package org.apache.qpid.server.security.auth.sasl.scram;

import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;
import org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource;

/* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServerSourceAdapter.class */
public class ScramSaslServerSourceAdapter implements ScramSaslServerSource {
    private static final byte[] INT_1 = {0, 0, 0, 1};
    private final int _iterationCount;
    private final String _hmacName;
    private final SecureRandom _random = new SecureRandom();
    private final PasswordSource _passwordSource;
    private final String _digestName;

    /* loaded from: input_file:org/apache/qpid/server/security/auth/sasl/scram/ScramSaslServerSourceAdapter$PasswordSource.class */
    public interface PasswordSource {
        char[] getPassword(String str);
    }

    public ScramSaslServerSourceAdapter(int i, String str, String str2, PasswordSource passwordSource) {
        this._iterationCount = i;
        this._hmacName = str;
        this._passwordSource = passwordSource;
        this._digestName = str2;
    }

    @Override // org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource
    public int getIterationCount() {
        return this._iterationCount;
    }

    private Mac createShaHmac(byte[] bArr) {
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, this._hmacName);
            Mac mac = Mac.getInstance(this._hmacName);
            mac.init(secretKeySpec);
            return mac;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private byte[] computeHmac(byte[] bArr, String str) {
        Mac createShaHmac = createShaHmac(bArr);
        createShaHmac.update(str.getBytes(StandardCharsets.US_ASCII));
        return createShaHmac.doFinal();
    }

    @Override // org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource
    public ScramSaslServerSource.SaltAndPasswordKeys getSaltAndPasswordKeys(String str) {
        byte[] digest;
        byte[] computeHmac;
        char[] password = this._passwordSource.getPassword(str);
        final byte[] bArr = new byte[32];
        final int iterationCount = getIterationCount();
        this._random.nextBytes(bArr);
        if (password != null) {
            try {
                byte[] bArr2 = new byte[password.length];
                for (int i = 0; i < password.length; i++) {
                    bArr2[i] = (byte) password[i];
                }
                Mac createShaHmac = createShaHmac(bArr2);
                createShaHmac.update(bArr);
                createShaHmac.update(INT_1);
                byte[] doFinal = createShaHmac.doFinal();
                byte[] bArr3 = null;
                for (int i2 = 1; i2 < iterationCount; i2++) {
                    createShaHmac.update(bArr3 != null ? bArr3 : doFinal);
                    bArr3 = createShaHmac.doFinal();
                    for (int i3 = 0; i3 < doFinal.length; i3++) {
                        int i4 = i3;
                        doFinal[i4] = (byte) (doFinal[i4] ^ bArr3[i3]);
                    }
                }
                digest = MessageDigest.getInstance(this._digestName).digest(computeHmac(doFinal, "Client Key"));
                computeHmac = computeHmac(doFinal, "Server Key");
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalArgumentException(e);
            }
        } else {
            digest = null;
            computeHmac = null;
        }
        final byte[] bArr4 = digest;
        final byte[] bArr5 = computeHmac;
        return new ScramSaslServerSource.SaltAndPasswordKeys() { // from class: org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSourceAdapter.1
            @Override // org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource.SaltAndPasswordKeys
            public byte[] getSalt() {
                return bArr;
            }

            @Override // org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource.SaltAndPasswordKeys
            public byte[] getStoredKey() throws SaslException {
                if (bArr4 == null) {
                    throw new SaslException("Authentication Failed");
                }
                return bArr4;
            }

            @Override // org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource.SaltAndPasswordKeys
            public byte[] getServerKey() throws SaslException {
                if (bArr5 == null) {
                    throw new SaslException("Authentication Failed");
                }
                return bArr5;
            }

            @Override // org.apache.qpid.server.security.auth.sasl.scram.ScramSaslServerSource.SaltAndPasswordKeys
            public int getIterationCount() throws SaslException {
                return iterationCount;
            }
        };
    }
}
