package org.mariadb.jdbc.plugin.authentication.standard;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import org.mariadb.jdbc.Configuration;
import org.mariadb.jdbc.client.Context;
import org.mariadb.jdbc.client.ReadableByteBuf;
import org.mariadb.jdbc.client.socket.Reader;
import org.mariadb.jdbc.client.socket.Writer;
import org.mariadb.jdbc.export.SslMode;
import org.mariadb.jdbc.message.client.AuthMoreRawPacket;
import org.mariadb.jdbc.message.server.AuthSwitchPacket;
import org.mariadb.jdbc.plugin.AuthenticationPlugin;

/* loaded from: input_file:org/mariadb/jdbc/plugin/authentication/standard/CachingSha2PasswordPlugin.class */
public class CachingSha2PasswordPlugin implements AuthenticationPlugin {
    public static final String TYPE = "caching_sha2_password";
    private String authenticationData;
    private byte[] seed;
    private Configuration conf;

    public static byte[] sha256encryptPassword(CharSequence charSequence, byte[] bArr) {
        if (charSequence == null) {
            return new byte[0];
        }
        byte[] truncatedSeed = AuthSwitchPacket.getTruncatedSeed(bArr);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] digest = messageDigest.digest(charSequence.toString().getBytes(StandardCharsets.UTF_8));
            messageDigest.reset();
            byte[] digest2 = messageDigest.digest(digest);
            messageDigest.reset();
            messageDigest.update(digest2);
            messageDigest.update(truncatedSeed);
            byte[] digest3 = messageDigest.digest();
            byte[] bArr2 = new byte[digest3.length];
            for (int i = 0; i < digest3.length; i++) {
                bArr2[i] = (byte) (digest[i] ^ digest3[i]);
            }
            return bArr2;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not use SHA-256, failing", e);
        }
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public String type() {
        return TYPE;
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public void initialize(String str, byte[] bArr, Configuration configuration) {
        this.seed = bArr;
        this.authenticationData = str;
        this.conf = configuration;
    }

    @Override // org.mariadb.jdbc.plugin.AuthenticationPlugin
    public ReadableByteBuf process(Writer writer, Reader reader, Context context) {
        PublicKey generatePublicKey;
        new AuthMoreRawPacket(sha256encryptPassword(this.authenticationData, this.seed)).encode(writer, context);
        ReadableByteBuf readReusablePacket = reader.readReusablePacket();
        switch (readReusablePacket.getByte()) {
            case -1:
            case 0:
                return readReusablePacket;
            default:
                byte[] bArr = new byte[readReusablePacket.readIntLengthEncodedNotNull()];
                readReusablePacket.readBytes(bArr);
                switch (bArr[0]) {
                    case 3:
                        return reader.readReusablePacket();
                    case 4:
                        if (this.conf.sslMode() != SslMode.DISABLE) {
                            byte[] bytes = this.authenticationData.getBytes();
                            byte[] bArr2 = new byte[bytes.length + 1];
                            System.arraycopy(bytes, 0, bArr2, 0, bytes.length);
                            new AuthMoreRawPacket(bArr2).encode(writer, context);
                            writer.flush();
                        } else {
                            if (this.conf.serverRsaPublicKeyFile() == null) {
                                if (!this.conf.allowPublicKeyRetrieval()) {
                                    throw new SQLException("RSA public key is not available client side (option serverRsaPublicKeyFile not set)", "S1009");
                                }
                                writer.writeByte(2);
                                writer.flush();
                                ReadableByteBuf readReusablePacket2 = reader.readReusablePacket();
                                switch (readReusablePacket2.getByte(0)) {
                                    case -2:
                                    case -1:
                                        return readReusablePacket2;
                                    default:
                                        readReusablePacket2.skip();
                                        byte[] bArr3 = new byte[readReusablePacket2.readableBytes()];
                                        readReusablePacket2.readBytes(bArr3);
                                        generatePublicKey = generatePublicKey(bArr3);
                                        break;
                                }
                            } else {
                                generatePublicKey = this.conf.serverRsaPublicKeyFile().contains("BEGIN PUBLIC KEY") ? generatePublicKey(this.conf.serverRsaPublicKeyFile().getBytes()) : readPublicKeyFromFile(this.conf.serverRsaPublicKeyFile());
                            }
                            writer.writeBytes(encrypt(generatePublicKey, this.authenticationData, this.seed));
                            writer.flush();
                        }
                        return reader.readReusablePacket();
                    default:
                        throw new SQLException("Protocol exchange error. Expect login success or RSA login request message", "S1009");
                }
        }
    }

    public static PublicKey readPublicKeyFromFile(String str) {
        try {
            return generatePublicKey(Files.readAllBytes(Paths.get(str, new String[0])));
        } catch (IOException e) {
            throw new SQLException("Could not read server RSA public key from file : serverRsaPublicKeyFile=" + str, "S1009", e);
        }
    }

    public static PublicKey generatePublicKey(byte[] bArr) {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getMimeDecoder().decode(new String(bArr, StandardCharsets.US_ASCII).replaceAll("(-+BEGIN PUBLIC KEY-+\\r?\\n|\\n?-+END PUBLIC KEY-+\\r?\\n?)", ""))));
        } catch (Exception e) {
            throw new SQLException("Could read server RSA public key: " + e.getMessage(), "S1009", e);
        }
    }

    public static byte[] encrypt(PublicKey publicKey, String str, byte[] bArr) {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, bArr.length - 1);
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] copyOf = Arrays.copyOf(bytes, bytes.length + 1);
        byte[] bArr2 = new byte[copyOf.length];
        int length = copyOfRange.length;
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = (byte) (copyOf[i] ^ copyOfRange[i % length]);
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, publicKey);
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            throw new SQLException("Error encoding password with public key : " + e.getMessage(), "S1009", e);
        }
    }
}
