package com.sap.db.util.security;

import com.sap.db.annotations.NotThreadSafe;
import com.sap.db.jdbc.ConnectionInjectionHandler;
import com.sap.db.jdbc.ConnectionProperty;
import com.sap.db.jdbc.ConnectionSapDB;
import com.sap.db.jdbc.Session;
import com.sap.db.jdbc.SessionFactory;
import com.sap.db.jdbc.exceptions.RTEException;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.jdbc.packet.DBConnectInfo;
import com.sap.db.jdbc.packet.HAuthenticationPart;
import com.sap.db.jdbc.packet.HReplyPacket;
import com.sap.db.jdbc.packet.HRequestPacket;
import com.sap.db.jdbc.packet.RedirectionType;
import com.sap.db.jdbc.packet.SessionReattachStatusOption;
import com.sap.db.jdbc.trace.Tracer;
import com.sap.db.util.MessageKey;
import com.sap.db.util.MessageTranslator;
import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import org.ietf.jgss.GSSException;

@NotThreadSafe
/* loaded from: input_file:com/sap/db/util/security/AuthenticationManager.class */
public class AuthenticationManager extends AbstractAuthenticationManager {
    private final Map<String, AbstractAuthenticationMethod> _methods = new LinkedHashMap();
    private AbstractAuthenticationMethod _currentMethod;

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public Session authenticate(SessionFactory sessionFactory, ConnectionSapDB connectionSapDB, Session session, boolean z, String str, String str2, String str3, Set<AuthenticationMethodType> set, boolean z2, SessionReattachStatusOption[] sessionReattachStatusOptionArr) throws RTEException, SQLException {
        boolean z3;
        HRequestPacket initAuthenticate;
        HReplyPacket exchange;
        Session _retryPreferredAddress;
        byte[] evaluateAuthenticateReply;
        byte[] reattachToken;
        long sessionID;
        Tracer tracer = connectionSapDB.getTracer();
        boolean z4 = (str == null || str.isEmpty()) ? false : true;
        boolean z5 = !str2.isEmpty();
        boolean z6 = (str3 == null || str3.isEmpty()) ? false : true;
        if (set.contains(AuthenticationMethodType.SESSIONCOOKIE) && z4 && connectionSapDB.getCookie() != null) {
            this._methods.put("SessionCookie", new SessionCookieAuthentication(connectionSapDB));
            if (tracer.on()) {
                tracer.printDebugMessage("Using SESSIONCOOKIE Authentication");
            }
        } else {
            if (set.contains(AuthenticationMethodType.X509) && !z4 && !z5 && z6 && str3.startsWith("-----BEGIN")) {
                this._methods.put("X509", new X509Authentication());
                if (tracer.on()) {
                    tracer.printDebugMessage("Including X509 Authentication");
                }
            }
            if (z5) {
                if (tracer.on()) {
                    tracer.printDebugMessage("Rejecting KERBEROS Authentication: Password is not empty");
                }
                if (z4) {
                    if (tracer.on()) {
                        tracer.printDebugMessage("Rejecting SAML, SAPLOGON, and JWT Authentication: User name is not empty");
                    }
                } else if (set.contains(AuthenticationMethodType.SAML) && str2.startsWith(SAMLAuthentication.METHOD_TICKET_PREFIX)) {
                    this._methods.put(SAMLAuthentication.METHOD_NAME, new SAMLAuthentication());
                    if (tracer.on()) {
                        tracer.printDebugMessage("Including SAML Authentication");
                    }
                } else if (set.contains(AuthenticationMethodType.SAPLOGON) && str2.startsWith("Aj")) {
                    this._methods.put("SAPLogon", new SAPLogonAuthentication());
                    if (tracer.on()) {
                        tracer.printDebugMessage("Including SAPLOGON Authentication");
                    }
                } else if (set.contains(AuthenticationMethodType.JWT) && str2.startsWith(JWTAuthentication.METHOD_TICKET_PREFIX)) {
                    this._methods.put(JWTAuthentication.METHOD_NAME, new JWTAuthentication());
                    if (tracer.on()) {
                        tracer.printDebugMessage("Including JWT Authentication");
                    }
                } else if (tracer.on()) {
                    tracer.printDebugMessage("Rejecting SAML, SAPLOGON, and JWT Authentication: Unknown ticket prefix or authentication methods excluded");
                }
            } else {
                try {
                    if (set.contains(AuthenticationMethodType.KERBEROS)) {
                        this._methods.put("GSS", new GSSAuthentication(connectionSapDB));
                    }
                    if (tracer.on()) {
                        tracer.printDebugMessage("Including KERBEROS Authentication");
                    }
                } catch (GSSException e) {
                    if (tracer.on()) {
                        tracer.printDebugThrowable(e, "Rejecting KERBEROS Authentication");
                    }
                }
            }
            if (set.contains(AuthenticationMethodType.LDAP) && z4 && z5) {
                this._methods.put("LDAP", new LDAPAuthentication());
                if (tracer.on()) {
                    tracer.printDebugMessage("Including LDAP Authentication");
                }
            }
            if (set.contains(AuthenticationMethodType.PBKDF2)) {
                this._methods.put("SCRAMPBKDF2SHA256", new ScramPBKDF2SHA256Authentication());
                if (tracer.on()) {
                    tracer.printDebugMessage("Including PBKDF2 Authentication");
                }
            }
            if (set.contains(AuthenticationMethodType.PASSWORD)) {
                this._methods.put("SCRAMSHA256", new ScramSHA256Authentication());
                if (tracer.on()) {
                    tracer.printDebugMessage("Including PASSWORD Authentication");
                }
            }
        }
        if (this._methods.isEmpty()) {
            throw new SQLException(MessageTranslator.translate(MessageKey.ERROR_CONNECTION_NOAUTHENTICATIONMETHODAVAILABLE, new Object[0]), "08001", -11111);
        }
        do {
            z3 = false;
            initAuthenticate = connectionSapDB.initAuthenticate(session);
            HAuthenticationPart addAuthenticationPart = initAuthenticate.addAuthenticationPart();
            addAuthenticationPart.addArg();
            addAuthenticationPart.addRow((2 * this._methods.size()) + 1);
            addAuthenticationPart.addString(str);
            for (Map.Entry entry : new LinkedHashMap(this._methods).entrySet()) {
                String str4 = (String) entry.getKey();
                AbstractAuthenticationMethod abstractAuthenticationMethod = (AbstractAuthenticationMethod) entry.getValue();
                try {
                    addAuthenticationPart.addBytes(str4.getBytes(StandardCharsets.UTF_8));
                    addAuthenticationPart.addBytes(abstractAuthenticationMethod.getInitialData(str2.getBytes(StandardCharsets.UTF_8)));
                } catch (SQLException e2) {
                    z3 = true;
                    if (tracer.on()) {
                        tracer.printDebugThrowable(e2, "Reject authentication method " + abstractAuthenticationMethod.getMethodName());
                    }
                    this._methods.remove(str4);
                    if (this._methods.isEmpty()) {
                        throw new SQLException(MessageTranslator.translate(MessageKey.ERROR_CONNECTION_NOAUTHENTICATIONMETHODAVAILABLE, new Object[0]), "08001", -11111);
                    }
                }
            }
            if (!z3) {
                addAuthenticationPart.close();
                if (z2) {
                    ConnectionInjectionHandler connectionInjectionHandler = connectionSapDB.getConnectionInjectionHandler();
                    if (connectionInjectionHandler != null) {
                        reattachToken = connectionInjectionHandler.getReattachToken(session);
                        sessionID = connectionInjectionHandler.getSessionID(session);
                    } else {
                        reattachToken = session.getReattachToken();
                        sessionID = session.getSessionID();
                    }
                    initAuthenticate.addSessionReattachPart(reattachToken, sessionID);
                } else if (z && connectionSapDB.getRedirectionType() == RedirectionType.None) {
                    initAuthenticate.addDBConnectInfoPart(connectionSapDB.getConnectionProperty(ConnectionProperty.NETWORK_GROUP));
                }
            }
        } while (z3);
        do {
            initAuthenticate.close();
            exchange = connectionSapDB.exchange(session, initAuthenticate, null, ConnectionSapDB.ExchangeFlag.IGNORE_ERRORS);
            DBConnectInfo findDBConnectInfo = exchange.findDBConnectInfo(0);
            if (findDBConnectInfo != null) {
                connectionSapDB.setRedirectionType(RedirectionType.TenantWithAZAware);
                connectionSapDB.setRedirectedHost(findDBConnectInfo.getHost());
                connectionSapDB.setRedirectedPort(findDBConnectInfo.getPort());
                try {
                    _retryPreferredAddress = session._processDBConnectInfoPart(sessionFactory, findDBConnectInfo);
                } catch (RTEException e3) {
                    if (!connectionSapDB.getBooleanConnectionProperty(ConnectionProperty.RETRY_PREFERRED_ADDRESS_ON_REDIRECT_FAIL)) {
                        throw e3;
                    }
                    connectionSapDB.setRedirectionType(RedirectionType.Disabled);
                    connectionSapDB.setRedirectedHost(null);
                    connectionSapDB.setRedirectedPort(0);
                    _retryPreferredAddress = session._retryPreferredAddress(sessionFactory);
                }
                return authenticate(sessionFactory, connectionSapDB, _retryPreferredAddress, z, str, str2, str3, set, z2, sessionReattachStatusOptionArr);
            }
            SQLException findSQLExceptionChain = exchange.findSQLExceptionChain(connectionSapDB, 0);
            if (findSQLExceptionChain != null) {
                throw findSQLExceptionChain;
            }
            HAuthenticationPart findAuthenticationPart = exchange.findAuthenticationPart(0);
            if (findAuthenticationPart == null || !findAuthenticationPart.nextField()) {
                throw SQLExceptionSapDB.newInstance(MessageKey.ERROR_CONNECTION_NOAUTHENTICATIONMETHODAVAILABLE, new String[0]);
            }
            String valueAsString = findAuthenticationPart.getValueAsString();
            this._currentMethod = this._methods.get(valueAsString);
            findAuthenticationPart.nextField();
            evaluateAuthenticateReply = this._currentMethod.evaluateAuthenticateReply(tracer, findAuthenticationPart);
            if (evaluateAuthenticateReply != null) {
                initAuthenticate = connectionSapDB.initAuthenticate(session);
                HAuthenticationPart addAuthenticationPart2 = initAuthenticate.addAuthenticationPart();
                addAuthenticationPart2.addArg();
                addAuthenticationPart2.addRow(2);
                addAuthenticationPart2.addBytes(valueAsString.getBytes(StandardCharsets.UTF_8));
                addAuthenticationPart2.addBytes(evaluateAuthenticateReply);
                addAuthenticationPart2.close();
            }
        } while (evaluateAuthenticateReply != null);
        if (z2 && sessionReattachStatusOptionArr != null) {
            sessionReattachStatusOptionArr[0] = exchange.findServerReattachStatus(0);
        }
        return session;
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public void setClientProofPart(HAuthenticationPart hAuthenticationPart, String str, String str2, String str3) throws SQLException {
        hAuthenticationPart.addArg();
        hAuthenticationPart.addRow(3);
        hAuthenticationPart.addString(str);
        hAuthenticationPart.addString(this._currentMethod.getMethodName());
        hAuthenticationPart.addBytes(this._currentMethod.getFinalData(str2, str3));
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public String getMethodName() {
        return this._currentMethod != null ? this._currentMethod.getMethodName() : "NULL";
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    public String evaluateConnectReply(Tracer tracer, HAuthenticationPart hAuthenticationPart) throws SQLException {
        if (this._currentMethod != null) {
            return this._currentMethod.evaluateConnectReply(tracer, hAuthenticationPart);
        }
        return null;
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    String getUserNameFromServer() {
        if (this._currentMethod != null) {
            return this._currentMethod.getUserNameFromServer();
        }
        return null;
    }

    @Override // com.sap.db.util.security.AbstractAuthenticationManager
    void onAuthenticationCompleted() {
        if (this._currentMethod != null) {
            this._currentMethod.onAuthenticationCompleted();
        }
    }
}
