package org.apache.shardingsphere.proxy.frontend.mysql.authentication;

import com.google.common.base.Strings;
import java.util.Arrays;
import java.util.Collection;
import java.util.Optional;
import lombok.Generated;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
import org.apache.shardingsphere.infra.executor.check.SQLCheckEngine;
import org.apache.shardingsphere.infra.metadata.user.Grantee;
import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;

/* loaded from: input_file:org/apache/shardingsphere/proxy/frontend/mysql/authentication/MySQLAuthenticationHandler.class */
public final class MySQLAuthenticationHandler {
    private static final ProxyContext PROXY_SCHEMA_CONTEXTS = ProxyContext.getInstance();
    private final MySQLAuthPluginData authPluginData = new MySQLAuthPluginData();

    public Optional<MySQLServerErrorCode> login(String str, String str2, byte[] bArr, String str3) {
        Grantee grantee = new Grantee(str, str2);
        Collection rules = ProxyContext.getInstance().getRules(str3);
        return !SQLCheckEngine.check(grantee, (obj, obj2) -> {
            return isPasswordRight((ShardingSphereUser) obj, (byte[]) obj2);
        }, bArr, rules) ? Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR) : (null == str3 || SQLCheckEngine.check(str3, rules, grantee)) ? Optional.empty() : Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
    }

    private boolean isPasswordRight(ShardingSphereUser shardingSphereUser, byte[] bArr) {
        return Strings.isNullOrEmpty(shardingSphereUser.getPassword()) || Arrays.equals(getAuthCipherBytes(shardingSphereUser.getPassword()), bArr);
    }

    private byte[] getAuthCipherBytes(String str) {
        byte[] sha1 = DigestUtils.sha1(str);
        byte[] sha12 = DigestUtils.sha1(sha1);
        byte[] bArr = new byte[this.authPluginData.getAuthenticationPluginData().length + sha12.length];
        System.arraycopy(this.authPluginData.getAuthenticationPluginData(), 0, bArr, 0, this.authPluginData.getAuthenticationPluginData().length);
        System.arraycopy(sha12, 0, bArr, this.authPluginData.getAuthenticationPluginData().length, sha12.length);
        return xor(sha1, DigestUtils.sha1(bArr));
    }

    private byte[] xor(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length];
        for (int i = 0; i < bArr.length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    @Generated
    public MySQLAuthPluginData getAuthPluginData() {
        return this.authPluginData;
    }
}
