package org.postgresql.shaded.com.ongres.scram.client;

import com.sun.xml.wss.impl.config.ConfigurationConstants;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.postgresql.shaded.com.ongres.scram.common.ScramMechanism;
import org.postgresql.shaded.com.ongres.scram.common.ScramMechanisms;
import org.postgresql.shaded.com.ongres.scram.common.gssapi.Gs2CbindFlag;
import org.postgresql.shaded.com.ongres.scram.common.stringprep.StringPreparation;
import org.postgresql.shaded.com.ongres.scram.common.util.CryptoUtil;
import org.postgresql.shaded.com.ongres.scram.common.util.Preconditions;

/* loaded from: input_file:WEB-INF/lib/postgresql-42.2.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient.class */
public class ScramClient {
    public static final int DEFAULT_NONCE_LENGTH = 24;
    private final ChannelBinding channelBinding;
    private final StringPreparation stringPreparation;
    private final ScramMechanism scramMechanism;
    private final SecureRandom secureRandom;
    private final Supplier<String> nonceSupplier;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:WEB-INF/lib/postgresql-42.2.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$Builder.class */
    public static class Builder extends PreBuilder2 {
        private final Optional<ScramMechanism> nonChannelBindingMechanism;
        private final Optional<ScramMechanism> channelBindingMechanism;
        private SecureRandom secureRandom;
        private Supplier<String> nonceSupplier;
        private int nonceLength;

        private Builder(ChannelBinding channelBinding, StringPreparation stringPreparation, Optional<ScramMechanism> optional, Optional<ScramMechanism> optional2) {
            super(channelBinding, stringPreparation);
            this.secureRandom = new SecureRandom();
            this.nonceLength = 24;
            this.nonChannelBindingMechanism = optional;
            this.channelBindingMechanism = optional2;
        }

        public Builder secureRandomAlgorithmProvider(String str, String str2) throws IllegalArgumentException {
            Preconditions.checkNotNull(str, ConfigurationConstants.ALGORITHM_ATTRIBUTE_NAME);
            try {
                this.secureRandom = null == str2 ? SecureRandom.getInstance(str) : SecureRandom.getInstance(str, str2);
                return this;
            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new IllegalArgumentException("Invalid algorithm or provider", e);
            }
        }

        public Builder nonceSupplier(Supplier<String> supplier) throws IllegalArgumentException {
            this.nonceSupplier = (Supplier) Preconditions.checkNotNull(supplier, "nonceSupplier");
            return this;
        }

        public Builder nonceLength(int i) throws IllegalArgumentException {
            this.nonceLength = Preconditions.gt0(i, "length");
            return this;
        }

        public ScramClient setup() {
            return new ScramClient(this.channelBinding, this.stringPreparation, this.nonChannelBindingMechanism, this.channelBindingMechanism, this.secureRandom, this.nonceSupplier != null ? this.nonceSupplier : () -> {
                return CryptoUtil.nonce(this.nonceLength, this.secureRandom);
            });
        }
    }

    /* loaded from: input_file:WEB-INF/lib/postgresql-42.2.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$ChannelBinding.class */
    public enum ChannelBinding {
        NO(Gs2CbindFlag.CLIENT_NOT),
        YES(Gs2CbindFlag.CHANNEL_BINDING_REQUIRED),
        IF_SERVER_SUPPORTS_IT(Gs2CbindFlag.CLIENT_YES_SERVER_NOT);

        private final Gs2CbindFlag gs2CbindFlag;

        ChannelBinding(Gs2CbindFlag gs2CbindFlag) {
            this.gs2CbindFlag = gs2CbindFlag;
        }

        public Gs2CbindFlag gs2CbindFlag() {
            return this.gs2CbindFlag;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/postgresql-42.2.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$PreBuilder1.class */
    public static class PreBuilder1 {
        protected final ChannelBinding channelBinding;

        private PreBuilder1(ChannelBinding channelBinding) {
            this.channelBinding = channelBinding;
        }

        public PreBuilder2 stringPreparation(StringPreparation stringPreparation) throws IllegalArgumentException {
            return new PreBuilder2(this.channelBinding, (StringPreparation) Preconditions.checkNotNull(stringPreparation, "stringPreparation"));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/postgresql-42.2.5.jar:org/postgresql/shaded/com/ongres/scram/client/ScramClient$PreBuilder2.class */
    public static class PreBuilder2 extends PreBuilder1 {
        protected final StringPreparation stringPreparation;
        protected Optional<ScramMechanism> nonChannelBindingMechanism;
        protected Optional<ScramMechanism> channelBindingMechanism;

        private PreBuilder2(ChannelBinding channelBinding, StringPreparation stringPreparation) {
            super(channelBinding);
            this.nonChannelBindingMechanism = Optional.empty();
            this.channelBindingMechanism = Optional.empty();
            this.stringPreparation = stringPreparation;
        }

        public Builder selectMechanismBasedOnServerAdvertised(String... strArr) {
            Preconditions.checkArgument(null != strArr && strArr.length > 0, "serverMechanisms");
            this.nonChannelBindingMechanism = ScramMechanisms.selectMatchingMechanism(false, strArr);
            if (this.channelBinding == ChannelBinding.NO && !this.nonChannelBindingMechanism.isPresent()) {
                throw new IllegalArgumentException("Server does not support non channel binding mechanisms");
            }
            this.channelBindingMechanism = ScramMechanisms.selectMatchingMechanism(true, strArr);
            if (this.channelBinding == ChannelBinding.YES && !this.channelBindingMechanism.isPresent()) {
                throw new IllegalArgumentException("Server does not support channel binding mechanisms");
            }
            if (this.channelBindingMechanism.isPresent() || this.nonChannelBindingMechanism.isPresent()) {
                return new Builder(this.channelBinding, this.stringPreparation, this.nonChannelBindingMechanism, this.channelBindingMechanism);
            }
            throw new IllegalArgumentException("There are no matching mechanisms between client and server");
        }

        public Builder selectMechanismBasedOnServerAdvertisedCsv(String str) throws IllegalArgumentException {
            return selectMechanismBasedOnServerAdvertised(((String) Preconditions.checkNotNull(str, "serverMechanismsCsv")).split(","));
        }

        public Builder selectClientMechanism(ScramMechanism scramMechanism) {
            Preconditions.checkNotNull(scramMechanism, "scramMechanism");
            if (this.channelBinding == ChannelBinding.IF_SERVER_SUPPORTS_IT) {
                throw new IllegalArgumentException("If server selection is considered, no direct client selection should be performed");
            }
            if ((this.channelBinding != ChannelBinding.YES || scramMechanism.supportsChannelBinding()) && !(this.channelBinding == ChannelBinding.NO && scramMechanism.supportsChannelBinding())) {
                return scramMechanism.supportsChannelBinding() ? new Builder(this.channelBinding, this.stringPreparation, Optional.empty(), Optional.of(scramMechanism)) : new Builder(this.channelBinding, this.stringPreparation, Optional.of(scramMechanism), Optional.empty());
            }
            throw new IllegalArgumentException("Incompatible selection of mechanism and channel binding");
        }
    }

    private ScramClient(ChannelBinding channelBinding, StringPreparation stringPreparation, Optional<ScramMechanism> optional, Optional<ScramMechanism> optional2, SecureRandom secureRandom, Supplier<String> supplier) {
        if (!$assertionsDisabled && null == channelBinding) {
            throw new AssertionError("channelBinding");
        }
        if (!$assertionsDisabled && null == stringPreparation) {
            throw new AssertionError("stringPreparation");
        }
        if (!$assertionsDisabled && !optional.isPresent() && !optional2.isPresent()) {
            throw new AssertionError("Either a channel-binding or a non-binding mechanism must be present");
        }
        if (!$assertionsDisabled && null == secureRandom) {
            throw new AssertionError("secureRandom");
        }
        if (!$assertionsDisabled && null == supplier) {
            throw new AssertionError("nonceSupplier");
        }
        this.channelBinding = channelBinding;
        this.stringPreparation = stringPreparation;
        this.scramMechanism = optional.orElseGet(() -> {
            return (ScramMechanism) optional2.get();
        });
        this.secureRandom = secureRandom;
        this.nonceSupplier = supplier;
    }

    public static PreBuilder1 channelBinding(ChannelBinding channelBinding) throws IllegalArgumentException {
        return new PreBuilder1((ChannelBinding) Preconditions.checkNotNull(channelBinding, "channelBinding"));
    }

    public StringPreparation getStringPreparation() {
        return this.stringPreparation;
    }

    public ScramMechanism getScramMechanism() {
        return this.scramMechanism;
    }

    public static List<String> supportedMechanisms() {
        return (List) Arrays.stream(ScramMechanisms.values()).map(scramMechanisms -> {
            return scramMechanisms.getName();
        }).collect(Collectors.toList());
    }

    public ScramSession scramSession(String str) {
        return new ScramSession(this.scramMechanism, this.stringPreparation, Preconditions.checkNotEmpty(str, "user"), this.nonceSupplier.get());
    }

    static {
        $assertionsDisabled = !ScramClient.class.desiredAssertionStatus();
    }
}
