package oracle.security.xs.internal;

import java.math.BigInteger;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.sql.CallableStatement;
import java.sql.SQLException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyAgreement;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.DHPublicKeySpec;
import javax.crypto.spec.SecretKeySpec;
import oracle.jdbc.internal.OracleConnection;
import oracle.security.xs.XSException;
import oracle.security.xs.XSSecurityPermission;
import oracle.sql.CharacterSet;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:oracle/security/xs/internal/KeyManager.class */
public final class KeyManager {
    private HashMap keyInfoHM;
    private HashMap nonceInfoHM;
    private CharacterSet destCharSet;
    private static final int NO_PRIV_TO_EXEC_SIDP_ERROR = 6550;
    private static final XSSecurityPermission MANAGE_KEYMAN_PERM = new XSSecurityPermission("manageKeyManager");
    private static final byte[] skip1024ModulusBytes = {-42, -48, 47, -123, -75, 17, 17, 27, -49, -46, -67, -71, 11, 105, 123, -125, -4, 60, -112, -89, -31, 47, Byte.MIN_VALUE, 80, 57, 104, -3, -49, -77, -71, 46, 65, -16, 8, 39, 97, 39, -66, -113, -121, -22, -7, 12, -34, 96, 95, -18, -93, 116, 60, -108, 112, -48, 62, -15, 95, 28, -36, -71, 51, -89, -98, -22, -71, 94, -48, -14, -28, -60, -1, 83, -122, -100, 113, -73, 67, 118, 114, 106, 76, 29, -108, 73, 34, -67, 97, 81, -53, -37, -37, 4, 42, -126, 85, 24, 101, -61, -10, -35, -59, -5, 59, 26, 42, -34, 123, -55, 47, 30, 31, 26, -62, -47, 111, -69, 75, -91, -71, -11, 49, 14, -118, -90, -65, -8, 115, -17, 19};
    private static final BigInteger skip1024Modulus = new BigInteger(1, skip1024ModulusBytes);
    private static final byte[] skip1024BaseBytes = {-97, -94, 41, 48, -104, -3, 116, -72, -47, -76, -53, -12, 4, -37, -16, 28, 63, 24, -29, 116, 69, 87, 42, 13, Byte.MIN_VALUE, Byte.MAX_VALUE, -62, 28, 84, -64, 98, -115, -45, -83, 51, 73, -47, 84, 91, 3, -31, -61, -58, 61, -5, -49, 122, -83, -92, -34, 44, -43, 103, 103, -78, 76, -90, -70, -80, 31, 34, 68, -14, -27, 123, 67, -93, 21, -117, 106, -79, 103, 73, -87, 65, 3, -43, 83, 98, -4, -10, 77, 2, -101, -102, -103, -106, -91, 86, -119, 120, 58, Byte.MIN_VALUE, -113, 24, 114, 60, 56, 123, -98, 67, -113, -112, 1, 13, 62, -92, 74, -82, -121, 36, -2, -60, 15, 11, -79, 94, -121, -29, 39, 87, -57, -94, 95, 69, 108, 16, -123};
    private static final BigInteger skip1024Base = new BigInteger(1, skip1024BaseBytes);
    private Logger logger = Logger.getLogger("oracle.security.xs.internal.KeyManager");
    private String dispatcherId = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:oracle/security/xs/internal/KeyManager$KeyInfo.class */
    public class KeyInfo {
        private SecretKey key;
        private String instanceId;
        private String instanceTS;
        private String midtierId;

        private KeyInfo() {
            this.key = null;
            this.instanceId = null;
            this.instanceTS = null;
            this.midtierId = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CharacterSet getDestCharSet() {
        return this.destCharSet;
    }

    protected SecretKey getKey(String str, String str2, String str3) {
        return getKeyInfo(str + str2 + str3);
    }

    protected SecretKey getKeyInfo(String str) {
        return (SecretKey) this.keyInfoHM.get(str);
    }

    protected void putKeyInfo(KeyInfo keyInfo) {
        this.keyInfoHM.put(keyInfo.instanceId + keyInfo.instanceTS + keyInfo.midtierId, keyInfo.key);
    }

    protected int getMTNonce(String str, String str2, String str3) {
        return ((Integer) this.nonceInfoHM.get(str + str2 + str3)).intValue();
    }

    protected void setMTNonce(String str, String str2, String str3, int i) {
        this.nonceInfoHM.put(str + str2 + str3, Integer.valueOf(i));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyManager() {
        this.keyInfoHM = null;
        this.nonceInfoHM = null;
        this.keyInfoHM = new HashMap();
        this.nonceInfoHM = new HashMap();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean initManager(OracleConnection oracleConnection, String str) throws XSException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeySpecException, InvalidKeyException, SQLException {
        if (System.getSecurityManager() != null) {
            AccessController.checkPermission(MANAGE_KEYMAN_PERM);
        }
        if (this.logger.isLoggable(Level.FINEST)) {
            this.logger.log(Level.FINEST, "MT: Initialize Key Manager  ...");
        }
        this.dispatcherId = str;
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.midtierId = str;
        XSSessionManagerImpl xSSessionManagerImpl = (XSSessionManagerImpl) SessionManagerCache.get(str);
        String instanceId = xSSessionManagerImpl.getInstanceId();
        String instanceTS = xSSessionManagerImpl.getInstanceTS();
        String midTierId = xSSessionManagerImpl.getMidTierId();
        keyInfo.instanceId = instanceId;
        keyInfo.instanceTS = instanceTS;
        boolean generateKey = generateKey(keyInfo, oracleConnection);
        if (!generateKey) {
            return generateKey;
        }
        putKeyInfo(keyInfo);
        setMTNonce(instanceId, instanceTS, midTierId, 300);
        return generateKey;
    }

    private boolean generateKey(KeyInfo keyInfo, OracleConnection oracleConnection) throws XSException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeySpecException, InvalidKeyException, SQLException {
        try {
            CallableStatement prepareCall = oracleConnection.prepareCall("{call DBMS_XS_SIDP.fixDHKeySize( ?, ?, ?, ?)}");
            prepareCall.setInt(1, Constants.KV_SEND_FLAG_KEEP_STATE);
            prepareCall.registerOutParameter(2, 4);
            prepareCall.registerOutParameter(3, 4);
            prepareCall.registerOutParameter(4, 4);
            prepareCall.execute();
            int i = prepareCall.getInt(2);
            prepareCall.getInt(3);
            int i2 = prepareCall.getInt(4);
            prepareCall.close();
            this.destCharSet = CharacterSet.make(new Integer(i2).shortValue());
            DHParameterSpec dHParameterSpec = new DHParameterSpec(skip1024Modulus, skip1024Base, i * 8);
            if (this.logger.isLoggable(Level.FINEST)) {
                this.logger.log(Level.FINEST, "MT: Generate DH keypair ...");
            }
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
            keyPairGenerator.initialize(dHParameterSpec);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            DHPrivateKey dHPrivateKey = (DHPrivateKey) generateKeyPair.getPrivate();
            DHPublicKey dHPublicKey = (DHPublicKey) generateKeyPair.getPublic();
            if (this.logger.isLoggable(Level.FINEST)) {
                this.logger.log(Level.FINEST, "MT: Initialization ...");
            }
            KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
            keyAgreement.init(dHPrivateKey);
            String format = String.format("%0" + (i * 2) + "X", dHPublicKey.getY());
            dHPrivateKey.getX().toString(16);
            String str = keyInfo.instanceId;
            byte[] bArr = null;
            if (keyInfo.midtierId != null) {
                bArr = keyInfo.midtierId.getBytes();
            }
            try {
                CallableStatement prepareCall2 = oracleConnection.prepareCall("{call DBMS_XS_SIDP.doDHExchange( ?, ?, ?, ?)}");
                prepareCall2.setString(1, format);
                prepareCall2.setBytes(2, bArr);
                prepareCall2.registerOutParameter(3, 12);
                prepareCall2.registerOutParameter(4, -2);
                prepareCall2.execute();
                String string = prepareCall2.getString(3);
                byte[] bytes = prepareCall2.getBytes(4);
                prepareCall2.close();
                keyAgreement.doPhase(KeyFactory.getInstance("DH").generatePublic(new DHPublicKeySpec(new BigInteger(string, 16), skip1024Modulus, skip1024Base)), true);
                byte[] generateSecret = keyAgreement.generateSecret();
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                messageDigest.update(generateSecret);
                byte[] digest = messageDigest.digest();
                messageDigest.reset();
                messageDigest.update(digest);
                byte[] digest2 = messageDigest.digest();
                if (!Arrays.equals(digest2, bytes)) {
                    throw new XSException("Key negotiation failed", new Exception());
                }
                keyInfo.key = new SecretKeySpec(oracleConnection.getDerivedKeyInternal(digest2, 0), "AES");
                return true;
            } catch (SQLException e) {
                if (e.getErrorCode() == 6550) {
                    throw new XSException("SESSION_MANAGER_INIT_FAIL", null, e);
                }
                throw e;
            }
        } catch (SQLException e2) {
            if (e2.getErrorCode() == 6550) {
                throw new XSException("SESSION_MANAGER_INIT_FAIL", null, e2);
            }
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Type inference failed for: r0v35, types: [byte[], byte[][]] */
    public byte[][] doHash(byte[] bArr) throws Exception {
        int mTNonce;
        XSSessionManagerImpl xSSessionManagerImpl = (XSSessionManagerImpl) SessionManagerCache.get(this.dispatcherId);
        String instanceId = xSSessionManagerImpl.getInstanceId();
        String instanceTS = xSSessionManagerImpl.getInstanceTS();
        String midTierId = xSSessionManagerImpl.getMidTierId();
        SecretKey key = getKey(instanceId, instanceTS, midTierId);
        synchronized (this) {
            mTNonce = getMTNonce(instanceId, instanceTS, midTierId) + 3;
            setMTNonce(instanceId, instanceTS, midTierId, mTNonce);
        }
        byte[] intToByteArray = RequestSigner.intToByteArray(mTNonce);
        byte[] bArr2 = new byte[bArr.length + intToByteArray.length];
        System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
        System.arraycopy(intToByteArray, 0, bArr2, bArr.length, intToByteArray.length);
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(key);
        return new byte[]{mac.doFinal(bArr2), intToByteArray};
    }
}
