package org.postgresql.gss;

import java.io.IOException;
import java.security.PrivilegedAction;
import java.util.logging.Level;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.postgresql.core.PGStream;
import org.postgresql.util.GT;
import org.postgresql.util.LOGGER;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
import org.postgresql.util.ServerErrorMessage;
import org.postgresql.util.TraceLogger;
import org.postgresql.util.Word;

/* loaded from: input_file:org/postgresql/gss/GssAction.class */
class GssAction implements PrivilegedAction<Exception> {
    private final PGStream pgStream;
    private final String _host;
    private final String user;
    private final String kerberosServerName;
    private final boolean useSpnego;
    private final GSSCredential clientCredentials;
    private final boolean logServerErrorDetail;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssAction(PGStream pGStream, GSSCredential gSSCredential, String str, String str2, String str3, boolean z, boolean z2) {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        this.pgStream = pGStream;
        this.clientCredentials = gSSCredential;
        this._host = str;
        this.user = str2;
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        this.kerberosServerName = str3;
        this.useSpnego = z;
        this.logServerErrorDetail = z2;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.security.PrivilegedAction
    public Exception run() {
        GSSCredential gSSCredential;
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            Oid[] oidArr = new Oid[1];
            if (this.clientCredentials == null) {
                TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                if (this.useSpnego && hasSpnegoSupport(gSSManager)) {
                    TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                    oidArr[0] = new Oid("1.3.6.1.5.5.2");
                } else {
                    TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                    oidArr[0] = new Oid("1.2.840.113554.1.2.2");
                }
                gSSCredential = gSSManager.createCredential(gSSManager.createName(this.user, GSSName.NT_USER_NAME), 28800, oidArr, 1);
            } else {
                TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                oidArr[0] = new Oid("1.2.840.113554.1.2.2");
                gSSCredential = this.clientCredentials;
            }
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.kerberosServerName + "@" + this._host, GSSName.NT_HOSTBASED_SERVICE), oidArr[0], gSSCredential, 0);
            createContext.requestMutualAuth(true);
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            byte[] bArr = new byte[0];
            boolean z = false;
            while (!z) {
                TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                if (initSecContext != null) {
                    TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                    LOGGER.log(Level.FINEST, " FE=> Password(GSS Authentication Token)", new Object[0]);
                    this.pgStream.sendChar(Word.SET);
                    this.pgStream.sendInteger4(4 + initSecContext.length);
                    this.pgStream.send(initSecContext);
                    this.pgStream.flush();
                }
                if (createContext.isEstablished()) {
                    TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                    z = true;
                } else {
                    TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                    switch (this.pgStream.receiveChar()) {
                        case 69:
                            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                            ServerErrorMessage serverErrorMessage = new ServerErrorMessage(this.pgStream.receiveErrorString(this.pgStream.receiveInteger4() - 4), (String) null);
                            LOGGER.log(Level.FINEST, " <=BE ErrorMessage({0})", serverErrorMessage);
                            return new PSQLException(serverErrorMessage, this.logServerErrorDetail);
                        case 82:
                            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                            LOGGER.log(Level.FINEST, " <=BE AuthenticationGSSContinue", new Object[0]);
                            int receiveInteger4 = this.pgStream.receiveInteger4();
                            this.pgStream.receiveInteger4();
                            bArr = this.pgStream.receive(receiveInteger4 - 8);
                            break;
                        default:
                            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                            return new PSQLException(GT.tr("ProtextOutputCallbackol _error.  Session setup failed.", new Object[0]), PSQLState.CONNECTION_UNABLE_TO_CONNECT);
                    }
                }
            }
            return null;
        } catch (GSSException e) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            return new PSQLException(GT.tr("GSS Authentication failed", new Object[0]), PSQLState.CONNECTION_FAILURE, e);
        } catch (IOException e2) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            return e2;
        }
    }

    private static boolean hasSpnegoSupport(GSSManager gSSManager) throws GSSException {
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        Oid oid = new Oid("1.3.6.1.5.5.2");
        for (Oid oid2 : gSSManager.getMechs()) {
            TraceLogger.logLineInfo(Level.ALL, "lineInfo");
            if (oid2.equals(oid)) {
                TraceLogger.logLineInfo(Level.ALL, "lineInfo");
                return true;
            }
        }
        TraceLogger.logLineInfo(Level.ALL, "lineInfo");
        return false;
    }
}
