package com.sap.db.util.security;

import com.sap.db.annotations.NotThreadSafe;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.jdbc.packet.HAuthenticationPart;
import com.sap.db.jdbc.trace.Tracer;
import com.sap.db.util.ByteUtils;
import com.sap.db.util.MessageKey;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.sql.SQLException;

@NotThreadSafe
/* loaded from: input_file:com/sap/db/util/security/ScramSHA256Authentication.class */
class ScramSHA256Authentication extends AbstractAuthenticationMethod {
    static final String METHOD_NAME = "SCRAMSHA256";
    protected static final int CLIENT_PROOF_SIZE = 32;
    protected byte[] _salt;
    protected byte[] _clientChallenge;
    protected byte[] _serverChallenge;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public String getMethodName() {
        return METHOD_NAME;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] getInitialData(byte[] bArr) throws SQLException {
        return _getClientChallenge();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] getFinalData(String str, String str2) throws SQLException {
        if (str == null) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_NOPASSWD, new String[0]);
        }
        return _getClientProof(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] evaluateAuthenticateReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        HAuthenticationPart hAuthenticationPart2 = new HAuthenticationPart(hAuthenticationPart);
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        this._salt = hAuthenticationPart2.getValueAsBytes();
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        this._serverChallenge = hAuthenticationPart2.getValueAsBytes();
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public String evaluateConnectReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        if (hAuthenticationPart.getCurrentFieldLength() == 0) {
            return null;
        }
        HAuthenticationPart hAuthenticationPart2 = new HAuthenticationPart(hAuthenticationPart);
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_PACKET_WRONGPACKETFORMAT, new String[0]);
        }
        String valueAsString = hAuthenticationPart2.getValueAsString();
        if (tracer.on()) {
            tracer.printDebugMessage("PASSWORD Authentication: Received session cookie");
        }
        return valueAsString;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] _getClientChallenge() {
        if (this._clientChallenge != null) {
            return this._clientChallenge;
        }
        this._clientChallenge = new byte[64];
        new SecureRandom().nextBytes(this._clientChallenge);
        return this._clientChallenge;
    }

    protected byte[] _getClientProof(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] bArr = new byte[35];
        ByteUtils.putShortBigEndian(1, bArr, 0);
        byte[] scramSHA256 = ScramSHA256.scramSHA256(this._salt, bytes, _getClientChallenge(), this._serverChallenge);
        bArr[2] = 32;
        System.arraycopy(scramSHA256, 0, bArr, 3, scramSHA256.length);
        return bArr;
    }
}
