package com.unboundid.ldap.sdk;

import com.unboundid.util.Base64;
import com.unboundid.util.NotMutable;
import com.unboundid.util.NotNull;
import com.unboundid.util.StaticUtils;
import com.unboundid.util.ThreadSafety;
import com.unboundid.util.ThreadSafetyLevel;
import java.io.Serializable;
import javax.crypto.Mac;

@ThreadSafety(level = ThreadSafetyLevel.COMPLETELY_THREADSAFE)
@NotMutable
/* loaded from: input_file:BOOT-INF/lib/unboundid-ldapsdk-6.0.6.jar:com/unboundid/ldap/sdk/SCRAMClientFinalMessage.class */
final class SCRAMClientFinalMessage implements Serializable {

    @NotNull
    private static final byte[] CLIENT_KEY_INPUT_BYTES = StaticUtils.getBytes("Client Key");

    @NotNull
    private static final byte[] ONE_BYTES = {0, 0, 0, 1};
    private static final long serialVersionUID = -5228385127923425294L;

    @NotNull
    private final byte[] authMessageBytes;

    @NotNull
    private final byte[] saltedPassword;

    @NotNull
    private final SCRAMBindRequest bindRequest;

    @NotNull
    private final SCRAMClientFirstMessage clientFirstMessage;

    @NotNull
    private final SCRAMServerFirstMessage serverFirstMessage;

    @NotNull
    private final String clientFinalMessage;

    @NotNull
    private final String clientProofBase64;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SCRAMClientFinalMessage(@NotNull SCRAMBindRequest sCRAMBindRequest, @NotNull SCRAMClientFirstMessage sCRAMClientFirstMessage, @NotNull SCRAMServerFirstMessage sCRAMServerFirstMessage) throws LDAPBindException {
        this.bindRequest = sCRAMBindRequest;
        this.clientFirstMessage = sCRAMClientFirstMessage;
        this.serverFirstMessage = sCRAMServerFirstMessage;
        this.saltedPassword = computeSaltedPassword(sCRAMBindRequest, sCRAMServerFirstMessage);
        byte[] mac = sCRAMBindRequest.mac(this.saltedPassword, CLIENT_KEY_INPUT_BYTES);
        byte[] digest = sCRAMBindRequest.digest(mac);
        String str = "c=" + sCRAMClientFirstMessage.getGS2HeaderBase64() + ",r=" + sCRAMServerFirstMessage.getCombinedNonce();
        this.authMessageBytes = StaticUtils.getBytes(sCRAMClientFirstMessage.getClientFirstMessageBare() + ',' + sCRAMServerFirstMessage.getServerFirstMessage() + ',' + str);
        byte[] mac2 = sCRAMBindRequest.mac(digest, this.authMessageBytes);
        byte[] bArr = new byte[mac.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr[i] = (byte) (mac[i] ^ mac2[i]);
        }
        this.clientProofBase64 = Base64.encode(bArr);
        this.clientFinalMessage = str + ",p=" + this.clientProofBase64;
    }

    @NotNull
    private static byte[] computeSaltedPassword(@NotNull SCRAMBindRequest sCRAMBindRequest, @NotNull SCRAMServerFirstMessage sCRAMServerFirstMessage) throws LDAPBindException {
        Mac mac = sCRAMBindRequest.getMac(sCRAMBindRequest.getPasswordBytes());
        byte[] salt = sCRAMServerFirstMessage.getSalt();
        byte[] bArr = new byte[salt.length + ONE_BYTES.length];
        System.arraycopy(salt, 0, bArr, 0, salt.length);
        System.arraycopy(ONE_BYTES, 0, bArr, salt.length, ONE_BYTES.length);
        byte[] bArr2 = null;
        for (int i = 0; i < sCRAMServerFirstMessage.getIterationCount(); i++) {
            byte[] doFinal = mac.doFinal(bArr);
            if (i == 0) {
                bArr2 = doFinal;
            } else {
                for (int i2 = 0; i2 < doFinal.length; i2++) {
                    byte[] bArr3 = bArr2;
                    int i3 = i2;
                    bArr3[i3] = (byte) (bArr3[i3] ^ doFinal[i2]);
                }
            }
            bArr = doFinal;
        }
        return bArr2;
    }

    @NotNull
    SCRAMBindRequest getBindRequest() {
        return this.bindRequest;
    }

    @NotNull
    SCRAMClientFirstMessage getClientFirstMessage() {
        return this.clientFirstMessage;
    }

    @NotNull
    SCRAMServerFirstMessage getServerFirstMessage() {
        return this.serverFirstMessage;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public byte[] getSaltedPassword() {
        return this.saltedPassword;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public byte[] getAuthMessageBytes() {
        return this.authMessageBytes;
    }

    @NotNull
    String getClientProofBase64() {
        return this.clientProofBase64;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public String getClientFinalMessage() {
        return this.clientFinalMessage;
    }

    @NotNull
    public String toString() {
        return this.clientFinalMessage;
    }
}
