package org.mariadb.r2dbc.message.flow;

import io.r2dbc.spi.R2dbcException;
import io.r2dbc.spi.R2dbcNonTransientResourceException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import org.mariadb.r2dbc.MariadbConnectionConfiguration;
import org.mariadb.r2dbc.SslMode;
import org.mariadb.r2dbc.message.client.AuthMoreRawPacket;
import org.mariadb.r2dbc.message.client.ClearPasswordPacket;
import org.mariadb.r2dbc.message.client.ClientMessage;
import org.mariadb.r2dbc.message.client.Sha256PasswordPacket;
import org.mariadb.r2dbc.message.client.Sha2PublicKeyRequestPacket;
import org.mariadb.r2dbc.message.server.AuthMoreDataPacket;
import org.mariadb.r2dbc.message.server.AuthSwitchPacket;
import org.mariadb.r2dbc.util.constants.StateChange;

/* loaded from: input_file:org/mariadb/r2dbc/message/flow/CachingSha2PasswordFlow.class */
public final class CachingSha2PasswordFlow extends Sha256PasswordPluginFlow {
    public static final String TYPE = "caching_sha2_password";
    private State state = State.INIT;
    private PublicKey publicKey;

    /* renamed from: org.mariadb.r2dbc.message.flow.CachingSha2PasswordFlow$1, reason: invalid class name */
    /* loaded from: input_file:org/mariadb/r2dbc/message/flow/CachingSha2PasswordFlow$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$mariadb$r2dbc$message$flow$CachingSha2PasswordFlow$State = new int[State.values().length];

        static {
            try {
                $SwitchMap$org$mariadb$r2dbc$message$flow$CachingSha2PasswordFlow$State[State.INIT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$mariadb$r2dbc$message$flow$CachingSha2PasswordFlow$State[State.FAST_AUTH_RESULT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$mariadb$r2dbc$message$flow$CachingSha2PasswordFlow$State[State.REQUEST_SERVER_KEY.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/mariadb/r2dbc/message/flow/CachingSha2PasswordFlow$State.class */
    public enum State {
        INIT,
        FAST_AUTH_RESULT,
        REQUEST_SERVER_KEY,
        SEND_AUTH
    }

    public static byte[] sha256encryptPassword(CharSequence charSequence, byte[] bArr) {
        if (charSequence == null || charSequence.length() == 0) {
            return new byte[0];
        }
        byte[] bArr2 = new byte[bArr.length - 1];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length - 1);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            byte[] digest = messageDigest.digest(charSequence.toString().getBytes(StandardCharsets.UTF_8));
            messageDigest.reset();
            byte[] digest2 = messageDigest.digest(digest);
            messageDigest.reset();
            messageDigest.update(digest2);
            messageDigest.update(bArr2);
            byte[] digest3 = messageDigest.digest();
            byte[] bArr3 = new byte[digest3.length];
            for (int i = 0; i < digest3.length; i++) {
                bArr3[i] = (byte) (digest[i] ^ digest3[i]);
            }
            return bArr3;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Could not use SHA-256, failing", e);
        }
    }

    @Override // org.mariadb.r2dbc.message.flow.Sha256PasswordPluginFlow, org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public CachingSha2PasswordFlow create() {
        return new CachingSha2PasswordFlow();
    }

    @Override // org.mariadb.r2dbc.message.flow.Sha256PasswordPluginFlow, org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public String type() {
        return TYPE;
    }

    @Override // org.mariadb.r2dbc.message.flow.Sha256PasswordPluginFlow, org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public ClientMessage next(MariadbConnectionConfiguration mariadbConnectionConfiguration, AuthSwitchPacket authSwitchPacket, AuthMoreDataPacket authMoreDataPacket) throws R2dbcException {
        if (authMoreDataPacket == null) {
            this.state = State.INIT;
        }
        CharSequence password = mariadbConnectionConfiguration.getPassword();
        switch (AnonymousClass1.$SwitchMap$org$mariadb$r2dbc$message$flow$CachingSha2PasswordFlow$State[this.state.ordinal()]) {
            case 1:
                byte[] sha256encryptPassword = sha256encryptPassword(password, authSwitchPacket.getSeed());
                this.state = State.FAST_AUTH_RESULT;
                return new AuthMoreRawPacket(authSwitchPacket.getSequencer(), sha256encryptPassword);
            case 2:
                switch (authMoreDataPacket.getBuf().getByte(0)) {
                    case StateChange.SESSION_TRACK_GTIDS /* 3 */:
                        return null;
                    case 4:
                        if (mariadbConnectionConfiguration.getSslConfig().getSslMode() != SslMode.DISABLED) {
                            this.state = State.SEND_AUTH;
                            return new ClearPasswordPacket(authMoreDataPacket.getSequencer(), password);
                        }
                        if (mariadbConnectionConfiguration.getCachingRsaPublicKey() != null && !mariadbConnectionConfiguration.getCachingRsaPublicKey().isEmpty()) {
                            this.publicKey = readPublicKeyFromFile(mariadbConnectionConfiguration.getCachingRsaPublicKey());
                            this.state = State.SEND_AUTH;
                            return new Sha256PasswordPacket(authMoreDataPacket.getSequencer(), mariadbConnectionConfiguration.getPassword(), authSwitchPacket.getSeed(), this.publicKey);
                        }
                        if (!mariadbConnectionConfiguration.isAllowPublicKeyRetrieval()) {
                            throw new R2dbcNonTransientResourceException("RSA public key is not available client side (option serverRsaPublicKeyFile) and option 'allowPublicKeyRetrieval' is disabled. Either set one or the other", "S1009");
                        }
                        this.state = State.REQUEST_SERVER_KEY;
                        return new Sha2PublicKeyRequestPacket(authMoreDataPacket.getSequencer());
                    default:
                        throw new R2dbcNonTransientResourceException("Protocol exchange error. Expect login success or RSA login request message", "S1009");
                }
            case StateChange.SESSION_TRACK_GTIDS /* 3 */:
                this.publicKey = readPublicKey(authMoreDataPacket);
                this.state = State.SEND_AUTH;
                return new Sha256PasswordPacket(authMoreDataPacket.getSequencer(), mariadbConnectionConfiguration.getPassword(), authSwitchPacket.getSeed(), this.publicKey);
            default:
                throw new R2dbcNonTransientResourceException("Wrong state", "S1009");
        }
    }

    @Override // org.mariadb.r2dbc.message.flow.Sha256PasswordPluginFlow
    public String toString() {
        return "CachingSha2PasswordFlow{}";
    }
}
