package com.kingbase8.jre7.sasl;

import com.kingbase8.core.KBStream;
import com.kingbase8.shaded.com.ongres.scram.client.ScramClient;
import com.kingbase8.shaded.com.ongres.scram.client.ScramSession;
import com.kingbase8.shaded.com.ongres.scram.common.exception.ScramException;
import com.kingbase8.shaded.com.ongres.scram.common.exception.ScramInvalidServerSignatureException;
import com.kingbase8.shaded.com.ongres.scram.common.exception.ScramParseException;
import com.kingbase8.shaded.com.ongres.scram.common.exception.ScramServerErrorException;
import com.kingbase8.shaded.com.ongres.scram.common.stringprep.StringPreparations;
import com.kingbase8.util.GT;
import com.kingbase8.util.KBLOGGER;
import com.kingbase8.util.KSQLException;
import com.kingbase8.util.KSQLState;
import com.kingbase8.util.TraceLogger;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.logging.Level;

/* loaded from: input_file:WEB-INF/lib/kingbase8-8.6.0.jar:com/kingbase8/jre7/sasl/ScramAuthenticator.class */
public class ScramAuthenticator {
    private final String userT;
    private final String passwordT;
    private final KBStream kbStream;
    private ScramSession.ClientFinalProcessor clientFinalProcessorT;
    private ScramSession.ServerFirstProcessor serverFirstProcessorT;
    private ScramSession scramSessionT;
    private ScramClient scramClientT;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/kingbase8-8.6.0.jar:com/kingbase8/jre7/sasl/ScramAuthenticator$BodySender.class */
    public interface BodySender {
        void sendBody(KBStream kBStream) throws IOException;
    }

    private void sendAuthenticationMessage(int i, BodySender bodySender) throws IOException {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        this.kbStream.sendChar(112);
        this.kbStream.sendInteger4(4 + i);
        bodySender.sendBody(this.kbStream);
        this.kbStream.flush();
    }

    public ScramAuthenticator(String str, String str2, KBStream kBStream) {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        this.userT = str;
        this.passwordT = str2;
        this.kbStream = kBStream;
    }

    public void processServerMechanismsAndInit() throws IOException, KSQLException {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        ArrayList arrayList = new ArrayList();
        do {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            arrayList.add(this.kbStream.receiveString());
        } while (this.kbStream.peekChar() != 0);
        int receiveChar = this.kbStream.receiveChar();
        if (!$assertionsDisabled && receiveChar != 0) {
            throw new AssertionError();
        }
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        if (arrayList.size() < 1) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            throw new KSQLException(GT.tr("No SCRAM mechanism(s) advertised by the server", new Object[0]), KSQLState.CONNECTION_REJECTED);
        }
        try {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            this.scramClientT = ScramClient.channelBinding(ScramClient.ChannelBinding.NO).stringPreparation(StringPreparations.SASL_PREPARATION).selectMechanismBasedOnServerAdvertised((String[]) arrayList.toArray(new String[0])).setup();
            if (KBLOGGER.isLoggable(Level.FINEST)) {
                TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                KBLOGGER.log(Level.FINEST, " Using SCRAM mechanism-- {0}", this.scramClientT.getScramMechanism().getName());
            }
            this.scramSessionT = this.scramClientT.scramSession("*");
        } catch (IllegalArgumentException e) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            throw new KSQLException(GT.tr("Invalid or unsupported by client SCRAM mechanisms", e), KSQLState.CONNECTION_REJECTED);
        }
    }

    public void sendScramClientFirstMessage() throws IOException {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        String clientFirstMessage = this.scramSessionT.clientFirstMessage();
        KBLOGGER.log(Level.FINEST, " FE=> SASLInitialResponse( {0} )", clientFirstMessage);
        final byte[] bytes = this.scramClientT.getScramMechanism().getName().getBytes(StandardCharsets.UTF_8);
        final byte[] bytes2 = clientFirstMessage.getBytes(StandardCharsets.UTF_8);
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        sendAuthenticationMessage(bytes.length + 1 + 4 + bytes2.length, new BodySender() { // from class: com.kingbase8.jre7.sasl.ScramAuthenticator.1
            @Override // com.kingbase8.jre7.sasl.ScramAuthenticator.BodySender
            public void sendBody(KBStream kBStream) throws IOException {
                TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                kBStream.send(bytes);
                kBStream.sendChar(0);
                kBStream.sendInteger4(bytes2.length);
                kBStream.send(bytes2);
            }
        });
    }

    public void processServerFirstMessage(int i) throws IOException, KSQLException {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        String receiveString = this.kbStream.receiveString(i);
        KBLOGGER.log(Level.FINEST, " <=BE AuthenticationSASLContinue( {0} )", receiveString);
        try {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            this.serverFirstProcessorT = this.scramSessionT.receiveServerFirstMessage(receiveString);
            if (KBLOGGER.isLoggable(Level.FINEST)) {
                TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                KBLOGGER.log(Level.FINEST, " <=BE AuthenticationSASLContinue(salt={0}, iterations={1})", this.serverFirstProcessorT.getSalt(), Integer.valueOf(this.serverFirstProcessorT.getIteration()));
            }
            this.clientFinalProcessorT = this.serverFirstProcessorT.clientFinalProcessor(this.passwordT);
            String clientFinalMessage = this.clientFinalProcessorT.clientFinalMessage();
            KBLOGGER.log(Level.FINEST, " FE=> SASLResponse( {0} )", clientFinalMessage);
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            final byte[] bytes = clientFinalMessage.getBytes(StandardCharsets.UTF_8);
            sendAuthenticationMessage(bytes.length, new BodySender() { // from class: com.kingbase8.jre7.sasl.ScramAuthenticator.2
                @Override // com.kingbase8.jre7.sasl.ScramAuthenticator.BodySender
                public void sendBody(KBStream kBStream) throws IOException {
                    TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                    kBStream.send(bytes);
                }
            });
        } catch (ScramException e) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            throw new KSQLException(GT.tr("Invalid server-first-message: {0}", receiveString), KSQLState.CONNECTION_REJECTED, e);
        }
    }

    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable, com.kingbase8.shaded.com.ongres.scram.common.exception.ScramServerErrorException] */
    public void verifyServerSignature(int i) throws IOException, KSQLException {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        String receiveString = this.kbStream.receiveString(i);
        KBLOGGER.log(Level.FINEST, " <=BE AuthenticationSASLFinal( {0} )", receiveString);
        try {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            this.clientFinalProcessorT.receiveServerFinalMessage(receiveString);
        } catch (ScramInvalidServerSignatureException e) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            throw new KSQLException(GT.tr("Invalid server SCRAM signature", new Object[0]), KSQLState.CONNECTION_REJECTED, e);
        } catch (ScramParseException e2) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            throw new KSQLException(GT.tr("Invalid server-final-message: {0}", receiveString), KSQLState.CONNECTION_REJECTED, e2);
        } catch (ScramServerErrorException e3) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            throw new KSQLException(GT.tr("SCRAM authentication failed, server returned _error: {0}", e3.getError().getErrorMessage()), KSQLState.CONNECTION_REJECTED, e3);
        }
    }

    static {
        $assertionsDisabled = !ScramAuthenticator.class.desiredAssertionStatus();
    }
}
