package org.apache.shardingsphere.proxy.frontend.opengauss.authentication;

import com.google.common.base.Strings;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedList;
import java.util.Locale;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.apache.shardingsphere.db.protocol.postgresql.constant.PostgreSQLErrorCode;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLPasswordMessagePacket;
import org.apache.shardingsphere.infra.executor.check.SQLCheckEngine;
import org.apache.shardingsphere.infra.metadata.database.ShardingSphereDatabase;
import org.apache.shardingsphere.infra.metadata.user.Grantee;
import org.apache.shardingsphere.infra.metadata.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.rule.ShardingSphereRule;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import org.apache.shardingsphere.proxy.frontend.postgresql.authentication.PostgreSQLLoginResult;

/* loaded from: input_file:org/apache/shardingsphere/proxy/frontend/opengauss/authentication/OpenGaussAuthenticationHandler.class */
public final class OpenGaussAuthenticationHandler {
    private static final String PBKDF2_WITH_HMAC_SHA1_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
    private static final String SHA256_ALGORITHM = "SHA-256";
    private static final String CLIENT_KEY = "Client Key";

    public static PostgreSQLLoginResult loginWithSCRAMSha256Password(String str, String str2, String str3, String str4, int i, PostgreSQLPasswordMessagePacket postgreSQLPasswordMessagePacket) {
        String digest = postgreSQLPasswordMessagePacket.getDigest();
        Grantee grantee = new Grantee(str, "%");
        return (Strings.isNullOrEmpty(str2) || ProxyContext.getInstance().databaseExists(str2)) ? !SQLCheckEngine.check(grantee, getRules(str2)) ? new PostgreSQLLoginResult(PostgreSQLErrorCode.INVALID_AUTHORIZATION_SPECIFICATION, String.format("unknown username: %s", str)) : !SQLCheckEngine.check(grantee, (obj, obj2) -> {
            return isPasswordRight((ShardingSphereUser) obj, (Object[]) obj2);
        }, new Object[]{digest, str3, str4, Integer.valueOf(i)}, getRules(str2)) ? new PostgreSQLLoginResult(PostgreSQLErrorCode.INVALID_PASSWORD, String.format("password authentication failed for user \"%s\"", str)) : (null == str2 || SQLCheckEngine.check(str2, getRules(str2), grantee)) ? new PostgreSQLLoginResult(PostgreSQLErrorCode.SUCCESSFUL_COMPLETION, (String) null) : new PostgreSQLLoginResult(PostgreSQLErrorCode.PRIVILEGE_NOT_GRANTED, String.format("Access denied for user '%s' to database '%s'", str, str2)) : new PostgreSQLLoginResult(PostgreSQLErrorCode.INVALID_CATALOG_NAME, String.format("database \"%s\" does not exist", str2));
    }

    private static Collection<ShardingSphereRule> getRules(String str) {
        LinkedList linkedList = new LinkedList();
        if (!Strings.isNullOrEmpty(str) && ProxyContext.getInstance().databaseExists(str)) {
            linkedList.addAll(((ShardingSphereDatabase) ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getDatabases().get(str)).getRuleMetaData().getRules());
        }
        linkedList.addAll(ProxyContext.getInstance().getContextManager().getMetaDataContexts().getMetaData().getGlobalRuleMetaData().getRules());
        return linkedList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isPasswordRight(ShardingSphereUser shardingSphereUser, Object[] objArr) {
        String str = (String) objArr[0];
        String str2 = (String) objArr[1];
        String str3 = (String) objArr[2];
        int intValue = ((Integer) objArr[3]).intValue();
        return Arrays.equals(sha256(xor(hexStringToBytes(str), calculateH2(shardingSphereUser.getPassword(), str2, str3, intValue))), calculatedStoredKey(shardingSphereUser.getPassword(), str2, intValue));
    }

    private static byte[] calculatedStoredKey(String str, String str2, int i) {
        return sha256(getKeyFromHmac(generateKFromPBKDF2(str, str2, i), CLIENT_KEY.getBytes()));
    }

    private static byte[] calculateH2(String str, String str2, String str3, int i) {
        return getKeyFromHmac(sha256(getKeyFromHmac(generateKFromPBKDF2(str, str2, i), CLIENT_KEY.getBytes())), hexStringToBytes(str3));
    }

    private static byte[] generateKFromPBKDF2(String str, String str2, int i) {
        try {
            try {
                return SecretKeyFactory.getInstance(PBKDF2_WITH_HMAC_SHA1_ALGORITHM).generateSecret(new PBEKeySpec(str.toCharArray(), hexStringToBytes(str2), i, 256)).getEncoded();
            } catch (NoSuchAlgorithmException e) {
                throw e;
            }
        } catch (InvalidKeySpecException e2) {
            throw e2;
        }
    }

    private static byte[] hexStringToBytes(String str) {
        if (null == str || str.isEmpty()) {
            return new byte[0];
        }
        String upperCase = str.toUpperCase(Locale.ENGLISH);
        int length = upperCase.length() / 2;
        char[] charArray = upperCase.toCharArray();
        byte[] bArr = new byte[length];
        for (int i = 0; i < length; i++) {
            int i2 = i * 2;
            bArr[i] = (byte) ((charToByte(charArray[i2]) << 4) | charToByte(charArray[i2 + 1]));
        }
        return bArr;
    }

    private static byte charToByte(char c) {
        return (byte) "0123456789ABCDEF".indexOf(c);
    }

    private static byte[] sha256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SHA256_ALGORITHM);
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw e;
        }
    }

    private static byte[] getKeyFromHmac(byte[] bArr, byte[] bArr2) {
        try {
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, HMAC_SHA256_ALGORITHM);
                Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
                mac.init(secretKeySpec);
                return mac.doFinal(bArr2);
            } catch (NoSuchAlgorithmException e) {
                throw e;
            }
        } catch (InvalidKeyException e2) {
            throw e2;
        }
    }

    private static byte[] xor(byte[] bArr, byte[] bArr2) {
        if (bArr.length != bArr2.length) {
            throw new IllegalArgumentException("Xor values with different length");
        }
        int length = bArr.length;
        byte[] bArr3 = new byte[length];
        for (int i = 0; i < length; i++) {
            bArr3[i] = (byte) (bArr[i] ^ bArr2[i]);
        }
        return bArr3;
    }

    @Generated
    private OpenGaussAuthenticationHandler() {
    }
}
