package begad.libs.mariadb.jdbc.internal.com.send.authentication;

import begad.libs.mariadb.jdbc.authentication.AuthenticationPlugin;
import begad.libs.mariadb.jdbc.internal.com.read.Buffer;
import begad.libs.mariadb.jdbc.internal.io.input.PacketInputStream;
import begad.libs.mariadb.jdbc.internal.io.output.PacketOutputStream;
import begad.libs.mariadb.jdbc.util.Options;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: input_file:begad/libs/mariadb/jdbc/internal/com/send/authentication/CachingSha2PasswordPlugin.class */
public class CachingSha2PasswordPlugin implements AuthenticationPlugin {
    public static final String TYPE = "caching_sha2_password";
    private String authenticationData;
    private byte[] seed;
    private Options options;

    public static byte[] sha256encryptPassword(String str, byte[] bArr, String str2) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        if (str == null || str.isEmpty()) {
            return new byte[0];
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        byte[] digest = messageDigest.digest((str2 == null || str2.isEmpty()) ? str.getBytes() : str.getBytes(str2));
        messageDigest.reset();
        byte[] digest2 = messageDigest.digest(digest);
        messageDigest.reset();
        messageDigest.update(digest2);
        messageDigest.update(bArr);
        byte[] digest3 = messageDigest.digest();
        byte[] bArr2 = new byte[digest3.length];
        for (int i = 0; i < digest3.length; i++) {
            bArr2[i] = (byte) (digest[i] ^ digest3[i]);
        }
        return bArr2;
    }

    @Override // begad.libs.mariadb.jdbc.authentication.AuthenticationPlugin
    public String name() {
        return "caching sha2 password";
    }

    @Override // begad.libs.mariadb.jdbc.authentication.AuthenticationPlugin
    public String type() {
        return TYPE;
    }

    @Override // begad.libs.mariadb.jdbc.authentication.AuthenticationPlugin
    public void initialize(String str, byte[] bArr, Options options) {
        this.seed = bArr;
        this.authenticationData = str;
        this.options = options;
    }

    @Override // begad.libs.mariadb.jdbc.authentication.AuthenticationPlugin
    public Buffer process(PacketOutputStream packetOutputStream, PacketInputStream packetInputStream, AtomicInteger atomicInteger) throws IOException, SQLException {
        PublicKey readPublicKeyFromSocket;
        if (this.authenticationData == null || this.authenticationData.isEmpty()) {
            packetOutputStream.writeEmptyPacket(atomicInteger.incrementAndGet());
        } else {
            try {
                packetOutputStream.startPacket(atomicInteger.incrementAndGet());
                packetOutputStream.write(sha256encryptPassword(this.authenticationData, this.seed.length > 0 ? Arrays.copyOfRange(this.seed, 0, this.seed.length - 1) : new byte[0], this.options.passwordCharacterEncoding));
                packetOutputStream.flush();
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Could not use SHA-256, failing", e);
            }
        }
        Buffer packet = packetInputStream.getPacket(true);
        atomicInteger.set(packetInputStream.getLastPacketSeq());
        switch (packet.getByteAt(0)) {
            case -1:
            case 0:
                return packet;
            default:
                switch (packet.getLengthEncodedBytes()[0]) {
                    case 3:
                        Buffer packet2 = packetInputStream.getPacket(true);
                        atomicInteger.set(packetInputStream.getLastPacketSeq());
                        return packet2;
                    case 4:
                        if (Boolean.TRUE.equals(this.options.useSsl)) {
                            packetOutputStream.startPacket(atomicInteger.incrementAndGet());
                            packetOutputStream.write((this.options.passwordCharacterEncoding == null || this.options.passwordCharacterEncoding.isEmpty()) ? this.authenticationData.getBytes() : this.authenticationData.getBytes(this.options.passwordCharacterEncoding));
                            packetOutputStream.write(0);
                            packetOutputStream.flush();
                        } else {
                            if (this.options.serverRsaPublicKeyFile != null && !this.options.serverRsaPublicKeyFile.isEmpty()) {
                                readPublicKeyFromSocket = Sha256PasswordPlugin.readPublicKeyFromFile(this.options.serverRsaPublicKeyFile);
                            } else {
                                if (!this.options.allowPublicKeyRetrieval) {
                                    throw new SQLException("RSA public key is not available client side (option serverRsaPublicKeyFile not set)", "S1009");
                                }
                                packetOutputStream.startPacket(atomicInteger.incrementAndGet());
                                packetOutputStream.write(2);
                                packetOutputStream.flush();
                                readPublicKeyFromSocket = Sha256PasswordPlugin.readPublicKeyFromSocket(packetInputStream, atomicInteger);
                            }
                            try {
                                byte[] encrypt = Sha256PasswordPlugin.encrypt(readPublicKeyFromSocket, this.authenticationData, this.seed, this.options.passwordCharacterEncoding);
                                packetOutputStream.startPacket(atomicInteger.incrementAndGet());
                                packetOutputStream.write(encrypt);
                                packetOutputStream.flush();
                            } catch (Exception e2) {
                                throw new SQLException("Could not connect using SHA256 plugin : " + e2.getMessage(), "S1009", e2);
                            }
                        }
                        Buffer packet3 = packetInputStream.getPacket(true);
                        atomicInteger.set(packetInputStream.getLastPacketSeq());
                        return packet3;
                    default:
                        throw new SQLException("Protocol exchange error. Expect login success or RSA login request message", "S1009");
                }
        }
    }
}
