package com.sybase.jdbc4.tds;

import com.sybase.jdbc4.charset.CharsetUtil;
import com.sybase.jdbc4.charset.SybUTF8Charset;
import com.sybase.jdbc4.jdbc.ErrorMessage;
import com.sybase.jdbc4.jdbc.ParamManager;
import com.sybase.jdbc4.jdbc.SybProperty;
import com.sybase.jdbc4.security.asn1.ASN1InputStream;
import com.sybase.jdbc4.security.asn1.DERSequence;
import com.sybase.jdbc4.security.asn1.x509.RSAPublicKeyStructure;
import com.sybase.jdbc4.security.util.Base64Tools;
import com.sybase.jdbc4.utils.JCEProviderUtil;
import com.sybase.jdbc4.utils.LogUtil;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.RSAPublicKeySpec;
import java.sql.SQLException;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:drivers/sybase/jconnect/jconn4.jar:com/sybase/jdbc4/tds/SecLoginContext.class */
public final class SecLoginContext {
    private static final Logger LOG = Logger.getLogger(SecLoginContext.class.getName());
    private Tds _protocol;
    private int _encryptMsgId;
    private byte[] _salt = null;
    private byte[] _nonce = null;
    private Cipher _cipherSuite = null;
    private SecretKey _symmetricKey = null;
    private SYMMETRICKEY_STATE _symmetricKeyState = SYMMETRICKEY_STATE.NOT_GENERATED;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:drivers/sybase/jconnect/jconn4.jar:com/sybase/jdbc4/tds/SecLoginContext$SYMMETRICKEY_STATE.class */
    public enum SYMMETRICKEY_STATE {
        NOT_GENERATED,
        GENERATED,
        SENT
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecLoginContext(Tds tds, int i) throws SQLException {
        this._protocol = null;
        this._protocol = tds;
        this._encryptMsgId = i;
        SybProperty sybProperty = this._protocol.getSybProperty();
        if (this._encryptMsgId == 14 || this._encryptMsgId == 30 || this._encryptMsgId == 35) {
            try {
                JCEProviderUtil.initProvider(sybProperty.getObject(66), sybProperty.getBoolean(104));
            } catch (Exception e) {
                ErrorMessage.raiseError(ErrorMessage.ERR_JCE_PROVIDER_CLASS, new SQLException(e));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void extractServerPublicKey(TdsProtocolContext tdsProtocolContext) throws IOException, SQLException {
        this._protocol.nextResult(tdsProtocolContext);
        tdsProtocolContext._in.readUnsignedByte();
        int i = 0;
        if (this._encryptMsgId == 14 || this._encryptMsgId == 30 || this._encryptMsgId == 35) {
            TdsInt tdsInt = new TdsInt(tdsProtocolContext);
            tdsInt._dataFmt = tdsProtocolContext._paramFmts.getDataFormat(0);
            tdsInt.getInt();
            try {
                this._cipherSuite = JCEProviderUtil.createCipherSuite();
            } catch (GeneralSecurityException e) {
                ErrorMessage.raiseError(ErrorMessage.ERR_LOADING_CIPHER, "RSA/ECB/OAEPWithSHA1AndMGF1Padding or RSA/NONE/OAEPWithSHA1AndMGF1Padding");
            }
            i = 0 + 1;
        }
        TdsJdbcInputStream tdsJdbcInputStream = new TdsJdbcInputStream(null, tdsProtocolContext, this._protocol);
        tdsJdbcInputStream._dataFmt = tdsProtocolContext._paramFmts.getDataFormat(i);
        this._salt = tdsJdbcInputStream.getBytes();
        int i2 = i + 1;
        if (this._encryptMsgId == 30 || this._encryptMsgId == 35) {
            TdsJdbcInputStream tdsJdbcInputStream2 = new TdsJdbcInputStream(null, tdsProtocolContext, this._protocol);
            tdsJdbcInputStream2._dataFmt = tdsProtocolContext._paramFmts.getDataFormat(i2);
            this._nonce = tdsJdbcInputStream2.getBytes();
        }
        tdsProtocolContext._lastResult = -1;
        if (this._protocol._info.getBoolean(55) || !this._protocol._capT._reqCaps.get(106)) {
            this._protocol.nextResult(tdsProtocolContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendEncPwd(TdsProtocolContext tdsProtocolContext, String str) throws SQLException, IOException {
        if (str == null) {
            str = "";
        }
        byte[] bytes = this._protocol._charsetName == null ? str.getBytes() : this._protocol._charsetName.equals(SybUTF8Charset.CHARSET_NAME) ? CharsetUtil.fromSybUTF8(str) : str.getBytes(this._protocol._charsetName);
        byte[] bArr = null;
        int i = 2;
        int i2 = 3;
        int i3 = -3;
        if (this._encryptMsgId == 14 || this._encryptMsgId == 30 || this._encryptMsgId == 35) {
            if (this._encryptMsgId == 30 || this._encryptMsgId == 35) {
                i = 31;
                i2 = 32;
                i3 = -4;
                bytes = prependNonce(bytes);
            } else {
                i = 15;
                i2 = 22;
            }
            try {
                this._cipherSuite.init(1, generateServerPublicKey());
                bArr = this._cipherSuite.doFinal(bytes);
            } catch (GeneralSecurityException e) {
                ErrorMessage.raiseError(ErrorMessage.ERR_PROTOCOL_ERROR);
            }
        } else {
            bArr = new byte[33];
            bArr[32] = (byte) new Encryption().pwd_encrypt(this._salt, this._salt.length, bytes, bytes.length, bArr);
        }
        MsgToken msgToken = new MsgToken((byte) 1, (short) i);
        ParamManager paramManager = new ParamManager(1, tdsProtocolContext);
        paramManager.setParam(1, i3, bArr, 0);
        msgToken.send(this._protocol._out);
        this._protocol.sendParamStream(paramManager, this._protocol._out);
        MsgToken msgToken2 = new MsgToken((byte) 1, (short) i2);
        ParamManager paramManager2 = new ParamManager(2, tdsProtocolContext);
        paramManager2.setParam(1, 12, (Object) null, 0);
        paramManager2.setParam(2, i3, bArr, 0);
        msgToken2.send(this._protocol._out);
        this._protocol.sendParamStream(paramManager2, this._protocol._out);
        if (this._encryptMsgId == 35) {
            generateSymmetricKey(tdsProtocolContext);
        }
        this._protocol._out.flush();
    }

    private PublicKey generateServerPublicKey() throws SQLException, IOException {
        PublicKey publicKey = null;
        RSAPublicKeyStructure rSAPublicKeyStructure = new RSAPublicKeyStructure((DERSequence) new ASN1InputStream(decodePEM(new StringReader(this._protocol._charsetName == null ? new String(this._salt) : this._protocol._charsetName.equals(SybUTF8Charset.CHARSET_NAME) ? CharsetUtil.toSybUTF8(this._salt) : new String(this._salt, this._protocol._charsetName)))).readObject());
        try {
            publicKey = KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPublicKeyStructure.getModulus(), rSAPublicKeyStructure.getPublicExponent()));
        } catch (GeneralSecurityException e) {
            ErrorMessage.raiseError(ErrorMessage.ERR_PROTOCOL_ERROR);
        }
        return publicKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void generateSymmetricKey(TdsProtocolContext tdsProtocolContext) throws SQLException, IOException {
        MsgToken msgToken = new MsgToken((byte) 1, (short) 34);
        ParamManager paramManager = new ParamManager(1, tdsProtocolContext);
        try {
            createSymmetricKey();
            byte[] prependNonce = prependNonce(this._symmetricKey.getEncoded());
            this._cipherSuite.init(1, generateServerPublicKey());
            paramManager.setParam(1, -4, this._cipherSuite.doFinal(prependNonce), 0);
            msgToken.send(this._protocol._out);
            this._protocol.sendParamStream(paramManager, this._protocol._out);
            this._symmetricKeyState = SYMMETRICKEY_STATE.GENERATED;
        } catch (GeneralSecurityException e) {
            ErrorMessage.raiseError(ErrorMessage.ERR_PROTOCOL_ERROR);
        }
    }

    private byte[] decodePEM(Reader reader) throws SQLException, IOException {
        BufferedReader bufferedReader = new BufferedReader(reader);
        boolean z = false;
        StringWriter stringWriter = new StringWriter();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                break;
            }
            if (!z && readLine.startsWith("-----BEGIN")) {
                z = true;
            } else {
                if (z && readLine.startsWith("-----END")) {
                    break;
                }
                stringWriter.write(readLine);
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Base64Tools.decode(new StringReader(stringWriter.toString()), byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    private byte[] prependNonce(byte[] bArr) {
        byte[] bArr2 = new byte[this._nonce.length + bArr.length];
        int i = 0;
        while (i < bArr2.length) {
            bArr2[i] = i < this._nonce.length ? this._nonce[i] : bArr[i - this._nonce.length];
            i++;
        }
        return bArr2;
    }

    private void createSymmetricKey() throws SQLException {
        if (this._symmetricKey == null) {
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
                keyGenerator.init(256, new SecureRandom());
                this._symmetricKey = keyGenerator.generateKey();
            } catch (GeneralSecurityException e) {
                ErrorMessage.raiseError(ErrorMessage.ERR_PROTOCOL_ERROR);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] encryptData(byte[] bArr) throws SQLException {
        byte[] bArr2 = null;
        try {
            Cipher createAESCipherSuite = JCEProviderUtil.createAESCipherSuite();
            createAESCipherSuite.init(1, this._symmetricKey);
            byte[] doFinal = createAESCipherSuite.doFinal(bArr);
            if (LogUtil.isLoggingEnabled(LOG)) {
                LOG.finer("Decrypted Data: " + decryptData(doFinal, createAESCipherSuite.getIV()));
            }
            byte[] bArr3 = new byte[8 + createAESCipherSuite.getIV().length + doFinal.length];
            System.arraycopy(createAESCipherSuite.getIV(), 0, bArr3, 8, createAESCipherSuite.getIV().length);
            System.arraycopy(doFinal, 0, bArr3, 24, doFinal.length);
            bArr2 = bArr3;
        } catch (GeneralSecurityException e) {
            if (LogUtil.isLoggingEnabled(LOG)) {
                LOG.finer("Unable to load AES/CBC/PKCS5Padding: {" + e.getMessage() + "} giving up!");
            }
            ErrorMessage.raiseError(ErrorMessage.ERR_PROTOCOL_ERROR);
        }
        return bArr2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] encryptData(byte[] bArr, byte[] bArr2) throws SQLException {
        byte[] bArr3 = null;
        try {
            Cipher createAESCipherSuite = JCEProviderUtil.createAESCipherSuite();
            createAESCipherSuite.init(1, this._symmetricKey, new IvParameterSpec(bArr2));
            byte[] doFinal = createAESCipherSuite.doFinal(bArr);
            if (LogUtil.isLoggingEnabled(LOG)) {
                LOG.finer("Decrypted Data: " + decryptData(doFinal, createAESCipherSuite.getIV()));
            }
            byte[] bArr4 = new byte[8 + doFinal.length];
            System.arraycopy(doFinal, 0, bArr4, 8, doFinal.length);
            bArr3 = bArr4;
        } catch (GeneralSecurityException e) {
            if (LogUtil.isLoggingEnabled(LOG)) {
                LOG.finer("Unable to load AES/CBC/PKCS5Padding: {" + e.getMessage() + "} giving up!");
            }
            ErrorMessage.raiseError(ErrorMessage.ERR_PROTOCOL_ERROR);
        }
        return bArr3;
    }

    String decryptData(byte[] bArr, byte[] bArr2) throws SQLException {
        byte[] bArr3 = null;
        try {
            Cipher createAESCipherSuite = JCEProviderUtil.createAESCipherSuite();
            if (bArr2 == null) {
                createAESCipherSuite.init(2, this._symmetricKey);
            } else {
                createAESCipherSuite.init(2, this._symmetricKey, new IvParameterSpec(bArr2));
            }
            bArr3 = createAESCipherSuite.doFinal(bArr);
        } catch (GeneralSecurityException e) {
            ErrorMessage.raiseError(ErrorMessage.ERR_PROTOCOL_ERROR);
        }
        return new String(bArr3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSymmetricKeySent() {
        return this._symmetricKeyState == SYMMETRICKEY_STATE.SENT;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isSymmetricKeyGenerated() {
        return this._symmetricKeyState == SYMMETRICKEY_STATE.GENERATED;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setSymmetricKeyStateSENT() {
        this._symmetricKeyState = SYMMETRICKEY_STATE.SENT;
    }
}
