package com.alipay.oceanbase.jdbc.authentication;

import com.alipay.oceanbase.jdbc.AuthenticationPlugin;
import com.alipay.oceanbase.jdbc.Buffer;
import com.alipay.oceanbase.jdbc.Connection;
import com.alipay.oceanbase.jdbc.ExceptionInterceptor;
import com.alipay.oceanbase.jdbc.ExportControlled;
import com.alipay.oceanbase.jdbc.Messages;
import com.alipay.oceanbase.jdbc.MySQLConnection;
import com.alipay.oceanbase.jdbc.SQLError;
import com.alipay.oceanbase.jdbc.Security;
import com.alipay.oceanbase.jdbc.StringUtils;
import com.baomidou.mybatisplus.core.toolkit.StringPool;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.SQLException;
import java.util.List;
import java.util.Properties;

/* loaded from: input_file:BOOT-INF/lib/oceanbase-client-1.1.10.jar:com/alipay/oceanbase/jdbc/authentication/Sha256PasswordPlugin.class */
public class Sha256PasswordPlugin implements AuthenticationPlugin {
    public static String PLUGIN_NAME = "sha256_password";
    private Connection connection;
    private String password = null;
    private String seed = null;
    private boolean publicKeyRequested = false;
    private String publicKeyString = null;

    @Override // com.alipay.oceanbase.jdbc.Extension
    public void init(Connection connection, Properties properties) throws SQLException {
        this.connection = connection;
        String serverRSAPublicKeyFile = this.connection.getServerRSAPublicKeyFile();
        if (serverRSAPublicKeyFile != null) {
            this.publicKeyString = readRSAKey(this.connection, serverRSAPublicKeyFile);
        }
    }

    @Override // com.alipay.oceanbase.jdbc.Extension
    public void destroy() {
        this.password = null;
        this.seed = null;
        this.publicKeyRequested = false;
    }

    @Override // com.alipay.oceanbase.jdbc.AuthenticationPlugin
    public String getProtocolPluginName() {
        return PLUGIN_NAME;
    }

    @Override // com.alipay.oceanbase.jdbc.AuthenticationPlugin
    public boolean requiresConfidentiality() {
        return false;
    }

    @Override // com.alipay.oceanbase.jdbc.AuthenticationPlugin
    public boolean isReusable() {
        return true;
    }

    @Override // com.alipay.oceanbase.jdbc.AuthenticationPlugin
    public void setAuthenticationParameters(String str, String str2) {
        this.password = str2;
    }

    @Override // com.alipay.oceanbase.jdbc.AuthenticationPlugin
    public boolean nextAuthenticationStep(Buffer buffer, List<Buffer> list) throws SQLException {
        list.clear();
        if (this.password == null || this.password.length() == 0 || buffer == null) {
            list.add(new Buffer(new byte[]{0}));
            return true;
        }
        if (((MySQLConnection) this.connection).getIO().isSSLEstablished()) {
            try {
                Buffer buffer2 = new Buffer(StringUtils.getBytes(this.password, this.connection.getPasswordCharacterEncoding()));
                buffer2.setPosition(buffer2.getBufLength());
                int bufLength = buffer2.getBufLength();
                buffer2.writeByte((byte) 0);
                buffer2.setBufLength(bufLength + 1);
                buffer2.setPosition(0);
                list.add(buffer2);
                return true;
            } catch (UnsupportedEncodingException e) {
                throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.3", new Object[]{this.connection.getPasswordCharacterEncoding()}), "S1000", (ExceptionInterceptor) null);
            }
        }
        if (this.connection.getServerRSAPublicKeyFile() != null) {
            this.seed = buffer.readString();
            list.add(new Buffer(encryptPassword(this.password, this.seed, this.connection, this.publicKeyString)));
            return true;
        }
        if (!this.connection.getAllowPublicKeyRetrieval()) {
            throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.2"), "08001", this.connection.getExceptionInterceptor());
        }
        if (this.publicKeyRequested && buffer.getBufLength() > 20) {
            list.add(new Buffer(encryptPassword(this.password, this.seed, this.connection, buffer.readString())));
            this.publicKeyRequested = false;
            return true;
        }
        this.seed = buffer.readString();
        list.add(new Buffer(new byte[]{1}));
        this.publicKeyRequested = true;
        return true;
    }

    private static byte[] encryptPassword(String str, String str2, Connection connection, String str3) throws SQLException {
        try {
            byte[] bytesNullTerminated = str != null ? StringUtils.getBytesNullTerminated(str, connection.getPasswordCharacterEncoding()) : new byte[]{0};
            byte[] bArr = new byte[bytesNullTerminated.length];
            Security.xorString(bytesNullTerminated, bArr, str2.getBytes(), bytesNullTerminated.length);
            return ExportControlled.encryptWithRSAPublicKey(bArr, ExportControlled.decodeRSAPublicKey(str3, ((MySQLConnection) connection).getExceptionInterceptor()), ((MySQLConnection) connection).getExceptionInterceptor());
        } catch (UnsupportedEncodingException e) {
            throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.3", new Object[]{connection.getPasswordCharacterEncoding()}), "S1000", (ExceptionInterceptor) null);
        }
    }

    private static String readRSAKey(Connection connection, String str) throws SQLException {
        byte[] bArr = new byte[2048];
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(str).getCanonicalPath()));
                StringBuilder sb = new StringBuilder();
                while (true) {
                    int read = bufferedInputStream.read(bArr);
                    if (read == -1) {
                        break;
                    }
                    sb.append(StringUtils.toAsciiString(bArr, 0, read));
                }
                String sb2 = sb.toString();
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (Exception e) {
                        throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.1"), "S1000", e, connection.getExceptionInterceptor());
                    }
                }
                return sb2;
            } catch (IOException e2) {
                if (connection.getParanoid()) {
                    throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.0", new Object[]{""}), "S1009", connection.getExceptionInterceptor());
                }
                throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.0", new Object[]{StringPool.SINGLE_QUOTE + str + StringPool.SINGLE_QUOTE}), "S1009", e2, connection.getExceptionInterceptor());
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (Exception e3) {
                    throw SQLError.createSQLException(Messages.getString("Sha256PasswordPlugin.1"), "S1000", e3, connection.getExceptionInterceptor());
                }
            }
            throw th;
        }
    }
}
