package com.microsoft.sqlserver.jdbc;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: input_file:WEB-INF/lib/lucee.jar:extensions/99A4EF8D-F2FD-40C8-8FB8C2E67A4EEEB6-7.2.2.jre8.lex:jars/org.lucee.mssql-7.2.2.jre8.jar:com/microsoft/sqlserver/jdbc/KeyStoreProviderCommon.class */
class KeyStoreProviderCommon {
    static final String rsaEncryptionAlgorithmWithOAEP = "RSA_OAEP";
    static byte[] version = {1};

    KeyStoreProviderCommon() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateEncryptionAlgorithm(String str, boolean z) throws SQLServerException {
        String str2 = z ? "R_NullKeyEncryptionAlgorithm" : "R_NullKeyEncryptionAlgorithmInternal";
        if (null == str) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString(str2), (String) null, 0, false);
        }
        String str3 = z ? "R_InvalidKeyEncryptionAlgorithm" : "R_InvalidKeyEncryptionAlgorithmInternal";
        if (!rsaEncryptionAlgorithmWithOAEP.equalsIgnoreCase(str.trim())) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString(str3)).format(new Object[]{str, rsaEncryptionAlgorithmWithOAEP}), null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validateNonEmptyMasterKeyPath(String str) throws SQLServerException {
        if (null == str || str.trim().length() == 0) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_InvalidMasterKeyDetails"), (String) null, 0, false);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decryptColumnEncryptionKey(String str, String str2, byte[] bArr, CertificateDetails certificateDetails) throws SQLServerException {
        if (null == bArr) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_NullEncryptedColumnEncryptionKey"), (String) null, 0, false);
        }
        if (0 == bArr.length) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_EmptyEncryptedColumnEncryptionKey"), (String) null, 0, false);
        }
        validateEncryptionAlgorithm(str2, false);
        int length = version.length;
        short convertTwoBytesToShort = convertTwoBytesToShort(bArr, length);
        int i = length + 2;
        int convertTwoBytesToShort2 = convertTwoBytesToShort(bArr, i);
        int i2 = i + 2 + convertTwoBytesToShort;
        int length2 = (bArr.length - i2) - convertTwoBytesToShort2;
        byte[] bArr2 = new byte[convertTwoBytesToShort2];
        System.arraycopy(bArr, i2, bArr2, 0, convertTwoBytesToShort2);
        int i3 = i2 + convertTwoBytesToShort2;
        byte[] bArr3 = new byte[length2];
        System.arraycopy(bArr, i3, bArr3, 0, length2);
        byte[] bArr4 = new byte[bArr.length - bArr3.length];
        System.arraycopy(bArr, 0, bArr4, 0, bArr.length - bArr3.length);
        if (verifyRSASignature(bArr4, bArr3, certificateDetails.certificate, str)) {
            return decryptRSAOAEP(bArr2, certificateDetails);
        }
        throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_InvalidCertificateSignature")).format(new Object[]{str}), null);
    }

    private static byte[] decryptRSAOAEP(byte[] bArr, CertificateDetails certificateDetails) throws SQLServerException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(2, certificateDetails.privateKey);
            cipher.update(bArr);
            return cipher.doFinal();
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_CEKDecryptionFailed")).format(new Object[]{e.getMessage()}), e);
        }
    }

    private static boolean verifyRSASignature(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate, String str) throws SQLServerException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initVerify(x509Certificate.getPublicKey());
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_InvalidCertificateSignature")).format(new Object[]{str}), e);
        }
    }

    private static short convertTwoBytesToShort(byte[] bArr, int i) throws SQLServerException {
        if (i + 1 >= bArr.length) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_ByteToShortConversion"), (String) null, 0, false);
        }
        ByteBuffer allocate = ByteBuffer.allocate(2);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        allocate.put(bArr[i]);
        allocate.put(bArr[i + 1]);
        return allocate.getShort(0);
    }
}
