package org.postgresql.gss;

import java.io.IOException;
import java.security.PrivilegedAction;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;
import org.postgresql.core.Logger;
import org.postgresql.core.PGStream;
import org.postgresql.util.GT;
import org.postgresql.util.PSQLException;
import org.postgresql.util.PSQLState;
import org.postgresql.util.ServerErrorMessage;

/* JADX WARN: Classes with same name are omitted:
  input_file:postgresql-42.2.19.jar:org/postgresql/gss/GssAction.class
 */
/* compiled from: MakeGSS.java */
/* loaded from: input_file:org.postgresql-9.1.901.jdbc4.1-rc9.jar:org/postgresql/gss/GssAction.class */
class GssAction implements PrivilegedAction {
    private final PGStream pgStream;
    private final String host;
    private final String user;
    private final String password;
    private final String kerberosServerName;
    private final Logger logger;

    public GssAction(PGStream pGStream, String str, String str2, String str3, String str4, Logger logger) {
        this.pgStream = pGStream;
        this.host = str;
        this.user = str2;
        this.password = str3;
        this.kerberosServerName = str4;
        this.logger = logger;
    }

    @Override // java.security.PrivilegedAction
    public Object run() {
        try {
            Oid[] oidArr = {new Oid("1.2.840.113554.1.2.2")};
            GSSManager gSSManager = GSSManager.getInstance();
            GSSContext createContext = gSSManager.createContext(gSSManager.createName(this.kerberosServerName + "@" + this.host, GSSName.NT_HOSTBASED_SERVICE), oidArr[0], gSSManager.createCredential(gSSManager.createName(this.user, GSSName.NT_USER_NAME), 28800, oidArr, 1), 0);
            createContext.requestMutualAuth(true);
            byte[] bArr = new byte[0];
            boolean z = false;
            while (!z) {
                byte[] initSecContext = createContext.initSecContext(bArr, 0, bArr.length);
                if (initSecContext != null) {
                    if (this.logger.logDebug()) {
                        this.logger.debug(" FE=> Password(GSS Authentication Token)");
                    }
                    this.pgStream.SendChar(112);
                    this.pgStream.SendInteger4(4 + initSecContext.length);
                    this.pgStream.Send(initSecContext);
                    this.pgStream.flush();
                }
                if (createContext.isEstablished()) {
                    z = true;
                } else {
                    int ReceiveChar = this.pgStream.ReceiveChar();
                    if (ReceiveChar == 69) {
                        ServerErrorMessage serverErrorMessage = new ServerErrorMessage(this.pgStream.ReceiveString(this.pgStream.ReceiveInteger4() - 4), this.logger.getLogLevel());
                        if (this.logger.logDebug()) {
                            this.logger.debug(" <=BE ErrorMessage(" + serverErrorMessage + ")");
                        }
                        return new PSQLException(serverErrorMessage);
                    }
                    if (ReceiveChar != 82) {
                        return new PSQLException(GT.tr("Protocol error.  Session setup failed."), PSQLState.CONNECTION_UNABLE_TO_CONNECT);
                    }
                    if (this.logger.logDebug()) {
                        this.logger.debug(" <=BE AuthenticationGSSContinue");
                    }
                    int ReceiveInteger4 = this.pgStream.ReceiveInteger4();
                    this.pgStream.ReceiveInteger4();
                    bArr = this.pgStream.Receive(ReceiveInteger4 - 8);
                }
            }
            return null;
        } catch (GSSException e) {
            return new PSQLException(GT.tr("GSS Authentication failed"), PSQLState.CONNECTION_FAILURE, e);
        } catch (IOException e2) {
            return e2;
        }
    }
}
