package com.sap.db.util.security;

import com.sap.db.annotations.NotThreadSafe;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.jdbc.packet.HAuthenticationPart;
import com.sap.db.jdbc.trace.Tracer;
import com.sap.db.util.AesCbc;
import com.sap.db.util.Base64Utils;
import com.sap.db.util.ByteUtils;
import com.sap.db.util.CSEBlockCipher;
import com.sap.db.util.CSECipherFactory;
import com.sap.db.util.CSEStreamCipher;
import com.sap.db.util.Cesu8Utils;
import com.sap.db.util.MessageKey;
import com.sap.db.util.RsaOaep;
import java.security.SecureRandom;
import java.sql.SQLException;
import java.util.Arrays;
import javax.crypto.spec.IvParameterSpec;

@NotThreadSafe
/* loaded from: input_file:com/sap/db/util/security/LDAPAuthentication.class */
class LDAPAuthentication extends AbstractAuthenticationMethod {
    static final String METHOD_NAME = "LDAP";
    private static final int CLIENT_NONCE_LENGTH = 64;
    private static final int CLIENT_NONCE_LENGTH_INDICATOR_LENGTH = HAuthenticationPart.getLengthIndicatorLength(64);
    private static final byte[] CAPABILITIES = {1, 0, 0, 0, 0, 0, 0, 0};
    private static final int CAPABILITIES_LENGTH = CAPABILITIES.length;
    private static final int CAPABILITIES_LENGTH_INDICATOR_LENGTH = HAuthenticationPart.getLengthIndicatorLength(CAPABILITIES_LENGTH);
    private static final int CLIENT_CHALLENGE_LENGTH = (((2 + CLIENT_NONCE_LENGTH_INDICATOR_LENGTH) + 64) + CAPABILITIES_LENGTH_INDICATOR_LENGTH) + CAPABILITIES_LENGTH;
    private static final int SESSION_KEY_LENGTH = 32;
    private byte[] _clientNonce;
    private byte[] _serverNonce;
    private String _serverPublicKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public String getMethodName() {
        return METHOD_NAME;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] getInitialData(byte[] bArr) throws SQLException {
        this._clientNonce = _fillRandom(new byte[64]);
        byte[] bArr2 = new byte[CLIENT_CHALLENGE_LENGTH];
        ByteUtils.putShort(2, bArr2, 0);
        int i = 0 + 2;
        HAuthenticationPart.putLengthIndicator(64, bArr2, i);
        int i2 = i + CLIENT_NONCE_LENGTH_INDICATOR_LENGTH;
        ByteUtils.putBytes(this._clientNonce, bArr2, i2);
        int i3 = i2 + 64;
        HAuthenticationPart.putLengthIndicator(CAPABILITIES_LENGTH, bArr2, i3);
        ByteUtils.putBytes(CAPABILITIES, bArr2, i3 + CAPABILITIES_LENGTH_INDICATOR_LENGTH);
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] getFinalData(String str) throws SQLException {
        int length = this._serverNonce.length;
        byte[] _fillRandom = _fillRandom(new byte[32]);
        byte[] bArr = new byte[32 + length];
        ByteUtils.putBytes(_fillRandom, bArr, 0);
        ByteUtils.putBytes(this._serverNonce, bArr, 32);
        CSEStreamCipher streamCipher = CSECipherFactory.getStreamCipher(RsaOaep.HANA_ALGORITHM_NAME);
        byte[] encrypt = streamCipher.encrypt(streamCipher.generatePublicKeyFromBytes(Base64Utils.decodePublicKey(this._serverPublicKey), RsaOaep.HANA_ALGORITHM_NAME), bArr);
        int length2 = encrypt.length;
        int lengthIndicatorLength = HAuthenticationPart.getLengthIndicatorLength(length2);
        byte[] bytes = Cesu8Utils.getBytes(str);
        int length3 = bytes.length;
        byte[] bArr2 = new byte[length3 + 1 + length];
        ByteUtils.putBytes(bytes, bArr2, 0);
        ByteUtils.putByte(0, bArr2, length3);
        ByteUtils.putBytes(this._serverNonce, bArr2, length3 + 1);
        CSEBlockCipher blockCipher = CSECipherFactory.getBlockCipher(AesCbc.HANA_ALGORITHM_NAME);
        byte[] encrypt2 = blockCipher.encrypt(blockCipher.getKey(_fillRandom, AesCbc.HANA_ALGORITHM_NAME), bArr2, new IvParameterSpec(this._serverNonce, 0, 16));
        int length4 = encrypt2.length;
        int lengthIndicatorLength2 = HAuthenticationPart.getLengthIndicatorLength(length4);
        byte[] bArr3 = new byte[2 + lengthIndicatorLength + length2 + lengthIndicatorLength2 + length4];
        ByteUtils.putShort(2, bArr3, 0);
        int i = 0 + 2;
        HAuthenticationPart.putLengthIndicator(length2, bArr3, i);
        int i2 = i + lengthIndicatorLength;
        ByteUtils.putBytes(encrypt, bArr3, i2);
        int i3 = i2 + length2;
        HAuthenticationPart.putLengthIndicator(length4, bArr3, i3);
        ByteUtils.putBytes(encrypt2, bArr3, i3 + lengthIndicatorLength2);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] evaluateAuthenticateReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        HAuthenticationPart hAuthenticationPart2 = new HAuthenticationPart(hAuthenticationPart);
        _nextField(hAuthenticationPart2);
        if (!Arrays.equals(hAuthenticationPart2.getValueAsBytes(), this._clientNonce)) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        _nextField(hAuthenticationPart2);
        this._serverNonce = hAuthenticationPart2.getValueAsBytes();
        if (_isZeros(this._serverNonce)) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        _nextField(hAuthenticationPart2);
        this._serverPublicKey = hAuthenticationPart2.getValueAsString();
        _nextField(hAuthenticationPart2);
        hAuthenticationPart2.getValueAsBytes();
        return null;
    }

    private static byte[] _fillRandom(byte[] bArr) {
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    private static void _nextField(HAuthenticationPart hAuthenticationPart) throws SQLException {
        if (!hAuthenticationPart.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
    }

    private static boolean _isZeros(byte[] bArr) {
        for (byte b : bArr) {
            if (b != 0) {
                return false;
            }
        }
        return true;
    }
}
