package com.rethinkdb.net;

import com.rethinkdb.gen.exc.ReqlAuthError;
import com.rethinkdb.gen.exc.ReqlDriverError;
import com.rethinkdb.gen.proto.Protocol;
import com.rethinkdb.gen.proto.Version;
import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.util.Optional;
import org.json.simple.JSONObject;

/* loaded from: input_file:com/rethinkdb/net/Handshake.class */
public class Handshake {
    static final Version VERSION = Version.V1_0;
    static final Long SUB_PROTOCOL_VERSION = 0L;
    static final Protocol PROTOCOL = Protocol.JSON;
    private static final String CLIENT_KEY = "Client Key";
    private static final String SERVER_KEY = "Server Key";
    private final String username;
    private final String password;
    private ProtocolState state;

    /* loaded from: input_file:com/rethinkdb/net/Handshake$HandshakeSuccess.class */
    private class HandshakeSuccess implements ProtocolState {
        private HandshakeSuccess() {
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public ProtocolState nextState(String str) {
            return this;
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public Optional<ByteBuffer> toSend() {
            return Optional.empty();
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public boolean isFinished() {
            return true;
        }
    }

    /* loaded from: input_file:com/rethinkdb/net/Handshake$InitialState.class */
    private class InitialState implements ProtocolState {
        private final String nonce = Crypto.makeNonce();
        private final String username;
        private final byte[] password;

        InitialState(String str, String str2) {
            this.username = str;
            this.password = Util.toUTF8(str2);
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public ProtocolState nextState(String str) {
            if (str != null) {
                throw new ReqlDriverError("Unexpected response");
            }
            ScramAttributes nonce = ScramAttributes.create().username(this.username).nonce(this.nonce);
            byte[] utf8 = Util.toUTF8("{\"protocol_version\":" + Handshake.SUB_PROTOCOL_VERSION + ",\"authentication_method\":\"SCRAM-SHA-256\",\"authentication\":\"n,," + nonce + "\"}");
            return new WaitingForProtocolRange(this.nonce, this.password, nonce, Util.leByteBuffer(4 + utf8.length + 1).putInt(Handshake.VERSION.value).put(utf8).put(new byte[1]));
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public Optional<ByteBuffer> toSend() {
            return Optional.empty();
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public boolean isFinished() {
            return false;
        }
    }

    /* loaded from: input_file:com/rethinkdb/net/Handshake$ProtocolState.class */
    private interface ProtocolState {
        ProtocolState nextState(String str);

        Optional<ByteBuffer> toSend();

        boolean isFinished();
    }

    /* loaded from: input_file:com/rethinkdb/net/Handshake$WaitingForAuthResponse.class */
    private class WaitingForAuthResponse implements ProtocolState {
        private final String nonce;
        private final byte[] password;
        private final ScramAttributes clientFirstMessageBare;

        WaitingForAuthResponse(String str, byte[] bArr, ScramAttributes scramAttributes) {
            this.nonce = str;
            this.password = bArr;
            this.clientFirstMessageBare = scramAttributes;
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public ProtocolState nextState(String str) {
            JSONObject json = Util.toJSON(str);
            Handshake.this.throwIfFailure(json);
            String str2 = (String) json.get("authentication");
            ScramAttributes from = ScramAttributes.from(str2);
            if (!from.nonce().startsWith(this.nonce)) {
                throw new ReqlAuthError("Invalid nonce from server");
            }
            ScramAttributes nonce = ScramAttributes.create().headerAndChannelBinding("biws").nonce(from.nonce());
            byte[] pbkdf2 = Crypto.pbkdf2(this.password, from.salt(), from.iterationCount());
            byte[] hmac = Crypto.hmac(pbkdf2, Handshake.CLIENT_KEY);
            byte[] sha256 = Crypto.sha256(hmac);
            String str3 = this.clientFirstMessageBare + "," + str2 + "," + nonce;
            byte[] xor = Crypto.xor(hmac, Crypto.hmac(sha256, str3));
            byte[] hmac2 = Crypto.hmac(Crypto.hmac(pbkdf2, Handshake.SERVER_KEY), str3);
            byte[] utf8 = Util.toUTF8("{\"authentication\":\"" + nonce.clientProof(xor) + "\"}");
            return new WaitingForAuthSuccess(hmac2, Util.leByteBuffer(utf8.length + 1).put(utf8).put(new byte[1]));
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public Optional<ByteBuffer> toSend() {
            return Optional.empty();
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public boolean isFinished() {
            return false;
        }
    }

    /* loaded from: input_file:com/rethinkdb/net/Handshake$WaitingForAuthSuccess.class */
    private class WaitingForAuthSuccess implements ProtocolState {
        private final byte[] serverSignature;
        private final ByteBuffer message;

        public WaitingForAuthSuccess(byte[] bArr, ByteBuffer byteBuffer) {
            this.serverSignature = bArr;
            this.message = byteBuffer;
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public ProtocolState nextState(String str) {
            JSONObject json = Util.toJSON(str);
            Handshake.this.throwIfFailure(json);
            if (MessageDigest.isEqual(ScramAttributes.from((String) json.get("authentication")).serverSignature(), this.serverSignature)) {
                return new HandshakeSuccess();
            }
            throw new ReqlAuthError("Invalid server signature");
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public Optional<ByteBuffer> toSend() {
            return Optional.of(this.message);
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public boolean isFinished() {
            return false;
        }
    }

    /* loaded from: input_file:com/rethinkdb/net/Handshake$WaitingForProtocolRange.class */
    private class WaitingForProtocolRange implements ProtocolState {
        private final String nonce;
        private final ByteBuffer message;
        private final ScramAttributes clientFirstMessageBare;
        private final byte[] password;

        WaitingForProtocolRange(String str, byte[] bArr, ScramAttributes scramAttributes, ByteBuffer byteBuffer) {
            this.nonce = str;
            this.password = bArr;
            this.clientFirstMessageBare = scramAttributes;
            this.message = byteBuffer;
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public ProtocolState nextState(String str) {
            JSONObject json = Util.toJSON(str);
            Handshake.this.throwIfFailure(json);
            Long l = (Long) json.get("min_protocol_version");
            Long l2 = (Long) json.get("max_protocol_version");
            if (Handshake.SUB_PROTOCOL_VERSION.longValue() < l.longValue() || Handshake.SUB_PROTOCOL_VERSION.longValue() > l2.longValue()) {
                throw new ReqlDriverError("Unsupported protocol version " + Handshake.SUB_PROTOCOL_VERSION + ", expected between " + l + " and " + l2);
            }
            return new WaitingForAuthResponse(this.nonce, this.password, this.clientFirstMessageBare);
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public Optional<ByteBuffer> toSend() {
            return Optional.of(this.message);
        }

        @Override // com.rethinkdb.net.Handshake.ProtocolState
        public boolean isFinished() {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void throwIfFailure(JSONObject jSONObject) {
        if (((Boolean) jSONObject.get("success")).booleanValue()) {
            return;
        }
        Long l = (Long) jSONObject.get("error_code");
        if (l.longValue() >= 10 && l.longValue() <= 20) {
            throw new ReqlAuthError((String) jSONObject.get("error"));
        }
        throw new ReqlDriverError((String) jSONObject.get("error"));
    }

    public Handshake(String str, String str2) {
        this.username = str;
        this.password = str2;
        this.state = new InitialState(str, str2);
    }

    public void reset() {
        this.state = new InitialState(this.username, this.password);
    }

    public Optional<ByteBuffer> nextMessage(String str) {
        this.state = this.state.nextState(str);
        return this.state.toSend();
    }

    public boolean isFinished() {
        return this.state.isFinished();
    }
}
