package com.unboundid.ldap.sdk;

import com.unboundid.asn1.ASN1OctetString;
import com.unboundid.util.Base64;
import com.unboundid.util.Debug;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.io.Serializable;

/* JADX INFO: Access modifiers changed from: package-private */
@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:WEB-INF/lib/unboundid-ldapsdk-6.0.9.jar:com/unboundid/ldap/sdk/SCRAMServerFirstMessage.class */
public final class SCRAMServerFirstMessage implements Serializable {
    private static final int MINIMUM_ALLOWED_ITERATION_COUNT = 4096;
    private static final long serialVersionUID = 3888813341685523286L;

    @NotNull
    private final BindResult bindResult;

    @NotNull
    private final byte[] salt;
    private final int iterationCount;

    @NotNull
    private final SCRAMBindRequest bindRequest;

    @NotNull
    private final SCRAMClientFirstMessage clientFirstMessage;

    @NotNull
    private final String serverFirstMessage;

    @NotNull
    private final String combinedNonce;

    @NotNull
    private final String serverNonce;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SCRAMServerFirstMessage(@NotNull SCRAMBindRequest sCRAMBindRequest, @NotNull SCRAMClientFirstMessage sCRAMClientFirstMessage, @NotNull BindResult bindResult) throws LDAPBindException {
        this.bindRequest = sCRAMBindRequest;
        this.clientFirstMessage = sCRAMClientFirstMessage;
        this.bindResult = bindResult;
        ASN1OctetString serverSASLCredentials = bindResult.getServerSASLCredentials();
        if (serverSASLCredentials == null) {
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_NO_CREDS.get(sCRAMBindRequest.getSASLMechanismName()), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
        this.serverFirstMessage = serverSASLCredentials.stringValue();
        if (!this.serverFirstMessage.startsWith("r=")) {
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_NO_NONCE.get(sCRAMBindRequest.getSASLMechanismName(), this.serverFirstMessage), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
        int indexOf = this.serverFirstMessage.indexOf(",s=");
        if (indexOf < 0) {
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_NO_SALT.get(sCRAMBindRequest.getSASLMechanismName(), this.serverFirstMessage), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
        int indexOf2 = this.serverFirstMessage.indexOf(",i=", indexOf);
        if (indexOf2 < 0) {
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_NO_ITERATION_COUNT.get(sCRAMBindRequest.getSASLMechanismName(), this.serverFirstMessage), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
        this.combinedNonce = this.serverFirstMessage.substring(2, indexOf);
        if (!this.combinedNonce.startsWith(sCRAMClientFirstMessage.getClientNonce())) {
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_NONCE_MISSING_CLIENT.get(sCRAMBindRequest.getSASLMechanismName(), this.serverFirstMessage, this.combinedNonce, sCRAMClientFirstMessage.getClientNonce(), sCRAMClientFirstMessage.getClientFirstMessage()), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
        if (this.combinedNonce.equals(sCRAMClientFirstMessage.getClientNonce())) {
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_NONCE_MISSING_SERVER.get(sCRAMBindRequest.getSASLMechanismName(), this.serverFirstMessage, this.combinedNonce, sCRAMClientFirstMessage.getClientFirstMessage()), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
        this.serverNonce = this.combinedNonce.substring(sCRAMClientFirstMessage.getClientNonce().length());
        String substring = this.serverFirstMessage.substring(indexOf + 3, indexOf2);
        if (substring.isEmpty()) {
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_SALT_EMPTY.get(sCRAMBindRequest.getSASLMechanismName(), this.serverFirstMessage), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
        try {
            this.salt = Base64.decode(substring);
            int indexOf3 = this.serverFirstMessage.indexOf(44, indexOf2 + 1);
            String substring2 = indexOf3 > 0 ? this.serverFirstMessage.substring(indexOf2 + 3, indexOf3) : this.serverFirstMessage.substring(indexOf2 + 3);
            try {
                this.iterationCount = Integer.parseInt(substring2);
                if (this.iterationCount < 4096) {
                    throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_ITERATION_COUNT_BELOW_MINIMUM.get(sCRAMBindRequest.getSASLMechanismName(), Integer.valueOf(this.iterationCount), this.serverFirstMessage, 4096), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
                }
            } catch (Exception e) {
                Debug.debugException(e);
                throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_ITERATION_COUNT_NOT_INTEGER.get(sCRAMBindRequest.getSASLMechanismName(), substring2, this.serverFirstMessage), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
            }
        } catch (Exception e2) {
            Debug.debugException(e2);
            throw new LDAPBindException(new BindResult(bindResult.getMessageID(), ResultCode.DECODING_ERROR, LDAPMessages.ERR_SCRAM_SERVER_FIRST_MESSAGE_SALT_NOT_BASE64.get(sCRAMBindRequest.getSASLMechanismName(), substring, this.serverFirstMessage), bindResult.getMatchedDN(), bindResult.getReferralURLs(), bindResult.getResponseControls(), serverSASLCredentials));
        }
    }

    @NotNull
    SCRAMBindRequest getBindRequest() {
        return this.bindRequest;
    }

    @NotNull
    SCRAMClientFirstMessage getClientFirstMessage() {
        return this.clientFirstMessage;
    }

    @NotNull
    BindResult getBindResult() {
        return this.bindResult;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public String getCombinedNonce() {
        return this.combinedNonce;
    }

    @NotNull
    String getServerNonce() {
        return this.serverNonce;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public byte[] getSalt() {
        return this.salt;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getIterationCount() {
        return this.iterationCount;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public String getServerFirstMessage() {
        return this.serverFirstMessage;
    }

    @NotNull
    public String toString() {
        return this.serverFirstMessage;
    }
}
