package com.sap.db.util;

import com.sap.db.annotations.Immutable;
import com.sap.db.jdbc.ColumnEncryptionKey;
import com.sap.db.jdbc.exceptions.SQLExceptionSapDB;
import com.sap.db.jdbc.packet.CompressionLevelAndFlags;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.sql.SQLException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

@Immutable
/* loaded from: input_file:com/sap/db/util/AesCbc.class */
public final class AesCbc {
    public static final String JAVA_ALGORITHM_NAME = "AES";
    public static final String HANA_ALGORITHM_NAME = "AES-256-CBC";
    public static final String TRANSFORMATION_NAME = "AES/CBC/PKCS5Padding";
    private static final ThreadLocal<Cipher> CIPHER_AES_CBC_PKCS5 = new ThreadLocal<Cipher>() { // from class: com.sap.db.util.AesCbc.1
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Cipher initialValue() {
            try {
                return Cipher.getInstance(AesCbc.TRANSFORMATION_NAME);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(MessageKey.ERROR_CRYPTO_EXTENSION_NOT_INSTALLED, e);
            } catch (NoSuchPaddingException e2) {
                throw new RuntimeException(MessageKey.ERROR_CRYPTO_EXTENSION_NOT_INSTALLED, e2);
            }
        }
    };
    private static final String PASSWD_TRANSFORMATION_NAME = "PBKDF2WithHmacSHA256";
    private static final String SALT = "JDBC_CSE_SALT";
    private static final int BLOCK_SIZE = 16;
    private static final int IV_LENGTH = 16;
    private static final int PASSWD_ITERATIONS = 100000;

    private AesCbc() {
        throw new AssertionError("Non-instantiable class");
    }

    public static Key generateKey(int i, String str) throws SQLException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(_getJavaAlgorithmName(str));
            keyGenerator.init(i);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_KEY_GENERATION_FAILED, e.getMessage());
        }
    }

    public static Key getAesKeyFromPasswd(String str) throws SQLException {
        try {
            return new SecretKeySpec(SecretKeyFactory.getInstance(PASSWD_TRANSFORMATION_NAME).generateSecret(new PBEKeySpec(str == null ? new char[0] : str.toCharArray(), SALT.getBytes(), PASSWD_ITERATIONS, CompressionLevelAndFlags.Flag_LZ4Supported)).getEncoded(), JAVA_ALGORITHM_NAME);
        } catch (NoSuchAlgorithmException e) {
            throw SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_KEY_GENERATION_FAILED, e.getMessage());
        } catch (InvalidKeySpecException e2) {
            throw SQLExceptionSapDB.newInstance(e2, MessageKey.ERROR_KEY_GENERATION_FAILED, e2.getMessage());
        }
    }

    public static Key getKey(byte[] bArr, String str) {
        return new SecretKeySpec(bArr, 0, bArr.length, _getJavaAlgorithmName(str));
    }

    public static int getEncryptedLength(int i) {
        return 16 + (((i / 16) + 1) * 16);
    }

    public static byte[] encrypt(Key key, byte[] bArr, IvParameterSpec ivParameterSpec) throws SQLException {
        try {
            Cipher _getCipher = _getCipher(TRANSFORMATION_NAME);
            _getCipher.init(1, key, ivParameterSpec);
            return _getCipher.doFinal(bArr);
        } catch (InvalidAlgorithmParameterException e) {
            throw SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_ENCRYPT_FAILED, e.getMessage());
        } catch (InvalidKeyException e2) {
            throw SQLExceptionSapDB.newInstance(e2, MessageKey.ERROR_CRYPTO_EXTENSION_NOT_INSTALLED, e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw SQLExceptionSapDB.newInstance(e3, MessageKey.ERROR_ENCRYPT_FAILED, e3.getMessage());
        } catch (BadPaddingException e4) {
            throw SQLExceptionSapDB.newInstance(e4, MessageKey.ERROR_ENCRYPT_FAILED, e4.getMessage());
        } catch (IllegalBlockSizeException e5) {
            throw SQLExceptionSapDB.newInstance(e5, MessageKey.ERROR_ENCRYPT_FAILED, e5.getMessage());
        } catch (NoSuchPaddingException e6) {
            throw SQLExceptionSapDB.newInstance(e6, MessageKey.ERROR_ENCRYPT_FAILED, e6.getMessage());
        }
    }

    public static byte[] encrypt(ColumnEncryptionKey columnEncryptionKey, boolean z, byte[] bArr) throws SQLException {
        try {
            IvParameterSpec _getDeterministicIv = z ? _getDeterministicIv(columnEncryptionKey.getKey(), bArr) : _getRandomIv();
            Cipher _getCipher = _getCipher(_getTransformationName(columnEncryptionKey.getAlgorithmName()));
            _getCipher.init(1, columnEncryptionKey.getKey(), _getDeterministicIv);
            byte[] iv = _getDeterministicIv.getIV();
            OutputBuffer outputBuffer = new OutputBuffer(iv.length + bArr.length);
            outputBuffer.write(iv);
            outputBuffer.write(bArr);
            return _getCipher.doFinal(outputBuffer.getArray());
        } catch (IOException e) {
            throw SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_ENCRYPT_FAILED, e.getMessage());
        } catch (InvalidAlgorithmParameterException e2) {
            throw SQLExceptionSapDB.newInstance(e2, MessageKey.ERROR_ENCRYPT_FAILED, e2.getMessage());
        } catch (InvalidKeyException e3) {
            throw SQLExceptionSapDB.newInstance(e3, MessageKey.ERROR_CRYPTO_EXTENSION_NOT_INSTALLED, e3.getMessage());
        } catch (NoSuchAlgorithmException e4) {
            throw SQLExceptionSapDB.newInstance(e4, MessageKey.ERROR_ENCRYPT_FAILED, e4.getMessage());
        } catch (InvalidParameterSpecException e5) {
            throw SQLExceptionSapDB.newInstance(e5, MessageKey.ERROR_ENCRYPT_FAILED, e5.getMessage());
        } catch (BadPaddingException e6) {
            throw SQLExceptionSapDB.newInstance(e6, MessageKey.ERROR_ENCRYPT_FAILED, e6.getMessage());
        } catch (IllegalBlockSizeException e7) {
            throw SQLExceptionSapDB.newInstance(e7, MessageKey.ERROR_ENCRYPT_FAILED, e7.getMessage());
        } catch (NoSuchPaddingException e8) {
            throw SQLExceptionSapDB.newInstance(e8, MessageKey.ERROR_ENCRYPT_FAILED, e8.getMessage());
        }
    }

    public static byte[] decrypt(ColumnEncryptionKey columnEncryptionKey, byte[] bArr, int i, int i2) throws SQLException {
        try {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr, i, 16);
            Cipher _getCipher = _getCipher(_getTransformationName(columnEncryptionKey.getAlgorithmName()));
            _getCipher.init(2, columnEncryptionKey.getKey(), ivParameterSpec);
            return _getCipher.doFinal(bArr, i + 16, i2 - 16);
        } catch (InvalidAlgorithmParameterException e) {
            throw SQLExceptionSapDB.newInstance(e, MessageKey.ERROR_DECRYPT_FAILED, e.getMessage());
        } catch (InvalidKeyException e2) {
            throw SQLExceptionSapDB.newInstance(e2, MessageKey.ERROR_CRYPTO_EXTENSION_NOT_INSTALLED, e2.getMessage());
        } catch (NoSuchAlgorithmException e3) {
            throw SQLExceptionSapDB.newInstance(e3, MessageKey.ERROR_DECRYPT_FAILED, e3.getMessage());
        } catch (BadPaddingException e4) {
            throw SQLExceptionSapDB.newInstance(e4, MessageKey.ERROR_DECRYPT_FAILED, e4.getMessage());
        } catch (IllegalBlockSizeException e5) {
            throw SQLExceptionSapDB.newInstance(e5, MessageKey.ERROR_DECRYPT_FAILED, e5.getMessage());
        } catch (NoSuchPaddingException e6) {
            throw SQLExceptionSapDB.newInstance(e6, MessageKey.ERROR_DECRYPT_FAILED, e6.getMessage());
        }
    }

    private static Cipher _getCipher(String str) throws NoSuchAlgorithmException, NoSuchPaddingException {
        return str.equals(TRANSFORMATION_NAME) ? CIPHER_AES_CBC_PKCS5.get() : Cipher.getInstance(str);
    }

    private static String _getJavaAlgorithmName(String str) {
        return str.equalsIgnoreCase(HANA_ALGORITHM_NAME) ? JAVA_ALGORITHM_NAME : "UNKNOWN";
    }

    private static String _getTransformationName(String str) {
        return str.equalsIgnoreCase(HANA_ALGORITHM_NAME) ? TRANSFORMATION_NAME : "UNKNOWN";
    }

    private static IvParameterSpec _getDeterministicIv(Key key, byte[] bArr) throws NoSuchAlgorithmException {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(key.getEncoded());
        messageDigest.update(bArr);
        return new IvParameterSpec(messageDigest.digest(), 0, 16);
    }

    private static IvParameterSpec _getRandomIv() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidParameterSpecException {
        return (IvParameterSpec) Cipher.getInstance(TRANSFORMATION_NAME).getParameters().getParameterSpec(IvParameterSpec.class);
    }
}
