package org.firebirdsql.gds.ng.wire.auth;

import java.io.IOException;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import org.firebirdsql.gds.BlrConstants;
import org.firebirdsql.gds.ClumpletReader;
import org.firebirdsql.gds.ConnectionParameterBuffer;
import org.firebirdsql.gds.ISCConstants;
import org.firebirdsql.gds.ParameterTagMapping;
import org.firebirdsql.gds.ng.FbExceptionBuilder;
import org.firebirdsql.gds.ng.IAttachProperties;
import org.firebirdsql.gds.ng.wire.auth.AuthenticationPlugin;
import org.firebirdsql.logging.Logger;
import org.firebirdsql.logging.LoggerFactory;

/* loaded from: input_file:org/firebirdsql/gds/ng/wire/auth/ClientAuthBlock.class */
public final class ClientAuthBlock {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ClientAuthBlock.class);
    private static final Pattern AUTH_PLUGIN_LIST_SPLIT = Pattern.compile("[ \t,;]+");
    private final IAttachProperties<?> attachProperties;
    private LinkedList<AuthenticationPluginSpi> pluginProviders;
    private AuthenticationPlugin currentPlugin;
    private boolean authComplete;
    private final Set<String> serverPlugins = new LinkedHashSet();
    private boolean firstTime = true;

    public ClientAuthBlock(IAttachProperties<?> iAttachProperties) throws SQLException {
        this.attachProperties = iAttachProperties;
        resetClient(null);
    }

    public String getLogin() {
        return this.attachProperties.getUser();
    }

    public String getNormalizedLogin() {
        return normalizeLogin(getLogin());
    }

    public String getPassword() {
        return this.attachProperties.getPassword();
    }

    public boolean isAuthComplete() {
        return this.authComplete;
    }

    public void setAuthComplete(boolean z) {
        this.authComplete = z;
    }

    public String getCurrentPluginName() {
        if (this.currentPlugin != null) {
            return this.currentPlugin.getName();
        }
        return null;
    }

    public String getPluginNames() {
        return getPluginNames(this.pluginProviders);
    }

    public byte[] getClientData() {
        if (this.currentPlugin != null) {
            return this.currentPlugin.getClientData();
        }
        return null;
    }

    public void setFirstTime(boolean z) {
        this.firstTime = z;
    }

    public boolean isFirstTime() {
        return this.firstTime;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:7:0x004b. Please report as an issue. */
    public void authenticateStep0() throws SQLException {
        Iterator<AuthenticationPluginSpi> it = this.pluginProviders.iterator();
        while (it.hasNext()) {
            AuthenticationPlugin createPlugin = it.next().createPlugin();
            log.debug("Trying authentication plugin " + createPlugin);
            try {
                switch (createPlugin.authenticate(this)) {
                    case AUTH_SUCCESS:
                    case AUTH_MORE_DATA:
                        this.currentPlugin = createPlugin;
                        return;
                    case AUTH_CONTINUE:
                        it.remove();
                }
            } catch (SQLException e) {
                throw new FbExceptionBuilder().exception(ISCConstants.isc_login).cause(e).toFlatSQLException();
            }
        }
    }

    public void resetClient(byte[] bArr) throws SQLException {
        if (bArr != null) {
            if (this.currentPlugin != null && this.currentPlugin.hasServerData()) {
                return;
            }
            ClumpletReader clumpletReader = new ClumpletReader(ClumpletReader.Kind.UnTagged, bArr);
            if (clumpletReader.find(2)) {
                String string = clumpletReader.getString(StandardCharsets.US_ASCII);
                this.serverPlugins.clear();
                this.serverPlugins.addAll(Arrays.asList(AUTH_PLUGIN_LIST_SPLIT.split(string)));
            }
        }
        this.firstTime = true;
        this.currentPlugin = null;
        this.pluginProviders = new LinkedList<>(getSupportedPluginProviders());
        if (this.serverPlugins.isEmpty()) {
            return;
        }
        LinkedList<AuthenticationPluginSpi> linkedList = new LinkedList<>();
        Iterator<AuthenticationPluginSpi> it = this.pluginProviders.iterator();
        while (it.hasNext()) {
            AuthenticationPluginSpi next = it.next();
            if (this.serverPlugins.contains(next.getPluginName())) {
                linkedList.add(next);
            }
        }
        if (linkedList.isEmpty()) {
            throw new FbExceptionBuilder().exception(ISCConstants.isc_login).exception(ISCConstants.isc_random).messageParameter("No matching plugins on server").toFlatSQLException();
        }
        this.pluginProviders = linkedList;
    }

    public void setServerData(byte[] bArr) {
        if (this.currentPlugin == null) {
            log.debug("Received server data without current plugin");
        } else {
            this.currentPlugin.setServerData(bArr);
        }
    }

    private static String getPluginNames(List<AuthenticationPluginSpi> list) {
        if (list.size() == 0) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < list.size(); i++) {
            if (i > 0) {
                sb.append(',');
            }
            sb.append(list.get(i).getPluginName());
        }
        return sb.toString();
    }

    public void writePluginDataTo(OutputStream outputStream) throws IOException {
        byte[] clientData;
        if (this.attachProperties.getUser() != null) {
            byte[] bytes = this.attachProperties.getUser().getBytes(StandardCharsets.UTF_8);
            outputStream.write(9);
            int min = Math.min(bytes.length, BlrConstants.blr_end);
            outputStream.write(min);
            outputStream.write(bytes, 0, min);
        }
        String currentPluginName = getCurrentPluginName();
        if (currentPluginName != null) {
            outputStream.write(8);
            byte[] bytes2 = currentPluginName.getBytes(StandardCharsets.UTF_8);
            outputStream.write(bytes2.length);
            outputStream.write(bytes2, 0, bytes2.length);
        }
        String pluginNames = getPluginNames();
        if (pluginNames != null) {
            outputStream.write(10);
            byte[] bytes3 = pluginNames.getBytes(StandardCharsets.UTF_8);
            outputStream.write(bytes3.length);
            outputStream.write(bytes3, 0, bytes3.length);
        }
        if (this.currentPlugin == null || (clientData = this.currentPlugin.getClientData()) == null) {
            return;
        }
        addMultiPartConnectParameter(outputStream, 7, clientData);
    }

    private void addMultiPartConnectParameter(OutputStream outputStream, int i, byte[] bArr) throws IOException {
        int length = bArr.length;
        int i2 = 0;
        int i3 = 0;
        while (length > 0) {
            outputStream.write(i);
            int min = Math.min(length, 254);
            outputStream.write(min + 1);
            int i4 = i3;
            i3++;
            outputStream.write(i4);
            outputStream.write(bArr, i2, min);
            length -= min;
            i2 += min;
        }
    }

    private static List<AuthenticationPluginSpi> getSupportedPluginProviders() {
        return Collections.unmodifiableList(Arrays.asList(new Srp256AuthenticationPluginSpi(), new SrpAuthenticationPluginSpi(), new LegacyAuthenticationPluginSpi()));
    }

    public boolean switchPlugin(String str) {
        if (hasPlugin() && Objects.equals(getCurrentPluginName(), str)) {
            return false;
        }
        Iterator<AuthenticationPluginSpi> it = this.pluginProviders.iterator();
        while (it.hasNext()) {
            AuthenticationPluginSpi next = it.next();
            if (next.getPluginName().equals(str)) {
                this.currentPlugin = next.createPlugin();
                return true;
            }
            it.remove();
        }
        return false;
    }

    public boolean hasPlugin() {
        return this.currentPlugin != null;
    }

    public AuthenticationPlugin.AuthStatus authenticate() throws SQLException {
        return this.currentPlugin.authenticate(this);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x006e. Please report as an issue. */
    public void authFillParametersBlock(ConnectionParameterBuffer connectionParameterBuffer) throws SQLException {
        Iterator<AuthenticationPluginSpi> it = this.pluginProviders.iterator();
        while (it.hasNext()) {
            AuthenticationPluginSpi next = it.next();
            AuthenticationPlugin createPlugin = (hasPlugin() && next.getPluginName().equals(getCurrentPluginName())) ? this.currentPlugin : next.createPlugin();
            log.debug("Trying authentication plugin " + createPlugin);
            try {
                switch (createPlugin.authenticate(this)) {
                    case AUTH_SUCCESS:
                    case AUTH_MORE_DATA:
                        log.debug("Trying authentication plugin " + createPlugin + " is OK");
                        this.currentPlugin = createPlugin;
                        cleanParameterBuffer(connectionParameterBuffer);
                        extractDataToParameterBuffer(connectionParameterBuffer);
                        return;
                    case AUTH_CONTINUE:
                        it.remove();
                    default:
                        log.debug(String.format("try next plugin, %s skipped", createPlugin));
                }
            } catch (SQLException e) {
                throw new FbExceptionBuilder().exception(ISCConstants.isc_login).cause(e).toFlatSQLException();
            }
        }
    }

    public boolean supportsEncryption() throws SQLException {
        if (this.currentPlugin == null) {
            throw new SQLException("No authentication plugin available");
        }
        return this.currentPlugin.generatesSessionKey();
    }

    public byte[] getSessionKey() throws SQLException {
        if (this.currentPlugin == null) {
            throw new SQLException("No authentication plugin available");
        }
        return this.currentPlugin.getSessionKey();
    }

    static String normalizeLogin(String str) {
        return (str == null || str.isEmpty()) ? str : (str.length() > 2 && str.charAt(0) == '\"' && str.charAt(str.length() - 1) == '\"') ? normalizeQuotedLogin(str) : str.toUpperCase(Locale.ROOT);
    }

    private static String normalizeQuotedLogin(String str) {
        StringBuilder sb = new StringBuilder(str.length() - 2);
        sb.append((CharSequence) str, 1, str.length() - 1);
        int i = 0;
        while (i < sb.length()) {
            if (sb.charAt(i) == '\"') {
                sb.deleteCharAt(i);
                if (i >= sb.length() || sb.charAt(i) != '\"') {
                    sb.setLength(i);
                    return sb.toString();
                }
                i++;
            }
            i++;
        }
        return sb.toString();
    }

    private void extractDataToParameterBuffer(ConnectionParameterBuffer connectionParameterBuffer) {
        byte[] clientData = getClientData();
        if (clientData == null || clientData.length == 0) {
            return;
        }
        String currentPluginName = getCurrentPluginName();
        ParameterTagMapping tagMapping = connectionParameterBuffer.getTagMapping();
        if (this.firstTime) {
            if (currentPluginName != null) {
                connectionParameterBuffer.addArgument(tagMapping.getAuthPluginNameTag(), currentPluginName);
            }
            connectionParameterBuffer.addArgument(tagMapping.getAuthPluginListTag(), getPluginNames());
            this.firstTime = false;
            log.debug("first time - added plugName & pluginList");
        }
        connectionParameterBuffer.addArgument(tagMapping.getSpecificAuthDataTag(), clientData);
        log.debug(String.format("Added %d bytes of spec data with tag isc_dpb_specific_auth_data", Integer.valueOf(clientData.length)));
    }

    private void cleanParameterBuffer(ConnectionParameterBuffer connectionParameterBuffer) {
        ParameterTagMapping tagMapping = connectionParameterBuffer.getTagMapping();
        connectionParameterBuffer.removeArgument(tagMapping.getPasswordTag());
        connectionParameterBuffer.removeArgument(tagMapping.getEncryptedPasswordTag());
        connectionParameterBuffer.removeArgument(tagMapping.getTrustedAuthTag());
    }
}
