package org.apache.shardingsphere.proxy.frontend.postgresql.authentication;

import com.google.common.base.Strings;
import io.netty.channel.ChannelHandlerContext;
import org.apache.shardingsphere.db.protocol.CommonConstants;
import org.apache.shardingsphere.db.protocol.payload.PacketPayload;
import org.apache.shardingsphere.db.protocol.postgresql.constant.PostgreSQLAuthenticationMethod;
import org.apache.shardingsphere.db.protocol.postgresql.constant.PostgreSQLErrorCode;
import org.apache.shardingsphere.db.protocol.postgresql.constant.PostgreSQLServerInfo;
import org.apache.shardingsphere.db.protocol.postgresql.packet.command.query.extended.PostgreSQLPreparedStatementRegistry;
import org.apache.shardingsphere.db.protocol.postgresql.packet.generic.PostgreSQLReadyForQueryPacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLAuthenticationOKPacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLComStartupPacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLParameterStatusPacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLPasswordMessagePacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLRandomGenerator;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLSSLNegativePacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.authentication.PostgreSQLMD5PasswordAuthenticationPacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.authentication.PostgreSQLPasswordAuthenticationPacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.identifier.PostgreSQLIdentifierPacket;
import org.apache.shardingsphere.db.protocol.postgresql.packet.identifier.PostgreSQLMessagePacketType;
import org.apache.shardingsphere.db.protocol.postgresql.payload.PostgreSQLPacketPayload;
import org.apache.shardingsphere.proxy.backend.text.admin.postgresql.PostgreSQLCharacterSets;
import org.apache.shardingsphere.proxy.frontend.authentication.AuthenticationEngine;
import org.apache.shardingsphere.proxy.frontend.authentication.AuthenticationResult;
import org.apache.shardingsphere.proxy.frontend.authentication.AuthenticationResultBuilder;
import org.apache.shardingsphere.proxy.frontend.connection.ConnectionIdGenerator;
import org.apache.shardingsphere.proxy.frontend.postgresql.authentication.exception.InvalidAuthorizationSpecificationException;
import org.apache.shardingsphere.proxy.frontend.postgresql.authentication.exception.PostgreSQLAuthenticationException;
import org.apache.shardingsphere.proxy.frontend.postgresql.authentication.exception.PostgreSQLProtocolViolationException;

/* loaded from: input_file:org/apache/shardingsphere/proxy/frontend/postgresql/authentication/PostgreSQLAuthenticationEngine.class */
public final class PostgreSQLAuthenticationEngine implements AuthenticationEngine {
    private static final int SSL_REQUEST_PAYLOAD_LENGTH = 8;
    private static final int SSL_REQUEST_CODE = 80877103;
    private boolean startupMessageReceived;
    private String clientEncoding;
    private byte[] md5Salt;
    private AuthenticationResult currentAuthResult;
    private final PostgreSQLAuthenticationHandler authenticationHandler = new PostgreSQLAuthenticationHandler();

    public int handshake(ChannelHandlerContext channelHandlerContext) {
        int nextId = ConnectionIdGenerator.getInstance().nextId();
        PostgreSQLPreparedStatementRegistry.getInstance().register(nextId);
        return nextId;
    }

    public AuthenticationResult authenticate(ChannelHandlerContext channelHandlerContext, PacketPayload packetPayload) {
        if (SSL_REQUEST_PAYLOAD_LENGTH == packetPayload.getByteBuf().markReaderIndex().readInt() && SSL_REQUEST_CODE == packetPayload.getByteBuf().readInt()) {
            channelHandlerContext.writeAndFlush(new PostgreSQLSSLNegativePacket());
            return AuthenticationResultBuilder.continued();
        }
        packetPayload.getByteBuf().resetReaderIndex();
        return this.startupMessageReceived ? processPasswordMessage(channelHandlerContext, (PostgreSQLPacketPayload) packetPayload) : processStartupMessage(channelHandlerContext, (PostgreSQLPacketPayload) packetPayload);
    }

    private AuthenticationResult processStartupMessage(ChannelHandlerContext channelHandlerContext, PostgreSQLPacketPayload postgreSQLPacketPayload) {
        this.startupMessageReceived = true;
        PostgreSQLComStartupPacket postgreSQLComStartupPacket = new PostgreSQLComStartupPacket(postgreSQLPacketPayload);
        this.clientEncoding = postgreSQLComStartupPacket.getClientEncoding();
        channelHandlerContext.channel().attr(CommonConstants.CHARSET_ATTRIBUTE_KEY).set(PostgreSQLCharacterSets.findCharacterSet(this.clientEncoding));
        String user = postgreSQLComStartupPacket.getUser();
        if (Strings.isNullOrEmpty(user)) {
            throw new InvalidAuthorizationSpecificationException("no PostgreSQL user name specified in startup packet");
        }
        channelHandlerContext.writeAndFlush(getIdentifierPacket(user));
        this.currentAuthResult = AuthenticationResultBuilder.continued(user, "", postgreSQLComStartupPacket.getDatabase());
        return this.currentAuthResult;
    }

    private AuthenticationResult processPasswordMessage(ChannelHandlerContext channelHandlerContext, PostgreSQLPacketPayload postgreSQLPacketPayload) {
        char readInt1 = (char) postgreSQLPacketPayload.readInt1();
        if (PostgreSQLMessagePacketType.PASSWORD_MESSAGE.getValue() != readInt1) {
            throw new PostgreSQLProtocolViolationException("password", Character.toString(readInt1));
        }
        PostgreSQLLoginResult login = this.authenticationHandler.login(this.currentAuthResult.getUsername(), this.currentAuthResult.getDatabase(), this.md5Salt, new PostgreSQLPasswordMessagePacket(postgreSQLPacketPayload));
        if (PostgreSQLErrorCode.SUCCESSFUL_COMPLETION != login.getErrorCode()) {
            throw new PostgreSQLAuthenticationException(login.getErrorCode(), login.getErrorMessage());
        }
        channelHandlerContext.write(new PostgreSQLAuthenticationOKPacket());
        channelHandlerContext.write(new PostgreSQLParameterStatusPacket("server_version", PostgreSQLServerInfo.getServerVersion()));
        channelHandlerContext.write(new PostgreSQLParameterStatusPacket("client_encoding", this.clientEncoding));
        channelHandlerContext.write(new PostgreSQLParameterStatusPacket("server_encoding", "UTF8"));
        channelHandlerContext.write(new PostgreSQLParameterStatusPacket("integer_datetimes", "on"));
        channelHandlerContext.writeAndFlush(PostgreSQLReadyForQueryPacket.NOT_IN_TRANSACTION);
        return AuthenticationResultBuilder.finished(this.currentAuthResult.getUsername(), "", this.currentAuthResult.getDatabase());
    }

    private PostgreSQLIdentifierPacket getIdentifierPacket(String str) {
        if (PostgreSQLAuthenticationMethod.PASSWORD.getMethodName().equals(this.authenticationHandler.getAuthenticator(str, "").getAuthenticationMethodName())) {
            return new PostgreSQLPasswordAuthenticationPacket();
        }
        this.md5Salt = PostgreSQLRandomGenerator.getInstance().generateRandomBytes(4);
        return new PostgreSQLMD5PasswordAuthenticationPacket(this.md5Salt);
    }
}
