package com.sap.db.util.security;

import com.sap.db.annotations.NotThreadSafe;
import com.sap.db.jdbc.ConnectionSapDB;
import com.sap.db.jdbc.Driver;
import com.sap.db.jdbc.Session;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.jdbc.packet.HAuthenticationPart;
import com.sap.db.jdbc.packet.HRequestPacket;
import com.sap.db.jdbc.trace.Tracer;
import com.sap.db.util.CharsetUtils;
import com.sap.db.util.MessageKey;
import com.sap.db.util.MessageTranslator;
import java.sql.SQLException;
import java.util.LinkedHashMap;
import java.util.Map;
import org.ietf.jgss.GSSException;

@NotThreadSafe
/* loaded from: input_file:com/sap/db/util/security/AuthenticationManager.class */
public class AuthenticationManager extends AbstractAuthenticationManager {
    private Map<String, AbstractAuthenticationMethod> _methods = new LinkedHashMap();
    private AbstractAuthenticationMethod _currentMethod;

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public void authenticate(ConnectionSapDB connectionSapDB, Session session, String str, String str2) throws SQLException {
        boolean z;
        HRequestPacket initAuthenticate;
        byte[] evaluateAuthenticateReply;
        Tracer tracer = connectionSapDB.getTracer();
        boolean z2 = (str == null || str.isEmpty()) ? false : true;
        boolean z3 = !str2.isEmpty();
        if (connectionSapDB.getCookie() != null && z2) {
            this._methods.put("SessionCookie", new SessionCookieAuthentication(connectionSapDB));
            if (tracer.on()) {
                tracer.printMessage("Using Session Cookie Authentication");
            }
        } else if (z3) {
            if (tracer.on()) {
                tracer.printMessage("Reject GSS Authentication: Password is not empty");
            }
            if (z2) {
                if (tracer.on()) {
                    tracer.printMessage("Reject SAML, SAPLogon and JWT Authentication: User name is not empty");
                }
            } else if (str2.startsWith("<")) {
                this._methods.put("SAML", new SAMLAuthentication());
            } else if (str2.startsWith("Aj")) {
                this._methods.put("SAPLogon", new SAPLogonAuthentication());
            } else if (str2.startsWith("ey")) {
                this._methods.put("JWT", new JWTAuthentication());
            } else if (tracer.on()) {
                tracer.printMessage("Reject SAML, SAPLogon and JWT Authentication: Unknown ticket prefix");
            }
        } else {
            try {
                this._methods.put("GSS", new GSSAuthentication(connectionSapDB));
            } catch (GSSException e) {
                if (tracer.on()) {
                    tracer.printThrowable(e, "Reject GSS Authentication");
                }
            }
        }
        if (Driver.getJavaVersion() >= 8) {
            this._methods.put("LDAP", new LDAPAuthentication());
            this._methods.put("SCRAMPBKDF2SHA256", new ScramPBKDF2SHA256Authentication());
        } else if (tracer.on()) {
            tracer.printMessage("Reject LDAP and PBKDF2: Java 8 or later required");
        }
        this._methods.put("SCRAMSHA256", new ScramSHA256Authentication());
        do {
            z = false;
            initAuthenticate = connectionSapDB.initAuthenticate(session);
            HAuthenticationPart addAuthenticationPart = initAuthenticate.addAuthenticationPart();
            addAuthenticationPart.addArg();
            addAuthenticationPart.addRow((2 * this._methods.size()) + 1);
            addAuthenticationPart.addString(str);
            for (Map.Entry entry : new LinkedHashMap(this._methods).entrySet()) {
                String str3 = (String) entry.getKey();
                AbstractAuthenticationMethod abstractAuthenticationMethod = (AbstractAuthenticationMethod) entry.getValue();
                try {
                    addAuthenticationPart.addBytes(str3.getBytes(CharsetUtils.UTF_8));
                    addAuthenticationPart.addBytes(abstractAuthenticationMethod.getInitialData(str2.getBytes(CharsetUtils.UTF_8)));
                } catch (SQLException e2) {
                    z = true;
                    if (tracer.on()) {
                        tracer.printThrowable(e2, "Reject authentication method " + abstractAuthenticationMethod.getMethodName());
                    }
                    this._methods.remove(str3);
                    if (this._methods.size() == 0) {
                        throw new SQLException(MessageTranslator.translate(MessageKey.ERROR_CONNECTION_NOAUTHENTICATIONMETHODAVAILABLE, new Object[0]), "08001", -11111);
                    }
                }
            }
            if (!z) {
                addAuthenticationPart.close();
            }
        } while (z);
        do {
            initAuthenticate.close();
            HAuthenticationPart findAuthenticationPart = connectionSapDB.exchange(session, initAuthenticate, null, new ConnectionSapDB.ExchangeFlag[0]).findAuthenticationPart(0);
            if (findAuthenticationPart == null || !findAuthenticationPart.nextField()) {
                throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_NOAUTHENTICATIONMETHODAVAILABLE, new String[0]);
            }
            String valueAsString = findAuthenticationPart.getValueAsString();
            this._currentMethod = this._methods.get(valueAsString);
            findAuthenticationPart.nextField();
            evaluateAuthenticateReply = this._currentMethod.evaluateAuthenticateReply(findAuthenticationPart, tracer);
            if (evaluateAuthenticateReply != null) {
                initAuthenticate = connectionSapDB.initAuthenticate(session);
                HAuthenticationPart addAuthenticationPart2 = initAuthenticate.addAuthenticationPart();
                addAuthenticationPart2.addArg();
                addAuthenticationPart2.addRow(2);
                addAuthenticationPart2.addBytes(valueAsString.getBytes(CharsetUtils.UTF_8));
                addAuthenticationPart2.addBytes(evaluateAuthenticateReply);
                addAuthenticationPart2.close();
            }
        } while (evaluateAuthenticateReply != null);
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public void setClientProofPart(HAuthenticationPart hAuthenticationPart, String str, String str2) throws SQLException {
        hAuthenticationPart.addRow(3);
        hAuthenticationPart.addString(str);
        hAuthenticationPart.addArg();
        hAuthenticationPart.addString(this._currentMethod.getMethodName());
        hAuthenticationPart.addArg();
        hAuthenticationPart.addBytes(this._currentMethod.getFinalData(str2));
        hAuthenticationPart.addArg();
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public String getMethodName() {
        return this._currentMethod != null ? this._currentMethod.getMethodName() : "NULL";
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public byte[] evaluateConnectReply(HAuthenticationPart hAuthenticationPart, Tracer tracer) throws SQLException {
        if (this._currentMethod != null) {
            return this._currentMethod.evaluateConnectReply(hAuthenticationPart, tracer);
        }
        return null;
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public boolean supportsReconnect() {
        if (this._currentMethod != null) {
            return this._currentMethod.supportsReconnect();
        }
        return false;
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    String getUserNameFromServer() {
        if (this._currentMethod != null) {
            return this._currentMethod.getUserNameFromServer();
        }
        return null;
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    void onAuthenticationCompleted() {
        if (this._currentMethod != null) {
            this._currentMethod.onAuthenticationCompleted();
        }
    }
}
