package io.mapsmessaging.security.sasl.provider.scram.server.state;

import io.mapsmessaging.security.logging.AuthLogMessages;
import io.mapsmessaging.security.sasl.provider.scram.SessionContext;
import io.mapsmessaging.security.sasl.provider.scram.State;
import io.mapsmessaging.security.sasl.provider.scram.msgs.ChallengeResponse;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslException;

/* loaded from: input_file:io/mapsmessaging/security/sasl/provider/scram/server/state/ValidationState.class */
public class ValidationState extends State {
    private boolean isComplete;

    public ValidationState(State state) {
        super(state);
        this.isComplete = false;
        this.logger.log(AuthLogMessages.SCRAM_SERVER_STATE_CHANGE, new Object[]{"Validating State"});
    }

    @Override // io.mapsmessaging.security.sasl.provider.scram.State
    public boolean hasInitialResponse() {
        return true;
    }

    @Override // io.mapsmessaging.security.sasl.provider.scram.State
    public boolean isComplete() {
        return this.isComplete;
    }

    @Override // io.mapsmessaging.security.sasl.provider.scram.State
    public ChallengeResponse produceChallenge(SessionContext sessionContext) throws IOException, UnsupportedCallbackException {
        ChallengeResponse challengeResponse = new ChallengeResponse();
        challengeResponse.put(ChallengeResponse.VERIFIER, Base64.getEncoder().encodeToString(sessionContext.getServerSignature()));
        this.isComplete = true;
        return challengeResponse;
    }

    @Override // io.mapsmessaging.security.sasl.provider.scram.State
    public void handeResponse(ChallengeResponse challengeResponse, SessionContext sessionContext) throws IOException, UnsupportedCallbackException {
        byte[] decode = Base64.getDecoder().decode(challengeResponse.remove(ChallengeResponse.PROOF));
        String str = sessionContext.getInitialClientChallenge() + "," + sessionContext.getInitialServerChallenge() + "," + challengeResponse;
        try {
            sessionContext.computeClientKey(sessionContext.getPrepPassword().getBytes());
            sessionContext.computeStoredKeyAndSignature(str);
            sessionContext.computeServerSignature(sessionContext.getPrepPassword().getBytes(), str);
            byte[] bArr = (byte[]) sessionContext.getClientSignature().clone();
            for (int i = 0; i < bArr.length; i++) {
                int i2 = i;
                bArr[i2] = (byte) (bArr[i2] ^ decode[i]);
            }
            if (!Arrays.equals(bArr, sessionContext.getClientKey())) {
                throw new SaslException("Invalid password");
            }
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            SaslException saslException = new SaslException(e.getMessage());
            saslException.initCause(e);
            throw saslException;
        }
    }
}
