package org.mariadb.r2dbc.authentication.standard;

import io.netty.buffer.ByteBuf;
import io.r2dbc.spi.R2dbcNonTransientResourceException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.mariadb.r2dbc.MariadbConnectionConfiguration;
import org.mariadb.r2dbc.authentication.AuthenticationPlugin;
import org.mariadb.r2dbc.authentication.standard.ed25519.spec.EdDSANamedCurveTable;
import org.mariadb.r2dbc.message.AuthMoreData;
import org.mariadb.r2dbc.message.ClientMessage;
import org.mariadb.r2dbc.message.client.ParsecAuthPacket;
import org.mariadb.r2dbc.message.client.RequestExtSaltPacket;
import org.mariadb.r2dbc.message.server.Sequencer;

/* loaded from: input_file:org/mariadb/r2dbc/authentication/standard/ParsecPasswordPlugin.class */
public class ParsecPasswordPlugin implements AuthenticationPlugin {
    private static byte[] pkcs8Ed25519header = {48, 46, 2, 1, 0, 48, 5, 6, 3, 43, 101, 112, 4, 34, 4, 32};

    @Override // org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public ParsecPasswordPlugin create() {
        return new ParsecPasswordPlugin();
    }

    @Override // org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public String type() {
        return "parsec";
    }

    @Override // org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public ClientMessage next(MariadbConnectionConfiguration mariadbConnectionConfiguration, byte[] bArr, Sequencer sequencer, AuthMoreData authMoreData) {
        KeyFactory keyFactory;
        Signature signature;
        if (authMoreData == null) {
            return new RequestExtSaltPacket(sequencer);
        }
        byte b = 0;
        byte b2 = 100;
        ByteBuf buf = authMoreData.getBuf();
        if (buf.readableBytes() > 2) {
            b = buf.readByte();
            b2 = buf.readByte();
        }
        if (b != 80 || b2 > 3) {
            throw new R2dbcNonTransientResourceException("Wrong parsec authentication format", "S1009");
        }
        byte[] bArr2 = new byte[buf.readableBytes()];
        buf.readBytes(bArr2);
        char[] charArray = mariadbConnectionConfiguration.getPassword() == null ? new char[0] : mariadbConnectionConfiguration.getPassword().toString().toCharArray();
        try {
            keyFactory = KeyFactory.getInstance(EdDSANamedCurveTable.ED_25519);
            signature = Signature.getInstance(EdDSANamedCurveTable.ED_25519);
        } catch (NoSuchAlgorithmException e) {
            try {
                keyFactory = KeyFactory.getInstance(EdDSANamedCurveTable.ED_25519, "BC");
                signature = Signature.getInstance(EdDSANamedCurveTable.ED_25519, "BC");
            } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
                throw new R2dbcNonTransientResourceException("Parsec authentication not available. Either use Java 15+ or add BouncyCastle dependency", e);
            }
        }
        try {
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(combineArray(pkcs8Ed25519header, SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512").generateSecret(new PBEKeySpec(charArray, bArr2, 1024 << b2, 256)).getEncoded())));
            byte[] bArr3 = new byte[32];
            SecureRandom.getInstanceStrong().nextBytes(bArr3);
            signature.initSign(generatePrivate);
            signature.update(combineArray(bArr, bArr3));
            return new ParsecAuthPacket(sequencer, bArr3, signature.sign());
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e3) {
            throw new R2dbcNonTransientResourceException("Error during parsec authentication", e3);
        }
    }

    private byte[] combineArray(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }
}
