package com.exasol.jdbc;

import com.sun.jna.Platform;
import com.sun.jna.platform.win32.Sspi;
import com.sun.jna.platform.win32.Win32Exception;
import java.io.IOException;
import java.sql.SQLException;
import waffle.windows.auth.IWindowsCredentialsHandle;
import waffle.windows.auth.impl.WindowsCredentialsHandleImpl;
import waffle.windows.auth.impl.WindowsSecurityContextImpl;

/* loaded from: input_file:drivers/exasol/exasol-jdbc-6.1.0.jar:com/exasol/jdbc/SSPIClient.class */
public class SSPIClient {
    private EXAConnection connection;
    private IWindowsCredentialsHandle clientCredentials;
    private WindowsSecurityContextImpl sspiContext;
    private String targetName;

    public SSPIClient(EXAConnection eXAConnection) {
        this.connection = eXAConnection;
    }

    public boolean isSSPISupported() {
        try {
            if (Platform.isWindows()) {
                Class.forName("waffle.windows.auth.impl.WindowsSecurityContextImpl");
                return true;
            }
            this.connection.log("SSPI supported only on Windows.");
            return false;
        } catch (ClassNotFoundException e) {
            this.connection.log("SSPI unavailable (no Waffle/JNA libraries?)" + e.getMessage());
            return false;
        } catch (NoClassDefFoundError e2) {
            this.connection.log("SSPI not available. Please make shure that the Waffle/JNA libraries are in the classpath." + e2.getMessage());
            return false;
        }
    }

    public void startSSPI() throws SQLException, IOException {
        this.connection.log("Begin SSPI negotiation with package: kerberos");
        try {
            this.clientCredentials = WindowsCredentialsHandleImpl.getCurrent("kerberos");
            this.clientCredentials.initialize();
            try {
                this.targetName = this.connection.getKerberosTargetNameSSPI();
                this.connection.log("SSPI target name: " + this.targetName);
                this.sspiContext = new WindowsSecurityContextImpl();
                this.sspiContext.setPrincipalName(this.targetName);
                this.sspiContext.setCredentialsHandle(this.clientCredentials.getHandle());
                this.sspiContext.setSecurityPackage("kerberos");
                this.sspiContext.initialize((Sspi.CtxtHandle) null, (Sspi.SecBufferDesc) null, this.targetName);
                if (null != sendSSPIResponse(this.sspiContext.getToken())) {
                    throw new ProtocolException(Translator.Connection_refused() + " Unsexpected response from server.");
                }
                this.connection.getAttributes();
            } catch (Win32Exception e) {
                throw new SQLException("Cannot initialize SSPI security context. " + e.getMessage());
            }
        } catch (Win32Exception e2) {
            throw new SQLException("Cannot get Windows SSPI credentials." + e2.getMessage());
        }
    }

    public void continueSSPI(int i) throws SQLException, IOException {
        if (this.sspiContext == null) {
            throw new IllegalStateException("Cannot continue SSPI authentication that we didn't begin");
        }
        this.connection.log("Continuing SSPI negotiation");
        this.sspiContext.initialize(this.sspiContext.getHandle(), new Sspi.SecBufferDesc(2, (byte[]) null), this.targetName);
        byte[] token = this.sspiContext.getToken();
        if (token.length > 0) {
            sendSSPIResponse(token);
        } else {
            this.connection.log("SSPI authentication done.");
        }
    }

    private byte[] sendSSPIResponse(byte[] bArr) throws SQLException {
        byte[] bArr2 = null;
        if (bArr != null) {
            try {
                bArr2 = this.connection.exchangeTicket(bArr);
            } catch (SQLException e) {
                throw e;
            }
        }
        return bArr2;
    }

    public void dispose() {
        if (this.sspiContext != null) {
            this.sspiContext.dispose();
            this.sspiContext = null;
        }
        if (this.clientCredentials != null) {
            this.clientCredentials.dispose();
            this.clientCredentials = null;
        }
    }
}
