package org.mariadb.jdbc.plugin.authentication.standard;

import com.mysql.cj.exceptions.MysqlErrorNumbers;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.SQLException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.mariadb.jdbc.client.Context;
import org.mariadb.jdbc.client.ReadableByteBuf;
import org.mariadb.jdbc.client.socket.Reader;
import org.mariadb.jdbc.client.socket.Writer;
import org.mariadb.jdbc.plugin.AuthenticationPlugin;
import org.mariadb.jdbc.plugin.Credential;
import org.mariadb.jdbc.plugin.authentication.standard.ed25519.spec.EdDSANamedCurveTable;

/* loaded from: input_file:org/mariadb/jdbc/plugin/authentication/standard/ParsecPasswordPlugin.class */
public class ParsecPasswordPlugin implements AuthenticationPlugin {
    private static byte[] pkcs8Ed25519header = {48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32};
    private String authenticationData;
    private byte[] seed;
    private byte[] hash;

    public ParsecPasswordPlugin(String str, byte[] bArr) {
        this.seed = bArr;
        this.authenticationData = str;
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public ReadableByteBuf process(Writer writer, Reader reader, Context context) throws SQLException, IOException {
        KeyFactory keyFactory;
        Signature signature;
        writer.writeEmptyPacket();
        ReadableByteBuf readReusablePacket = reader.readReusablePacket();
        byte b = 0;
        byte b2 = 100;
        if (readReusablePacket.readableBytes() > 2) {
            b = readReusablePacket.readByte();
            b2 = readReusablePacket.readByte();
        }
        if (b != 80 || b2 > 3) {
            throw new SQLException("Wrong parsec authentication format", MysqlErrorNumbers.SQLSTATE_CONNJ_ILLEGAL_ARGUMENT);
        }
        byte[] bArr = new byte[readReusablePacket.readableBytes()];
        readReusablePacket.readBytes(bArr);
        char[] charArray = this.authenticationData == null ? new char[0] : this.authenticationData.toCharArray();
        try {
            keyFactory = KeyFactory.getInstance(EdDSANamedCurveTable.ED_25519);
            signature = Signature.getInstance(EdDSANamedCurveTable.ED_25519);
        } catch (NoSuchAlgorithmException e) {
            try {
                keyFactory = KeyFactory.getInstance(EdDSANamedCurveTable.ED_25519, "BC");
                signature = Signature.getInstance(EdDSANamedCurveTable.ED_25519, "BC");
            } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
                throw new SQLException("Parsec authentication not available. Either use Java 15+ or add BouncyCastle dependency", e);
            }
        }
        try {
            byte[] encoded = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512").generateSecret(new PBEKeySpec(charArray, bArr, 1024 << b2, 256)).getEncoded();
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(combineArray(pkcs8Ed25519header, encoded)));
            this.hash = combineArray(combineArray(new byte[]{80, b2}, bArr), ParsecPasswordPluginTool.process(encoded));
            byte[] bArr2 = new byte[32];
            SecureRandom.getInstanceStrong().nextBytes(bArr2);
            signature.initSign(generatePrivate);
            signature.update(combineArray(this.seed, bArr2));
            byte[] sign = signature.sign();
            writer.writeBytes(bArr2);
            writer.writeBytes(sign);
            writer.flush();
            return reader.readReusablePacket();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e3) {
            throw new SQLException("Error during parsec authentication", e3);
        }
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public boolean isMitMProof() {
        return true;
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public byte[] hash(Credential credential) {
        return this.hash;
    }

    private byte[] combineArray(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }
}
