package org.postgresql.sspi;

import com.sun.jna.LastErrorException;
import com.sun.jna.Platform;
import com.sun.jna.platform.win32.Sspi;
import com.sun.jna.platform.win32.Win32Exception;
import java.io.IOException;
import java.sql.SQLException;
import org.postgresql.core.Logger;
import org.postgresql.core.PGStream;
import org.postgresql.util.HostSpec;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
import waffle.windows.auth.IWindowsCredentialsHandle;
import waffle.windows.auth.impl.WindowsCredentialsHandleImpl;
import waffle.windows.auth.impl.WindowsSecurityContextImpl;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/embedded/echobase-embedded-4.0.10.war:WEB-INF/lib/postgresql-9.4.1208.jre7.jar:org/postgresql/sspi/SSPIClient.class
  input_file:WEB-INF/lib/echobase-services-4.0.10.jar:embedded/postgresql-9.4.1208.jre7.jar:org/postgresql/sspi/SSPIClient.class
  input_file:WEB-INF/lib/postgresql-9.4.1208.jre7.jar:org/postgresql/sspi/SSPIClient.class
 */
/* loaded from: input_file:WEB-INF/classes/embedded/echobase-embedded-4.0.10.war:WEB-INF/lib/echobase-services-4.0.10.jar:embedded/postgresql-9.4.1208.jre7.jar:org/postgresql/sspi/SSPIClient.class */
public class SSPIClient {
    public static String SSPI_DEFAULT_SPN_SERVICE_CLASS = "POSTGRES";
    private final Logger logger;
    private final PGStream pgStream;
    private final String spnServiceClass;
    private final boolean enableNegotiate;
    private IWindowsCredentialsHandle clientCredentials;
    private WindowsSecurityContextImpl sspiContext;
    private String targetName;

    public SSPIClient(PGStream pGStream, String str, boolean z, Logger logger) {
        this.logger = logger;
        this.pgStream = pGStream;
        if (str != null && str.isEmpty()) {
            str = null;
        }
        this.spnServiceClass = str == null ? SSPI_DEFAULT_SPN_SERVICE_CLASS : str;
        this.enableNegotiate = z;
    }

    public boolean isSSPISupported() {
        try {
            if (Platform.isWindows()) {
                Class.forName("waffle.windows.auth.impl.WindowsSecurityContextImpl");
                return true;
            }
            this.logger.debug("SSPI not supported: non-Windows host");
            return false;
        } catch (ClassNotFoundException e) {
            if (!this.logger.logDebug()) {
                return false;
            }
            this.logger.debug("SSPI unavailable (no Waffle/JNA libraries?)", e);
            return false;
        } catch (NoClassDefFoundError e2) {
            if (!this.logger.logDebug()) {
                return false;
            }
            this.logger.debug("SSPI unavailable (no Waffle/JNA libraries?)", e2);
            return false;
        }
    }

    private String makeSPN() throws PSQLException {
        HostSpec hostSpec = this.pgStream.getHostSpec();
        try {
            return NTDSAPIWrapper.instance.DsMakeSpn(this.spnServiceClass, hostSpec.getHost(), null, (short) hostSpec.getPort(), null);
        } catch (LastErrorException e) {
            throw new PSQLException("SSPI setup failed to determine SPN", PSQLState.CONNECTION_UNABLE_TO_CONNECT, e);
        }
    }

    public void startSSPI() throws SQLException, IOException {
        String str = this.enableNegotiate ? "negotiate" : "kerberos";
        if (this.logger.logDebug()) {
            this.logger.debug("Beginning SSPI/Kerberos negotiation with SSPI package: " + str);
        }
        try {
            try {
                this.clientCredentials = WindowsCredentialsHandleImpl.getCurrent(str);
                this.clientCredentials.initialize();
                try {
                    this.targetName = makeSPN();
                    if (this.logger.logDebug()) {
                        this.logger.debug("SSPI target name: " + this.targetName);
                    }
                    this.sspiContext = new WindowsSecurityContextImpl();
                    this.sspiContext.setPrincipalName(this.targetName);
                    this.sspiContext.setCredentialsHandle(this.clientCredentials.getHandle());
                    this.sspiContext.setSecurityPackage(str);
                    this.sspiContext.initialize((Sspi.CtxtHandle) null, (Sspi.SecBufferDesc) null, this.targetName);
                    sendSSPIResponse(this.sspiContext.getToken());
                    this.logger.debug("Sent first SSPI negotiation message");
                } catch (Win32Exception e) {
                    throw new PSQLException("Could not initialize SSPI security context", PSQLState.CONNECTION_UNABLE_TO_CONNECT, e);
                }
            } catch (Win32Exception e2) {
                throw new PSQLException("Could not obtain local Windows credentials for SSPI", PSQLState.CONNECTION_UNABLE_TO_CONNECT, e2);
            }
        } catch (NoClassDefFoundError e3) {
            throw new PSQLException("SSPI cannot be used, Waffle or its dependencies are missing from the classpath", PSQLState.NOT_IMPLEMENTED, e3);
        }
    }

    public void continueSSPI(int i) throws SQLException, IOException {
        if (this.sspiContext == null) {
            throw new IllegalStateException("Cannot continue SSPI authentication that we didn't begin");
        }
        this.logger.debug("Continuing SSPI negotiation");
        this.sspiContext.initialize(this.sspiContext.getHandle(), new Sspi.SecBufferDesc(2, this.pgStream.Receive(i)), this.targetName);
        byte[] token = this.sspiContext.getToken();
        if (token.length <= 0) {
            this.logger.debug("SSPI authentication complete, no reply required");
        } else {
            sendSSPIResponse(token);
            this.logger.debug("Sent SSPI negotiation continuation message");
        }
    }

    private void sendSSPIResponse(byte[] bArr) throws IOException {
        this.pgStream.SendChar(112);
        this.pgStream.SendInteger4(4 + bArr.length);
        this.pgStream.Send(bArr);
        this.pgStream.flush();
    }

    public void dispose() {
        if (this.sspiContext != null) {
            this.sspiContext.dispose();
            this.sspiContext = null;
        }
        if (this.clientCredentials != null) {
            this.clientCredentials.dispose();
            this.clientCredentials = null;
        }
    }
}
