package org.opendof.core.internal.protocol.security.credentials.srp6;

import java.util.Arrays;
import org.opendof.core.internal.protocol.security.AuthenticationException;
import org.opendof.core.internal.protocol.security.EncryptionUtil;
import org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage;
import org.opendof.core.internal.protocol.security.credentials.ResolutionRequest;
import org.opendof.core.internal.protocol.security.credentials.ResolutionResponse;
import org.opendof.core.oal.DOFObjectID;
import org.opendof.core.oal.security.DOFCipher;
import org.opendof.core.oal.security.DOFSecurityException;

/* loaded from: input_file:org/opendof/core/internal/protocol/security/credentials/srp6/SRP6Storage.class */
public final class SRP6Storage implements AuthenticatorCredentialStorage {
    private final DOFObjectID.Authentication identity;
    private final byte[] pubA;
    private final DOFCipher.Algorithm algorithm;
    private int stage;
    private DOFObjectID.Domain domainID = null;
    private byte[] B = null;
    private byte[] s = null;
    private byte[] S = null;
    byte[] secret = null;
    private byte[] validA = null;
    private byte[] validB = null;
    private byte[] key = null;
    private final Object monitor = new Object();

    public SRP6Storage(DOFObjectID.Authentication authentication, byte[] bArr, DOFCipher.Algorithm algorithm) {
        this.identity = authentication;
        this.pubA = new byte[bArr.length];
        System.arraycopy(bArr, 0, this.pubA, 0, bArr.length);
        this.algorithm = algorithm;
        this.stage = 2;
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public short getType() {
        return (short) 2;
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public DOFObjectID.Authentication getIdentity() {
        return this.identity;
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public byte[] getStorageKey() {
        return this.identity.getBytes();
    }

    @Override // org.opendof.core.oal.DOFAuthenticator.CredentialStorage
    public void setPrivateStorage(DOFObjectID.Domain domain, DOFObjectID.Authentication authentication, byte[] bArr) throws DOFSecurityException {
        synchronized (this.monitor) {
            this.domainID = domain;
            this.s = new byte[32];
            byte[] bArr2 = new byte[128];
            System.arraycopy(bArr, 0, this.s, 0, 32);
            System.arraycopy(bArr, 32, bArr2, 0, 128);
            this.secret = new byte[32];
            System.arraycopy(bArr, 160, this.secret, 0, 32);
            byte[] createSessionKey = EncryptionUtil.createSessionKey();
            this.B = SRP6Engine.compute_B(1024, createSessionKey, bArr2);
            this.S = SRP6Engine.compute_server_S(1024, createSessionKey, this.pubA, this.B, bArr2);
        }
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public ResolutionResponse getResponse() throws DOFSecurityException {
        synchronized (this.monitor) {
            if (this.stage == 2) {
                return new SRP6ResolutionResponseS2(this.domainID, this.B, this.s);
            }
            if (this.stage != 1) {
                throw new DOFSecurityException("Invalid stage.");
            }
            return new SRP6ResolutionResponseS1(this.domainID, this.validB, this.key);
        }
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public DOFObjectID.Domain getDomainID() throws DOFSecurityException {
        DOFObjectID.Domain domain;
        synchronized (this.monitor) {
            domain = this.domainID;
        }
        return domain;
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public void update(ResolutionRequest resolutionRequest) throws DOFSecurityException {
        synchronized (this.monitor) {
            if (resolutionRequest.getClass() != SRP6ResolutionRequestS1.class || this.stage != 2) {
                throw new DOFSecurityException("Invalid resolution update. Bad stage.");
            }
            if (this.S == null) {
                throw new DOFSecurityException("Invalid resolution update. Private storage was never set. " + this);
            }
            this.validA = ((SRP6ResolutionRequestS1) resolutionRequest).getValidA();
            if (!Arrays.equals(SRP6Engine.compute_VALID_A(this.pubA, this.B, this.S), this.validA)) {
                throw new AuthenticationException(AuthenticationException.ACCESS_DENIED, "SRP6: Failure validating shared key");
            }
            this.validB = SRP6Engine.compute_VALID_B(this.pubA, this.validA, this.S, this.secret, this.domainID.getBytes());
            try {
                this.key = EncryptionUtil.encryptBlocks(SRP6Engine.compute_K_SRP(this.S), this.validB, this.algorithm);
                for (int i = 0; i < this.key.length && i < this.secret.length; i++) {
                    this.key[i] = (byte) (this.key[i] ^ this.secret[i]);
                }
                this.stage = 1;
            } catch (Throwable th) {
                throw new DOFSecurityException("Encryption failure.", th);
            }
        }
    }

    @Override // org.opendof.core.internal.protocol.security.credentials.AuthenticatorCredentialStorage
    public byte[] getSharedSecret(byte[] bArr) throws DOFSecurityException {
        if (bArr == null) {
            throw new IllegalArgumentException("privateStorage == null");
        }
        if (bArr.length != 192) {
            throw new DOFSecurityException("SRP6Storage: Private storage invalid.");
        }
        byte[] bArr2 = new byte[32];
        System.arraycopy(bArr, bArr.length - 32, bArr2, 0, 32);
        return bArr2;
    }
}
