package com.mysql.cj.protocol.a.authentication;

import com.mysql.cj.Messages;
import com.mysql.cj.callback.MysqlCallbackHandler;
import com.mysql.cj.callback.UsernameCallback;
import com.mysql.cj.callback.WebAuthnAuthenticationCallback;
import com.mysql.cj.conf.PropertyKey;
import com.mysql.cj.exceptions.ExceptionFactory;
import com.mysql.cj.protocol.AuthenticationPlugin;
import com.mysql.cj.protocol.Protocol;
import com.mysql.cj.protocol.a.NativeConstants;
import com.mysql.cj.protocol.a.NativePacketPayload;
import com.mysql.cj.util.Util;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.List;

/* loaded from: input_file:META-INF/libraries/com/mysql/mysql-connector-j/8.4.0/mysql-connector-j-8.4.0.jar:com/mysql/cj/protocol/a/authentication/AuthenticationWebAuthnClient.class */
public class AuthenticationWebAuthnClient implements AuthenticationPlugin<NativePacketPayload> {
    public static String PLUGIN_NAME = "authentication_webauthn_client";
    private static final String CLIENT_DATA_JSON = "{\"type\":\"webauthn.get\",\"challenge\":\"%s\",\"origin\":\"https://%s\",\"crossOrigin\":false }";
    private String sourceOfAuthData = PLUGIN_NAME;
    private AuthStage stage = AuthStage.INITIAL_DATA;
    private byte[] challenge = null;
    private String relyingPartyId = null;
    private String clientDataJson = null;
    private byte[] clientDataHash = null;
    private byte[] credentialId = null;
    private MysqlCallbackHandler usernameCallbackHandler = null;
    private MysqlCallbackHandler webAuthnAuthenticationCallbackHandler = null;
    private WebAuthnAuthenticationCallback webAuthnAuthCallback = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:META-INF/libraries/com/mysql/mysql-connector-j/8.4.0/mysql-connector-j-8.4.0.jar:com/mysql/cj/protocol/a/authentication/AuthenticationWebAuthnClient$AuthStage.class */
    public enum AuthStage {
        INITIAL_DATA,
        CREDENTIAL_ID,
        FINISHED
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public void init(Protocol<NativePacketPayload> protocol, MysqlCallbackHandler mysqlCallbackHandler) {
        this.usernameCallbackHandler = mysqlCallbackHandler;
        String value = protocol.getPropertySet().getStringProperty(PropertyKey.authenticationWebAuthnCallbackHandler).getValue();
        if (value == null) {
            throw ExceptionFactory.createException(Messages.getString("AuthenticationWebAuthnClientPlugin.MissingCallbackHandler"));
        }
        this.webAuthnAuthenticationCallbackHandler = (MysqlCallbackHandler) Util.getInstance(MysqlCallbackHandler.class, value, null, null, protocol.getExceptionInterceptor());
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public void reset() {
        this.stage = AuthStage.INITIAL_DATA;
        this.challenge = null;
        this.relyingPartyId = null;
        this.clientDataJson = null;
        this.clientDataHash = null;
        this.credentialId = null;
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public void destroy() {
        reset();
        this.usernameCallbackHandler = null;
        this.webAuthnAuthenticationCallbackHandler = null;
        this.webAuthnAuthCallback = null;
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public String getProtocolPluginName() {
        return PLUGIN_NAME;
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public boolean requiresConfidentiality() {
        return false;
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public boolean isReusable() {
        return false;
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public void setAuthenticationParameters(String str, String str2) {
        if (str != null || this.usernameCallbackHandler == null) {
            return;
        }
        this.usernameCallbackHandler.handle(new UsernameCallback(System.getProperty("user.name")));
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public void setSourceOfAuthData(String str) {
        this.sourceOfAuthData = str;
    }

    @Override // com.mysql.cj.protocol.AuthenticationPlugin
    public boolean nextAuthenticationStep(NativePacketPayload nativePacketPayload, List<NativePacketPayload> list) {
        list.clear();
        if (!this.sourceOfAuthData.equals(PLUGIN_NAME)) {
            return true;
        }
        switch (this.stage) {
            case INITIAL_DATA:
                if (nativePacketPayload.getPayloadLength() == 0) {
                    throw ExceptionFactory.createException(Messages.getString("AuthenticationWebAuthnClientPlugin.IncompleteRegistration"));
                }
                nativePacketPayload.readInteger(NativeConstants.IntegerDataType.INT1);
                this.challenge = nativePacketPayload.readBytes(NativeConstants.StringSelfDataType.STRING_LENENC);
                this.relyingPartyId = nativePacketPayload.readString(NativeConstants.StringSelfDataType.STRING_LENENC, "UTF-8");
                this.clientDataJson = String.format(CLIENT_DATA_JSON, Base64.getUrlEncoder().withoutPadding().encodeToString(this.challenge), this.relyingPartyId);
                try {
                    this.clientDataHash = MessageDigest.getInstance("SHA-256").digest(this.clientDataJson.getBytes(StandardCharsets.UTF_8));
                    list.add(new NativePacketPayload(new byte[]{1}));
                    this.stage = AuthStage.CREDENTIAL_ID;
                    return true;
                } catch (NoSuchAlgorithmException e) {
                    throw ExceptionFactory.createException(Messages.getString("AuthenticationWebAuthnClientPlugin.FaileMessageDigestSha256"), e);
                }
            case CREDENTIAL_ID:
                this.credentialId = nativePacketPayload.getPayloadLength() > 0 ? nativePacketPayload.readBytes(NativeConstants.StringSelfDataType.STRING_LENENC) : new byte[0];
                this.webAuthnAuthCallback = new WebAuthnAuthenticationCallback(this.clientDataHash, this.relyingPartyId, this.credentialId);
                this.webAuthnAuthenticationCallbackHandler.handle(this.webAuthnAuthCallback);
                int assertCount = this.webAuthnAuthCallback.getAssertCount();
                int i = 0;
                int i2 = 0;
                for (int i3 = 0; i3 < assertCount; i3++) {
                    i += this.webAuthnAuthCallback.getAuthenticatorData(i3).length;
                    i2 += this.webAuthnAuthCallback.getSignature(i3).length;
                }
                NativePacketPayload nativePacketPayload2 = new NativePacketPayload(1 + 1 + i + i2 + (2 * assertCount) + this.clientDataJson.length() + 1);
                nativePacketPayload2.writeInteger(NativeConstants.IntegerDataType.INT1, 2L);
                nativePacketPayload2.writeInteger(NativeConstants.IntegerDataType.INT_LENENC, assertCount);
                for (int i4 = 0; i4 < assertCount; i4++) {
                    byte[] authenticatorData = this.webAuthnAuthCallback.getAuthenticatorData(i4);
                    if (authenticatorData == null || authenticatorData.length == 0) {
                        throw ExceptionFactory.createException(Messages.getString("AuthenticationWebAuthnClientPlugin.InvalidAuthenticatorData"));
                    }
                    nativePacketPayload2.writeBytes(NativeConstants.StringSelfDataType.STRING_LENENC, authenticatorData);
                    byte[] signature = this.webAuthnAuthCallback.getSignature(i4);
                    if (signature == null || signature.length == 0) {
                        throw ExceptionFactory.createException(Messages.getString("AuthenticationWebAuthnClientPlugin.InvalidSignature"));
                    }
                    nativePacketPayload2.writeBytes(NativeConstants.StringSelfDataType.STRING_LENENC, signature);
                }
                nativePacketPayload2.writeBytes(NativeConstants.StringSelfDataType.STRING_LENENC, this.clientDataJson.getBytes(StandardCharsets.UTF_8));
                list.add(nativePacketPayload2);
                this.stage = AuthStage.FINISHED;
                return true;
            case FINISHED:
                throw ExceptionFactory.createException(Messages.getString("AuthenticationWebAuthnClientPlugin.AuthenticationFactorComplete"));
            default:
                return true;
        }
    }
}
