left;
import scala.util.Right;

/* compiled from: ServerFinalStepImpl.scala */
@ScalaSignature(bytes = "\u0006\u0001i3A!\u0001\u0002\u0001\u001b\t\u00192+\u001a:wKJ4\u0015N\\1m'R,\u0007/S7qY*\u00111\u0001B\u0001\u0005S6\u0004HN\u0003\u0002\u0006\r\u000511/\u001a:wKJT!a\u0002\u0005\u0002\u000bM\u001c'/Y7\u000b\u0005%Q\u0011\u0001B:bg2T\u0011aC\u0001\u0005e\u0016\u0014Xm\u0001\u0001\u0014\u0007\u0001qA\u0003\u0005\u0002\u0010%5\t\u0001CC\u0001\u0012\u0003\u0015\u00198-\u00197b\u0013\t\u0019\u0002C\u0001\u0004B]f\u0014VM\u001a\t\u0003+Yi\u0011\u0001B\u0005\u0003/\u0011\u0011qbU3sm\u0016\u0014h)\u001b8bYN#X\r\u001d\u0005\t3\u0001\u0011\t\u0011)A\u00055\u0005\u00112\r\\5f]R4\u0015N]:u\u001b\u0016\u001c8/Y4f!\tYb$D\u0001\u001d\u0015\tib!\u0001\u0005nKN\u001c\u0018mZ3t\u0013\tyBD\u0001\nDY&,g\u000e\u001e$jeN$X*Z:tC\u001e,\u0007\u0002C\u0011\u0001\u0005\u0003\u0005\u000b\u0011\u0002\u0012\u0002%M,'O^3s\r&\u00148\u000f^'fgN\fw-\u001a\t\u00037\rJ!\u0001\n\u000f\u0003%M+'O^3s\r&\u00148\u000f^'fgN\fw-\u001a\u0005\tM\u0001\u0011\t\u0011)A\u0005O\u0005A\u0011-\u001e;i\t\u0006$\u0018\r\u0005\u0002\u0016Q%\u0011\u0011\u0006\u0002\u0002\t\u0003V$\b\u000eR1uC\"A1\u0006\u0001B\u0001B\u0003%A&A\u0006tKJ4XM\u001d(p]\u000e,\u0007CA\u00171\u001b\u0005q#BA\u0018\t\u0003\u0011)H/\u001b7\n\u0005Er#\u0001\u0005)sS:$\u0018M\u00197f\u0003:$7+\u00194f\u0011!\u0019\u0004A!A!\u0002\u0013!\u0014!D1vi\"lUm\u00195b]&\u001cX\u000e\u0005\u00026q5\taG\u0003\u00028\r\u000511M]=qi>L!!\u000f\u001c\u0003%M\u001b'/Y7BkRDW*Z2iC:L7/\u001c\u0005\u0006w\u0001!\t\u0001P\u0001\u0007y%t\u0017\u000e\u001e \u0015\ruz\u0004)\u0011\"D!\tq\u0004!D\u0001\u0003\u0011\u0015I\"\b1\u0001\u001b\u0011\u0015\t#\b1\u0001#\u0011\u00151#\b1\u0001(\u0011\u0015Y#\b1\u0001-\u0011\u0015\u0019$\b1\u00015\u0011\u0015)\u0005\u0001\"\u0011G\u000311\u0017N]:u\u001b\u0016\u001c8/Y4f+\u0005\u0011\u0003\"\u0002%\u0001\t\u0003J\u0015a\u00029s_\u000e,7o\u001d\u000b\u0003\u00156\u0003\"aG&\n\u00051c\"AE*feZ,'OR5oC2lUm]:bO\u0016DQAT$A\u0002=\u000b!c\u00197jK:$h)\u001b8bY6+7o]1hKB\u00111\u0004U\u0005\u0003#r\u0011!c\u00117jK:$h)\u001b8bY6+7o]1hK\")1\u000b\u0001C\u0005)\u0006)QM\u001d:peR\u0011!*\u0016\u0005\u0006-J\u0003\raV\u0001\nKJ\u0014xN\u001d+za\u0016\u0004\"a\u0007-\n\u0005ec\"aD*feZ,'/\u0012:s_J$\u0016\u0010]3")
/* loaded from: input_file:rere/sasl/scram/server/impl/ServerFinalStepImpl.class */
public class ServerFinalStepImpl implements ServerFinalStep {
    private final ClientFirstMessage clientFirstMessage;
    private final ServerFirstMessage serverFirstMessage;
    private final AuthData authData;
    private final PrintableAndSafe serverNonce;
    private final ScramAuthMechanism authMechanism;

    @Override // rere.sasl.scram.server.ServerFinalStep
    public ServerFirstMessage firstMessage() {
        return this.serverFirstMessage;
    }

    @Override // rere.sasl.scram.server.ServerFinalStep
    public ServerFinalMessage process(ClientFinalMessage clientFinalMessage) {
        ServerFinalMessage error;
        ServerFinalMessage error2;
        if (!this.authData.isReal()) {
            return error(ServerErrorType$UnknownUser$.MODULE$);
        }
        String obj = clientFinalMessage.bare().nonce().toString();
        String obj2 = this.serverNonce.toString();
        if (obj != null ? !obj.equals(obj2) : obj2 != null) {
            return error(ServerErrorType$InvalidEncoding$.MODULE$);
        }
        String str = Base64$.MODULE$.to(UTF8$.MODULE$.to(SCRAMRenderer$.MODULE$.renderToString(this.clientFirstMessage.header(), SCRAMRendering$.MODULE$.headerRendering())));
        String string$extension = Base64String$.MODULE$.toString$extension(clientFinalMessage.bare().channelBinding());
        String string$extension2 = Base64String$.MODULE$.toString$extension(str);
        if (string$extension != null ? !string$extension.equals(string$extension2) : string$extension2 != null) {
            return error(ServerErrorType$ChannelBindingsDontMatch$.MODULE$);
        }
        ChannelBindingFlag channelBinding = this.clientFirstMessage.header().channelBinding();
        ChannelBindingFlag$NotSupports$ channelBindingFlag$NotSupports$ = ChannelBindingFlag$NotSupports$.MODULE$;
        if (channelBinding != null ? !channelBinding.equals(channelBindingFlag$NotSupports$) : channelBindingFlag$NotSupports$ != null) {
            return error(ServerErrorType$ServerDoesSupportChannelBinding$.MODULE$);
        }
        byte[] from = Base64$.MODULE$.from(clientFinalMessage.proof());
        if (from.length != this.authMechanism.CLIENT_PROOF_LENGTH()) {
            return error(ServerErrorType$InvalidProof$.MODULE$);
        }
        String renderToString = SCRAMRenderer$.MODULE$.renderToString(new InternalAuthMessage(this.clientFirstMessage.bare(), this.serverFirstMessage, clientFinalMessage.bare()), SCRAMRendering$.MODULE$.internalAuthMessageRendering());
        Right xor = package$.MODULE$.xor(this.authData.clientKey(), this.authMechanism.hmac(this.authData.storedKey(), renderToString));
        if (xor instanceof Right) {
            if (Predef$.MODULE$.byteArrayOps(from).sameElements(Predef$.MODULE$.wrapByteArray((byte[]) xor.b()))) {
                error2 = new ServerFinalMessage(scala.package$.MODULE$.Right().apply(new Base64String(Base64$.MODULE$.to(this.authMechanism.hmac(this.authMechanism.hmac(this.authData.saltedPassword(), package$.MODULE$.SERVER_KEY()), renderToString)))), Nil$.MODULE$);
            } else {
                error2 = error(ServerErrorType$InvalidProof$.MODULE$);
            }
            error = error2;
        } else {
            if (!(xor instanceof Left)) {
                throw new MatchError(xor);
            }
            error = error(ServerErrorType$InvalidProof$.MODULE$);
        }
        return error;
    }

    private ServerFinalMessage error(ServerErrorType serverErrorType) {
        return new ServerFinalMessage(scala.package$.MODULE$.Left().apply(new ServerError(serverErrorType)), Nil$.MODULE$);
    }

    public ServerFinalStepImpl(ClientFirstMessage clientFirstMessage, ServerFirstMessage serverFirstMessage, AuthData authData, PrintableAndSafe printableAndSafe, ScramAuthMechanism scramAuthMechanism) {
        this.clientFirstMessage = clientFirstMessage;
        this.serverFirstMessage = serverFirstMessage;
        this.authData = authData;
        this.serverNonce = printableAndSafe;
        this.authMechanism = scramAuthMechanism;
    }
}
