package org.mariadb.jdbc.plugin.authentication.standard;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.SQLException;
import java.util.Arrays;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.mariadb.jdbc.Configuration;
import org.mariadb.jdbc.HostAddress;
import org.mariadb.jdbc.client.Context;
import org.mariadb.jdbc.client.ReadableByteBuf;
import org.mariadb.jdbc.client.socket.Reader;
import org.mariadb.jdbc.client.socket.Writer;
import org.mariadb.jdbc.plugin.AuthenticationPlugin;
import org.mariadb.jdbc.plugin.Credential;
import org.mariadb.jdbc.plugin.authentication.standard.ed25519.math.ed25519.Ed25519ScalarOps;
import org.mariadb.jdbc.plugin.authentication.standard.ed25519.spec.EdDSANamedCurveSpec;
import org.mariadb.jdbc.plugin.authentication.standard.ed25519.spec.EdDSANamedCurveTable;

/* loaded from: input_file:org/mariadb/jdbc/plugin/authentication/standard/Ed25519PasswordPlugin.class */
public class Ed25519PasswordPlugin implements AuthenticationPlugin {
    private String authenticationData;
    private byte[] seed;

    private static byte[] ed25519SignWithPassword(String str, byte[] bArr) throws SQLException {
        try {
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_512);
            int length = bArr.length;
            byte[] bArr2 = new byte[64 + length];
            byte[] digest = messageDigest.digest(bytes);
            digest[0] = (byte) (digest[0] & (-8));
            digest[31] = (byte) (digest[31] & 63);
            digest[31] = (byte) (digest[31] | 64);
            System.arraycopy(bArr, 0, bArr2, 64, length);
            System.arraycopy(digest, 32, bArr2, 32, 32);
            byte[] copyOfRange = Arrays.copyOfRange(bArr2, 32, 96);
            messageDigest.reset();
            byte[] digest2 = messageDigest.digest(copyOfRange);
            Ed25519ScalarOps ed25519ScalarOps = new Ed25519ScalarOps();
            EdDSANamedCurveSpec byName = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519);
            byte[] byteArray = byName.getB().scalarMultiply(digest).toByteArray();
            System.arraycopy(byteArray, 0, bArr2, 32, byteArray.length);
            byte[] reduce = ed25519ScalarOps.reduce(digest2);
            byte[] byteArray2 = byName.getB().scalarMultiply(reduce).toByteArray();
            System.arraycopy(byteArray2, 0, bArr2, 0, byteArray2.length);
            messageDigest.reset();
            byte[] multiplyAndAdd = ed25519ScalarOps.multiplyAndAdd(ed25519ScalarOps.reduce(messageDigest.digest(bArr2)), digest, reduce);
            System.arraycopy(multiplyAndAdd, 0, bArr2, 32, multiplyAndAdd.length);
            return Arrays.copyOfRange(bArr2, 0, 64);
        } catch (NoSuchAlgorithmException e) {
            throw new SQLException("Could not use SHA-512, failing", e);
        }
    }

    public Ed25519PasswordPlugin(String str, byte[] bArr, Configuration configuration, HostAddress hostAddress) {
        this.seed = bArr;
        this.authenticationData = str;
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public ReadableByteBuf process(Writer writer, Reader reader, Context context) throws SQLException, IOException {
        if (this.authenticationData == null) {
            writer.writeEmptyPacket();
        } else {
            writer.writeBytes(ed25519SignWithPassword(this.authenticationData, this.seed));
            writer.flush();
        }
        return reader.readReusablePacket();
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public boolean isMitMProof() {
        return true;
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public byte[] hash(Credential credential) {
        try {
            byte[] bytes = credential.getPassword().getBytes(StandardCharsets.UTF_8);
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_512);
            int length = this.seed.length;
            byte[] bArr = new byte[64 + length];
            byte[] digest = messageDigest.digest(bytes);
            digest[0] = (byte) (digest[0] & (-8));
            digest[31] = (byte) (digest[31] & 63);
            digest[31] = (byte) (digest[31] | 64);
            System.arraycopy(this.seed, 0, bArr, 64, length);
            System.arraycopy(digest, 32, bArr, 32, 32);
            byte[] copyOfRange = Arrays.copyOfRange(bArr, 32, 96);
            messageDigest.reset();
            messageDigest.digest(copyOfRange);
            byte[] byteArray = EdDSANamedCurveTable.getByName(EdDSANamedCurveTable.ED_25519).getB().scalarMultiply(digest).toByteArray();
            System.arraycopy(byteArray, 0, bArr, 32, byteArray.length);
            return byteArray;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Could not use SHA-512, failing", e);
        }
    }
}
