package com.microsoft.sqlserver.jdbc;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URL;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Hashtable;
import java.util.Iterator;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateBuilder;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: SQLServerAASEnclaveProvider.java */
/* loaded from: input_file:BOOT-INF/lib/mssql-jdbc-11.2.0.jre17.jar:com/microsoft/sqlserver/jdbc/AASAttestationResponse.class */
public class AASAttestationResponse extends BaseAttestationResponse {
    private byte[] attestationToken;
    private static Hashtable<String, JWTCertificateEntry> certificateCache = new Hashtable<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    public AASAttestationResponse(byte[] bArr) throws SQLServerException {
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.LITTLE_ENDIAN);
        this.totalSize = order.getInt();
        this.identitySize = order.getInt();
        this.attestationTokenSize = order.getInt();
        this.enclaveType = order.getInt();
        this.enclavePK = new byte[this.identitySize];
        this.attestationToken = new byte[this.attestationTokenSize];
        order.get(this.enclavePK, 0, this.identitySize);
        order.get(this.attestationToken, 0, this.attestationTokenSize);
        this.sessionInfoSize = order.getInt();
        order.get(this.sessionID, 0, 8);
        this.DHPKsize = order.getInt();
        this.DHPKSsize = order.getInt();
        this.DHpublicKey = new byte[this.DHPKsize];
        this.publicKeySig = new byte[this.DHPKSsize];
        order.get(this.DHpublicKey, 0, this.DHPKsize);
        order.get(this.publicKeySig, 0, this.DHPKSsize);
        if (0 != order.remaining()) {
            SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_EnclaveResponseLengthError"), "0", false);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateToken(String str, byte[] bArr) throws SQLServerException {
        try {
            String trim = new String(this.attestationToken).trim();
            if (trim.startsWith("\"") && trim.endsWith("\"")) {
                trim = trim.substring(1, trim.length() - 1);
            }
            String[] split = trim.split("\\.");
            Base64.Decoder urlDecoder = Base64.getUrlDecoder();
            String str2 = new String(urlDecoder.decode(split[0]));
            String str3 = new String(urlDecoder.decode(split[1]));
            byte[] decode = urlDecoder.decode(split[2]);
            JsonArray jsonArray = null;
            JWTCertificateEntry jWTCertificateEntry = certificateCache.get(str);
            if (null != jWTCertificateEntry && !jWTCertificateEntry.expired()) {
                jsonArray = jWTCertificateEntry.getCertificates();
            } else if (null != jWTCertificateEntry && jWTCertificateEntry.expired()) {
                certificateCache.remove(str);
            }
            if (null == jsonArray) {
                jsonArray = JsonParser.parseString(new String(Util.convertInputStreamToString(new URL(JsonParser.parseString(new String(Util.convertInputStreamToString(new URL("https://" + new URL(str).getAuthority() + "/.well-known/openid-configuration").openConnection().getInputStream()))).getAsJsonObject().get("jwks_uri").getAsString()).openConnection().getInputStream()))).getAsJsonObject().get("keys").getAsJsonArray();
                certificateCache.put(str, new JWTCertificateEntry(jsonArray));
            }
            String asString = JsonParser.parseString(str2).getAsJsonObject().get("kid").getAsString();
            Iterator<JsonElement> it = jsonArray.iterator();
            while (it.hasNext()) {
                JsonObject asJsonObject = it.next().getAsJsonObject();
                if (asJsonObject.get("kid").getAsString().equals(asString)) {
                    JsonArray asJsonArray = asJsonObject.get("x5c").getAsJsonArray();
                    byte[] bytes = (split[0] + "." + split[1]).getBytes();
                    Iterator<JsonElement> it2 = asJsonArray.iterator();
                    while (it2.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(it2.next().getAsString())));
                        Signature signature = Signature.getInstance(SelfSignedCertificateBuilder.SA_SHA256_RSA);
                        signature.initVerify(x509Certificate.getPublicKey());
                        signature.update(bytes);
                        if (signature.verify(decode)) {
                            JsonObject asJsonObject2 = JsonParser.parseString(str3).getAsJsonObject();
                            if (!Arrays.equals(Base64.getUrlDecoder().decode(asJsonObject2.get("aas-ehd").getAsString()), this.enclavePK)) {
                                SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_AasEhdError"), "0", false);
                            }
                            if (this.enclaveType == 1) {
                                if (Arrays.equals(Base64.getUrlDecoder().decode(asJsonObject2.get("rp_data").getAsString()), bArr)) {
                                    return;
                                }
                                SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_VbsRpDataError"), "0", false);
                                return;
                            }
                            return;
                        }
                    }
                }
            }
            SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_AasJWTError"), "0", false);
        } catch (IOException | GeneralSecurityException e) {
            SQLServerException.makeFromDriverError(null, this, e.getLocalizedMessage(), "", false);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateDHPublicKey(byte[] bArr) throws SQLServerException, GeneralSecurityException {
        if (this.enclaveType == 2) {
            for (int i = 0; i < this.enclavePK.length; i++) {
                this.enclavePK[i] = (byte) (this.enclavePK[i] ^ bArr[i % bArr.length]);
            }
        }
        validateDHPublicKey();
    }
}
