package org.mariadb.jdbc.internal.com.send.authentication;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicInteger;
import javax.crypto.Cipher;
import org.mariadb.jdbc.authentication.AuthenticationPlugin;
import org.mariadb.jdbc.internal.com.read.Buffer;
import org.mariadb.jdbc.internal.com.read.ErrorPacket;
import org.mariadb.jdbc.internal.io.input.PacketInputStream;
import org.mariadb.jdbc.internal.io.output.PacketOutputStream;
import org.mariadb.jdbc.util.Options;

/* loaded from: input_file:META-INF/bundled-dependencies/mariadb-java-client-2.6.0.jar:org/mariadb/jdbc/internal/com/send/authentication/Sha256PasswordPlugin.class */
public class Sha256PasswordPlugin implements AuthenticationPlugin {
    private String authenticationData;
    private Options options;
    private byte[] seed;

    public static PublicKey readPublicKeyFromFile(String str) throws SQLException {
        try {
            return generatePublicKey(Files.readAllBytes(Paths.get(str, new String[0])));
        } catch (IOException e) {
            throw new SQLException("Could not read server RSA public key from file : serverRsaPublicKeyFile=" + str, "S1009", e);
        }
    }

    public static PublicKey readPublicKeyFromSocket(PacketInputStream packetInputStream, AtomicInteger atomicInteger) throws SQLException, IOException {
        Buffer packet = packetInputStream.getPacket(true);
        atomicInteger.set(packetInputStream.getLastPacketSeq());
        switch (packet.getByteAt(0)) {
            case -2:
                throw new SQLException("Could not connect: receive AuthSwitchRequest in place of RSA public key. Did user has the rights to connect to database ?");
            case -1:
                ErrorPacket errorPacket = new ErrorPacket(packet);
                throw new SQLException("Could not connect: " + errorPacket.getMessage(), errorPacket.getSqlState(), errorPacket.getErrorCode());
            default:
                packet.skipByte();
                return generatePublicKey(packet.readRawBytes(packet.remaining()));
        }
    }

    public static PublicKey generatePublicKey(byte[] bArr) throws SQLException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getMimeDecoder().decode(new String(bArr).replaceAll("(-+BEGIN PUBLIC KEY-+\\r?\\n|\\n?-+END PUBLIC KEY-+\\r?\\n?)", JsonProperty.USE_DEFAULT_NAME))));
        } catch (Exception e) {
            throw new SQLException("Could read server RSA public key: " + e.getMessage(), "S1009", e);
        }
    }

    public static byte[] encrypt(PublicKey publicKey, String str, byte[] bArr, String str2) throws SQLException, UnsupportedEncodingException {
        byte[] copyOfRange = bArr.length > 0 ? Arrays.copyOfRange(bArr, 0, bArr.length - 1) : new byte[0];
        byte[] bytes = (str2 == null || str2.isEmpty()) ? str.getBytes() : str.getBytes(str2);
        byte[] copyOf = Arrays.copyOf(bytes, bytes.length + 1);
        byte[] bArr2 = new byte[copyOf.length];
        int length = copyOfRange.length;
        for (int i = 0; i < bArr2.length; i++) {
            bArr2[i] = (byte) (copyOf[i] ^ copyOfRange[i % length]);
        }
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, publicKey);
            return cipher.doFinal(bArr2);
        } catch (Exception e) {
            throw new SQLException("Could not connect using SHA256 plugin : " + e.getMessage(), "S1009", e);
        }
    }

    @Override // org.mariadb.jdbc.authentication.AuthenticationPlugin
    public String name() {
        return "Sha256 authentication plugin";
    }

    @Override // org.mariadb.jdbc.authentication.AuthenticationPlugin
    public String type() {
        return "sha256_password";
    }

    @Override // org.mariadb.jdbc.authentication.AuthenticationPlugin
    public void initialize(String str, byte[] bArr, Options options) {
        this.seed = bArr;
        this.authenticationData = str;
        this.options = options;
    }

    @Override // org.mariadb.jdbc.authentication.AuthenticationPlugin
    public Buffer process(PacketOutputStream packetOutputStream, PacketInputStream packetInputStream, AtomicInteger atomicInteger) throws IOException, SQLException {
        PublicKey readPublicKeyFromSocket;
        if (this.authenticationData == null || this.authenticationData.isEmpty()) {
            packetOutputStream.writeEmptyPacket(atomicInteger.incrementAndGet());
        } else if (Boolean.TRUE.equals(this.options.useSsl)) {
            packetOutputStream.startPacket(atomicInteger.incrementAndGet());
            packetOutputStream.write((this.options.passwordCharacterEncoding == null || this.options.passwordCharacterEncoding.isEmpty()) ? this.authenticationData.getBytes() : this.authenticationData.getBytes(this.options.passwordCharacterEncoding));
            packetOutputStream.write(0);
            packetOutputStream.flush();
        } else {
            if (this.options.serverRsaPublicKeyFile != null && !this.options.serverRsaPublicKeyFile.isEmpty()) {
                readPublicKeyFromSocket = readPublicKeyFromFile(this.options.serverRsaPublicKeyFile);
            } else {
                if (!this.options.allowPublicKeyRetrieval) {
                    throw new SQLException("RSA public key is not available client side (option serverRsaPublicKeyFile)", "S1009");
                }
                packetOutputStream.startPacket(atomicInteger.incrementAndGet());
                packetOutputStream.write(1);
                packetOutputStream.flush();
                readPublicKeyFromSocket = readPublicKeyFromSocket(packetInputStream, atomicInteger);
            }
            try {
                byte[] encrypt = encrypt(readPublicKeyFromSocket, this.authenticationData, this.seed, this.options.passwordCharacterEncoding);
                packetOutputStream.startPacket(atomicInteger.incrementAndGet());
                packetOutputStream.write(encrypt);
                packetOutputStream.flush();
            } catch (Exception e) {
                throw new SQLException("Could not connect using SHA256 plugin : " + e.getMessage(), "S1009", e);
            }
        }
        Buffer packet = packetInputStream.getPacket(true);
        atomicInteger.set(packetInputStream.getLastPacketSeq());
        return packet;
    }
}
