package dev.miku.r2dbc.mysql;

import dev.miku.r2dbc.mysql.authentication.MySqlAuthProvider;
import dev.miku.r2dbc.mysql.client.Client;
import dev.miku.r2dbc.mysql.constant.AuthTypes;
import dev.miku.r2dbc.mysql.constant.Capabilities;
import dev.miku.r2dbc.mysql.constant.SqlStates;
import dev.miku.r2dbc.mysql.constant.SslMode;
import dev.miku.r2dbc.mysql.message.client.FullAuthResponse;
import dev.miku.r2dbc.mysql.message.client.HandshakeResponse;
import dev.miku.r2dbc.mysql.message.client.SslRequest;
import dev.miku.r2dbc.mysql.message.server.AuthChangeMessage;
import dev.miku.r2dbc.mysql.message.server.AuthMoreDataMessage;
import dev.miku.r2dbc.mysql.message.server.ErrorMessage;
import dev.miku.r2dbc.mysql.message.server.HandshakeHeader;
import dev.miku.r2dbc.mysql.message.server.HandshakeRequest;
import dev.miku.r2dbc.mysql.message.server.OkMessage;
import dev.miku.r2dbc.mysql.message.server.ServerMessage;
import dev.miku.r2dbc.mysql.message.server.SyntheticSslResponseMessage;
import dev.miku.r2dbc.mysql.util.AssertUtils;
import dev.miku.r2dbc.mysql.util.ConnectionContext;
import dev.miku.r2dbc.mysql.util.ServerVersion;
import io.r2dbc.spi.R2dbcPermissionDeniedException;
import java.util.Collections;
import java.util.Map;
import java.util.function.Consumer;
import java.util.function.Predicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.EmitterProcessor;
import reactor.core.publisher.Mono;
import reactor.util.annotation.Nullable;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:dev/miku/r2dbc/mysql/LoginFlow.class */
public final class LoginFlow {
    private static final Logger logger = LoggerFactory.getLogger(LoginFlow.class);
    private static final Map<String, String> attributes = Collections.emptyMap();
    private static final int CURRENT_HANDSHAKE_VERSION = 10;
    private final Client client;
    private final ConnectionContext context;
    private final SslMode sslMode;
    private volatile boolean sslCompleted = false;
    private volatile MySqlAuthProvider authProvider;
    private volatile String username;
    private volatile CharSequence password;
    private volatile byte[] salt;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:dev/miku/r2dbc/mysql/LoginFlow$State.class */
    public enum State {
        INIT { // from class: dev.miku.r2dbc.mysql.LoginFlow.State.1
            @Override // dev.miku.r2dbc.mysql.LoginFlow.State
            Mono<State> handle(LoginFlow loginFlow) {
                return loginFlow.client.nextMessage().handle((serverMessage, synchronousSink) -> {
                    if (serverMessage instanceof ErrorMessage) {
                        synchronousSink.error(ExceptionFactory.createException((ErrorMessage) serverMessage, null));
                        return;
                    }
                    if (!(serverMessage instanceof HandshakeRequest)) {
                        synchronousSink.error(new IllegalStateException(String.format("Unexpected message type '%s' in handshake init phase", serverMessage.getClass().getSimpleName())));
                        return;
                    }
                    loginFlow.initHandshake((HandshakeRequest) serverMessage);
                    if (loginFlow.useSsl()) {
                        synchronousSink.next(SSL);
                        synchronousSink.complete();
                    } else {
                        synchronousSink.next(HANDSHAKE);
                        synchronousSink.complete();
                    }
                });
            }
        },
        SSL { // from class: dev.miku.r2dbc.mysql.LoginFlow.State.2
            private final Predicate<ServerMessage> sslComplete = serverMessage -> {
                return (serverMessage instanceof ErrorMessage) || (serverMessage instanceof SyntheticSslResponseMessage);
            };

            @Override // dev.miku.r2dbc.mysql.LoginFlow.State
            Mono<State> handle(LoginFlow loginFlow) {
                return loginFlow.client.exchange(loginFlow.createSslRequest(), this.sslComplete).handle((serverMessage, synchronousSink) -> {
                    if (serverMessage instanceof ErrorMessage) {
                        synchronousSink.error(ExceptionFactory.createException((ErrorMessage) serverMessage, null));
                    } else if (!(serverMessage instanceof SyntheticSslResponseMessage)) {
                        synchronousSink.error(new IllegalStateException(String.format("Unexpected message type '%s' in SSL handshake phase", serverMessage.getClass().getSimpleName())));
                    } else {
                        loginFlow.sslCompleted = true;
                        synchronousSink.next(HANDSHAKE);
                    }
                }).last();
            }
        },
        HANDSHAKE { // from class: dev.miku.r2dbc.mysql.LoginFlow.State.3
            private final Predicate<ServerMessage> handshakeComplete = serverMessage -> {
                return (serverMessage instanceof ErrorMessage) || (serverMessage instanceof OkMessage) || ((serverMessage instanceof AuthMoreDataMessage) && ((AuthMoreDataMessage) serverMessage).getAuthMethodData()[0] != 3) || (serverMessage instanceof AuthChangeMessage);
            };

            @Override // dev.miku.r2dbc.mysql.LoginFlow.State
            Mono<State> handle(LoginFlow loginFlow) {
                return loginFlow.createHandshakeResponse().flatMapMany(handshakeResponse -> {
                    return loginFlow.client.exchange(handshakeResponse, this.handshakeComplete);
                }).handle((serverMessage, synchronousSink) -> {
                    if (serverMessage instanceof ErrorMessage) {
                        synchronousSink.error(ExceptionFactory.createException((ErrorMessage) serverMessage, null));
                        return;
                    }
                    if (serverMessage instanceof OkMessage) {
                        synchronousSink.next(COMPLETED);
                        return;
                    }
                    if (serverMessage instanceof AuthMoreDataMessage) {
                        if (((AuthMoreDataMessage) serverMessage).getAuthMethodData()[0] != 3) {
                            if (LoginFlow.logger.isInfoEnabled()) {
                                LoginFlow.logger.info("Connection (id {}) fast authentication failed, auto-try to use full authentication", Integer.valueOf(loginFlow.context.getConnectionId()));
                            }
                            synchronousSink.next(FULL_AUTH);
                            return;
                        }
                        return;
                    }
                    if (!(serverMessage instanceof AuthChangeMessage)) {
                        synchronousSink.error(new IllegalStateException(String.format("Unexpected message type '%s' in handshake response phase", serverMessage.getClass().getSimpleName())));
                    } else {
                        loginFlow.changeAuth((AuthChangeMessage) serverMessage);
                        synchronousSink.next(FULL_AUTH);
                    }
                }).last();
            }
        },
        FULL_AUTH { // from class: dev.miku.r2dbc.mysql.LoginFlow.State.4
            private final Predicate<ServerMessage> fullAuthComplete = serverMessage -> {
                return (serverMessage instanceof ErrorMessage) || (serverMessage instanceof OkMessage);
            };

            @Override // dev.miku.r2dbc.mysql.LoginFlow.State
            Mono<State> handle(LoginFlow loginFlow) {
                return loginFlow.createFullAuthResponse().flatMapMany(fullAuthResponse -> {
                    return loginFlow.client.exchange(fullAuthResponse, this.fullAuthComplete);
                }).handle((serverMessage, synchronousSink) -> {
                    if (serverMessage instanceof ErrorMessage) {
                        synchronousSink.error(ExceptionFactory.createException((ErrorMessage) serverMessage, null));
                    } else if (serverMessage instanceof OkMessage) {
                        synchronousSink.next(COMPLETED);
                    } else {
                        synchronousSink.error(new IllegalStateException(String.format("Unexpected message type '%s' in full authentication phase", serverMessage.getClass().getSimpleName())));
                    }
                }).last();
            }
        },
        COMPLETED { // from class: dev.miku.r2dbc.mysql.LoginFlow.State.5
            @Override // dev.miku.r2dbc.mysql.LoginFlow.State
            Mono<State> handle(LoginFlow loginFlow) {
                return Mono.just(COMPLETED);
            }
        };

        abstract Mono<State> handle(LoginFlow loginFlow);
    }

    private LoginFlow(Client client, SslMode sslMode, ConnectionContext connectionContext, String str, @Nullable CharSequence charSequence) {
        this.client = (Client) AssertUtils.requireNonNull(client, "client must not be null");
        this.sslMode = (SslMode) AssertUtils.requireNonNull(sslMode, "sslMode must not be null");
        this.context = (ConnectionContext) AssertUtils.requireNonNull(connectionContext, "context must not be null");
        this.username = (String) AssertUtils.requireNonNull(str, "username must not be null");
        this.password = charSequence;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initHandshake(HandshakeRequest handshakeRequest) {
        HandshakeHeader header = handshakeRequest.getHeader();
        short protocolVersion = header.getProtocolVersion();
        ServerVersion serverVersion = header.getServerVersion();
        if (protocolVersion < 10) {
            logger.warn("The MySQL server use old handshake V{}, server version is {}, maybe most features are not available", Integer.valueOf(protocolVersion), serverVersion);
        }
        this.context.setConnectionId(header.getConnectionId());
        this.context.setServerVersion(serverVersion);
        this.context.setCapabilities(calculateClientCapabilities(handshakeRequest.getServerCapabilities()));
        this.authProvider = MySqlAuthProvider.build(handshakeRequest.getAuthType());
        this.salt = handshakeRequest.getSalt();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean useSsl() {
        return (this.context.getCapabilities() & 2048) != 0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void changeAuth(AuthChangeMessage authChangeMessage) {
        this.authProvider = MySqlAuthProvider.build(authChangeMessage.getAuthType());
        this.salt = authChangeMessage.getSalt();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SslRequest createSslRequest() {
        return SslRequest.from(this.context.getCapabilities(), this.context.getCollation().getId());
    }

    private MySqlAuthProvider getAndNextProvider() {
        MySqlAuthProvider mySqlAuthProvider = this.authProvider;
        this.authProvider = mySqlAuthProvider.next();
        return mySqlAuthProvider;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Mono<HandshakeResponse> createHandshakeResponse() {
        return Mono.fromSupplier(() -> {
            MySqlAuthProvider andNextProvider = getAndNextProvider();
            if (andNextProvider.isSslNecessary() && !this.sslCompleted) {
                throw new R2dbcPermissionDeniedException(String.format("Authentication type '%s' must require SSL in fast authentication phase", andNextProvider.getType()), SqlStates.CLI_SPECIFIC_CONDITION);
            }
            String str = this.username;
            if (str == null) {
                throw new IllegalStateException("username must not be null when login");
            }
            byte[] authentication = andNextProvider.authentication(this.password, this.salt, this.context.getCollation());
            String type = andNextProvider.getType();
            if (AuthTypes.NO_AUTH_PROVIDER.equals(type)) {
                type = AuthTypes.CACHING_SHA2_PASSWORD;
            }
            return HandshakeResponse.from(this.context.getCapabilities(), this.context.getCollation().getId(), str, authentication, type, this.context.getDatabase(), attributes);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Mono<FullAuthResponse> createFullAuthResponse() {
        return Mono.fromSupplier(() -> {
            MySqlAuthProvider andNextProvider = getAndNextProvider();
            if (!andNextProvider.isSslNecessary() || this.sslCompleted) {
                return new FullAuthResponse(andNextProvider.authentication(this.password, this.salt, this.context.getCollation()));
            }
            throw new R2dbcPermissionDeniedException(String.format("Authentication type '%s' must require SSL in full authentication phase", andNextProvider.getType()), SqlStates.CLI_SPECIFIC_CONDITION);
        });
    }

    private int calculateClientCapabilities(int i) {
        int i2 = i & 2101344783;
        if ((i2 & 2048) != 0) {
            if (!this.sslMode.startSsl()) {
                i2 &= -2049;
            }
            if (!this.sslMode.verifyCertificate()) {
                i2 &= -1073741825;
            }
        } else {
            if (this.sslMode.requireSsl()) {
                throw new R2dbcPermissionDeniedException(String.format("Server version %s unsupported SSL but SSL required by mode %s", this.context.getServerVersion(), this.sslMode), SqlStates.CLI_SPECIFIC_CONDITION);
            }
            if (this.sslMode.startSsl()) {
                this.client.sslUnsupported();
            }
        }
        if (this.context.getDatabase().isEmpty() && (i2 & 8) != 0) {
            i2 &= -9;
        }
        if (attributes.isEmpty() && (i2 & Capabilities.CONNECT_ATTRS) != 0) {
            i2 &= -1048577;
        }
        return i2;
    }

    private void clearAuthentication() {
        this.username = null;
        this.password = null;
        this.salt = null;
        this.authProvider = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Mono<Client> login(Client client, SslMode sslMode, ConnectionContext connectionContext, String str, @Nullable CharSequence charSequence) {
        LoginFlow loginFlow = new LoginFlow(client, sslMode, connectionContext, str, charSequence);
        EmitterProcessor create = EmitterProcessor.create(true);
        return create.startWith(new State[]{State.INIT}).handle((state, synchronousSink) -> {
            if (State.COMPLETED == state) {
                synchronousSink.complete();
                return;
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Login state {} handling", state);
            }
            Mono<State> handle = state.handle(loginFlow);
            create.getClass();
            Consumer consumer = (v1) -> {
                r1.onNext(v1);
            };
            create.getClass();
            handle.subscribe(consumer, create::onError);
        }).doOnComplete(() -> {
            if (logger.isDebugEnabled()) {
                logger.debug("Login succeed, cleanup intermediate variables");
            }
            loginFlow.clearAuthentication();
            loginFlow.client.loginSuccess();
        }).doOnError(th -> {
            loginFlow.clearAuthentication();
            loginFlow.client.forceClose().subscribe();
        }).then(Mono.just(client));
    }
}
