package io.r2dbc.postgresql.authentication;

import com.ongres.scram.client.ScramClient;
import com.ongres.scram.client.ScramSession;
import com.ongres.scram.common.exception.ScramInvalidServerSignatureException;
import com.ongres.scram.common.exception.ScramParseException;
import com.ongres.scram.common.exception.ScramServerErrorException;
import com.ongres.scram.common.stringprep.StringPreparations;
import io.r2dbc.postgresql.message.backend.AuthenticationMessage;
import io.r2dbc.postgresql.message.backend.AuthenticationSASL;
import io.r2dbc.postgresql.message.backend.AuthenticationSASLContinue;
import io.r2dbc.postgresql.message.backend.AuthenticationSASLFinal;
import io.r2dbc.postgresql.message.frontend.FrontendMessage;
import io.r2dbc.postgresql.message.frontend.SASLInitialResponse;
import io.r2dbc.postgresql.message.frontend.SASLResponse;
import io.r2dbc.postgresql.util.Assert;
import io.r2dbc.postgresql.util.ByteBufferUtils;
import reactor.core.Exceptions;
import reactor.util.annotation.Nullable;

/* loaded from: input_file:BOOT-INF/lib/r2dbc-postgresql-0.8.10.RELEASE.jar:io/r2dbc/postgresql/authentication/SASLAuthenticationHandler.class */
public class SASLAuthenticationHandler implements AuthenticationHandler {
    private final CharSequence password;
    private final String username;
    private ScramSession.ClientFinalProcessor clientFinalProcessor;
    private ScramSession scramSession;

    public SASLAuthenticationHandler(CharSequence charSequence, String str) {
        this.password = (CharSequence) Assert.requireNonNull(charSequence, "password must not be null");
        this.username = (String) Assert.requireNonNull(str, "username must not be null");
    }

    public static boolean supports(AuthenticationMessage authenticationMessage) {
        Assert.requireNonNull(authenticationMessage, "message must not be null");
        return (authenticationMessage instanceof AuthenticationSASL) || (authenticationMessage instanceof AuthenticationSASLContinue) || (authenticationMessage instanceof AuthenticationSASLFinal);
    }

    @Override // io.r2dbc.postgresql.authentication.AuthenticationHandler
    public FrontendMessage handle(AuthenticationMessage authenticationMessage) {
        if (authenticationMessage instanceof AuthenticationSASL) {
            return handleAuthenticationSASL((AuthenticationSASL) authenticationMessage);
        }
        if (authenticationMessage instanceof AuthenticationSASLContinue) {
            return handleAuthenticationSASLContinue((AuthenticationSASLContinue) authenticationMessage);
        }
        if (authenticationMessage instanceof AuthenticationSASLFinal) {
            return handleAuthenticationSASLFinal((AuthenticationSASLFinal) authenticationMessage);
        }
        throw new IllegalArgumentException(String.format("Cannot handle %s message", authenticationMessage.getClass().getSimpleName()));
    }

    private FrontendMessage handleAuthenticationSASL(AuthenticationSASL authenticationSASL) {
        ScramClient upVar = ScramClient.channelBinding(ScramClient.ChannelBinding.NO).stringPreparation(StringPreparations.NO_PREPARATION).selectMechanismBasedOnServerAdvertised((String[]) authenticationSASL.getAuthenticationMechanisms().toArray(new String[0])).setup();
        this.scramSession = upVar.scramSession(this.username);
        return new SASLInitialResponse(ByteBufferUtils.encode(this.scramSession.clientFirstMessage()), upVar.getScramMechanism().getName());
    }

    private FrontendMessage handleAuthenticationSASLContinue(AuthenticationSASLContinue authenticationSASLContinue) {
        try {
            this.clientFinalProcessor = this.scramSession.receiveServerFirstMessage(ByteBufferUtils.decode(authenticationSASLContinue.getData())).clientFinalProcessor(this.password.toString());
            return new SASLResponse(ByteBufferUtils.encode(this.clientFinalProcessor.clientFinalMessage()));
        } catch (ScramParseException e) {
            throw Exceptions.propagate(e);
        }
    }

    @Nullable
    private FrontendMessage handleAuthenticationSASLFinal(AuthenticationSASLFinal authenticationSASLFinal) {
        try {
            this.clientFinalProcessor.receiveServerFinalMessage(ByteBufferUtils.decode(authenticationSASLFinal.getAdditionalData()));
            return null;
        } catch (ScramInvalidServerSignatureException | ScramParseException | ScramServerErrorException e) {
            throw Exceptions.propagate(e);
        }
    }
}
