package org.mariadb.r2dbc.message.flow;

import io.netty.buffer.ByteBuf;
import io.r2dbc.spi.R2dbcException;
import io.r2dbc.spi.R2dbcNonTransientResourceException;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.mariadb.r2dbc.MariadbConnectionConfiguration;
import org.mariadb.r2dbc.SslMode;
import org.mariadb.r2dbc.authentication.AuthenticationPlugin;
import org.mariadb.r2dbc.message.client.ClearPasswordPacket;
import org.mariadb.r2dbc.message.client.ClientMessage;
import org.mariadb.r2dbc.message.client.RsaPublicKeyRequestPacket;
import org.mariadb.r2dbc.message.client.Sha256PasswordPacket;
import org.mariadb.r2dbc.message.server.AuthMoreDataPacket;
import org.mariadb.r2dbc.message.server.AuthSwitchPacket;

/* loaded from: input_file:org/mariadb/r2dbc/message/flow/Sha256PasswordPluginFlow.class */
public class Sha256PasswordPluginFlow implements AuthenticationPlugin {
    public static final String TYPE = "sha256_password";
    private State state = State.INIT;
    private PublicKey publicKey;

    /* loaded from: input_file:org/mariadb/r2dbc/message/flow/Sha256PasswordPluginFlow$State.class */
    public enum State {
        INIT,
        REQUEST_SERVER_KEY,
        SEND_AUTH
    }

    public static PublicKey readPublicKeyFromFile(String str) throws R2dbcException {
        try {
            return generatePublicKey(Files.readAllBytes(Paths.get(str, new String[0])));
        } catch (IOException e) {
            throw new R2dbcNonTransientResourceException("Could not read server RSA public key from file : serverRsaPublicKeyFile=" + str, "S1009", e);
        }
    }

    public static PublicKey generatePublicKey(byte[] bArr) throws R2dbcException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getMimeDecoder().decode(new String(bArr).replaceAll("(-+BEGIN PUBLIC KEY-+\\r?\\n|\\n?-+END PUBLIC KEY-+\\r?\\n?)", ""))));
        } catch (Exception e) {
            throw new R2dbcNonTransientResourceException("Could read server RSA public key: " + e.getMessage(), "S1009", e);
        }
    }

    public static PublicKey readPublicKey(AuthMoreDataPacket authMoreDataPacket) throws R2dbcException {
        ByteBuf buf = authMoreDataPacket.getBuf();
        byte[] bArr = new byte[buf.readableBytes()];
        buf.readBytes(bArr);
        return generatePublicKey(bArr);
    }

    @Override // org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public Sha256PasswordPluginFlow create() {
        return new Sha256PasswordPluginFlow();
    }

    @Override // org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public String type() {
        return TYPE;
    }

    @Override // org.mariadb.r2dbc.authentication.AuthenticationPlugin
    public ClientMessage next(MariadbConnectionConfiguration mariadbConnectionConfiguration, AuthSwitchPacket authSwitchPacket, AuthMoreDataPacket authMoreDataPacket) throws R2dbcException {
        if (this.state != State.INIT) {
            this.publicKey = readPublicKey(authMoreDataPacket);
            return new Sha256PasswordPacket(authMoreDataPacket.getSequencer(), mariadbConnectionConfiguration.getPassword(), authSwitchPacket.getSeed(), this.publicKey);
        }
        CharSequence password = mariadbConnectionConfiguration.getPassword();
        if (password == null || mariadbConnectionConfiguration.getSslConfig().getSslMode() != SslMode.DISABLE) {
            return new ClearPasswordPacket(authSwitchPacket.getSequencer(), password);
        }
        if (mariadbConnectionConfiguration.getRsaPublicKey() != null && !mariadbConnectionConfiguration.getRsaPublicKey().isEmpty()) {
            this.publicKey = readPublicKeyFromFile(mariadbConnectionConfiguration.getRsaPublicKey());
            return new Sha256PasswordPacket(authSwitchPacket.getSequencer(), mariadbConnectionConfiguration.getPassword(), authSwitchPacket.getSeed(), this.publicKey);
        }
        if (!mariadbConnectionConfiguration.allowPublicKeyRetrieval()) {
            throw new R2dbcNonTransientResourceException("RSA public key is not available client side (option serverRsaPublicKeyFile)", "S1009");
        }
        this.state = State.REQUEST_SERVER_KEY;
        return new RsaPublicKeyRequestPacket(authSwitchPacket.getSequencer());
    }
}
