package com.google.cloud.spanner.pgadapter.wireprotocol;

import com.google.api.client.util.PemReader;
import com.google.api.client.util.Strings;
import com.google.api.core.InternalApi;
import com.google.auth.Credentials;
import com.google.auth.oauth2.AccessToken;
import com.google.auth.oauth2.GoogleCredentials;
import com.google.auth.oauth2.OAuth2Credentials;
import com.google.auth.oauth2.ServiceAccountCredentials;
import com.google.cloud.spanner.pgadapter.ConnectionHandler;
import com.google.cloud.spanner.pgadapter.error.PGException;
import com.google.cloud.spanner.pgadapter.error.SQLState;
import com.google.cloud.spanner.pgadapter.error.Severity;
import com.google.cloud.spanner.pgadapter.wireoutput.ErrorResponse;
import com.google.cloud.spanner.pgadapter.wireoutput.TerminateResponse;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.text.MessageFormat;
import java.util.Date;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.openssl.PEMParser;
import org.postgresql.jdbc.EscapedFunctions;

@InternalApi
/* loaded from: input_file:com/google/cloud/spanner/pgadapter/wireprotocol/PasswordMessage.class */
public class PasswordMessage extends ControlMessage {
    private static final String USER_KEY = "user";
    protected static final char IDENTIFIER = 'p';
    private final Map<String, String> parameters;
    private final String username;
    private final String password;

    public PasswordMessage(ConnectionHandler connectionHandler, Map<String, String> map) throws Exception {
        super(connectionHandler);
        this.parameters = map;
        this.username = map.get("user");
        this.password = readAll();
    }

    @Override // com.google.cloud.spanner.pgadapter.wireprotocol.WireMessage
    protected void sendPayload() throws Exception {
        if (!useAuthentication()) {
            new ErrorResponse(this.connection, PGException.newBuilder("Received PasswordMessage while authentication is disabled.").setSQLState(SQLState.ProtocolViolation).setSeverity(Severity.ERROR).build()).send(false);
            new TerminateResponse(this.outputStream).send();
            return;
        }
        Credentials checkCredentials = checkCredentials(this.username, this.password);
        if (checkCredentials != null) {
            StartupMessage.createConnectionAndSendStartupMessage(this.connection, this.parameters.get(EscapedFunctions.DATABASE), this.parameters, checkCredentials);
        } else {
            new ErrorResponse(this.connection, PGException.newBuilder("Invalid credentials received.").setHints("PGAdapter expects credentials to be one of the following:\n1. Username contains the fixed string 'oauth2' and the password field contains a valid OAuth2 token.\n2. Username contains any string and the password field contains the JSON payload of a credentials file (e.g. a service account file).\n3. Username contains the email address of a service account and the password contains the corresponding private key for the service account.").setSQLState(SQLState.InvalidPassword).setSeverity(Severity.ERROR).build()).send(false);
            new TerminateResponse(this.outputStream).send();
        }
    }

    private boolean useAuthentication() {
        return this.connection.getServer().getOptions().shouldAuthenticate();
    }

    private Credentials checkCredentials(String str, String str2) {
        if (Strings.isNullOrEmpty(str2)) {
            return null;
        }
        if (!Strings.isNullOrEmpty(str) && str.indexOf(64) > -1) {
            try {
                String replace = str2.replace("\\n", StringUtils.LF);
                if (PemReader.readFirstSectionAndClose(new StringReader(replace), PEMParser.TYPE_PRIVATE_KEY) != null) {
                    return ServiceAccountCredentials.fromPkcs8(null, str, replace, null, null);
                }
            } catch (IOException e) {
            }
        }
        if (!Strings.isNullOrEmpty(str) && str.equalsIgnoreCase("oauth2")) {
            return OAuth2Credentials.create(new AccessToken(str2, (Date) null));
        }
        try {
            return GoogleCredentials.fromStream(new ByteArrayInputStream(str2.getBytes(StandardCharsets.UTF_8)));
        } catch (IOException e2) {
            return null;
        }
    }

    @Override // com.google.cloud.spanner.pgadapter.wireprotocol.WireMessage
    protected String getMessageName() {
        return "Password Exchange";
    }

    @Override // com.google.cloud.spanner.pgadapter.wireprotocol.WireMessage
    protected String getPayloadString() {
        return new MessageFormat("Length: {0}, Username: {1}, Password: {2}").format(new Object[]{Integer.valueOf(this.length), this.username, this.password});
    }

    @Override // com.google.cloud.spanner.pgadapter.wireprotocol.WireMessage
    public String getIdentifier() {
        return String.valueOf('p');
    }

    public String getUsername() {
        return this.username;
    }

    public String getPassword() {
        return this.password;
    }
}
