package com.microsoft.sqlserver.jdbc;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.MessageFormat;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.snowflake.client.jdbc.internal.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;

/* loaded from: input_file:modules/sqlserver.metabase-driver.jar:com/microsoft/sqlserver/jdbc/SQLServerAeadAes256CbcHmac256Algorithm.class */
class SQLServerAeadAes256CbcHmac256Algorithm extends SQLServerEncryptionAlgorithm {
    private static final Logger aeLogger;
    static final String algorithmName = "AEAD_AES_256_CBC_HMAC_SHA256";
    private SQLServerAeadAes256CbcHmac256EncryptionKey columnEncryptionkey;
    private byte algorithmVersion;
    private boolean isDeterministic;
    private int blockSizeInBytes = 16;
    private int keySizeInBytes = 32;
    private byte[] version = {1};
    private byte[] versionSize = {1};
    private int minimumCipherTextLengthInBytesNoAuthenticationTag = (1 + this.blockSizeInBytes) + this.blockSizeInBytes;
    private int minimumCipherTextLengthInBytesWithAuthenticationTag = this.minimumCipherTextLengthInBytesNoAuthenticationTag + this.keySizeInBytes;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SQLServerAeadAes256CbcHmac256Algorithm(SQLServerAeadAes256CbcHmac256EncryptionKey sQLServerAeadAes256CbcHmac256EncryptionKey, SQLServerEncryptionType sQLServerEncryptionType, byte b) {
        this.isDeterministic = false;
        this.columnEncryptionkey = sQLServerAeadAes256CbcHmac256EncryptionKey;
        if (sQLServerEncryptionType == SQLServerEncryptionType.Deterministic) {
            this.isDeterministic = true;
        }
        this.algorithmVersion = b;
        this.version[0] = b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.sqlserver.jdbc.SQLServerEncryptionAlgorithm
    public byte[] encryptData(byte[] bArr) throws SQLServerException {
        return encryptData(bArr, true);
    }

    protected byte[] encryptData(byte[] bArr, boolean z) throws SQLServerException {
        aeLogger.entering(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "encryptData", "Encrypting data.");
        if (!$assertionsDisabled && bArr == null) {
            throw new AssertionError();
        }
        byte[] bArr2 = new byte[this.blockSizeInBytes];
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.columnEncryptionkey.getEncryptionKey(), "AES");
        if (this.isDeterministic) {
            try {
                bArr2 = SQLServerSecurityUtility.getHMACWithSHA256(bArr, this.columnEncryptionkey.getIVKey(), this.blockSizeInBytes);
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_EncryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
            }
        } else {
            new SecureRandom().nextBytes(bArr2);
        }
        int length = (bArr.length / this.blockSizeInBytes) + 1;
        int i = z ? this.keySizeInBytes : 0;
        int i2 = 1 + i;
        int i3 = i2 + this.blockSizeInBytes;
        byte[] bArr3 = new byte[1 + i + bArr2.length + (length * this.blockSizeInBytes)];
        bArr3[0] = this.algorithmVersion;
        System.arraycopy(bArr2, 0, bArr3, i2, bArr2.length);
        try {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            Cipher cipher = Cipher.getInstance(JceEncryptionConstants.SYMMETRIC_CIPHER_METHOD);
            cipher.init(1, secretKeySpec, ivParameterSpec);
            int i4 = 0;
            int i5 = i3;
            if (length > 1) {
                i4 = (length - 1) * this.blockSizeInBytes;
                i5 += cipher.update(bArr, 0, i4, bArr3, i5);
            }
            byte[] doFinal = cipher.doFinal(bArr, i4, bArr.length - i4);
            System.arraycopy(doFinal, 0, bArr3, i5, doFinal.length);
            if (z) {
                Mac mac = Mac.getInstance("HmacSHA256");
                mac.init(new SecretKeySpec(this.columnEncryptionkey.getMacKey(), "HmacSHA256"));
                mac.update(this.version, 0, this.version.length);
                mac.update(bArr2, 0, bArr2.length);
                mac.update(bArr3, i3, length * this.blockSizeInBytes);
                mac.update(this.versionSize, 0, this.version.length);
                System.arraycopy(mac.doFinal(), 0, bArr3, 1, i);
            }
            aeLogger.exiting(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "encryptData", "Data encrypted.");
            return bArr3;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException | ShortBufferException e2) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_EncryptionFailed")).format(new Object[]{e2.getMessage()}), (String) null, 0, false);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.microsoft.sqlserver.jdbc.SQLServerEncryptionAlgorithm
    public byte[] decryptData(byte[] bArr) throws SQLServerException {
        return decryptData(bArr, true);
    }

    private byte[] decryptData(byte[] bArr, boolean z) throws SQLServerException {
        if (!$assertionsDisabled && bArr == null) {
            throw new AssertionError();
        }
        byte[] bArr2 = new byte[this.blockSizeInBytes];
        int i = z ? this.minimumCipherTextLengthInBytesWithAuthenticationTag : this.minimumCipherTextLengthInBytesNoAuthenticationTag;
        if (bArr.length < i) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_InvalidCipherTextSize")).format(new Object[]{Integer.valueOf(bArr.length), Integer.valueOf(i)}), (String) null, 0, false);
        }
        if (bArr[0] != this.algorithmVersion) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_InvalidAlgorithmVersion")).format(new Object[]{String.format("%02X ", Byte.valueOf(bArr[0])), String.format("%02X ", Byte.valueOf(this.algorithmVersion))}), (String) null, 0, false);
        }
        int i2 = 0 + 1;
        int i3 = 0;
        if (z) {
            i3 = i2;
            i2 += this.keySizeInBytes;
        }
        System.arraycopy(bArr, i2, bArr2, 0, bArr2.length);
        int length = i2 + bArr2.length;
        int length2 = bArr.length - length;
        if (z) {
            try {
                if (!SQLServerSecurityUtility.compareBytes(prepareAuthenticationTag(bArr2, bArr, length, length2), bArr, i3, length2)) {
                    throw new SQLServerException((Object) this, SQLServerException.getErrString("R_InvalidAuthenticationTag"), (String) null, 0, false);
                }
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_DecryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
            }
        }
        return decryptData(bArr2, bArr, length, length2);
    }

    private byte[] decryptData(byte[] bArr, byte[] bArr2, int i, int i2) throws SQLServerException {
        aeLogger.entering(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "decryptData", "Decrypting data.");
        if (!$assertionsDisabled && bArr2 == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && bArr == null) {
            throw new AssertionError();
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.columnEncryptionkey.getEncryptionKey(), "AES");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        try {
            Cipher cipher = Cipher.getInstance(JceEncryptionConstants.SYMMETRIC_CIPHER_METHOD);
            cipher.init(2, secretKeySpec, ivParameterSpec);
            byte[] doFinal = cipher.doFinal(bArr2, i, i2);
            aeLogger.exiting(SQLServerAeadAes256CbcHmac256Algorithm.class.getName(), "decryptData", "Data decrypted.");
            return doFinal;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_DecryptionFailed")).format(new Object[]{e.getMessage()}), (String) null, 0, false);
        }
    }

    private byte[] prepareAuthenticationTag(byte[] bArr, byte[] bArr2, int i, int i2) throws NoSuchAlgorithmException, InvalidKeyException {
        if (!$assertionsDisabled && bArr2 == null) {
            throw new AssertionError();
        }
        byte[] bArr3 = new byte[this.keySizeInBytes];
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(this.columnEncryptionkey.getMacKey(), "HmacSHA256"));
        mac.update(this.version, 0, this.version.length);
        mac.update(bArr, 0, bArr.length);
        mac.update(bArr2, i, i2);
        mac.update(this.versionSize, 0, this.version.length);
        System.arraycopy(mac.doFinal(), 0, bArr3, 0, bArr3.length);
        return bArr3;
    }

    static {
        $assertionsDisabled = !SQLServerAeadAes256CbcHmac256Algorithm.class.desiredAssertionStatus();
        aeLogger = Logger.getLogger("com.microsoft.sqlserver.jdbc.SQLServerAeadAes256CbcHmac256Algorithm");
    }
}
