package org.revenj.database.postgres;

import java.io.IOException;
import java.net.ConnectException;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import java.util.TimeZone;
import javax.net.SocketFactory;
import org.postgresql.PGProperty;
import org.postgresql.core.Encoding;
import org.postgresql.core.Logger;
import org.postgresql.core.PGStream;
import org.postgresql.core.v2.SocketFactoryFactory;
import org.postgresql.gss.MakeGSS;
import org.postgresql.ssl.MakeSSL;
import org.postgresql.sspi.ISSPIClient;
import org.postgresql.util.GT;
import org.postgresql.util.HostSpec;
import org.postgresql.util.MD5Digest;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
import org.postgresql.util.ServerErrorMessage;
import org.postgresql.util.UnixCrypt;

/* loaded from: input_file:org/revenj/database/postgres/ConnectionFactory.class */
public class ConnectionFactory {
    private static final int AUTH_REQ_OK = 0;
    private static final int AUTH_REQ_PASSWORD = 3;
    private static final int AUTH_REQ_CRYPT = 4;
    private static final int AUTH_REQ_MD5 = 5;
    private static final int AUTH_REQ_GSS = 7;
    private static final int AUTH_REQ_GSS_CONTINUE = 8;
    private static final int AUTH_REQ_SSPI = 9;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/revenj/database/postgres/ConnectionFactory$UnsupportedProtocolException.class */
    public static class UnsupportedProtocolException extends IOException {
        private UnsupportedProtocolException() {
        }
    }

    private static ISSPIClient createSSPI(PGStream pGStream, String str, boolean z, Logger logger) {
        try {
            return (ISSPIClient) Class.forName("org.postgresql.sspi.SSPIClient").getDeclaredConstructor(PGStream.class, String.class, Boolean.TYPE, Logger.class).newInstance(pGStream, str, Boolean.valueOf(z), logger);
        } catch (ReflectiveOperationException e) {
            throw new IllegalStateException("Unable to load org.postgresql.sspi.SSPIClient. Please check that SSPIClient is included in your pgjdbc distribution.", e);
        }
    }

    public static PGStream openConnection(HostSpec hostSpec, String str, String str2, String str3, Properties properties) throws SQLException {
        boolean z;
        boolean z2;
        Logger logger = new Logger();
        String str4 = PGProperty.SSL_MODE.get(properties);
        if (str4 == null) {
            boolean z3 = PGProperty.SSL.getBoolean(properties) || "".equals(PGProperty.SSL.get(properties));
            z = z3;
            z2 = z3;
        } else if ("disable".equals(str4)) {
            z = AUTH_REQ_OK;
            z2 = AUTH_REQ_OK;
        } else {
            if (!"require".equals(str4) && !"verify-ca".equals(str4) && !"verify-full".equals(str4)) {
                throw new PSQLException(GT.tr("Invalid sslmode value: {0}", str4), PSQLState.CONNECTION_UNABLE_TO_CONNECT);
            }
            z = true;
            z2 = true;
        }
        int i = PGProperty.CONNECT_TIMEOUT.getInt(properties) * 1000;
        SocketFactory socketFactory = SocketFactoryFactory.getSocketFactory(properties);
        PGStream pGStream = AUTH_REQ_OK;
        try {
            pGStream = new PGStream(socketFactory, hostSpec, i);
            if (z) {
                pGStream = enableSSL(pGStream, z2, properties, logger, i);
            }
            int i2 = PGProperty.SOCKET_TIMEOUT.getInt(properties);
            if (i2 > 0) {
                pGStream.getSocket().setSoTimeout(i2 * 1000);
            }
            pGStream.getSocket().setKeepAlive(true);
            int i3 = PGProperty.RECEIVE_BUFFER_SIZE.getInt(properties);
            if (i3 > -1 && i3 > 0) {
                pGStream.getSocket().setReceiveBufferSize(i3);
            }
            int i4 = PGProperty.SEND_BUFFER_SIZE.getInt(properties);
            if (i4 > -1 && i4 > 0) {
                pGStream.getSocket().setSendBufferSize(i4);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new String[]{"user", str});
            arrayList.add(new String[]{"database", str3});
            arrayList.add(new String[]{"client_encoding", "UTF8"});
            arrayList.add(new String[]{"DateStyle", "ISO"});
            arrayList.add(new String[]{"TimeZone", createPostgresTimeZone()});
            PGProperty.ASSUME_MIN_SERVER_VERSION.get(properties);
            arrayList.add(new String[]{"extra_float_digits", "3"});
            String str5 = PGProperty.APPLICATION_NAME.get(properties);
            String[] strArr = new String[2];
            strArr[AUTH_REQ_OK] = "application_name";
            strArr[1] = str5 == null ? "Revenj" : str5;
            arrayList.add(strArr);
            String str6 = PGProperty.CURRENT_SCHEMA.get(properties);
            if (str6 != null) {
                arrayList.add(new String[]{"search_path", str6});
            }
            sendStartupPacket(pGStream, arrayList, logger);
            doAuthentication(pGStream, hostSpec.getHost(), str, str2, properties, logger);
            readStartupMessages(pGStream, logger);
            return pGStream;
        } catch (ConnectException e) {
            throw new PSQLException(GT.tr("Connection to {0} refused. Check that the hostname and port are correct and that the postmaster is accepting TCP/IP connections.", hostSpec), PSQLState.CONNECTION_UNABLE_TO_CONNECT, e);
        } catch (SQLException e2) {
            closeStream(pGStream);
            throw e2;
        } catch (UnsupportedProtocolException e3) {
            closeStream(pGStream);
            throw new PSQLException(GT.tr("Unsupported protocol"), PSQLState.CONNECTION_UNABLE_TO_CONNECT, e3);
        } catch (IOException e4) {
            closeStream(pGStream);
            throw new PSQLException(GT.tr("The connection attempt failed."), PSQLState.CONNECTION_UNABLE_TO_CONNECT, e4);
        }
    }

    private static void closeStream(PGStream pGStream) {
        if (pGStream != null) {
            try {
                pGStream.close();
            } catch (IOException e) {
            }
        }
    }

    private static String createPostgresTimeZone() {
        String str;
        String id = TimeZone.getDefault().getID();
        if (id.length() <= AUTH_REQ_PASSWORD || !id.startsWith("GMT")) {
            return id;
        }
        char charAt = id.charAt(AUTH_REQ_PASSWORD);
        if (charAt == '+') {
            str = "GMT-";
        } else {
            if (charAt != '-') {
                return id;
            }
            str = "GMT+";
        }
        return str + id.substring(AUTH_REQ_CRYPT);
    }

    private static PGStream enableSSL(PGStream pGStream, boolean z, Properties properties, Logger logger, int i) throws IOException, SQLException {
        pGStream.SendInteger4(AUTH_REQ_GSS_CONTINUE);
        pGStream.SendInteger2(1234);
        pGStream.SendInteger2(5679);
        pGStream.flush();
        switch (pGStream.ReceiveChar()) {
            case 69:
                if (z) {
                    throw new PSQLException(GT.tr("The server does not support SSL."), PSQLState.CONNECTION_REJECTED);
                }
                pGStream.close();
                return new PGStream(pGStream.getSocketFactory(), pGStream.getHostSpec(), i);
            case 78:
                if (z) {
                    throw new PSQLException(GT.tr("The server does not support SSL."), PSQLState.CONNECTION_REJECTED);
                }
                return pGStream;
            case 83:
                MakeSSL.convert(pGStream, properties, logger);
                return pGStream;
            default:
                throw new PSQLException(GT.tr("An error occurred while setting up the SSL connection."), PSQLState.PROTOCOL_VIOLATION);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void sendStartupPacket(PGStream pGStream, List<String[]> list, Logger logger) throws IOException {
        int i = AUTH_REQ_GSS_CONTINUE;
        byte[] bArr = new byte[list.size() * 2];
        for (int i2 = AUTH_REQ_OK; i2 < list.size(); i2++) {
            bArr[i2 * 2] = list.get(i2)[AUTH_REQ_OK].getBytes("UTF-8");
            bArr[(i2 * 2) + 1] = list.get(i2)[1].getBytes("UTF-8");
            i += bArr[i2 * 2].length + 1 + bArr[(i2 * 2) + 1].length + 1;
        }
        pGStream.SendInteger4(i + 1);
        pGStream.SendInteger2(AUTH_REQ_PASSWORD);
        pGStream.SendInteger2(AUTH_REQ_OK);
        int length = bArr.length;
        for (int i3 = AUTH_REQ_OK; i3 < length; i3++) {
            pGStream.Send(bArr[i3]);
            pGStream.SendChar(AUTH_REQ_OK);
        }
        pGStream.SendChar(AUTH_REQ_OK);
        pGStream.flush();
    }

    private static void doAuthentication(PGStream pGStream, String str, String str2, String str3, Properties properties, Logger logger) throws IOException, SQLException {
        ISSPIClient iSSPIClient = AUTH_REQ_OK;
        while (true) {
            try {
                switch (pGStream.ReceiveChar()) {
                    case 69:
                        int ReceiveInteger4 = pGStream.ReceiveInteger4();
                        if (ReceiveInteger4 <= 30000) {
                            throw new PSQLException(new ServerErrorMessage(pGStream.ReceiveString(ReceiveInteger4 - AUTH_REQ_CRYPT), logger.getLogLevel()));
                        }
                        throw new UnsupportedProtocolException();
                    case 82:
                        int ReceiveInteger42 = pGStream.ReceiveInteger4();
                        int ReceiveInteger43 = pGStream.ReceiveInteger4();
                        switch (ReceiveInteger43) {
                            case AUTH_REQ_OK /* 0 */:
                                if (iSSPIClient != null) {
                                    try {
                                        iSSPIClient.dispose();
                                        return;
                                    } catch (RuntimeException e) {
                                        logger.log("Unexpected error during SSPI context disposal", e);
                                        return;
                                    }
                                }
                                return;
                            case 1:
                            case 2:
                            case 6:
                            default:
                                throw new PSQLException(GT.tr("The authentication type {0} is not supported. Check that you have configured the pg_hba.conf file to include the client''s IP address or subnet, and that it is using an authentication scheme supported by the driver.", Integer.valueOf(ReceiveInteger43)), PSQLState.CONNECTION_REJECTED);
                            case AUTH_REQ_PASSWORD /* 3 */:
                                if (logger.logDebug()) {
                                    logger.debug(" <=BE AuthenticationReqPassword");
                                    logger.debug(" FE=> Password(password=<not shown>)");
                                }
                                if (str3 != null) {
                                    byte[] bytes = str3.getBytes("UTF-8");
                                    pGStream.SendChar(112);
                                    pGStream.SendInteger4(AUTH_REQ_CRYPT + bytes.length + 1);
                                    pGStream.Send(bytes);
                                    pGStream.SendChar(AUTH_REQ_OK);
                                    pGStream.flush();
                                    break;
                                } else {
                                    throw new PSQLException(GT.tr("The server requested password-based authentication, but no password was provided."), PSQLState.CONNECTION_REJECTED);
                                }
                            case AUTH_REQ_CRYPT /* 4 */:
                                byte[] Receive = pGStream.Receive(2);
                                if (str3 != null) {
                                    byte[] crypt = UnixCrypt.crypt(Receive, str3.getBytes("UTF-8"));
                                    pGStream.SendChar(112);
                                    pGStream.SendInteger4(AUTH_REQ_CRYPT + crypt.length + 1);
                                    pGStream.Send(crypt);
                                    pGStream.SendChar(AUTH_REQ_OK);
                                    pGStream.flush();
                                    break;
                                } else {
                                    throw new PSQLException(GT.tr("The server requested password-based authentication, but no password was provided."), PSQLState.CONNECTION_REJECTED);
                                }
                            case AUTH_REQ_MD5 /* 5 */:
                                byte[] Receive2 = pGStream.Receive(AUTH_REQ_CRYPT);
                                if (str3 != null) {
                                    byte[] encode = MD5Digest.encode(str2.getBytes("UTF-8"), str3.getBytes("UTF-8"), Receive2);
                                    pGStream.SendChar(112);
                                    pGStream.SendInteger4(AUTH_REQ_CRYPT + encode.length + 1);
                                    pGStream.Send(encode);
                                    pGStream.SendChar(AUTH_REQ_OK);
                                    pGStream.flush();
                                    break;
                                } else {
                                    throw new PSQLException(GT.tr("The server requested password-based authentication, but no password was provided."), PSQLState.CONNECTION_REJECTED);
                                }
                            case AUTH_REQ_GSS /* 7 */:
                            case AUTH_REQ_SSPI /* 9 */:
                                String str4 = PGProperty.GSS_LIB.get(properties);
                                boolean z = PGProperty.USE_SPNEGO.getBoolean(properties);
                                boolean z2 = AUTH_REQ_OK;
                                if (str4.equals("gssapi")) {
                                    logger.debug("Using JSSE GSSAPI, param gsslib=gssapi");
                                } else if (ReceiveInteger43 != AUTH_REQ_GSS || str4.equals("sspi")) {
                                    iSSPIClient = createSSPI(pGStream, PGProperty.SSPI_SERVICE_CLASS.get(properties), ReceiveInteger43 == AUTH_REQ_SSPI || (ReceiveInteger43 == AUTH_REQ_GSS && z), logger);
                                    z2 = iSSPIClient.isSSPISupported();
                                    if (!z2) {
                                        iSSPIClient = AUTH_REQ_OK;
                                        if (str4.equals("sspi")) {
                                            throw new PSQLException("SSPI forced with gsslib=sspi, but SSPI not available; set loglevel=2 for details", PSQLState.CONNECTION_UNABLE_TO_CONNECT);
                                        }
                                    }
                                } else {
                                    logger.debug("Using JSSE GSSAPI, gssapi requested by server and gsslib=sspi not forced");
                                }
                                if (!z2) {
                                    MakeGSS.authenticate(pGStream, str, str2, str3, PGProperty.JAAS_APPLICATION_NAME.get(properties), PGProperty.KERBEROS_SERVER_NAME.get(properties), logger, z);
                                    break;
                                } else {
                                    iSSPIClient.startSSPI();
                                    break;
                                }
                                break;
                            case AUTH_REQ_GSS_CONTINUE /* 8 */:
                                iSSPIClient.continueSSPI(ReceiveInteger42 - AUTH_REQ_GSS_CONTINUE);
                                break;
                        }
                        break;
                    default:
                        throw new PSQLException(GT.tr("Protocol error.  Session setup failed."), PSQLState.PROTOCOL_VIOLATION);
                }
            } catch (Throwable th) {
                if (iSSPIClient != null) {
                    try {
                        iSSPIClient.dispose();
                    } catch (RuntimeException e2) {
                        logger.log("Unexpected error during SSPI context disposal", e2);
                    }
                }
                throw th;
            }
        }
    }

    private static void readStartupMessages(PGStream pGStream, Logger logger) throws IOException, SQLException {
        while (true) {
            switch (pGStream.ReceiveChar()) {
                case 69:
                    throw new PSQLException(new ServerErrorMessage(pGStream.ReceiveString(pGStream.ReceiveInteger4() - AUTH_REQ_CRYPT), logger.getLogLevel()));
                case 75:
                    if (pGStream.ReceiveInteger4() == 12) {
                        pGStream.ReceiveInteger4();
                        pGStream.ReceiveInteger4();
                        break;
                    } else {
                        throw new PSQLException(GT.tr("Protocol error.  Session setup failed."), PSQLState.PROTOCOL_VIOLATION);
                    }
                case 78:
                    pGStream.ReceiveString(pGStream.ReceiveInteger4() - AUTH_REQ_CRYPT);
                    break;
                case 83:
                    pGStream.ReceiveInteger4();
                    String ReceiveString = pGStream.ReceiveString();
                    String ReceiveString2 = pGStream.ReceiveString();
                    if (logger.logDebug()) {
                        logger.debug(" <=BE ParameterStatus(" + ReceiveString + " = " + ReceiveString2 + ")");
                    }
                    if (!ReceiveString.equals("client_encoding")) {
                        continue;
                    } else {
                        if (!ReceiveString2.equals("UTF8")) {
                            throw new PSQLException(GT.tr("Protocol error.  Session setup failed."), PSQLState.PROTOCOL_VIOLATION);
                        }
                        pGStream.setEncoding(Encoding.getDatabaseEncoding("UTF8"));
                        break;
                    }
                case 90:
                    if (pGStream.ReceiveInteger4() != AUTH_REQ_MD5) {
                        throw new IOException("unexpected length of ReadyForQuery packet");
                    }
                    pGStream.ReceiveChar();
                    return;
                default:
                    throw new PSQLException(GT.tr("Protocol error.  Session setup failed."), PSQLState.PROTOCOL_VIOLATION);
            }
        }
    }
}
