package com.microsoft.sqlserver.jdbc;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes3.dex */
public class SQLServerColumnEncryptionJavaKeyStoreProvider extends SQLServerColumnEncryptionKeyStoreProvider {
    private static final Logger javaKeyStoreLogger = Logger.getLogger("com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionJavaKeyStoreProvider");
    String keyStorePath;
    char[] keyStorePwd;
    String name = "MSSQL_JAVA_KEYSTORE";

    public SQLServerColumnEncryptionJavaKeyStoreProvider(String str, char[] cArr) throws SQLServerException {
        this.keyStorePath = null;
        this.keyStorePwd = null;
        Logger logger = javaKeyStoreLogger;
        logger.entering(SQLServerColumnEncryptionJavaKeyStoreProvider.class.getName(), "SQLServerColumnEncryptionJavaKeyStoreProvider");
        if (str == null || str.length() == 0) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_InvalidConnectionSetting")).format(new Object[]{"keyStoreLocation", str}), null);
        }
        this.keyStorePath = str;
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Path of key store provider is set.");
        }
        cArr = cArr == null ? "".toCharArray() : cArr;
        char[] cArr2 = new char[cArr.length];
        this.keyStorePwd = cArr2;
        System.arraycopy(cArr, 0, cArr2, 0, cArr.length);
        if (logger.isLoggable(Level.FINE)) {
            logger.fine("Password for key store provider is set.");
        }
        logger.exiting(SQLServerColumnEncryptionJavaKeyStoreProvider.class.getName(), "SQLServerColumnEncryptionJavaKeyStoreProvider");
    }

    private byte[] encryptRSAOAEP(byte[] bArr, CertificateDetails certificateDetails) throws SQLServerException {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
            cipher.init(1, certificateDetails.certificate.getPublicKey());
            cipher.update(bArr);
            return cipher.doFinal();
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_EncryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
        }
    }

    /* JADX WARN: Can't wrap try/catch for region: R(6:(2:13|14)|15|16|17|18|19) */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.microsoft.sqlserver.jdbc.CertificateDetails getCertificateDetails(java.lang.String r8) throws com.microsoft.sqlserver.jdbc.SQLServerException {
        /*
            r7 = this;
            r0 = 0
            if (r8 == 0) goto L4f
            int r1 = r8.length()     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            if (r1 == 0) goto L4f
            java.lang.String r1 = "JKS"
            java.security.KeyStore r1 = java.security.KeyStore.getInstance(r1)     // Catch: java.io.IOException -> L2c java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.FileNotFoundException -> L86
            java.io.FileInputStream r2 = new java.io.FileInputStream     // Catch: java.io.IOException -> L2c java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.FileNotFoundException -> L86
            java.lang.String r3 = r7.keyStorePath     // Catch: java.io.IOException -> L2c java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.FileNotFoundException -> L86
            r2.<init>(r3)     // Catch: java.io.IOException -> L2c java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.FileNotFoundException -> L86
            char[] r0 = r7.keyStorePwd     // Catch: java.lang.Throwable -> L1d java.security.KeyStoreException -> L21 java.security.NoSuchAlgorithmException -> L23 java.security.cert.CertificateException -> L25 java.io.FileNotFoundException -> L28 java.io.IOException -> L2a
            r1.load(r2, r0)     // Catch: java.lang.Throwable -> L1d java.security.KeyStoreException -> L21 java.security.NoSuchAlgorithmException -> L23 java.security.cert.CertificateException -> L25 java.io.FileNotFoundException -> L28 java.io.IOException -> L2a
        L1b:
            r0 = r2
            goto L45
        L1d:
            r8 = move-exception
            r0 = r2
            goto L97
        L21:
            r8 = move-exception
            goto L26
        L23:
            r8 = move-exception
            goto L26
        L25:
            r8 = move-exception
        L26:
            r0 = r2
            goto L69
        L28:
            r0 = r2
            goto L86
        L2a:
            r0 = r2
            goto L2d
        L2c:
        L2d:
            if (r0 == 0) goto L32
            r0.close()     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
        L32:
            java.lang.String r1 = "PKCS12"
            java.security.KeyStore r1 = java.security.KeyStore.getInstance(r1)     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            java.io.FileInputStream r2 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            java.lang.String r3 = r7.keyStorePath     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            r2.<init>(r3)     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            char[] r0 = r7.keyStorePwd     // Catch: java.lang.Throwable -> L1d java.security.KeyStoreException -> L21 java.security.NoSuchAlgorithmException -> L23 java.security.cert.CertificateException -> L25 java.io.FileNotFoundException -> L28 java.io.IOException -> L4d
            r1.load(r2, r0)     // Catch: java.lang.Throwable -> L1d java.security.KeyStoreException -> L21 java.security.NoSuchAlgorithmException -> L23 java.security.cert.CertificateException -> L25 java.io.FileNotFoundException -> L28 java.io.IOException -> L4d
            goto L1b
        L45:
            com.microsoft.sqlserver.jdbc.CertificateDetails r8 = r7.getCertificateDetailsByAlias(r1, r8)     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            r0.close()     // Catch: java.io.IOException -> L4c
        L4c:
            return r8
        L4d:
            r8 = move-exception
            goto L26
        L4f:
            com.microsoft.sqlserver.jdbc.SQLServerException r8 = new com.microsoft.sqlserver.jdbc.SQLServerException     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            r2 = 0
            java.lang.String r1 = "R_InvalidMasterKeyDetails"
            java.lang.String r3 = com.microsoft.sqlserver.jdbc.SQLServerException.getErrString(r1)     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            r4 = 0
            r5 = 0
            r6 = 0
            r1 = r8
            r1.<init>(r2, r3, r4, r5, r6)     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
            throw r8     // Catch: java.lang.Throwable -> L60 java.security.KeyStoreException -> L62 java.security.NoSuchAlgorithmException -> L64 java.security.cert.CertificateException -> L66 java.io.IOException -> L68 java.io.FileNotFoundException -> L86
        L60:
            r8 = move-exception
            goto L97
        L62:
            r8 = move-exception
            goto L69
        L64:
            r8 = move-exception
            goto L69
        L66:
            r8 = move-exception
            goto L69
        L68:
            r8 = move-exception
        L69:
            java.text.MessageFormat r1 = new java.text.MessageFormat     // Catch: java.lang.Throwable -> L60
            java.lang.String r2 = "R_invalidKeyStoreFile"
            java.lang.String r2 = com.microsoft.sqlserver.jdbc.SQLServerException.getErrString(r2)     // Catch: java.lang.Throwable -> L60
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L60
            r2 = 1
            java.lang.Object[] r2 = new java.lang.Object[r2]     // Catch: java.lang.Throwable -> L60
            r3 = 0
            java.lang.String r4 = r7.keyStorePath     // Catch: java.lang.Throwable -> L60
            r2[r3] = r4     // Catch: java.lang.Throwable -> L60
            com.microsoft.sqlserver.jdbc.SQLServerException r3 = new com.microsoft.sqlserver.jdbc.SQLServerException     // Catch: java.lang.Throwable -> L60
            java.lang.String r1 = r1.format(r2)     // Catch: java.lang.Throwable -> L60
            r3.<init>(r1, r8)     // Catch: java.lang.Throwable -> L60
            throw r3     // Catch: java.lang.Throwable -> L60
        L86:
            com.microsoft.sqlserver.jdbc.SQLServerException r8 = new com.microsoft.sqlserver.jdbc.SQLServerException     // Catch: java.lang.Throwable -> L60
            java.lang.String r1 = "R_KeyStoreNotFound"
            java.lang.String r3 = com.microsoft.sqlserver.jdbc.SQLServerException.getErrString(r1)     // Catch: java.lang.Throwable -> L60
            r4 = 0
            r5 = 0
            r6 = 0
            r1 = r8
            r2 = r7
            r1.<init>(r2, r3, r4, r5, r6)     // Catch: java.lang.Throwable -> L60
            throw r8     // Catch: java.lang.Throwable -> L60
        L97:
            if (r0 == 0) goto L9c
            r0.close()     // Catch: java.io.IOException -> L9c
        L9c:
            throw r8
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionJavaKeyStoreProvider.getCertificateDetails(java.lang.String):com.microsoft.sqlserver.jdbc.CertificateDetails");
    }

    private CertificateDetails getCertificateDetailsByAlias(KeyStore keyStore, String str) throws SQLServerException {
        try {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            Key key = keyStore.getKey(str, this.keyStorePwd);
            if (x509Certificate == null) {
                throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_CertificateNotFoundForAlias")).format(new Object[]{str, "MSSQL_JAVA_KEYSTORE"}), (String) null, 0, false);
            }
            if (key != null) {
                return new CertificateDetails(x509Certificate, key);
            }
            throw new UnrecoverableKeyException();
        } catch (KeyStoreException e) {
            e = e;
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_CertificateError")).format(new Object[]{str, this.name}), e);
        } catch (NoSuchAlgorithmException e2) {
            e = e2;
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_CertificateError")).format(new Object[]{str, this.name}), e);
        } catch (UnrecoverableKeyException unused) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_UnrecoverableKeyAE")).format(new Object[]{str}), (String) null, 0, false);
        }
    }

    private byte[] getLittleEndianBytesFromShort(short s) {
        ByteBuffer allocate = ByteBuffer.allocate(2);
        allocate.order(ByteOrder.LITTLE_ENDIAN);
        return allocate.putShort(s).array();
    }

    private byte[] rsaSignHashedData(byte[] bArr, CertificateDetails certificateDetails) throws SQLServerException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign((PrivateKey) certificateDetails.privateKey);
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_EncryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
        }
    }

    private boolean rsaVerifySignature(byte[] bArr, byte[] bArr2, CertificateDetails certificateDetails) throws SQLServerException {
        try {
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign((PrivateKey) certificateDetails.privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            signature.initVerify(certificateDetails.certificate.getPublicKey());
            signature.update(bArr);
            return signature.verify(sign);
        } catch (InvalidKeyException | NoSuchAlgorithmException | SignatureException e) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_VerifySignatureFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
        }
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public byte[] decryptColumnEncryptionKey(String str, String str2, byte[] bArr) throws SQLServerException {
        Logger logger = javaKeyStoreLogger;
        logger.entering(SQLServerColumnEncryptionJavaKeyStoreProvider.class.getName(), "decryptColumnEncryptionKey", "Decrypting Column Encryption Key.");
        KeyStoreProviderCommon.validateNonEmptyMasterKeyPath(str);
        byte[] decryptColumnEncryptionKey = KeyStoreProviderCommon.decryptColumnEncryptionKey(str, str2, bArr, getCertificateDetails(str));
        logger.exiting(SQLServerColumnEncryptionJavaKeyStoreProvider.class.getName(), "decryptColumnEncryptionKey", "Finished decrypting Column Encryption Key.");
        return decryptColumnEncryptionKey;
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public byte[] encryptColumnEncryptionKey(String str, String str2, byte[] bArr) throws SQLServerException {
        Logger logger = javaKeyStoreLogger;
        logger.entering(SQLServerColumnEncryptionJavaKeyStoreProvider.class.getName(), "encryptColumnEncryptionKey", "Encrypting Column Encryption Key.");
        byte[] bArr2 = KeyStoreProviderCommon.version;
        KeyStoreProviderCommon.validateNonEmptyMasterKeyPath(str);
        if (bArr == null) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_NullColumnEncryptionKey"), (String) null, 0, false);
        }
        if (bArr.length == 0) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_EmptyColumnEncryptionKey"), (String) null, 0, false);
        }
        KeyStoreProviderCommon.validateEncryptionAlgorithm(str2, true);
        CertificateDetails certificateDetails = getCertificateDetails(str);
        byte[] encryptRSAOAEP = encryptRSAOAEP(bArr, certificateDetails);
        byte[] littleEndianBytesFromShort = getLittleEndianBytesFromShort((short) encryptRSAOAEP.length);
        byte[] bytes = str.toLowerCase().getBytes(StandardCharsets.UTF_16LE);
        byte[] littleEndianBytesFromShort2 = getLittleEndianBytesFromShort((short) bytes.length);
        byte[] bArr3 = new byte[bArr2.length + littleEndianBytesFromShort2.length + littleEndianBytesFromShort.length + bytes.length + encryptRSAOAEP.length];
        int length = bArr2.length;
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(littleEndianBytesFromShort2, 0, bArr3, length, littleEndianBytesFromShort2.length);
        int length2 = length + littleEndianBytesFromShort2.length;
        System.arraycopy(littleEndianBytesFromShort, 0, bArr3, length2, littleEndianBytesFromShort.length);
        int length3 = length2 + littleEndianBytesFromShort.length;
        System.arraycopy(bytes, 0, bArr3, length3, bytes.length);
        System.arraycopy(encryptRSAOAEP, 0, bArr3, length3 + bytes.length, encryptRSAOAEP.length);
        byte[] rsaSignHashedData = rsaSignHashedData(bArr3, certificateDetails);
        byte[] bArr4 = new byte[bArr2.length + littleEndianBytesFromShort.length + littleEndianBytesFromShort2.length + encryptRSAOAEP.length + bytes.length + rsaSignHashedData.length];
        System.arraycopy(bArr2, 0, bArr4, 0, bArr2.length);
        int length4 = bArr2.length + 0;
        System.arraycopy(littleEndianBytesFromShort2, 0, bArr4, length4, littleEndianBytesFromShort2.length);
        int length5 = length4 + littleEndianBytesFromShort2.length;
        System.arraycopy(littleEndianBytesFromShort, 0, bArr4, length5, littleEndianBytesFromShort.length);
        int length6 = length5 + littleEndianBytesFromShort.length;
        System.arraycopy(bytes, 0, bArr4, length6, bytes.length);
        int length7 = length6 + bytes.length;
        System.arraycopy(encryptRSAOAEP, 0, bArr4, length7, encryptRSAOAEP.length);
        System.arraycopy(rsaSignHashedData, 0, bArr4, length7 + encryptRSAOAEP.length, rsaSignHashedData.length);
        logger.exiting(SQLServerColumnEncryptionJavaKeyStoreProvider.class.getName(), "encryptColumnEncryptionKey", "Finished encrypting Column Encryption Key.");
        return bArr4;
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public String getName() {
        return this.name;
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public void setName(String str) {
        this.name = str;
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public boolean verifyColumnMasterKeyMetadata(String str, boolean z, byte[] bArr) throws SQLServerException {
        if (!z) {
            return false;
        }
        KeyStoreProviderCommon.validateNonEmptyMasterKeyPath(str);
        CertificateDetails certificateDetails = getCertificateDetails(str);
        if (certificateDetails == null) {
            return false;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(this.name.toLowerCase().getBytes(StandardCharsets.UTF_16LE));
            messageDigest.update(str.toLowerCase().getBytes(StandardCharsets.UTF_16LE));
            messageDigest.update("true".getBytes(StandardCharsets.UTF_16LE));
            return rsaVerifySignature(messageDigest.digest(), bArr, certificateDetails);
        } catch (NoSuchAlgorithmException e) {
            throw new SQLServerException(SQLServerException.getErrString("R_NoSHA256Algorithm"), e);
        }
    }
}
