package com.microsoft.sqlserver.jdbc;

import com.oscar.crypt.Md;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.util.Enumeration;
import java.util.Locale;
import java.util.logging.Logger;
import javax.xml.bind.DatatypeConverter;
import oracle.net.nt.CustomSSLSocketFactory;

/* loaded from: input_file:BOOT-INF/lib/sqljdbc4-4.2.jar:com/microsoft/sqlserver/jdbc/SQLServerColumnEncryptionCertificateStoreProvider.class */
public final class SQLServerColumnEncryptionCertificateStoreProvider extends SQLServerColumnEncryptionKeyStoreProvider {
    private static final Logger windowsCertificateStoreLogger = Logger.getLogger("com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionCertificateStoreProvider");
    static boolean isWindows;
    static final String localMachineDirectory = "LocalMachine";
    static final String currentUserDirectory = "CurrentUser";
    static final String myCertificateStore = "My";
    String name = "MSSQL_CERTIFICATE_STORE";
    private Path keyStoreDirectoryPath = null;

    public SQLServerColumnEncryptionCertificateStoreProvider() {
        windowsCertificateStoreLogger.entering(SQLServerColumnEncryptionCertificateStoreProvider.class.getName(), "SQLServerColumnEncryptionCertificateStoreProvider");
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public void setName(String str) {
        this.name = str;
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public String getName() {
        return this.name;
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public byte[] encryptColumnEncryptionKey(String str, String str2, byte[] bArr) throws SQLServerException {
        throw new SQLServerException((Object) null, SQLServerException.getErrString("R_InvalidWindowsCertificateStoreEncryption"), (String) null, 0, false);
    }

    private byte[] decryptColumnEncryptionKeyWindows(String str, String str2, byte[] bArr) throws SQLServerException {
        try {
            return AuthenticationJNI.DecryptColumnEncryptionKey(str, str2, bArr);
        } catch (DLLException e) {
            DLLException.buildException(e.GetErrCode(), e.GetParam1(), e.GetParam2(), e.GetParam3());
            return null;
        }
    }

    private CertificateDetails getCertificateDetails(String str) throws SQLServerException {
        String str2 = null;
        String[] split = str.split("/");
        if (split.length > 3) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_AECertpathBad")).format(new Object[]{str}), null);
        }
        if (split.length > 2) {
            if (split[0].equalsIgnoreCase(localMachineDirectory)) {
                str2 = localMachineDirectory;
            } else {
                if (!split[0].equalsIgnoreCase(currentUserDirectory)) {
                    throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_AECertLocBad")).format(new Object[]{split[0], str}), null);
                }
                str2 = currentUserDirectory;
            }
        }
        if (split.length > 1 && !split[split.length - 2].equalsIgnoreCase(myCertificateStore)) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_AECertStoreBad")).format(new Object[]{split[split.length - 2], str}), null);
        }
        String str3 = split[split.length - 1];
        if (null == str3 || 0 == str3.length()) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_AECertHashEmpty")).format(new Object[]{str}), null);
        }
        return getCertificateByThumbprint(str2, str3, str);
    }

    private String getThumbPrint(X509Certificate x509Certificate) throws NoSuchAlgorithmException, CertificateEncodingException {
        MessageDigest messageDigest = MessageDigest.getInstance(Md.Cryptix_SHA1_Name);
        messageDigest.update(x509Certificate.getEncoded());
        return DatatypeConverter.printHexBinary(messageDigest.digest());
    }

    private CertificateDetails getCertificateByThumbprint(String str, String str2, String str3) throws SQLServerException {
        if (null == this.keyStoreDirectoryPath) {
            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_AEKeyPathEmptyOrReserved")).format(new Object[]{this.keyStoreDirectoryPath}), null);
        }
        Path resolve = this.keyStoreDirectoryPath.resolve(str);
        try {
            KeyStore keyStore = KeyStore.getInstance(CustomSSLSocketFactory.PKCS12_WALLET_TYPE);
            File[] listFiles = resolve.toFile().listFiles();
            if (null == listFiles || (null != listFiles && 0 == listFiles.length)) {
                throw new SQLServerException(SQLServerException.getErrString("R_KeyStoreNotFound"), null);
            }
            for (File file : listFiles) {
                if (!file.isDirectory()) {
                    try {
                        keyStore.load(new FileInputStream(file), "".toCharArray());
                        try {
                            Enumeration<String> aliases = keyStore.aliases();
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                                if (str2.matches(getThumbPrint(x509Certificate))) {
                                    try {
                                        Key key = keyStore.getKey(nextElement, "".toCharArray());
                                        if (null == key) {
                                            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_UnrecoverableKeyAE")).format(new Object[]{str3}), (String) null, 0, false);
                                        }
                                        return new CertificateDetails(x509Certificate, key);
                                    } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                                        throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_UnrecoverableKeyAE")).format(new Object[]{str3}), (String) null, 0, false);
                                    }
                                }
                            }
                        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
                            throw new SQLServerException(new MessageFormat(SQLServerException.getErrString("R_CertificateError")).format(new Object[]{str3, this.name}), e2);
                        }
                    } catch (IOException | NoSuchAlgorithmException | CertificateException e3) {
                    }
                }
            }
            throw new SQLServerException(SQLServerException.getErrString("R_KeyStoreNotFound"), null);
        } catch (KeyStoreException e4) {
            throw new SQLServerException((Object) this, new MessageFormat(SQLServerException.getErrString("R_CertificateError")).format(new Object[]{str3, this.name}), (String) null, 0, false);
        }
    }

    private byte[] decryptColumnEncryptionKeyLinux(String str, String str2, byte[] bArr) throws SQLServerException {
        KeyStoreProviderCommon.validateNonEmptyMasterKeyPath(str);
        return KeyStoreProviderCommon.decryptColumnEncryptionKey(str, str2, bArr, getCertificateDetails(str));
    }

    @Override // com.microsoft.sqlserver.jdbc.SQLServerColumnEncryptionKeyStoreProvider
    public byte[] decryptColumnEncryptionKey(String str, String str2, byte[] bArr) throws SQLServerException {
        windowsCertificateStoreLogger.entering(SQLServerColumnEncryptionCertificateStoreProvider.class.getName(), "decryptColumnEncryptionKey", "Decrypting Column Encryption Key.");
        if (!isWindows) {
            throw new SQLServerException(SQLServerException.getErrString("R_notSupported"), null);
        }
        byte[] decryptColumnEncryptionKeyWindows = decryptColumnEncryptionKeyWindows(str, str2, bArr);
        windowsCertificateStoreLogger.exiting(SQLServerColumnEncryptionCertificateStoreProvider.class.getName(), "decryptColumnEncryptionKey", "Finished decrypting Column Encryption Key.");
        return decryptColumnEncryptionKeyWindows;
    }

    static {
        if (System.getProperty("os.name").toLowerCase(Locale.ENGLISH).startsWith("windows")) {
            isWindows = true;
        } else {
            isWindows = false;
        }
    }
}
