package com.sap.db.util.security;

import com.sap.db.annotations.NotThreadSafe;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.jdbc.packet.HAuthenticationPart;
import com.sap.db.jdbc.trace.Tracer;
import com.sap.db.util.ByteUtils;
import com.sap.db.util.MessageKey;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import java.util.Arrays;

@NotThreadSafe
/* loaded from: input_file:com/sap/db/util/security/ScramPBKDF2SHA256Authentication.class */
class ScramPBKDF2SHA256Authentication extends ScramSHA256Authentication {
    static final String METHOD_NAME = "SCRAMPBKDF2SHA256";
    private int _iterations;
    private byte[] _serverProof;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.ScramSHA256Authentication, com.sap.db.util.security.AbstractAuthenticationMethod
    public String getMethodName() {
        return METHOD_NAME;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.ScramSHA256Authentication, com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] evaluateAuthenticateReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        HAuthenticationPart hAuthenticationPart2 = new HAuthenticationPart(hAuthenticationPart);
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        this._salt = hAuthenticationPart2.getValueAsBytes();
        if (this._salt.length < 16) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        this._serverChallenge = hAuthenticationPart2.getValueAsBytes();
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        this._iterations = ByteUtils.getIntBigEndian(hAuthenticationPart2.getValueAsBytes(), 0);
        if (this._iterations < 15000) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_WRONGSERVERCHALLENGERECEIVED, new String[0]);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.sap.db.util.security.AbstractAuthenticationMethod
    public byte[] evaluateConnectReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        HAuthenticationPart hAuthenticationPart2 = new HAuthenticationPart(hAuthenticationPart);
        if (!hAuthenticationPart2.nextField()) {
            throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_PACKET_WRONGPACKETFORMAT, new String[0]);
        }
        if (Arrays.equals(hAuthenticationPart2.getValueAsBytes(), this._serverProof)) {
            return null;
        }
        throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_PACKET_WRONGPACKETFORMAT, new String[0]);
    }

    @Override // com.sap.db.util.security.ScramSHA256Authentication
    protected byte[] _getClientProof(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        byte[] bArr = new byte[35];
        ByteUtils.putShortBigEndian(1, bArr, 0);
        byte[][] scramPBKDF2SHA256 = ScramSHA256.scramPBKDF2SHA256(this._salt, bytes, _getClientChallenge(), this._serverChallenge, this._iterations);
        byte[] bArr2 = scramPBKDF2SHA256[0];
        this._serverProof = scramPBKDF2SHA256[1];
        bArr[2] = 32;
        System.arraycopy(bArr2, 0, bArr, 3, bArr2.length);
        return bArr;
    }
}
