package com.sybase.jdbc4.tds;

import com.sybase.jdbc4.security.asn1.DERObject;
import com.sybase.jdbc4.security.asn1.DEROutputStream;
import com.sybase.jdbc4.security.asn1.x509.RSAPublicKeyStructure;
import com.sybase.jdbc4.utils.JCEProviderUtil;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Vector;
import javax.crypto.Cipher;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:com/sybase/jdbc4/tds/SrvSecLoginContext.class */
public class SrvSecLoginContext {
    private static int LOG_MSG_PARM_ID = 0;
    private static int REM_MSG_PARM_ID = 1;
    private static int CIPHER_SUITE = 1;
    private String[] ENCRYPT_MSGS;
    private SrvReceiver _srvReceiver;
    private byte[] _nonce;
    private Cipher _cipherSuite;
    RSAPrivateKey _privateKey;
    RSAPublicKey _publicKey;

    public SrvSecLoginContext(SrvReceiver srvReceiver) {
        this(srvReceiver, null);
    }

    public SrvSecLoginContext(SrvReceiver srvReceiver, Cipher cipher) {
        this.ENCRYPT_MSGS = new String[]{"Client determines encryption.", "Encrypt2 is required.", "Encrypt3 or Encrypt2 is required.", "Encrypt3 is required."};
        this._nonce = new byte[32];
        this._cipherSuite = null;
        this._privateKey = null;
        this._publicKey = null;
        this._srvReceiver = srvReceiver;
        try {
            this._cipherSuite = JCEProviderUtil.createCipherSuite();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Failed to instantiate Cipher object. Transformation RSA/ECB/OAEPWithSHA1AndMGF1Padding or RSA/NONE/OAEPWithSHA1AndMGF1Padding implemented by any of the loaded JCE providers.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String doLogin(SrvSession srvSession, SrvLoginToken srvLoginToken) {
        int i = srvSession.getLogin()._lseclogin;
        switch (this._srvReceiver.getEncryptMode()) {
            case 1:
                validateEncryptLevel(srvSession, i, 32);
                i &= 32;
                break;
            case 2:
                validateEncryptLevel(srvSession, i, 160);
                break;
            case 3:
                validateEncryptLevel(srvSession, i, 128);
                break;
        }
        String password = srvLoginToken.getPassword();
        if ((i & 128) != 0) {
            password = doEncrypt3(srvSession, srvLoginToken);
        } else if ((i & 32) != 0) {
            password = doEncrypt2(srvSession, srvLoginToken);
        }
        return password;
    }

    private void validateEncryptLevel(SrvSession srvSession, int i, int i2) {
        if ((i & i2) == 0) {
            String str = "Received insufficient encryption level from client. " + this.ENCRYPT_MSGS[this._srvReceiver.getEncryptMode()];
            try {
                this._srvReceiver.sendLogin(srvSession, srvSession.getClientCapability(), this._srvReceiver._server, false, srvSession.getLogin().getPacketSize());
            } catch (IOException e) {
            }
            throw new RuntimeException(str);
        }
    }

    private String doEncrypt3(SrvSession srvSession, SrvLoginToken srvLoginToken) {
        String password = srvLoginToken.getPassword();
        try {
            this._nonce = this._srvReceiver.nextNonce();
            KeyPair encrypt3Keys = this._srvReceiver.getEncrypt3Keys();
            this._privateKey = (RSAPrivateKey) encrypt3Keys.getPrivate();
            this._publicKey = (RSAPublicKey) encrypt3Keys.getPublic();
            this._srvReceiver.sendLogNegotiateAck(srvSession);
            sendKey(srvSession, (short) 30);
            byte[] encryptedMsg = getEncryptedMsg(srvSession, 31, LOG_MSG_PARM_ID);
            if (encryptedMsg != null) {
                byte[] decryptMessage = decryptMessage(encryptedMsg);
                byte[] bArr = new byte[this._nonce.length];
                System.arraycopy(decryptMessage, 0, bArr, 0, bArr.length);
                if (!Arrays.equals(bArr, this._nonce)) {
                    this._srvReceiver.sendLogin(srvSession, srvSession.getClientCapability(), this._srvReceiver._server, false, srvLoginToken.getPacketSize());
                    throw new SrvProtocolException("Invalid nonce received from client");
                }
                password = new String(decryptMessage, this._nonce.length, decryptMessage.length - bArr.length);
            }
            byte[] encryptedMsg2 = getEncryptedMsg(srvSession, 32, REM_MSG_PARM_ID);
            if (encryptedMsg2 != null) {
                new String(decryptMessage(encryptedMsg2));
            }
            return password;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private String doEncrypt2(SrvSession srvSession, SrvLoginToken srvLoginToken) {
        String password = srvLoginToken.getPassword();
        try {
            this._nonce = new byte[0];
            KeyPair encrypt2Keys = this._srvReceiver.getEncrypt2Keys();
            this._privateKey = (RSAPrivateKey) encrypt2Keys.getPrivate();
            this._publicKey = (RSAPublicKey) encrypt2Keys.getPublic();
            this._srvReceiver.sendLogNegotiateAck(srvSession);
            sendKey(srvSession, (short) 14);
            byte[] encryptedMsg = getEncryptedMsg(srvSession, 15, LOG_MSG_PARM_ID);
            if (encryptedMsg != null) {
                password = new String(decryptMessage(encryptedMsg));
            }
            byte[] encryptedMsg2 = getEncryptedMsg(srvSession, 22, REM_MSG_PARM_ID);
            if (encryptedMsg2 != null) {
                new String(decryptMessage(encryptedMsg2));
            }
            return password;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private void sendKey(SrvSession srvSession, short s) {
        try {
            new MsgToken((byte) 1, s).send(srvSession.getOutputStream());
            String createPEMKey = createPEMKey(this._publicKey);
            Vector vector = new Vector();
            vector.add(Integer.valueOf(CIPHER_SUITE));
            vector.add(createPEMKey.getBytes());
            if (this._nonce != null && this._nonce.length > 0) {
                vector.add(this._nonce);
            }
            srvSession.sendParams(null, vector.toArray(), 1);
            srvSession.sendDone(-1, false, true, false);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] getEncryptedMsg(SrvSession srvSession, int i, int i2) throws SrvProtocolException {
        Object[] parameters;
        SrvMsgToken message = getMessage(srvSession);
        if (message != null && message.getMessageID() != i) {
            throw new SrvProtocolException("Expected message type: " + i + ", received: " + message.getMessageID());
        }
        byte[] bArr = null;
        if (message.hasParameters() && (parameters = getParameters(srvSession)) != null) {
            bArr = (byte[]) parameters[i2];
        }
        return bArr;
    }

    private Object[] getParameters(SrvSession srvSession) {
        Object[] objArr = null;
        try {
            SrvParamFormatToken srvParamFormatToken = (SrvParamFormatToken) srvSession.receive();
            SrvParamsToken srvParamsToken = (SrvParamsToken) srvSession.receive();
            if (srvParamFormatToken != null && srvParamsToken != null) {
                objArr = new SrvJavaTypeFormatter(srvParamFormatToken, srvSession.getClientCapability()).convertData(srvParamsToken);
            }
            return objArr;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private byte[] decryptMessage(byte[] bArr) {
        try {
            this._cipherSuite.init(2, this._privateKey);
            return this._cipherSuite.doFinal(bArr);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private SrvMsgToken getMessage(SrvSession srvSession) {
        try {
            return (SrvMsgToken) srvSession.receive();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private String createPEMKey(RSAPublicKey rSAPublicKey) throws IOException {
        DERObject aSN1Object = new RSAPublicKeyStructure(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()).toASN1Object();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(aSN1Object);
        return encodePEMKey(byteArrayOutputStream);
    }

    private String encodePEMKey(ByteArrayOutputStream byteArrayOutputStream) {
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("-----BEGIN RSA PUBLIC KEY-----").append("\n").append(bASE64Encoder.encode(byteArrayOutputStream.toByteArray())).append("\n").append("-----END RSA PUBLIC KEY-----").append("\n");
        return stringBuffer.toString();
    }
}
