package org.apache.kafka.common.security.scram.internals;

import ai.superstream.shaded.net.bytebuddy.jar.asm.Opcodes;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.kafka.common.KafkaException;
import org.apache.kafka.common.security.scram.ScramCredential;
import org.apache.kafka.common.security.scram.internals.ScramMessages;

/* loaded from: input_file:org/apache/kafka/common/security/scram/internals/ScramFormatter.class */
public class ScramFormatter {
    private static final Pattern EQUAL = Pattern.compile("=", 16);
    private static final Pattern COMMA = Pattern.compile(",", 16);
    private static final Pattern EQUAL_TWO_C = Pattern.compile("=2C", 16);
    private static final Pattern EQUAL_THREE_D = Pattern.compile("=3D", 16);
    private final MessageDigest messageDigest;
    private final Mac mac;
    private final SecureRandom random = new SecureRandom();

    public ScramFormatter(ScramMechanism scramMechanism) throws NoSuchAlgorithmException {
        this.messageDigest = MessageDigest.getInstance(scramMechanism.hashAlgorithm());
        this.mac = Mac.getInstance(scramMechanism.macAlgorithm());
    }

    public byte[] hmac(byte[] bArr, byte[] bArr2) throws InvalidKeyException {
        this.mac.init(new SecretKeySpec(bArr, this.mac.getAlgorithm()));
        return this.mac.doFinal(bArr2);
    }

    public byte[] hash(byte[] bArr) {
        return this.messageDigest.digest(bArr);
    }

    public static byte[] xor(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            throw new IllegalArgumentException("Argument arrays must be of the same length");
        }
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr3.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    public byte[] hi(byte[] bArr, byte[] bArr2, int i) throws InvalidKeyException {
        this.mac.init(new SecretKeySpec(bArr, this.mac.getAlgorithm()));
        this.mac.update(bArr2);
        byte[] doFinal = this.mac.doFinal(new byte[]{0, 0, 0, 1});
        byte[] bArr3 = doFinal;
        byte[] bArr4 = doFinal;
        for (int i2 = 2; i2 <= i; i2++) {
            byte[] hmac = hmac(bArr, bArr3);
            bArr4 = xor(bArr4, hmac);
            bArr3 = hmac;
        }
        return bArr4;
    }

    public static byte[] normalize(String str) {
        return toBytes(str);
    }

    public byte[] saltedPassword(String str, byte[] bArr, int i) throws InvalidKeyException {
        return hi(normalize(str), bArr, i);
    }

    public byte[] clientKey(byte[] bArr) throws InvalidKeyException {
        return hmac(bArr, toBytes("Client Key"));
    }

    public byte[] storedKey(byte[] bArr) {
        return hash(bArr);
    }

    public static String saslName(String str) {
        return COMMA.matcher(EQUAL.matcher(str).replaceAll(Matcher.quoteReplacement("=3D"))).replaceAll(Matcher.quoteReplacement("=2C"));
    }

    public static String username(String str) {
        String replaceAll = EQUAL_TWO_C.matcher(str).replaceAll(Matcher.quoteReplacement(","));
        if (EQUAL_THREE_D.matcher(replaceAll).replaceAll(Matcher.quoteReplacement("")).indexOf(61) >= 0) {
            throw new IllegalArgumentException("Invalid username: " + str);
        }
        return EQUAL_THREE_D.matcher(replaceAll).replaceAll(Matcher.quoteReplacement("="));
    }

    public static String authMessage(String str, String str2, String str3) {
        return str + "," + str2 + "," + str3;
    }

    public byte[] clientSignature(byte[] bArr, ScramMessages.ClientFirstMessage clientFirstMessage, ScramMessages.ServerFirstMessage serverFirstMessage, ScramMessages.ClientFinalMessage clientFinalMessage) throws InvalidKeyException {
        return hmac(bArr, authMessage(clientFirstMessage, serverFirstMessage, clientFinalMessage));
    }

    public byte[] clientProof(byte[] bArr, ScramMessages.ClientFirstMessage clientFirstMessage, ScramMessages.ServerFirstMessage serverFirstMessage, ScramMessages.ClientFinalMessage clientFinalMessage) throws InvalidKeyException {
        byte[] clientKey = clientKey(bArr);
        return xor(clientKey, hmac(hash(clientKey), authMessage(clientFirstMessage, serverFirstMessage, clientFinalMessage)));
    }

    private byte[] authMessage(ScramMessages.ClientFirstMessage clientFirstMessage, ScramMessages.ServerFirstMessage serverFirstMessage, ScramMessages.ClientFinalMessage clientFinalMessage) {
        return toBytes(authMessage(clientFirstMessage.clientFirstMessageBare(), serverFirstMessage.toMessage(), clientFinalMessage.clientFinalMessageWithoutProof()));
    }

    public byte[] storedKey(byte[] bArr, byte[] bArr2) {
        return hash(xor(bArr, bArr2));
    }

    public byte[] serverKey(byte[] bArr) throws InvalidKeyException {
        return hmac(bArr, toBytes("Server Key"));
    }

    public byte[] serverSignature(byte[] bArr, ScramMessages.ClientFirstMessage clientFirstMessage, ScramMessages.ServerFirstMessage serverFirstMessage, ScramMessages.ClientFinalMessage clientFinalMessage) throws InvalidKeyException {
        return hmac(bArr, authMessage(clientFirstMessage, serverFirstMessage, clientFinalMessage));
    }

    public String secureRandomString() {
        return secureRandomString(this.random);
    }

    public static String secureRandomString(SecureRandom secureRandom) {
        return new BigInteger(Opcodes.IXOR, secureRandom).toString(36);
    }

    public byte[] secureRandomBytes() {
        return secureRandomBytes(this.random);
    }

    public static byte[] secureRandomBytes(SecureRandom secureRandom) {
        return toBytes(secureRandomString(secureRandom));
    }

    public static byte[] toBytes(String str) {
        return str.getBytes(StandardCharsets.UTF_8);
    }

    public ScramCredential generateCredential(String str, int i) {
        try {
            byte[] secureRandomBytes = secureRandomBytes();
            return generateCredential(secureRandomBytes, saltedPassword(str, secureRandomBytes, i), i);
        } catch (InvalidKeyException e) {
            throw new KafkaException("Could not create credential", e);
        }
    }

    public ScramCredential generateCredential(byte[] bArr, byte[] bArr2, int i) {
        try {
            return new ScramCredential(bArr, storedKey(clientKey(bArr2)), serverKey(bArr2), i);
        } catch (InvalidKeyException e) {
            throw new KafkaException("Could not create credential", e);
        }
    }
}
