package io.vertx.pgclient.impl.auth.scram;

import com.ongres.scram.client.ScramClient;
import com.ongres.scram.common.StringPreparation;
import com.ongres.scram.common.exception.ScramInvalidServerSignatureException;
import com.ongres.scram.common.exception.ScramParseException;
import com.ongres.scram.common.exception.ScramServerErrorException;
import com.ongres.scram.common.util.TlsServerEndpoint;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.ssl.SslHandler;
import io.vertx.pgclient.impl.codec.ScramClientInitialMessage;
import io.vertx.pgclient.impl.util.Util;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;

/* loaded from: input_file:io/vertx/pgclient/impl/auth/scram/ScramSessionImpl.class */
public class ScramSessionImpl implements ScramSession {
    private final String username;
    private final char[] password;
    private ScramClient scramClient;

    public ScramSessionImpl(String str, char[] cArr) {
        this.username = str;
        this.password = cArr;
    }

    @Override // io.vertx.pgclient.impl.auth.scram.ScramSession
    public ScramClientInitialMessage createInitialSaslMessage(ByteBuf byteBuf, ChannelHandlerContext channelHandlerContext) {
        ArrayList arrayList = new ArrayList();
        while (0 != byteBuf.getByte(byteBuf.readerIndex())) {
            arrayList.add(Util.readCStringUTF8(byteBuf));
        }
        if (arrayList.isEmpty()) {
            throw new UnsupportedOperationException("SASL Authentication : the server returned no mechanism");
        }
        this.scramClient = ScramClient.builder().advertisedMechanisms(arrayList).username(this.username).password(this.password).stringPreparation(StringPreparation.POSTGRESQL_PREPARATION).channelBinding("tls-server-end-point", extractChannelBindingData(channelHandlerContext)).build();
        return new ScramClientInitialMessage(this.scramClient.clientFirstMessage().toString(), this.scramClient.getScramMechanism().getName());
    }

    @Override // io.vertx.pgclient.impl.auth.scram.ScramSession
    public String receiveServerFirstMessage(ByteBuf byteBuf) {
        try {
            this.scramClient.serverFirstMessage(byteBuf.readCharSequence(byteBuf.readableBytes(), StandardCharsets.UTF_8).toString());
            return this.scramClient.clientFinalMessage().toString();
        } catch (ScramParseException e) {
            throw new UnsupportedOperationException((Throwable) e);
        }
    }

    @Override // io.vertx.pgclient.impl.auth.scram.ScramSession
    public void checkServerFinalMessage(ByteBuf byteBuf) {
        try {
            this.scramClient.serverFinalMessage(byteBuf.readCharSequence(byteBuf.readableBytes(), StandardCharsets.UTF_8).toString());
        } catch (ScramParseException | ScramServerErrorException | ScramInvalidServerSignatureException e) {
            throw new UnsupportedOperationException((Throwable) e);
        }
    }

    private byte[] extractChannelBindingData(ChannelHandlerContext channelHandlerContext) {
        SSLSession session;
        SslHandler sslHandler = channelHandlerContext.channel().pipeline().get(SslHandler.class);
        if (sslHandler != null && (session = sslHandler.engine().getSession()) != null && session.isValid()) {
            try {
                Certificate[] peerCertificates = session.getPeerCertificates();
                if (peerCertificates != null && peerCertificates.length > 0) {
                    Certificate certificate = peerCertificates[0];
                    if (certificate instanceof X509Certificate) {
                        return TlsServerEndpoint.getChannelBindingData((X509Certificate) certificate);
                    }
                }
            } catch (CertificateEncodingException | SSLException e) {
            }
        }
        return new byte[0];
    }
}
