package com.github.shyiko.mysql.binlog.network;

import com.github.shyiko.mysql.binlog.io.ByteArrayInputStream;
import com.github.shyiko.mysql.binlog.io.ByteArrayOutputStream;
import com.github.shyiko.mysql.binlog.network.protocol.ErrorPacket;
import com.github.shyiko.mysql.binlog.network.protocol.GreetingPacket;
import com.github.shyiko.mysql.binlog.network.protocol.PacketChannel;
import com.github.shyiko.mysql.binlog.network.protocol.command.AuthenticateNativePasswordCommand;
import com.github.shyiko.mysql.binlog.network.protocol.command.AuthenticateSHA2Command;
import com.github.shyiko.mysql.binlog.network.protocol.command.AuthenticateSHA2RSAPasswordCommand;
import com.github.shyiko.mysql.binlog.network.protocol.command.AuthenticateSecurityPasswordCommand;
import com.github.shyiko.mysql.binlog.network.protocol.command.ByteArrayCommand;
import com.github.shyiko.mysql.binlog.network.protocol.command.Command;
import java.io.IOException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;
import jodd.util.StringPool;

/* loaded from: input_file:BOOT-INF/lib/mysql-binlog-connector-java-0.28.0.jar:com/github/shyiko/mysql/binlog/network/Authenticator.class */
public class Authenticator {
    private final GreetingPacket greetingPacket;
    private String scramble;
    private final PacketChannel channel;
    private final String schema;
    private final String username;
    private final String password;
    private final Logger logger = Logger.getLogger(getClass().getName());
    private final String SHA2_PASSWORD = "caching_sha2_password";
    private final String MYSQL_NATIVE = "mysql_native_password";
    private AuthMethod authMethod = AuthMethod.NATIVE;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/mysql-binlog-connector-java-0.28.0.jar:com/github/shyiko/mysql/binlog/network/Authenticator$AuthMethod.class */
    public enum AuthMethod {
        NATIVE,
        CACHING_SHA2
    }

    public Authenticator(GreetingPacket greetingPacket, PacketChannel packetChannel, String str, String str2, String str3) {
        this.greetingPacket = greetingPacket;
        this.scramble = greetingPacket.getScramble();
        this.channel = packetChannel;
        this.schema = str;
        this.username = str2;
        this.password = str3;
    }

    public void authenticate() throws IOException {
        Command authenticateSecurityPasswordCommand;
        this.logger.log(Level.FINE, "Begin auth for " + this.username);
        int serverCollation = this.greetingPacket.getServerCollation();
        if ("caching_sha2_password".equals(this.greetingPacket.getPluginProvidedData())) {
            this.authMethod = AuthMethod.CACHING_SHA2;
            authenticateSecurityPasswordCommand = new AuthenticateSHA2Command(this.schema, this.username, this.password, this.scramble, serverCollation);
        } else {
            this.authMethod = AuthMethod.NATIVE;
            authenticateSecurityPasswordCommand = new AuthenticateSecurityPasswordCommand(this.schema, this.username, this.password, this.scramble, serverCollation);
        }
        this.channel.write(authenticateSecurityPasswordCommand);
        readResult();
        this.logger.log(Level.FINE, "Auth complete " + this.username);
    }

    private void readResult() throws IOException {
        byte[] read = this.channel.read();
        switch (read[0]) {
            case -2:
                switchAuthentication(read);
                return;
            case -1:
                ErrorPacket errorPacket = new ErrorPacket(Arrays.copyOfRange(read, 1, read.length));
                throw new AuthenticationException(errorPacket.getErrorMessage(), errorPacket.getErrorCode(), errorPacket.getSqlState());
            case 0:
                return;
            default:
                if (this.authMethod == AuthMethod.NATIVE) {
                    throw new AuthenticationException("Unexpected authentication result (" + ((int) read[0]) + StringPool.RIGHT_BRACKET);
                }
                processCachingSHA2Result(read);
                return;
        }
    }

    private void processCachingSHA2Result(byte[] bArr) throws IOException {
        if (bArr.length < 2) {
            throw new AuthenticationException("caching_sha2_password response too short!");
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        byteArrayInputStream.readPackedInteger();
        switch (byteArrayInputStream.read()) {
            case 3:
                this.logger.log(Level.FINE, "cached sha2 auth successful");
                readResult();
                return;
            case 4:
                this.logger.log(Level.FINE, "cached sha2 auth not successful, moving to full auth path");
                continueCachingSHA2Authentication();
                return;
            default:
                return;
        }
    }

    private void continueCachingSHA2Authentication() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (this.channel.isSSL()) {
            byteArrayOutputStream.writeZeroTerminatedString(this.password);
            this.channel.write(new ByteArrayCommand(byteArrayOutputStream.toByteArray()));
            readResult();
            return;
        }
        byteArrayOutputStream.write(2);
        this.channel.write(new ByteArrayCommand(byteArrayOutputStream.toByteArray()));
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.channel.read());
        int read = byteArrayInputStream.read();
        switch (read) {
            case 1:
                byte[] bArr = new byte[byteArrayInputStream.available()];
                byteArrayInputStream.read(bArr);
                this.logger.log(Level.FINE, "received RSA key: " + bArr);
                this.channel.write(new AuthenticateSHA2RSAPasswordCommand(new String(bArr), this.password, this.scramble));
                readResult();
                return;
            default:
                throw new AuthenticationException("Unkown response fetching RSA key in caching_sha2_pasword auth: " + read);
        }
    }

    private void switchAuthentication(byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        byteArrayInputStream.read(1);
        String readZeroTerminatedString = byteArrayInputStream.readZeroTerminatedString();
        if ("mysql_native_password".equals(readZeroTerminatedString)) {
            this.authMethod = AuthMethod.NATIVE;
            this.scramble = byteArrayInputStream.readZeroTerminatedString();
            this.channel.write(new AuthenticateNativePasswordCommand(this.scramble, this.password));
        } else {
            if (!"caching_sha2_password".equals(readZeroTerminatedString)) {
                throw new AuthenticationException("unsupported authentication method: " + readZeroTerminatedString);
            }
            this.authMethod = AuthMethod.CACHING_SHA2;
            this.scramble = byteArrayInputStream.readZeroTerminatedString();
            this.channel.write(new AuthenticateSHA2Command(this.scramble, this.password));
        }
        readResult();
    }
}
