package org.apache.doris.mysql;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
import org.apache.doris.analysis.UserIdentity;
import org.apache.doris.catalog.Env;
import org.apache.doris.cluster.ClusterNamespace;
import org.apache.doris.common.AuthenticationException;
import org.apache.doris.common.Config;
import org.apache.doris.common.DdlException;
import org.apache.doris.common.ErrorCode;
import org.apache.doris.common.ErrorReport;
import org.apache.doris.common.LdapConfig;
import org.apache.doris.datasource.CatalogIf;
import org.apache.doris.ldap.LdapAuthenticate;
import org.apache.doris.mysql.privilege.Auth;
import org.apache.doris.qe.ConnectContext;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:org/apache/doris/mysql/MysqlProto.class */
public class MysqlProto {
    private static final Logger LOG = LogManager.getLogger(MysqlProto.class);
    public static final boolean SERVER_USE_SSL = Config.enable_ssl;

    private static boolean authenticate(ConnectContext connectContext, byte[] bArr, byte[] bArr2, String str) {
        String remoteIp = connectContext.getMysqlChannel().getRemoteIp();
        ArrayList newArrayList = Lists.newArrayList();
        try {
            Env.getCurrentEnv().getAuth().checkPassword(str, remoteIp, bArr, bArr2, newArrayList);
            connectContext.setCurrentUserIdentity((UserIdentity) newArrayList.get(0));
            connectContext.setRemoteIP(remoteIp);
            return true;
        } catch (AuthenticationException e) {
            ErrorReport.report(e.errorCode, e.msgs);
            return false;
        }
    }

    private static String parseUser(ConnectContext connectContext, byte[] bArr, String str) {
        String str2 = bArr.length == 0 ? "NO" : "YES";
        String str3 = str;
        if (str3 == null || str3.isEmpty()) {
            ErrorReport.report(ErrorCode.ERR_ACCESS_DENIED_ERROR, "anonym@" + connectContext.getRemoteIP(), str2);
            return null;
        }
        connectContext.setCluster("default_cluster");
        String[] split = str3.split("#", 2);
        if (split.length > 1) {
            str3 = split[0];
        }
        String fullName = ClusterNamespace.getFullName("default_cluster", str3);
        connectContext.setQualifiedUser(fullName);
        return fullName;
    }

    public static void sendResponsePacket(ConnectContext connectContext) throws IOException {
        MysqlChannel mysqlChannel = connectContext.getMysqlChannel();
        MysqlSerializer serializer = mysqlChannel.getSerializer();
        MysqlPacket responsePacket = connectContext.getState().toResponsePacket();
        serializer.reset();
        responsePacket.writeTo(serializer);
        mysqlChannel.sendAndFlush(serializer.toByteBuffer());
    }

    private static boolean useLdapAuthenticate(String str) {
        return !str.equals("root") && !str.equals(Auth.ADMIN_USER) && LdapConfig.ldap_authentication_enabled && Env.getCurrentEnv().getAuth().getLdapManager().doesUserExist(str);
    }

    public static boolean negotiate(ConnectContext connectContext) throws IOException {
        ByteBuffer byteBuffer;
        MysqlChannel mysqlChannel = connectContext.getMysqlChannel();
        MysqlSerializer serializer = mysqlChannel.getSerializer();
        connectContext.getState().setOk();
        serializer.reset();
        MysqlHandshakePacket mysqlHandshakePacket = new MysqlHandshakePacket(connectContext.getConnectionId());
        mysqlHandshakePacket.writeTo(serializer);
        try {
            mysqlChannel.sendAndFlush(serializer.toByteBuffer());
            ByteBuffer fetchOnePacket = mysqlChannel.fetchOnePacket();
            MysqlCapability mysqlCapability = new MysqlCapability(readLowestInt4(fetchOnePacket));
            if (mysqlCapability.isClientUseSsl()) {
                LOG.debug("client is using ssl connection.");
                if (SERVER_USE_SSL) {
                    LOG.debug("server is also using ssl connection. Will use ssl mode for data exchange.");
                    MysqlSslContext mysqlSslContext = connectContext.getMysqlSslContext();
                    mysqlSslContext.init();
                    mysqlChannel.initSslBuffer();
                    if (fetchOnePacket == null) {
                        return false;
                    }
                    if (!new MysqlSslPacket().readFrom(fetchOnePacket)) {
                        ErrorReport.report(ErrorCode.ERR_NOT_SUPPORTED_AUTH_MODE, new Object[0]);
                        sendResponsePacket(connectContext);
                        return false;
                    }
                    try {
                        mysqlChannel.setSslHandshaking(true);
                        if (!mysqlSslContext.sslExchange(mysqlChannel)) {
                            ErrorReport.report(ErrorCode.ERR_NOT_SUPPORTED_AUTH_MODE, new Object[0]);
                            sendResponsePacket(connectContext);
                            return false;
                        }
                        mysqlChannel.setSslMode(true);
                        LOG.debug("switch to ssl mode.");
                        byteBuffer = mysqlChannel.fetchOnePacket();
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                } else {
                    byteBuffer = fetchOnePacket;
                }
            } else {
                byteBuffer = fetchOnePacket;
            }
            if (byteBuffer == null) {
                return false;
            }
            if (mysqlCapability.isDeprecatedEOF()) {
                connectContext.getMysqlChannel().setClientDeprecatedEOF();
            }
            MysqlAuthPacket mysqlAuthPacket = new MysqlAuthPacket();
            if (!mysqlAuthPacket.readFrom(byteBuffer)) {
                ErrorReport.report(ErrorCode.ERR_NOT_SUPPORTED_AUTH_MODE, new Object[0]);
                sendResponsePacket(connectContext);
                return false;
            }
            if (!MysqlCapability.isCompatible(connectContext.getServerCapability(), mysqlAuthPacket.getCapability())) {
                ErrorReport.report(ErrorCode.ERR_NOT_SUPPORTED_AUTH_MODE, new Object[0]);
                sendResponsePacket(connectContext);
                return false;
            }
            connectContext.setCapability(connectContext.getServerCapability());
            serializer.setCapability(connectContext.getCapability());
            String parseUser = parseUser(connectContext, mysqlAuthPacket.getAuthResponse(), mysqlAuthPacket.getUser());
            if (parseUser == null) {
                sendResponsePacket(connectContext);
                return false;
            }
            try {
                if (useLdapAuthenticate(parseUser)) {
                    LOG.debug("user:{} start to ldap authenticate.", parseUser);
                    serializer.reset();
                    new MysqlAuthSwitchPacket().writeTo(serializer);
                    mysqlChannel.sendAndFlush(serializer.toByteBuffer());
                    ByteBuffer fetchOnePacket2 = mysqlChannel.fetchOnePacket();
                    if (fetchOnePacket2 == null) {
                        return false;
                    }
                    MysqlClearTextPacket mysqlClearTextPacket = new MysqlClearTextPacket();
                    if (!mysqlClearTextPacket.readFrom(fetchOnePacket2)) {
                        ErrorReport.report(ErrorCode.ERR_NOT_SUPPORTED_AUTH_MODE, new Object[0]);
                        sendResponsePacket(connectContext);
                        return false;
                    }
                    if (!LdapAuthenticate.authenticate(connectContext, mysqlClearTextPacket.getPassword(), parseUser)) {
                        sendResponsePacket(connectContext);
                        return false;
                    }
                } else {
                    if (mysqlAuthPacket.getCapability().isPluginAuth() && !mysqlHandshakePacket.checkAuthPluginSameAsDoris(mysqlAuthPacket.getPluginName())) {
                        serializer.reset();
                        mysqlHandshakePacket.buildAuthSwitchRequest(serializer);
                        mysqlChannel.sendAndFlush(serializer.toByteBuffer());
                        ByteBuffer fetchOnePacket3 = mysqlChannel.fetchOnePacket();
                        if (fetchOnePacket3 == null) {
                            return false;
                        }
                        mysqlAuthPacket.setAuthResponse(readEofString(fetchOnePacket3));
                    }
                    byte[] authPluginData = mysqlHandshakePacket.getAuthPluginData();
                    if (Config.proxy_auth_enable && mysqlAuthPacket.getRandomString() != null) {
                        authPluginData = mysqlAuthPacket.getRandomString();
                    }
                    if (!authenticate(connectContext, mysqlAuthPacket.getAuthResponse(), authPluginData, parseUser)) {
                        sendResponsePacket(connectContext);
                        return false;
                    }
                }
                String db = mysqlAuthPacket.getDb();
                if (!Strings.isNullOrEmpty(db)) {
                    String str = null;
                    String str2 = null;
                    String[] split = db.split("\\.");
                    if (split.length == 1) {
                        str2 = db;
                    } else if (split.length == 2) {
                        str = split[0];
                        str2 = split[1];
                    } else if (split.length > 2) {
                        connectContext.getState().setError(ErrorCode.ERR_BAD_DB_ERROR, "Only one dot can be in the name: " + db);
                        return false;
                    }
                    String fullName = ClusterNamespace.getFullName(connectContext.getClusterName(), str2);
                    if (str != null) {
                        CatalogIf catalogNullable = connectContext.getEnv().getCatalogMgr().getCatalogNullable(str);
                        if (catalogNullable == null) {
                            connectContext.getState().setError(ErrorCode.ERR_BAD_DB_ERROR, "No match catalog in doris: " + db);
                            return false;
                        }
                        if (catalogNullable.getDbNullable(fullName) == null) {
                            connectContext.getState().setError(ErrorCode.ERR_BAD_DB_ERROR, "No match database in doris: " + db);
                            return false;
                        }
                    }
                    if (str != null) {
                        try {
                            connectContext.getEnv().changeCatalog(connectContext, str);
                        } catch (DdlException e2) {
                            connectContext.getState().setError(e2.getMysqlErrorCode(), e2.getMessage());
                            sendResponsePacket(connectContext);
                            return false;
                        }
                    }
                    Env.getCurrentEnv().changeDb(connectContext, fullName);
                }
                connectContext.setResourceTags(Env.getCurrentEnv().getAuth().getResourceTags(parseUser));
                return true;
            } catch (Exception e3) {
                LOG.warn("Check if user exists in ldap error.", e3);
                sendResponsePacket(connectContext);
                return false;
            }
        } catch (IOException e4) {
            LOG.debug("Send and flush channel exception, ignore.", e4);
            return false;
        }
    }

    public static byte readByte(ByteBuffer byteBuffer) {
        return byteBuffer.get();
    }

    public static byte readByteAt(ByteBuffer byteBuffer, int i) {
        return byteBuffer.get(i);
    }

    public static int readInt1(ByteBuffer byteBuffer) {
        return readByte(byteBuffer) & 255;
    }

    public static int readInt2(ByteBuffer byteBuffer) {
        return (readByte(byteBuffer) & 255) | ((readByte(byteBuffer) & 255) << 8);
    }

    public static int readInt3(ByteBuffer byteBuffer) {
        return (readByte(byteBuffer) & 255) | ((readByte(byteBuffer) & 255) << 8) | ((readByte(byteBuffer) & 255) << 16);
    }

    public static int readLowestInt4(ByteBuffer byteBuffer) {
        return (readByteAt(byteBuffer, 0) & 255) | ((readByteAt(byteBuffer, 1) & 255) << 8) | ((readByteAt(byteBuffer, 2) & 255) << 16) | ((readByteAt(byteBuffer, 3) & 255) << 24);
    }

    public static int readInt4(ByteBuffer byteBuffer) {
        return (readByte(byteBuffer) & 255) | ((readByte(byteBuffer) & 255) << 8) | ((readByte(byteBuffer) & 255) << 16) | ((readByte(byteBuffer) & 255) << 24);
    }

    public static long readInt6(ByteBuffer byteBuffer) {
        return (readInt4(byteBuffer) & 4294967295L) | (readInt2(byteBuffer) << 32);
    }

    public static long readInt8(ByteBuffer byteBuffer) {
        return (readInt4(byteBuffer) & 4294967295L) | (readInt4(byteBuffer) << 32);
    }

    public static long readVInt(ByteBuffer byteBuffer) {
        int readInt1 = readInt1(byteBuffer);
        if (readInt1 < 251) {
            return readInt1;
        }
        if (readInt1 == 252) {
            return readInt2(byteBuffer);
        }
        if (readInt1 == 253) {
            return readInt3(byteBuffer);
        }
        if (readInt1 == 254) {
            return readInt8(byteBuffer);
        }
        if (readInt1 == 251) {
            throw new NullPointerException();
        }
        return 0L;
    }

    public static byte[] readFixedString(ByteBuffer byteBuffer, int i) {
        byte[] bArr = new byte[i];
        byteBuffer.get(bArr);
        return bArr;
    }

    public static byte[] readEofString(ByteBuffer byteBuffer) {
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr);
        return bArr;
    }

    public static byte[] readLenEncodedString(ByteBuffer byteBuffer) {
        byte[] bArr = new byte[(int) readVInt(byteBuffer)];
        byteBuffer.get(bArr);
        return bArr;
    }

    public static byte[] readNulTerminateString(ByteBuffer byteBuffer) {
        int position = byteBuffer.position();
        int i = position;
        while (i < byteBuffer.limit() && byteBuffer.get(i) != 0) {
            i++;
        }
        byte[] bArr = new byte[i - position];
        byteBuffer.get(bArr);
        byteBuffer.get();
        return bArr;
    }
}
