package org.apache.shardingsphere.data.pipeline.mysql.ingest.client.netty;

import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.util.concurrent.Promise;
import java.security.NoSuchAlgorithmException;
import lombok.Generated;
import org.apache.shardingsphere.data.pipeline.mysql.ingest.client.PasswordEncryption;
import org.apache.shardingsphere.data.pipeline.mysql.ingest.client.ServerInfo;
import org.apache.shardingsphere.data.pipeline.mysql.ingest.client.ServerVersion;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLAuthenticationMethod;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLAuthenticationPlugin;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLCapabilityFlag;
import org.apache.shardingsphere.db.protocol.mysql.packet.generic.MySQLErrPacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.generic.MySQLOKPacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthMoreDataPacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthSwitchRequestPacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthSwitchResponsePacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLHandshakePacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLHandshakeResponse41Packet;

/* loaded from: input_file:org/apache/shardingsphere/data/pipeline/mysql/ingest/client/netty/MySQLNegotiateHandler.class */
public final class MySQLNegotiateHandler extends ChannelInboundHandlerAdapter {
    private static final int MAX_PACKET_SIZE = 16777216;
    private static final int CHARACTER_SET = 33;
    private static final int REQUEST_PUBLIC_KEY = 2;
    private static final int PERFORM_FULL_AUTHENTICATION = 4;
    private final String username;
    private final String password;
    private final Promise<Object> authResultCallback;
    private volatile ServerInfo serverInfo;
    private volatile byte[] seed;
    private volatile boolean publicKeyRequested;

    /* renamed from: org.apache.shardingsphere.data.pipeline.mysql.ingest.client.netty.MySQLNegotiateHandler$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/shardingsphere/data/pipeline/mysql/ingest/client/netty/MySQLNegotiateHandler$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$shardingsphere$db$protocol$mysql$constant$MySQLAuthenticationPlugin = new int[MySQLAuthenticationPlugin.values().length];

        static {
            try {
                $SwitchMap$org$apache$shardingsphere$db$protocol$mysql$constant$MySQLAuthenticationPlugin[MySQLAuthenticationPlugin.NATIVE_PASSWORD_AUTHENTICATION.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$shardingsphere$db$protocol$mysql$constant$MySQLAuthenticationPlugin[MySQLAuthenticationPlugin.SHA2_AUTHENTICATION.ordinal()] = MySQLNegotiateHandler.REQUEST_PUBLIC_KEY;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
        byte[] bytes;
        try {
            if (obj instanceof MySQLHandshakePacket) {
                MySQLHandshakePacket mySQLHandshakePacket = (MySQLHandshakePacket) obj;
                MySQLHandshakeResponse41Packet mySQLHandshakeResponse41Packet = new MySQLHandshakeResponse41Packet(1, MAX_PACKET_SIZE, CHARACTER_SET, this.username);
                mySQLHandshakeResponse41Packet.setAuthResponse(generateAuthResponse(mySQLHandshakePacket.getAuthPluginData().getAuthenticationPluginData()));
                mySQLHandshakeResponse41Packet.setCapabilityFlags(generateClientCapability());
                mySQLHandshakeResponse41Packet.setDatabase("mysql");
                mySQLHandshakeResponse41Packet.setAuthPluginName(MySQLAuthenticationMethod.SECURE_PASSWORD_AUTHENTICATION);
                channelHandlerContext.channel().writeAndFlush(mySQLHandshakeResponse41Packet);
                this.serverInfo = new ServerInfo();
                this.serverInfo.setServerVersion(new ServerVersion(mySQLHandshakePacket.getServerVersion()));
                return;
            }
            if (!(obj instanceof MySQLAuthSwitchRequestPacket)) {
                if (obj instanceof MySQLAuthMoreDataPacket) {
                    handleCachingSha2Auth(channelHandlerContext, (MySQLAuthMoreDataPacket) obj);
                    return;
                } else {
                    if (!(obj instanceof MySQLOKPacket)) {
                        channelHandlerContext.channel().close();
                        throw new RuntimeException(((MySQLErrPacket) obj).getErrorMessage());
                    }
                    channelHandlerContext.channel().pipeline().remove(this);
                    this.authResultCallback.setSuccess(this.serverInfo);
                    return;
                }
            }
            MySQLAuthSwitchRequestPacket mySQLAuthSwitchRequestPacket = (MySQLAuthSwitchRequestPacket) obj;
            switch (AnonymousClass1.$SwitchMap$org$apache$shardingsphere$db$protocol$mysql$constant$MySQLAuthenticationPlugin[MySQLAuthenticationPlugin.getPluginByName(mySQLAuthSwitchRequestPacket.getAuthPluginName()).ordinal()]) {
                case 1:
                    bytes = PasswordEncryption.encryptWithMySQL41(this.password.getBytes(), mySQLAuthSwitchRequestPacket.getAuthPluginData().getAuthenticationPluginData());
                    break;
                case REQUEST_PUBLIC_KEY /* 2 */:
                    bytes = PasswordEncryption.encryptWithSha2(this.password.getBytes(), mySQLAuthSwitchRequestPacket.getAuthPluginData().getAuthenticationPluginData());
                    break;
                default:
                    bytes = this.password.getBytes();
                    break;
            }
            channelHandlerContext.channel().writeAndFlush(new MySQLAuthSwitchResponsePacket(mySQLAuthSwitchRequestPacket.getSequenceId() + 1, bytes));
            this.seed = mySQLAuthSwitchRequestPacket.getAuthPluginData().getAuthenticationPluginData();
        } catch (NoSuchAlgorithmException e) {
            throw e;
        }
    }

    private void handleCachingSha2Auth(ChannelHandlerContext channelHandlerContext, MySQLAuthMoreDataPacket mySQLAuthMoreDataPacket) {
        if (this.publicKeyRequested) {
            channelHandlerContext.channel().writeAndFlush(new MySQLAuthSwitchResponsePacket(mySQLAuthMoreDataPacket.getSequenceId() + 1, PasswordEncryption.encryptWithRSAPublicKey(this.password, this.seed, this.serverInfo.getServerVersion().greaterThanOrEqualTo(8, 0, 5) ? "RSA/ECB/OAEPWithSHA-1AndMGF1Padding" : "RSA/ECB/PKCS1Padding", new String(mySQLAuthMoreDataPacket.getPluginData()))));
        } else if (PERFORM_FULL_AUTHENTICATION == mySQLAuthMoreDataPacket.getPluginData()[0]) {
            this.publicKeyRequested = true;
            channelHandlerContext.channel().writeAndFlush(new MySQLAuthSwitchResponsePacket(mySQLAuthMoreDataPacket.getSequenceId() + 1, new byte[]{REQUEST_PUBLIC_KEY}));
        }
    }

    private int generateClientCapability() {
        return MySQLCapabilityFlag.calculateCapabilityFlags(new MySQLCapabilityFlag[]{MySQLCapabilityFlag.CLIENT_LONG_PASSWORD, MySQLCapabilityFlag.CLIENT_LONG_FLAG, MySQLCapabilityFlag.CLIENT_PROTOCOL_41, MySQLCapabilityFlag.CLIENT_INTERACTIVE, MySQLCapabilityFlag.CLIENT_TRANSACTIONS, MySQLCapabilityFlag.CLIENT_SECURE_CONNECTION, MySQLCapabilityFlag.CLIENT_MULTI_STATEMENTS, MySQLCapabilityFlag.CLIENT_PLUGIN_AUTH});
    }

    private byte[] generateAuthResponse(byte[] bArr) {
        try {
            return (null == this.password || this.password.isEmpty()) ? new byte[0] : PasswordEncryption.encryptWithMySQL41(this.password.getBytes(), bArr);
        } catch (NoSuchAlgorithmException e) {
            throw e;
        }
    }

    @Generated
    public MySQLNegotiateHandler(String str, String str2, Promise<Object> promise) {
        this.username = str;
        this.password = str2;
        this.authResultCallback = promise;
    }
}
