package org.firebirdsql.gds.ng.wire.crypt.chacha;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.sql.SQLException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.ChaCha20ParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.firebirdsql.gds.JaybirdErrorCodes;
import org.firebirdsql.gds.ng.FbExceptionBuilder;
import org.firebirdsql.gds.ng.wire.crypt.CryptSessionConfig;
import org.firebirdsql.gds.ng.wire.crypt.EncryptionIdentifier;
import org.firebirdsql.gds.ng.wire.crypt.EncryptionInitInfo;
import org.firebirdsql.gds.ng.wire.crypt.EncryptionPlugin;
import org.firebirdsql.util.SQLExceptionChainBuilder;

/* loaded from: input_file:BOOT-INF/lib/jaybird-5.0.1.java11.jar:org/firebirdsql/gds/ng/wire/crypt/chacha/ChaChaEncryptionPlugin.class */
public class ChaChaEncryptionPlugin implements EncryptionPlugin {
    private static final String CHA_CHA_20_CIPHER_NAME = "ChaCha20";
    private final CryptSessionConfig cryptSessionConfig;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/jaybird-5.0.1.java11.jar:org/firebirdsql/gds/ng/wire/crypt/chacha/ChaChaEncryptionPlugin$ChaChaIV.class */
    public class ChaChaIV implements AutoCloseable {
        private byte[] nonce;
        private int counter;

        ChaChaIV() throws SQLException {
            byte[] specificData = ChaChaEncryptionPlugin.this.cryptSessionConfig.getSpecificData();
            if (specificData == null || !(specificData.length == 12 || specificData.length == 16)) {
                throw new FbExceptionBuilder().nonTransientException(JaybirdErrorCodes.jb_cryptInvalidKey).messageParameter(ChaChaEncryptionPlugin.this.getEncryptionIdentifier().toString()).messageParameter("Wrong IV length, needs 12 or 16 bytes").toSQLException();
            }
            this.nonce = Arrays.copyOf(specificData, 12);
            if (specificData.length == 16) {
                this.counter = (specificData[12] << 24) + (specificData[13] << 16) + (specificData[14] << 8) + specificData[15];
            }
        }

        ChaCha20ParameterSpec toParameterSpec() {
            return new ChaCha20ParameterSpec(this.nonce, this.counter);
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            Arrays.fill(this.nonce, (byte) 0);
            this.nonce = null;
            this.counter = -1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ChaChaEncryptionPlugin(CryptSessionConfig cryptSessionConfig) {
        this.cryptSessionConfig = cryptSessionConfig;
    }

    @Override // org.firebirdsql.gds.ng.wire.crypt.EncryptionPlugin
    public EncryptionIdentifier getEncryptionIdentifier() {
        return ChaChaEncryptionPluginSpi.CHA_CHA_ID;
    }

    @Override // org.firebirdsql.gds.ng.wire.crypt.EncryptionPlugin
    public EncryptionInitInfo initializeEncryption() {
        SQLExceptionChainBuilder<SQLException> sQLExceptionChainBuilder = new SQLExceptionChainBuilder<>();
        Cipher cipher = null;
        Cipher cipher2 = null;
        try {
            ChaChaIV chaChaIV = new ChaChaIV();
            try {
                cipher = createEncryptionCipher(chaChaIV, sQLExceptionChainBuilder);
                cipher2 = createDecryptionCipher(chaChaIV, sQLExceptionChainBuilder);
                chaChaIV.close();
            } finally {
            }
        } catch (SQLException e) {
            sQLExceptionChainBuilder.append(e);
        }
        return sQLExceptionChainBuilder.hasException() ? EncryptionInitInfo.failure(getEncryptionIdentifier(), sQLExceptionChainBuilder.getException()) : EncryptionInitInfo.success(getEncryptionIdentifier(), cipher, cipher2);
    }

    private Cipher createEncryptionCipher(ChaChaIV chaChaIV, SQLExceptionChainBuilder<SQLException> sQLExceptionChainBuilder) {
        try {
            return createCipher(1, chaChaIV, toChaChaKey(this.cryptSessionConfig.getEncryptKey()));
        } catch (SQLException e) {
            sQLExceptionChainBuilder.append(e);
            return null;
        }
    }

    private Cipher createDecryptionCipher(ChaChaIV chaChaIV, SQLExceptionChainBuilder<SQLException> sQLExceptionChainBuilder) {
        try {
            return createCipher(2, chaChaIV, toChaChaKey(this.cryptSessionConfig.getEncryptKey()));
        } catch (SQLException e) {
            sQLExceptionChainBuilder.append(e);
            return null;
        }
    }

    private byte[] toChaChaKey(byte[] bArr) throws SQLException {
        if (bArr.length < 16) {
            throw new FbExceptionBuilder().nonTransientException(JaybirdErrorCodes.jb_cryptInvalidKey).messageParameter(getEncryptionIdentifier().toString()).messageParameter("Key too short").toSQLException();
        }
        try {
            return MessageDigest.getInstance("SHA-256").digest(bArr);
        } catch (NoSuchAlgorithmException e) {
            throw new FbExceptionBuilder().nonTransientException(JaybirdErrorCodes.jb_cryptAlgorithmNotAvailable).messageParameter(getEncryptionIdentifier().toString()).cause(e).toSQLException();
        }
    }

    private Cipher createCipher(int i, ChaChaIV chaChaIV, byte[] bArr) throws SQLException {
        try {
            Cipher cipher = Cipher.getInstance(CHA_CHA_20_CIPHER_NAME);
            cipher.init(i, (Key) new SecretKeySpec(bArr, CHA_CHA_20_CIPHER_NAME), (AlgorithmParameterSpec) chaChaIV.toParameterSpec());
            return cipher;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new FbExceptionBuilder().nonTransientException(JaybirdErrorCodes.jb_cryptInvalidKey).messageParameter(getEncryptionIdentifier().toString()).cause(e).toSQLException();
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e2) {
            throw new FbExceptionBuilder().nonTransientException(JaybirdErrorCodes.jb_cryptAlgorithmNotAvailable).messageParameter(getEncryptionIdentifier().toString()).cause(e2).toSQLException();
        }
    }
}
