package de.bsvrz.dav.daf.communication.srpAuthentication;

import de.bsvrz.dav.daf.communication.lowLevel.telegrams.SrpAnswer;
import de.bsvrz.dav.daf.communication.lowLevel.telegrams.SrpRequest;
import de.bsvrz.dav.daf.communication.lowLevel.telegrams.SrpValidateAnswer;
import de.bsvrz.dav.daf.communication.lowLevel.telegrams.SrpValidateRequest;
import de.bsvrz.dav.daf.main.CommunicationError;
import de.bsvrz.dav.daf.main.InconsistentLoginException;
import de.bsvrz.dav.daf.main.authentication.ClientCredentials;
import de.bsvrz.sys.funclib.srp6.SRP6ClientCredentials;
import de.bsvrz.sys.funclib.srp6.SRP6ClientSession;
import de.bsvrz.sys.funclib.srp6.SRP6CryptoParams;
import de.bsvrz.sys.funclib.srp6.SRP6Exception;
import de.bsvrz.sys.funclib.srp6.SRP6Routines;
import de.bsvrz.sys.funclib.srp6.SRP6VerifierGenerator;
import de.bsvrz.sys.funclib.srp6.XRoutine;
import java.math.BigInteger;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

/* loaded from: input_file:de/bsvrz/dav/daf/communication/srpAuthentication/SrpClientAuthentication.class */
public final class SrpClientAuthentication {

    /* renamed from: de.bsvrz.dav.daf.communication.srpAuthentication.SrpClientAuthentication$1, reason: invalid class name */
    /* loaded from: input_file:de/bsvrz/dav/daf/communication/srpAuthentication/SrpClientAuthentication$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$bsvrz$sys$funclib$srp6$SRP6Exception$CauseType = new int[SRP6Exception.CauseType.values().length];

        static {
            try {
                $SwitchMap$de$bsvrz$sys$funclib$srp6$SRP6Exception$CauseType[SRP6Exception.CauseType.BAD_PUBLIC_VALUE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$bsvrz$sys$funclib$srp6$SRP6Exception$CauseType[SRP6Exception.CauseType.BAD_CREDENTIALS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$bsvrz$sys$funclib$srp6$SRP6Exception$CauseType[SRP6Exception.CauseType.TIMEOUT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:de/bsvrz/dav/daf/communication/srpAuthentication/SrpClientAuthentication$AuthenticationResult.class */
    public static final class AuthenticationResult {
        private final BigInteger _sessionKey;
        private final SrpCryptoParameter _cryptoParams;

        private AuthenticationResult(BigInteger bigInteger, SrpCryptoParameter srpCryptoParameter) {
            this._sessionKey = bigInteger;
            this._cryptoParams = srpCryptoParameter;
        }

        public BigInteger getSessionKey() {
            return this._sessionKey;
        }

        public SrpCryptoParameter getCryptoParams() {
            return this._cryptoParams;
        }

        public String toString() {
            return "AuthenticationResult{_sessionKey=" + this._sessionKey + ", _cryptoParams=" + this._cryptoParams + '}';
        }

        /* synthetic */ AuthenticationResult(BigInteger bigInteger, SrpCryptoParameter srpCryptoParameter, AnonymousClass1 anonymousClass1) {
            this(bigInteger, srpCryptoParameter);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/bsvrz/dav/daf/communication/srpAuthentication/SrpClientAuthentication$PasswordXRoutine.class */
    public static class PasswordXRoutine implements XRoutine {
        private final SrpCryptoParameter _srpCryptoParameter;
        private final char[] _password;

        public PasswordXRoutine(SrpCryptoParameter srpCryptoParameter, char[] cArr) {
            this._srpCryptoParameter = srpCryptoParameter;
            this._password = cArr;
        }

        public BigInteger computeX(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, byte[] bArr3) {
            try {
                SecretKey generateSecret = SecretKeyFactory.getInstance(this._srpCryptoParameter.getKeyDerivationFunction()).generateSecret(new PBEKeySpec(this._password, bArr, this._srpCryptoParameter.getKeyDerivationIterations(), this._srpCryptoParameter.getKeyDerivationHashBits()));
                messageDigest.update(bArr2);
                messageDigest.update((byte) 58);
                messageDigest.update(generateSecret.getEncoded());
                byte[] digest = messageDigest.digest();
                messageDigest.update(bArr);
                return SrpUtilities.bigIntegerFromBytes(messageDigest.digest(digest));
            } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new UnsupportedOperationException(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/bsvrz/dav/daf/communication/srpAuthentication/SrpClientAuthentication$RawXRoutine.class */
    public static class RawXRoutine implements XRoutine {
        private final BigInteger _x;

        public RawXRoutine(BigInteger bigInteger) {
            this._x = bigInteger;
        }

        public BigInteger computeX(MessageDigest messageDigest, byte[] bArr, byte[] bArr2, byte[] bArr3) {
            return this._x;
        }
    }

    /* loaded from: input_file:de/bsvrz/dav/daf/communication/srpAuthentication/SrpClientAuthentication$TelegramInterface.class */
    public interface TelegramInterface {
        SrpAnswer sendAndReceiveRequest(SrpRequest srpRequest) throws CommunicationError, InconsistentLoginException, SrpNotSupportedException;

        SrpValidateAnswer sendAndReceiveValidateRequest(SrpValidateRequest srpValidateRequest) throws CommunicationError, InconsistentLoginException;
    }

    private SrpClientAuthentication() {
    }

    public static AuthenticationResult authenticate(String str, int i, ClientCredentials clientCredentials, TelegramInterface telegramInterface) throws CommunicationError, InconsistentLoginException, SrpNotSupportedException {
        try {
            if (!clientCredentials.hasPassword() && !clientCredentials.getTokenType().equals("SRP6")) {
                throw new InconsistentLoginException("Falscher Login-Token-Typ: " + clientCredentials.getTokenType());
            }
            SRP6ClientSession sRP6ClientSession = new SRP6ClientSession();
            sRP6ClientSession.step1(str, "");
            SrpAnswer sendAndReceiveRequest = telegramInterface.sendAndReceiveRequest(new SrpRequest(str, i));
            if (!sendAndReceiveRequest.isValid()) {
                throw new SrpNotSupportedException(sendAndReceiveRequest.getErrorMessage());
            }
            SrpCryptoParameter cryptoParams = sendAndReceiveRequest.getCryptoParams();
            if (clientCredentials.hasPassword()) {
                sRP6ClientSession.setXRoutine(new PasswordXRoutine(cryptoParams, clientCredentials.getPassword()));
            } else {
                sRP6ClientSession.setXRoutine(new RawXRoutine(SrpUtilities.bigIntegerFromBytes(clientCredentials.getTokenData())));
            }
            SRP6ClientCredentials step2 = sRP6ClientSession.step2(getNimbusCryptoParams(cryptoParams), sendAndReceiveRequest.getS(), sendAndReceiveRequest.getB());
            sRP6ClientSession.step3(telegramInterface.sendAndReceiveValidateRequest(new SrpValidateRequest(step2.A, step2.M1)).getM2());
            return new AuthenticationResult(sRP6ClientSession.getSessionKey(), cryptoParams, null);
        } catch (SRP6Exception e) {
            String str2 = "Unbekannter Fehler";
            switch (AnonymousClass1.$SwitchMap$de$bsvrz$sys$funclib$srp6$SRP6Exception$CauseType[e.getCauseType().ordinal()]) {
                case 1:
                    str2 = "Der Server verwendet unsichere Parameter";
                    break;
                case 2:
                    str2 = "Die Authentifikationsdaten sind fehlerhaft";
                    break;
                case 3:
                    str2 = "Timeout";
                    break;
            }
            throw new InconsistentLoginException(str2, e);
        }
    }

    private static SRP6CryptoParams getNimbusCryptoParams(SrpCryptoParameter srpCryptoParameter) {
        return SRP6CryptoParams.getInstance(srpCryptoParameter.getSrpPrimeBits(), srpCryptoParameter.getHashFunction());
    }

    public static SrpVerifierData createVerifier(SrpCryptoParameter srpCryptoParameter, String str, ClientCredentials clientCredentials) {
        return createVerifier(srpCryptoParameter, str, clientCredentials, SrpUtilities.generateRandomSalt(srpCryptoParameter));
    }

    public static SrpVerifierData createVerifier(SrpCryptoParameter srpCryptoParameter, String str, ClientCredentials clientCredentials, byte[] bArr) {
        BigInteger bigIntegerFromBytes = SrpUtilities.bigIntegerFromBytes(bArr);
        return new SrpVerifierData(calculateVerifier(srpCryptoParameter, str, clientCredentials, bigIntegerFromBytes), bigIntegerFromBytes, srpCryptoParameter);
    }

    private static BigInteger calculateVerifier(SrpCryptoParameter srpCryptoParameter, String str, ClientCredentials clientCredentials, BigInteger bigInteger) {
        SRP6VerifierGenerator sRP6VerifierGenerator = new SRP6VerifierGenerator(getNimbusCryptoParams(srpCryptoParameter));
        if (clientCredentials.hasPassword()) {
            sRP6VerifierGenerator.setXRoutine(new PasswordXRoutine(srpCryptoParameter, clientCredentials.getPassword()));
        } else {
            if (!clientCredentials.getTokenType().equals("SRP6")) {
                throw new IllegalArgumentException("Falscher Token-Typ: " + clientCredentials.getTokenType());
            }
            sRP6VerifierGenerator.setXRoutine(new RawXRoutine(SrpUtilities.bigIntegerFromBytes(clientCredentials.getTokenData())));
        }
        return sRP6VerifierGenerator.generateVerifier(bigInteger, str, "");
    }

    public static ClientCredentials createLoginToken(SrpVerifierData srpVerifierData, String str, char[] cArr) throws InconsistentLoginException {
        if (validateVerifier(srpVerifierData, str, ClientCredentials.ofPassword(cArr))) {
            return ClientCredentials.ofToken(SrpUtilities.bigIntegerToBytes(new PasswordXRoutine(srpVerifierData.getSrpCryptoParameter(), cArr).computeX(getNimbusCryptoParams(srpVerifierData.getSrpCryptoParameter()).getMessageDigestInstance(), SrpUtilities.bigIntegerToBytes(srpVerifierData.getSalt()), str.getBytes(Charset.forName("UTF-8")), new byte[0])), "SRP6");
        }
        throw new InconsistentLoginException("Die Authentifikationsdaten sind fehlerhaft");
    }

    public static ClientCredentials createRandomToken(SrpCryptoParameter srpCryptoParameter) {
        return ClientCredentials.ofToken(SRP6Routines.generateRandomSalt(SrpUtilities.getHashLength(srpCryptoParameter)), "SRP6");
    }

    public static boolean validateVerifier(SrpVerifierData srpVerifierData, String str, ClientCredentials clientCredentials) {
        return Objects.equals(calculateVerifier(srpVerifierData.getSrpCryptoParameter(), str, clientCredentials, srpVerifierData.getSalt()), srpVerifierData.getVerifier());
    }
}
