package com.microsoft.sqlserver.jdbc;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class SQLServerAeadAes256CbcHmac256Algorithm extends SQLServerEncryptionAlgorithm {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final Logger aeLogger = Logger.getLogger("com.microsoft.sqlserver.jdbc.SQLServerAeadAes256CbcHmac256Algorithm");
    static final String algorithmName = "AEAD_AES_256_CBC_HMAC_SHA256";
    private byte algorithmVersion;
    private SQLServerAeadAes256CbcHmac256EncryptionKey columnEncryptionkey;
    private boolean isDeterministic;
    private int minimumCipherTextLengthInBytesNoAuthenticationTag;
    private int minimumCipherTextLengthInBytesWithAuthenticationTag;
    private int blockSizeInBytes = 16;
    private int keySizeInBytes = 32;
    private byte[] version = {1};
    private byte[] versionSize = {1};

    /* JADX INFO: Access modifiers changed from: package-private */
    public SQLServerAeadAes256CbcHmac256Algorithm(SQLServerAeadAes256CbcHmac256EncryptionKey sQLServerAeadAes256CbcHmac256EncryptionKey, SQLServerEncryptionType sQLServerEncryptionType, byte b) {
        this.isDeterministic = false;
        int i = 16 + 1 + 16;
        this.minimumCipherTextLengthInBytesNoAuthenticationTag = i;
        this.minimumCipherTextLengthInBytesWithAuthenticationTag = i + 32;
        this.columnEncryptionkey = sQLServerAeadAes256CbcHmac256EncryptionKey;
        if (sQLServerEncryptionType == SQLServerEncryptionType.Deterministic) {
            this.isDeterministic = true;
        }
        this.algorithmVersion = b;
        this.version[0] = b;
    }

    private byte[] decryptData(byte[] bArr, boolean z) throws SQLServerException {
        int i;
        int i2;
        int i3 = this.blockSizeInBytes;
        byte[] bArr2 = new byte[i3];
        int i4 = z ? this.minimumCipherTextLengthInBytesWithAuthenticationTag : this.minimumCipherTextLengthInBytesNoAuthenticationTag;
        if (bArr.length < i4) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_InvalidCipherTextSize")).format(new Object[]{Integer.valueOf(bArr.length), Integer.valueOf(i4)}), (String) null, 0, false);
        }
        if (bArr[0] != this.algorithmVersion) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_InvalidAlgorithmVersion")).format(new Object[]{String.format("%02X ", Byte.valueOf(bArr[0])), String.format("%02X ", Byte.valueOf(this.algorithmVersion))}), (String) null, 0, false);
        }
        if (z) {
            i = this.keySizeInBytes + 1;
            i2 = 1;
        } else {
            i = 1;
            i2 = 0;
        }
        System.arraycopy(bArr, i, bArr2, 0, i3);
        int i5 = i + i3;
        int length = bArr.length - i5;
        if (z) {
            try {
                if (!SQLServerSecurityUtility.compareBytes(prepareAuthenticationTag(bArr2, bArr, i5, length), bArr, i2, length)) {
                    throw new SQLServerException((Object) this, SQLServerException.getErrString("R_InvalidAuthenticationTag"), (String) null, 0, false);
                }
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_DecryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
            }
        }
        return decryptData(bArr2, bArr, i5, length);
    }

    private byte[] decryptData(byte[] bArr, byte[] bArr2, int i, int i2) throws SQLServerException {
        Logger logger = aeLogger;
        logger.entering(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "decryptData", "Decrypting data.");
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.columnEncryptionkey.getEncryptionKey(), "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            byte[] doFinal = cipher.doFinal(bArr2, i, i2);
            logger.exiting(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "decryptData", "Data decrypted.");
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_DecryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
        }
    }

    private byte[] prepareAuthenticationTag(byte[] bArr, byte[] bArr2, int i, int i2) throws NoSuchAlgorithmException, InvalidKeyException {
        int i3 = this.keySizeInBytes;
        byte[] bArr3 = new byte[i3];
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(this.columnEncryptionkey.getMacKey(), "HmacSHA256"));
        byte[] bArr4 = this.version;
        mac.update(bArr4, 0, bArr4.length);
        mac.update(bArr, 0, bArr.length);
        mac.update(bArr2, i, i2);
        mac.update(this.versionSize, 0, this.version.length);
        System.arraycopy(mac.doFinal(), 0, bArr3, 0, i3);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.sqlserver.jdbc.SQLServerEncryptionAlgorithm
    public byte[] decryptData(byte[] bArr) throws SQLServerException {
        return decryptData(bArr, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.sqlserver.jdbc.SQLServerEncryptionAlgorithm
    public byte[] encryptData(byte[] bArr) throws SQLServerException {
        return encryptData(bArr, true);
    }

    protected byte[] encryptData(byte[] bArr, boolean z) throws SQLServerException {
        String str;
        int i;
        int i2;
        int i3;
        Cipher cipher;
        int i4;
        Logger logger = aeLogger;
        logger.entering(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "encryptData", "Encrypting data.");
        byte[] bArr2 = new byte[this.blockSizeInBytes];
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.columnEncryptionkey.getEncryptionKey(), "AES");
        if (this.isDeterministic) {
            try {
                bArr2 = SQLServerSecurityUtility.getHMACWithSHA256(bArr, this.columnEncryptionkey.getIVKey(), this.blockSizeInBytes);
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_EncryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
            }
        } else {
            new SecureRandom().nextBytes(bArr2);
        }
        byte[] bArr3 = bArr2;
        int length = bArr.length;
        int i5 = this.blockSizeInBytes;
        int i6 = (length / i5) + 1;
        int i7 = z ? this.keySizeInBytes : 0;
        int i8 = i7 + 1;
        int i9 = i8 + i5;
        byte[] bArr4 = new byte[bArr3.length + i8 + (i5 * i6)];
        bArr4[0] = this.algorithmVersion;
        System.arraycopy(bArr3, 0, bArr4, i8, bArr3.length);
        try {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
            Cipher cipher2 = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher2.init(1, secretKeySpec, ivParameterSpec);
            if (i6 > 1) {
                i4 = (i6 - 1) * this.blockSizeInBytes;
                str = "R_EncryptionFailed";
                cipher = cipher2;
                i2 = i7;
                i3 = i6;
                try {
                    i = i9;
                    i9 = i + cipher2.update(bArr, 0, i4, bArr4, i9);
                } catch (InvalidAlgorithmParameterException e2) {
                    e = e2;
                    throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString(str)).format(new Object[]{e.getMessage()}), (String) null, 0, false);
                } catch (InvalidKeyException e3) {
                    e = e3;
                    throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString(str)).format(new Object[]{e.getMessage()}), (String) null, 0, false);
                } catch (NoSuchAlgorithmException e4) {
                    e = e4;
                    throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString(str)).format(new Object[]{e.getMessage()}), (String) null, 0, false);
                } catch (BadPaddingException e5) {
                    e = e5;
                    throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString(str)).format(new Object[]{e.getMessage()}), (String) null, 0, false);
                } catch (IllegalBlockSizeException e6) {
                    e = e6;
                    throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString(str)).format(new Object[]{e.getMessage()}), (String) null, 0, false);
                } catch (NoSuchPaddingException e7) {
                    e = e7;
                    throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString(str)).format(new Object[]{e.getMessage()}), (String) null, 0, false);
                } catch (ShortBufferException e8) {
                    e = e8;
                    throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString(str)).format(new Object[]{e.getMessage()}), (String) null, 0, false);
                }
            } else {
                i = i9;
                i2 = i7;
                i3 = i6;
                str = "R_EncryptionFailed";
                cipher = cipher2;
                i4 = 0;
            }
            byte[] doFinal = cipher.doFinal(bArr, i4, bArr.length - i4);
            System.arraycopy(doFinal, 0, bArr4, i9, doFinal.length);
            if (z) {
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(new SecretKeySpec(this.columnEncryptionkey.getMacKey(), "HmacSHA256"));
                byte[] bArr5 = this.version;
                mac.update(bArr5, 0, bArr5.length);
                mac.update(bArr3, 0, bArr3.length);
                mac.update(bArr4, i, i3 * this.blockSizeInBytes);
                mac.update(this.versionSize, 0, this.version.length);
                System.arraycopy(mac.doFinal(), 0, bArr4, 1, i2);
            }
            logger.exiting(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "encryptData", "Data encrypted.");
            return bArr4;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | ShortBufferException e9) {
            e = e9;
            str = "R_EncryptionFailed";
        }
    }
}
