package org.postgresql.shaded.com.ongres.scram.client;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.function.Supplier;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.postgresql.jdbc.EscapedFunctions;
import org.postgresql.shaded.com.ongres.scram.client.MessageFlow;
import org.postgresql.shaded.com.ongres.scram.common.ClientFinalMessage;
import org.postgresql.shaded.com.ongres.scram.common.ClientFirstMessage;
import org.postgresql.shaded.com.ongres.scram.common.Gs2CbindFlag;
import org.postgresql.shaded.com.ongres.scram.common.ScramFunctions;
import org.postgresql.shaded.com.ongres.scram.common.ScramMechanism;
import org.postgresql.shaded.com.ongres.scram.common.ServerFinalMessage;
import org.postgresql.shaded.com.ongres.scram.common.ServerFirstMessage;
import org.postgresql.shaded.com.ongres.scram.common.StringPreparation;
import org.postgresql.shaded.com.ongres.scram.common.exception.ScramInvalidServerSignatureException;
import org.postgresql.shaded.com.ongres.scram.common.exception.ScramParseException;
import org.postgresql.shaded.com.ongres.scram.common.exception.ScramServerErrorException;
import org.postgresql.shaded.com.ongres.scram.common.util.Preconditions;

/* loaded from: input_file:BOOT-INF/lib/postgresql-42.7.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient.class */
public final class ScramClient implements MessageFlow {
    private final ScramMechanism scramMechanism;
    private final Gs2CbindFlag channelBinding;
    private final StringPreparation stringPreparation;
    private final String username;
    private final char[] password;
    private final byte[] saltedPassword;
    private final byte[] clientKey;
    private final byte[] serverKey;
    private final String cbindType;
    private final byte[] cbindData;
    private final String authzid;
    private final String nonce;
    private MessageFlow.Stage currentState;
    private ClientFirstMessage clientFirstMessage;
    private ServerFirstProcessor serverFirstProcessor;
    private ClientFinalProcessor clientFinalProcessor;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/postgresql-42.7.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$Builder.class */
    public static final class Builder implements MechanismsBuildStage, UsernameBuildStage, PasswordBuildStage, FinalBuildStage {
        ScramMechanism selectedScramMechanism;
        Collection<String> scramMechanisms;
        Gs2CbindFlag channelBinding;
        StringPreparation stringPreparation;
        int nonceLength;
        String nonce;
        SecureRandom secureRandom;
        String username;
        char[] password;
        byte[] saltedPassword;
        byte[] clientKey;
        byte[] serverKey;
        String cbindType;
        byte[] cbindData;
        String authzid;
        Supplier<String> nonceSupplier;

        private Builder() {
            this.channelBinding = Gs2CbindFlag.CLIENT_NOT;
            this.stringPreparation = StringPreparation.SASL_PREPARATION;
            this.nonceLength = 24;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.FinalBuildStage
        public FinalBuildStage stringPreparation(@NotNull StringPreparation stringPreparation) {
            this.stringPreparation = (StringPreparation) Preconditions.checkNotNull(stringPreparation, "stringPreparation");
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.FinalBuildStage
        public FinalBuildStage channelBinding(@Nullable String str, byte[] bArr) {
            this.cbindType = str;
            this.cbindData = bArr != null ? (byte[]) bArr.clone() : null;
            this.channelBinding = (str == null || bArr == null || str.isEmpty() || bArr.length <= 0) ? Gs2CbindFlag.CLIENT_NOT : Gs2CbindFlag.CLIENT_YES_SERVER_NOT;
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.FinalBuildStage
        public FinalBuildStage authzid(@NotNull String str) {
            this.authzid = Preconditions.checkNotEmpty(str, "authzid");
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.UsernameBuildStage
        public PasswordBuildStage username(@NotNull String str) {
            this.username = Preconditions.checkNotEmpty(str, "username");
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.PasswordBuildStage
        public FinalBuildStage password(char[] cArr) {
            this.password = Preconditions.checkNotEmpty(cArr, "password");
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.PasswordBuildStage
        public FinalBuildStage saltedPassword(byte[] bArr) {
            this.saltedPassword = (byte[]) Preconditions.checkNotNull(bArr, "saltedPassword");
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.PasswordBuildStage
        public FinalBuildStage clientAndServerKey(byte[] bArr, byte[] bArr2) {
            this.clientKey = (byte[]) Preconditions.checkNotNull(bArr, "clientKey");
            this.serverKey = (byte[]) Preconditions.checkNotNull(bArr2, "serverKey");
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.MechanismsBuildStage
        public UsernameBuildStage advertisedMechanisms(@NotNull Collection<String> collection) {
            Preconditions.checkNotNull(collection, "scramMechanisms");
            Preconditions.checkArgument(!collection.isEmpty(), "scramMechanisms");
            this.scramMechanisms = collection;
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.FinalBuildStage
        public FinalBuildStage nonceLength(int i) {
            this.nonceLength = Preconditions.gt0(i, EscapedFunctions.LENGTH);
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.FinalBuildStage
        public FinalBuildStage nonceSupplier(@NotNull Supplier<String> supplier) {
            this.nonceSupplier = (Supplier) Preconditions.checkNotNull(supplier, "nonceSupplier");
            return this;
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.FinalBuildStage
        public FinalBuildStage secureRandomAlgorithmProvider(@NotNull String str, @Nullable String str2) {
            try {
                this.secureRandom = null == str2 ? SecureRandom.getInstance(str) : SecureRandom.getInstance(str, str2);
                return this;
            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new IllegalArgumentException("Invalid algorithm or provider", e);
            }
        }

        @Override // org.postgresql.shaded.com.ongres.scram.client.ScramClient.FinalBuildStage
        public ScramClient build() {
            this.nonce = this.nonceSupplier != null ? this.nonceSupplier.get() : ScramFunctions.nonce(this.nonceLength, this.secureRandom != null ? this.secureRandom : new SecureRandom());
            this.selectedScramMechanism = mechanismNegotiation();
            return new ScramClient(this);
        }

        private ScramMechanism mechanismNegotiation() {
            ScramMechanism selectMechanism = selectMechanism(this.scramMechanisms, true);
            ScramMechanism selectMechanism2 = selectMechanism(this.scramMechanisms, false);
            ScramMechanism scramMechanism = selectMechanism != null ? selectMechanism : selectMechanism2;
            if (scramMechanism == null) {
                throw new IllegalArgumentException("Either a bare or plus mechanism must be present");
            }
            if (this.channelBinding == Gs2CbindFlag.CLIENT_YES_SERVER_NOT && scramMechanism.isPlus()) {
                this.channelBinding = Gs2CbindFlag.CHANNEL_BINDING_REQUIRED;
            } else {
                if (selectMechanism2 == null) {
                    throw new IllegalArgumentException("A non-PLUS mechanism was not advertised");
                }
                this.cbindType = null;
                this.cbindData = null;
                scramMechanism = selectMechanism2;
            }
            if (this.channelBinding == Gs2CbindFlag.CHANNEL_BINDING_REQUIRED && (this.cbindType == null || this.cbindData == null)) {
                throw new IllegalArgumentException("Channel Binding type and data are required");
            }
            return scramMechanism;
        }

        @Nullable
        private static ScramMechanism selectMechanism(@NotNull Collection<String> collection, boolean z) {
            ScramMechanism scramMechanism = null;
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                ScramMechanism byName = ScramMechanism.byName(it.next());
                if (byName != null && byName.isPlus() == z && (scramMechanism == null || byName.ordinal() > scramMechanism.ordinal())) {
                    scramMechanism = byName;
                }
            }
            return scramMechanism;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/postgresql-42.7.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$FinalBuildStage.class */
    public interface FinalBuildStage {
        FinalBuildStage channelBinding(@Nullable String str, byte[] bArr);

        FinalBuildStage stringPreparation(@NotNull StringPreparation stringPreparation);

        FinalBuildStage authzid(@NotNull String str);

        FinalBuildStage nonceLength(int i);

        FinalBuildStage nonceSupplier(@NotNull Supplier<String> supplier);

        FinalBuildStage secureRandomAlgorithmProvider(@NotNull String str, @Nullable String str2);

        ScramClient build();
    }

    /* loaded from: input_file:BOOT-INF/lib/postgresql-42.7.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$MechanismsBuildStage.class */
    public interface MechanismsBuildStage {
        UsernameBuildStage advertisedMechanisms(@NotNull Collection<String> collection);
    }

    /* loaded from: input_file:BOOT-INF/lib/postgresql-42.7.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$PasswordBuildStage.class */
    public interface PasswordBuildStage {
        FinalBuildStage password(char[] cArr);

        FinalBuildStage saltedPassword(byte[] bArr);

        FinalBuildStage clientAndServerKey(byte[] bArr, byte[] bArr2);
    }

    /* loaded from: input_file:BOOT-INF/lib/postgresql-42.7.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$UsernameBuildStage.class */
    public interface UsernameBuildStage {
        PasswordBuildStage username(@NotNull String str);
    }

    private ScramClient(@NotNull Builder builder) {
        this.currentState = MessageFlow.Stage.NONE;
        this.channelBinding = builder.channelBinding;
        this.scramMechanism = builder.selectedScramMechanism;
        this.stringPreparation = builder.stringPreparation;
        this.username = builder.username;
        this.password = builder.password != null ? (char[]) builder.password.clone() : null;
        this.saltedPassword = builder.saltedPassword;
        this.clientKey = builder.clientKey;
        this.serverKey = builder.serverKey;
        this.nonce = builder.nonce;
        this.cbindType = builder.cbindType;
        this.cbindData = builder.cbindData;
        this.authzid = builder.authzid;
    }

    public ScramMechanism getScramMechanism() {
        return this.scramMechanism;
    }

    @Override // org.postgresql.shaded.com.ongres.scram.client.MessageFlow
    public ClientFirstMessage clientFirstMessage() {
        if (this.currentState != MessageFlow.Stage.NONE) {
            throw new IllegalStateException("Invalid state for processing client first message");
        }
        this.clientFirstMessage = new ClientFirstMessage(this.channelBinding, this.cbindType, this.authzid, this.username, this.nonce);
        this.currentState = MessageFlow.Stage.CLIENT_FIRST;
        return this.clientFirstMessage;
    }

    @Override // org.postgresql.shaded.com.ongres.scram.client.MessageFlow
    public ServerFirstMessage serverFirstMessage(String str) throws ScramParseException {
        if (this.currentState != MessageFlow.Stage.CLIENT_FIRST) {
            throw new IllegalStateException("Invalid state for processing server first message");
        }
        Preconditions.checkNotEmpty(str, "serverFirstMessage");
        this.serverFirstProcessor = new ServerFirstProcessor(this.scramMechanism, this.stringPreparation, str, this.nonce, this.clientFirstMessage);
        this.currentState = MessageFlow.Stage.SERVER_FIRST;
        return this.serverFirstProcessor.getServerFirstMessage();
    }

    @Override // org.postgresql.shaded.com.ongres.scram.client.MessageFlow
    public ClientFinalMessage clientFinalMessage() {
        if (this.currentState != MessageFlow.Stage.SERVER_FIRST || this.serverFirstProcessor == null) {
            throw new IllegalStateException("Invalid state for processing client final message");
        }
        if (this.password != null) {
            this.clientFinalProcessor = this.serverFirstProcessor.clientFinalProcessor(this.password);
            Arrays.fill(this.password, (char) 0);
        } else if (this.saltedPassword != null) {
            this.clientFinalProcessor = this.serverFirstProcessor.clientFinalProcessor(this.saltedPassword);
        } else if (this.clientKey != null && this.serverKey != null) {
            this.clientFinalProcessor = this.serverFirstProcessor.clientFinalProcessor(this.clientKey, this.serverKey);
        }
        ClientFinalMessage clientFinalMessage = this.clientFinalProcessor.clientFinalMessage(this.cbindData);
        this.currentState = MessageFlow.Stage.CLIENT_FINAL;
        return clientFinalMessage;
    }

    @Override // org.postgresql.shaded.com.ongres.scram.client.MessageFlow
    public ServerFinalMessage serverFinalMessage(String str) throws ScramParseException, ScramServerErrorException, ScramInvalidServerSignatureException {
        if (this.currentState != MessageFlow.Stage.CLIENT_FINAL || this.clientFinalProcessor == null) {
            throw new IllegalStateException("Invalid state for processing server final message");
        }
        ServerFinalMessage receiveServerFinalMessage = this.clientFinalProcessor.receiveServerFinalMessage(str);
        this.currentState = MessageFlow.Stage.SERVER_FINAL;
        return receiveServerFinalMessage;
    }

    public static MechanismsBuildStage builder() {
        return new Builder();
    }
}
