package skunk.net.message;

import com.ongres.saslprep.SaslPrep;
import java.security.SecureRandom;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import scala.MatchError;
import scala.Tuple2;
import scala.UninitializedFieldError;
import scodec.bits.ByteVector;
import scodec.bits.ByteVector$;
import skunk.net.message.Scram;

/* compiled from: Scram.scala */
/* loaded from: input_file:skunk/net/message/Scram$.class */
public final class Scram$ {
    public static final Scram$ MODULE$ = new Scram$();
    private static final String SaslMechanism = "SCRAM-SHA-256";
    private static final ByteVector NoChannelBinding = ByteVector$.MODULE$.view("n,,".getBytes());
    private static volatile byte bitmap$init$0;

    static {
        bitmap$init$0 = (byte) (bitmap$init$0 | 1);
        bitmap$init$0 = (byte) (bitmap$init$0 | 2);
    }

    public String SaslMechanism() {
        if (((byte) (bitmap$init$0 & 1)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/skunk/skunk/modules/core/src/main/scala/net/message/Scram.scala: 17");
        }
        String str = SaslMechanism;
        return SaslMechanism;
    }

    public ByteVector NoChannelBinding() {
        if (((byte) (bitmap$init$0 & 2)) == 0) {
            throw new UninitializedFieldError("Uninitialized field: /home/runner/work/skunk/skunk/modules/core/src/main/scala/net/message/Scram.scala: 19");
        }
        ByteVector byteVector = NoChannelBinding;
        return NoChannelBinding;
    }

    public String skunk$net$message$Scram$$StringOps(String str) {
        return str;
    }

    private String normalize(String str) {
        return SaslPrep.saslPrep(str, false);
    }

    public ByteVector clientFirstBareWithRandomNonce() {
        byte[] bArr = new byte[32];
        SecureRandom.getInstanceStrong().nextBytes(bArr);
        return clientFirstBareWithNonce(ByteVector$.MODULE$.view(bArr).toBase64());
    }

    public ByteVector clientFirstBareWithNonce(String str) {
        return Scram$StringOps$.MODULE$.bytesUtf8$extension(skunk$net$message$Scram$$StringOps(new StringBuilder(5).append("n=,r=").append(str).toString()));
    }

    private ByteVector HMAC(ByteVector byteVector, ByteVector byteVector2) {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(byteVector.toArray(), "HmacSHA256"));
        return ByteVector$.MODULE$.view(mac.doFinal(byteVector2.toArray()));
    }

    private ByteVector H(ByteVector byteVector) {
        return byteVector.digest("SHA-256");
    }

    private ByteVector Hi(String str, ByteVector byteVector, int i) {
        return ByteVector$.MODULE$.view(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), byteVector.toArray(), i, 256)).getEncoded());
    }

    private Tuple2<Scram.ClientProof, Scram.Verifier> makeClientProofAndServerSignature(String str, ByteVector byteVector, int i, ByteVector byteVector2, ByteVector byteVector3, ByteVector byteVector4) {
        ByteVector Hi = Hi(normalize(str), byteVector, i);
        ByteVector HMAC = HMAC(Hi, Scram$StringOps$.MODULE$.bytesUtf8$extension(skunk$net$message$Scram$$StringOps("Client Key")));
        ByteVector H = H(HMAC);
        ByteVector bytesUtf8$extension = Scram$StringOps$.MODULE$.bytesUtf8$extension(skunk$net$message$Scram$$StringOps(","));
        ByteVector $plus$plus = byteVector2.$plus$plus(bytesUtf8$extension).$plus$plus(byteVector3).$plus$plus(bytesUtf8$extension).$plus$plus(byteVector4);
        return new Tuple2<>(new Scram.ClientProof(HMAC.xor(HMAC(H, $plus$plus)).toBase64()), new Scram.Verifier(HMAC(HMAC(Hi, Scram$StringOps$.MODULE$.bytesUtf8$extension(skunk$net$message$Scram$$StringOps("Server Key"))), $plus$plus)));
    }

    public SASLInitialResponse saslInitialResponse(ByteVector byteVector, ByteVector byteVector2) {
        return new SASLInitialResponse(SaslMechanism(), byteVector.$plus$plus(byteVector2));
    }

    public Tuple2<SASLResponse, Scram.Verifier> saslChallenge(String str, ByteVector byteVector, Scram.ServerFirst serverFirst, ByteVector byteVector2, ByteVector byteVector3) {
        Scram.ClientFinalWithoutProof clientFinalWithoutProof = new Scram.ClientFinalWithoutProof(byteVector.toBase64(), serverFirst.nonce());
        Tuple2<Scram.ClientProof, Scram.Verifier> makeClientProofAndServerSignature = makeClientProofAndServerSignature(str, serverFirst.salt(), serverFirst.iterations(), byteVector2, byteVector3, clientFinalWithoutProof.encode());
        if (makeClientProofAndServerSignature == null) {
            throw new MatchError(makeClientProofAndServerSignature);
        }
        Tuple2 tuple2 = new Tuple2((Scram.ClientProof) makeClientProofAndServerSignature._1(), (Scram.Verifier) makeClientProofAndServerSignature._2());
        Scram.ClientProof clientProof = (Scram.ClientProof) tuple2._1();
        return new Tuple2<>(new SASLResponse(clientFinalWithoutProof.encodeWithProof(clientProof)), (Scram.Verifier) tuple2._2());
    }

    private Scram$() {
    }
}
