package com.sap.db.util.security;

import com.sap.db.annotations.NotThreadSafe;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.jdbc.packet.HAuthenticationPart;
import com.sap.db.jdbc.trace.Tracer;
import com.sap.db.util.Base64Utils;
import com.sap.db.util.ByteUtils;
import com.sap.db.util.MessageKey;
import com.sap.db.util.RsaOaep;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.sql.SQLException;
import java.util.List;

@NotThreadSafe
/* loaded from: input_file:com/sap/db/util/security/X509Authentication.class */
class X509Authentication extends AbstractAuthenticationMethod {
    static final String METHOD_NAME = "X509";
    static final String METHOD_TICKET_PREFIX = "-----BEGIN";
    private byte[] _serverNonce;
    private String _userName;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public String getMethodName() {
        return METHOD_NAME;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] getInitialData(byte[] bArr) throws SQLException {
        return new byte[0];
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v94, types: [byte[]] */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] getFinalData(String str, String str2) throws SQLException {
        byte[][] bArr;
        int[] iArr;
        int[] iArr2;
        int i;
        List<byte[]> decodePrivateKeys = Base64Utils.decodePrivateKeys(str2);
        List<byte[]> decodeCertificates = Base64Utils.decodeCertificates(str2);
        if (decodePrivateKeys.isEmpty()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_X509_MISSINGPRIVATEKEY, new String[0]);
        }
        if (decodeCertificates.isEmpty()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_X509_MISSINGCERTIFICATES, new String[0]);
        }
        byte[] bArr2 = decodeCertificates.get(0);
        int length = bArr2.length;
        int lengthIndicatorLength = HAuthenticationPart.getLengthIndicatorLength(length);
        int size = decodeCertificates.size() - 1;
        if (size > 0) {
            bArr = new byte[size];
            iArr = new int[size];
            iArr2 = new int[size];
            i = 2;
            for (int i2 = 0; i2 < size; i2++) {
                bArr[i2] = decodeCertificates.get(i2 + 1);
                iArr[i2] = bArr[i2].length;
                iArr2[i2] = HAuthenticationPart.getLengthIndicatorLength(iArr[i2]);
                i += iArr2[i2] + iArr[i2];
            }
        } else {
            bArr = null;
            iArr = null;
            iArr2 = null;
            i = 0;
        }
        int lengthIndicatorLength2 = HAuthenticationPart.getLengthIndicatorLength(i);
        try {
            PrivateKey _createPrivateKeyFromBytes = _createPrivateKeyFromBytes(decodePrivateKeys.get(0));
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(_createPrivateKeyFromBytes);
            signature.update(bArr2);
            for (int i3 = 0; i3 < size; i3++) {
                signature.update(bArr[i3]);
            }
            signature.update(this._serverNonce);
            byte[] sign = signature.sign();
            int length2 = sign.length;
            int lengthIndicatorLength3 = HAuthenticationPart.getLengthIndicatorLength(length2);
            byte[] bArr3 = new byte[2 + lengthIndicatorLength + length + lengthIndicatorLength2 + i + lengthIndicatorLength3 + length2];
            ByteUtils.putShort(3, bArr3, 0);
            int i4 = 0 + 2;
            HAuthenticationPart.putLengthIndicator(length, bArr3, i4);
            int i5 = i4 + lengthIndicatorLength;
            ByteUtils.putBytes(bArr2, bArr3, i5);
            int i6 = i5 + length;
            HAuthenticationPart.putLengthIndicator(i, bArr3, i6);
            int i7 = i6 + lengthIndicatorLength2;
            if (size > 0) {
                ByteUtils.putShort(size, bArr3, i7);
                i7 += 2;
                for (int i8 = 0; i8 < size; i8++) {
                    HAuthenticationPart.putLengthIndicator(iArr[i8], bArr3, i7);
                    int i9 = i7 + iArr2[i8];
                    ByteUtils.putBytes(bArr[i8], bArr3, i9);
                    i7 = i9 + iArr[i8];
                }
            }
            HAuthenticationPart.putLengthIndicator(length2, bArr3, i7);
            int i10 = i7 + lengthIndicatorLength3;
            ByteUtils.putBytes(sign, bArr3, i10);
            int i11 = i10 + length2;
            return bArr3;
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException | InvalidKeySpecException e) {
            throw SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_CONNECTION_X509_SIGNINGFAILED, e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] evaluateAuthenticateReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        this._serverNonce = hAuthenticationPart.getValueAsBytes();
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public String evaluateConnectReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        HAuthenticationPart hAuthenticationPart2 = new HAuthenticationPart(hAuthenticationPart);
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_PACKET_WRONGPACKETFORMAT, new String[0]);
        }
        this._userName = hAuthenticationPart2.getValueAsString();
        if (tracer.on()) {
            tracer.printDebugMessage("X509 Authentication: User: " + this._userName);
        }
        if (!hAuthenticationPart2.nextField()) {
            return null;
        }
        String valueAsString = hAuthenticationPart2.getValueAsString();
        if (tracer.on()) {
            tracer.printDebugMessage("X509 Authentication: Received session cookie");
        }
        return valueAsString;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public String getUserNameFromServer() {
        return this._userName;
    }

    private static PrivateKey _createPrivateKeyFromBytes(byte[] bArr) throws NoSuchAlgorithmException, InvalidKeySpecException {
        return KeyFactory.getInstance(RsaOaep.JAVA_ALGORITHM_NAME).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }
}
