package org.postgresql.gss;

import java.io.IOException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.Callable;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.postgresql.core.PGStream;
import org.postgresql.util.GT;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
import org.postgresql.util.ServerErrorMessage;

/* loaded from: input_file:libraries/datasets-backend-jar-with-dependencies.jar:org/postgresql/gss/GssAction.class */
class GssAction implements PrivilegedAction<Exception>, Callable<Exception> {
    private static final Logger LOGGER = Logger.getLogger(GssAction.class.getName());
    private final PGStream pgStream;
    private final String host;
    private final String kerberosServerName;
    private final String user;
    private final boolean useSpnego;
    private final Subject subject;
    private final boolean logServerErrorDetail;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GssAction(PGStream pGStream, Subject subject, String str, String str2, String str3, boolean z, boolean z2) {
        this.pgStream = pGStream;
        this.subject = subject;
        this.host = str;
        this.user = str2;
        this.kerberosServerName = str3;
        this.useSpnego = z;
        this.logServerErrorDetail = z2;
    }

    private static boolean hasSpnegoSupport(GSSManager gSSManager) throws GSSException {
        Oid oid = new Oid("1.3.6.1.5.5.2");
        for (Oid oid2 : gSSManager.getMechs()) {
            if (oid2.equals(oid)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.security.PrivilegedAction
    public Exception run() {
        GSSCredential gSSCredential;
        Set privateCredentials;
        try {
            GSSManager gSSManager = GSSManager.getInstance();
            Oid[] oidArr = new Oid[1];
            GSSCredential gSSCredential2 = null;
            if (this.subject != null && (privateCredentials = this.subject.getPrivateCredentials(GSSCredential.class)) != null && !privateCredentials.isEmpty()) {
                gSSCredential2 = (GSSCredential) privateCredentials.iterator().next();
            }
            if (gSSCredential2 == null) {
                if (this.useSpnego && hasSpnegoSupport(gSSManager)) {
                    oidArr[0] = new Oid("1.3.6.1.5.5.2");
                } else {
                    oidArr[0] = new Oid("1.2.840.113554.1.2.2");
                }
                String str = this.user;
                if (this.subject != null) {
                    Iterator<Principal> it = this.subject.getPrincipals().iterator();
                    if (it.hasNext()) {
                        str = it.next().getName();
                    }
                }
                gSSCredential = gSSManager.createCredential(gSSManager.createName(str, GSSName.NT_USER_NAME), 28800, oidArr, 1);
            } else {
                oidArr[0] = new Oid("1.2.840.113554.1.2.2");
                gSSCredential = gSSCredential2;
            }
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.kerberosServerName + "@" + this.host, GSSName.NT_HOSTBASED_SERVICE), oidArr[0], gSSCredential, 0);
            createContext.requestMutualAuth(true);
            byte[] bArr = new byte[0];
            boolean z = false;
            while (!z) {
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                if (initSecContext != null) {
                    LOGGER.log(Level.FINEST, " FE=> Password(GSS Authentication Token)");
                    this.pgStream.sendChar(112);
                    this.pgStream.sendInteger4(4 + initSecContext.length);
                    this.pgStream.send(initSecContext);
                    this.pgStream.flush();
                }
                if (createContext.isEstablished()) {
                    z = true;
                } else {
                    switch (this.pgStream.receiveChar()) {
                        case 69:
                            ServerErrorMessage serverErrorMessage = new ServerErrorMessage(this.pgStream.receiveErrorString(this.pgStream.receiveInteger4() - 4));
                            LOGGER.log(Level.FINEST, " <=BE ErrorMessage({0})", serverErrorMessage);
                            return new PSQLException(serverErrorMessage, this.logServerErrorDetail);
                        case 82:
                            LOGGER.log(Level.FINEST, " <=BE AuthenticationGSSContinue");
                            int receiveInteger4 = this.pgStream.receiveInteger4();
                            this.pgStream.receiveInteger4();
                            bArr = this.pgStream.receive(receiveInteger4 - 8);
                            break;
                        default:
                            return new PSQLException(GT.tr("Protocol error.  Session setup failed.", new Object[0]), PSQLState.CONNECTION_UNABLE_TO_CONNECT);
                    }
                }
            }
            return null;
        } catch (GSSException e) {
            return new PSQLException(GT.tr("GSS Authentication failed", new Object[0]), PSQLState.CONNECTION_FAILURE, e);
        } catch (IOException e2) {
            return e2;
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public Exception call() throws Exception {
        return run();
    }
}
