package com.mysql.cj.mysqla.authentication;

import com.mysql.cj.api.conf.PropertySet;
import com.mysql.cj.api.conf.ReadableProperty;
import com.mysql.cj.api.exceptions.ExceptionInterceptor;
import com.mysql.cj.api.io.Protocol;
import com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin;
import com.mysql.cj.api.mysqla.io.NativeProtocol;
import com.mysql.cj.api.mysqla.io.PacketPayload;
import com.mysql.cj.core.Messages;
import com.mysql.cj.core.authentication.Security;
import com.mysql.cj.core.conf.PropertyDefinitions;
import com.mysql.cj.core.exceptions.CJException;
import com.mysql.cj.core.exceptions.ExceptionFactory;
import com.mysql.cj.core.exceptions.UnableToConnectException;
import com.mysql.cj.core.exceptions.WrongArgumentException;
import com.mysql.cj.core.io.ExportControlled;
import com.mysql.cj.core.util.StringUtils;
import com.mysql.cj.mysqla.io.Buffer;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.List;

/* loaded from: input_file:BOOT-INF/lib/mysql-connector-java-8.0.8-dmr.jar:com/mysql/cj/mysqla/authentication/Sha256PasswordPlugin.class */
public class Sha256PasswordPlugin implements AuthenticationPlugin {
    public static String PLUGIN_NAME = "sha256_password";
    private Protocol protocol;
    private String password = null;
    private String seed = null;
    private boolean publicKeyRequested = false;
    private String publicKeyString = null;
    private ReadableProperty<String> serverRSAPublicKeyFile = null;

    @Override // com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin
    public void init(Protocol protocol) {
        this.protocol = protocol;
        this.serverRSAPublicKeyFile = this.protocol.getPropertySet().getStringReadableProperty(PropertyDefinitions.PNAME_serverRSAPublicKeyFile);
        String value = this.serverRSAPublicKeyFile.getValue();
        if (value != null) {
            this.publicKeyString = readRSAKey(value, this.protocol.getPropertySet(), this.protocol.getExceptionInterceptor());
        }
    }

    @Override // com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin
    public void destroy() {
        this.password = null;
        this.seed = null;
        this.publicKeyRequested = false;
    }

    @Override // com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin
    public String getProtocolPluginName() {
        return PLUGIN_NAME;
    }

    @Override // com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin
    public boolean requiresConfidentiality() {
        return false;
    }

    @Override // com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin
    public boolean isReusable() {
        return true;
    }

    @Override // com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin
    public void setAuthenticationParameters(String str, String str2) {
        this.password = str2;
    }

    @Override // com.mysql.cj.api.mysqla.authentication.AuthenticationPlugin
    public boolean nextAuthenticationStep(PacketPayload packetPayload, List<PacketPayload> list) {
        list.clear();
        if (this.password == null || this.password.length() == 0 || packetPayload == null) {
            list.add(new Buffer(new byte[]{0}));
            return true;
        }
        try {
            if (this.protocol.getSocketConnection().isSSLEstablished()) {
                Buffer buffer = new Buffer(StringUtils.getBytes(this.password, this.protocol.getPasswordCharacterEncoding()));
                buffer.setPosition(buffer.getPayloadLength());
                buffer.writeInteger(NativeProtocol.IntegerDataType.INT1, 0L);
                buffer.setPosition(0);
                list.add(buffer);
            } else if (this.serverRSAPublicKeyFile.getValue() != null) {
                this.seed = packetPayload.readString(NativeProtocol.StringSelfDataType.STRING_TERM, null);
                list.add(new Buffer(encryptPassword(this.password, this.seed, this.publicKeyString, this.protocol.getPasswordCharacterEncoding())));
            } else {
                if (!this.protocol.getPropertySet().getBooleanReadableProperty(PropertyDefinitions.PNAME_allowPublicKeyRetrieval).getValue().booleanValue()) {
                    throw ((UnableToConnectException) ExceptionFactory.createException(UnableToConnectException.class, Messages.getString("Sha256PasswordPlugin.2"), this.protocol.getExceptionInterceptor()));
                }
                if (!this.publicKeyRequested || packetPayload.getPayloadLength() <= 20) {
                    this.seed = packetPayload.readString(NativeProtocol.StringSelfDataType.STRING_TERM, null);
                    list.add(new Buffer(new byte[]{1}));
                    this.publicKeyRequested = true;
                } else {
                    list.add(new Buffer(encryptPassword(this.password, this.seed, packetPayload.readString(NativeProtocol.StringSelfDataType.STRING_TERM, null), this.protocol.getPasswordCharacterEncoding())));
                    this.publicKeyRequested = false;
                }
            }
            return true;
        } catch (CJException e) {
            throw ExceptionFactory.createException(e.getMessage(), e, this.protocol.getExceptionInterceptor());
        }
    }

    private static byte[] encryptPassword(String str, String str2, String str3, String str4) {
        byte[] bytesNullTerminated = str != null ? StringUtils.getBytesNullTerminated(str, str4) : new byte[]{0};
        byte[] bArr = new byte[bytesNullTerminated.length];
        Security.xorString(bytesNullTerminated, bArr, str2.getBytes(), bytesNullTerminated.length);
        return ExportControlled.encryptWithRSAPublicKey(bArr, ExportControlled.decodeRSAPublicKey(str3));
    }

    private static String readRSAKey(String str, PropertySet propertySet, ExceptionInterceptor exceptionInterceptor) {
        byte[] bArr = new byte[2048];
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(str).getCanonicalPath()));
                StringBuilder sb = new StringBuilder();
                while (true) {
                    int read = bufferedInputStream.read(bArr);
                    if (read == -1) {
                        break;
                    }
                    sb.append(StringUtils.toAsciiString(bArr, 0, read));
                }
                String sb2 = sb.toString();
                if (bufferedInputStream != null) {
                    try {
                        bufferedInputStream.close();
                    } catch (IOException e) {
                        throw ExceptionFactory.createException(Messages.getString("Sha256PasswordPlugin.1"), e, exceptionInterceptor);
                    }
                }
                return sb2;
            } catch (IOException e2) {
                throw ((WrongArgumentException) ExceptionFactory.createException(WrongArgumentException.class, Messages.getString("Sha256PasswordPlugin.0", propertySet.getBooleanReadableProperty(PropertyDefinitions.PNAME_paranoid).getValue().booleanValue() ? new Object[]{""} : new Object[]{"'" + str + "'"}), exceptionInterceptor));
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                try {
                    bufferedInputStream.close();
                } catch (IOException e3) {
                    throw ExceptionFactory.createException(Messages.getString("Sha256PasswordPlugin.1"), e3, exceptionInterceptor);
                }
            }
            throw th;
        }
    }
}
