package com.microsoft.sqlserver.jdbc;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.openid4java.association.Association;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/microsoft/sqlserver/jdbc/SQLServerSecurityUtility.class */
public class SQLServerSecurityUtility {
    static final /* synthetic */ boolean $assertionsDisabled;

    SQLServerSecurityUtility() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] getHMACWithSHA256(byte[] bArr, byte[] bArr2, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] bArr3 = new byte[i];
        Mac mac = Mac.getInstance(Association.HMAC_SHA256_ALGORITHM);
        mac.init(new SecretKeySpec(bArr2, Association.HMAC_SHA256_ALGORITHM));
        System.arraycopy(mac.doFinal(bArr), 0, bArr3, 0, bArr3.length);
        return bArr3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean compareBytes(byte[] bArr, byte[] bArr2, int i, int i2) {
        if (null == bArr || null == bArr2 || bArr2.length - i < i2) {
            return false;
        }
        for (int i3 = 0; i3 < bArr.length && i3 < i2; i3++) {
            if (bArr[i3] != bArr2[i + i3]) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] encryptWithKey(byte[] bArr, CryptoMetadata cryptoMetadata, SQLServerConnection sQLServerConnection) throws SQLServerException {
        String trustedServerNameAE = sQLServerConnection.getTrustedServerNameAE();
        if (!$assertionsDisabled && trustedServerNameAE == null) {
            throw new AssertionError("Server name should npt be null in EncryptWithKey");
        }
        if (!cryptoMetadata.IsAlgorithmInitialized()) {
            decryptSymmetricKey(cryptoMetadata, sQLServerConnection);
        }
        if (!$assertionsDisabled && !cryptoMetadata.IsAlgorithmInitialized()) {
            throw new AssertionError();
        }
        byte[] encryptData = cryptoMetadata.cipherAlgorithm.encryptData(bArr);
        if (null == encryptData || 0 == encryptData.length) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_NullCipherTextAE"), (String) null, 0, false);
        }
        return encryptData;
    }

    private static String ValidateAndGetEncryptionAlgorithmName(byte b, String str) throws SQLServerException {
        if (2 != b) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_CustomCipherAlgorithmNotSupportedAE"), (String) null, 0, false);
        }
        return "AEAD_AES_256_CBC_HMAC_SHA256";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void decryptSymmetricKey(CryptoMetadata cryptoMetadata, SQLServerConnection sQLServerConnection) throws SQLServerException {
        if (!$assertionsDisabled && null == cryptoMetadata) {
            throw new AssertionError("md should not be null in DecryptSymmetricKey.");
        }
        if (!$assertionsDisabled && null == cryptoMetadata.cekTableEntry) {
            throw new AssertionError("md.EncryptionInfo should not be null in DecryptSymmetricKey.");
        }
        if (!$assertionsDisabled && null == cryptoMetadata.cekTableEntry.columnEncryptionKeyValues) {
            throw new AssertionError("md.EncryptionInfo.ColumnEncryptionKeyValues should not be null in DecryptSymmetricKey.");
        }
        SQLServerSymmetricKey sQLServerSymmetricKey = null;
        EncryptionKeyInfo encryptionKeyInfo = null;
        SQLServerSymmetricKeyCache sQLServerSymmetricKeyCache = SQLServerSymmetricKeyCache.getInstance();
        Iterator<EncryptionKeyInfo> it = cryptoMetadata.cekTableEntry.columnEncryptionKeyValues.iterator();
        SQLServerException sQLServerException = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            EncryptionKeyInfo next = it.next();
            try {
                sQLServerSymmetricKey = sQLServerSymmetricKeyCache.getKey(next, sQLServerConnection);
            } catch (SQLServerException e) {
                sQLServerException = e;
            }
            if (null != sQLServerSymmetricKey) {
                encryptionKeyInfo = next;
                break;
            }
        }
        if (null == sQLServerSymmetricKey) {
            if (null == sQLServerException) {
                throw new SQLServerException((Object) null, SQLServerException.getErrString("R_CEKDecryptionFailed"), (String) null, 0, false);
            }
            throw sQLServerException;
        }
        cryptoMetadata.cipherAlgorithm = null;
        SQLServerEncryptionAlgorithm algorithm = SQLServerEncryptionAlgorithmFactoryList.getInstance().getAlgorithm(sQLServerSymmetricKey, cryptoMetadata.encryptionType, ValidateAndGetEncryptionAlgorithmName(cryptoMetadata.cipherAlgorithmId, cryptoMetadata.cipherAlgorithmName));
        if (!$assertionsDisabled && null == algorithm) {
            throw new AssertionError("Cipher algorithm cannot be null in DecryptSymmetricKey");
        }
        cryptoMetadata.cipherAlgorithm = algorithm;
        cryptoMetadata.encryptionKeyInfo = encryptionKeyInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decryptWithKey(byte[] bArr, CryptoMetadata cryptoMetadata, SQLServerConnection sQLServerConnection) throws SQLServerException {
        String trustedServerNameAE = sQLServerConnection.getTrustedServerNameAE();
        if (!$assertionsDisabled && null == trustedServerNameAE) {
            throw new AssertionError("serverName should not be null in DecryptWithKey.");
        }
        if (!cryptoMetadata.IsAlgorithmInitialized()) {
            decryptSymmetricKey(cryptoMetadata, sQLServerConnection);
        }
        if (!$assertionsDisabled && !cryptoMetadata.IsAlgorithmInitialized()) {
            throw new AssertionError("Decryption Algorithm is not initialized");
        }
        byte[] decryptData = cryptoMetadata.cipherAlgorithm.decryptData(bArr);
        if (null == decryptData) {
            throw new SQLServerException((Object) null, SQLServerException.getErrString("R_PlainTextNullAE"), (String) null, 0, false);
        }
        return decryptData;
    }

    static {
        $assertionsDisabled = !SQLServerSecurityUtility.class.desiredAssertionStatus();
    }
}
