package pgconn

import (
	
	

	
)

// NewGSSFunc creates a GSS authentication provider, for use with
// RegisterGSSProvider.
type NewGSSFunc func() (GSS, error)

var newGSS NewGSSFunc

// RegisterGSSProvider registers a GSS authentication provider. For example, if
// you need to use Kerberos to authenticate with your server, add this to your
// main package:
//
//	import "github.com/otan/gopgkrb5"
//
//	func init() {
//		pgconn.RegisterGSSProvider(func() (pgconn.GSS, error) { return gopgkrb5.NewGSS() })
//	}
func ( NewGSSFunc) {
	newGSS = 
}

// GSS provides GSSAPI authentication (e.g., Kerberos).
type GSS interface {
	GetInitToken(host, service string) ([]byte, error)
	GetInitTokenFromSPN(spn string) ([]byte, error)
	Continue(inToken []byte) (done bool, outToken []byte, err error)
}

func ( *PgConn) () error {
	if newGSS == nil {
		return errors.New("kerberos error: no GSSAPI provider registered, see https://github.com/otan/gopgkrb5")
	}
	,  := newGSS()
	if  != nil {
		return 
	}

	var  []byte
	if .config.KerberosSpn != "" {
		// Use the supplied SPN if provided.
		,  = .GetInitTokenFromSPN(.config.KerberosSpn)
	} else {
		// Allow the kerberos service name to be overridden
		 := "postgres"
		if .config.KerberosSrvName != "" {
			 = .config.KerberosSrvName
		}
		,  = .GetInitToken(.config.Host, )
	}
	if  != nil {
		return 
	}

	for {
		 := &pgproto3.GSSResponse{
			Data: ,
		}
		.frontend.Send()
		 = .flushWithPotentialWriteReadDeadlock()
		if  != nil {
			return 
		}
		,  := .rxGSSContinue()
		if  != nil {
			return 
		}
		var  bool
		, ,  = .Continue(.Data)
		if  != nil {
			return 
		}
		if  {
			break
		}
	}
	return nil
}

func ( *PgConn) () (*pgproto3.AuthenticationGSSContinue, error) {
	,  := .receiveMessage()
	if  != nil {
		return nil, 
	}

	switch m := .(type) {
	case *pgproto3.AuthenticationGSSContinue:
		return , nil
	case *pgproto3.ErrorResponse:
		return nil, ErrorResponseToPgError()
	}

	return nil, fmt.Errorf("expected AuthenticationGSSContinue message but received unexpected message %T", )
}