package com.microsoft.sqlserver.jdbc;

import java.io.ByteArrayInputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.MGF1ParameterSpec;
import java.security.spec.PSSParameterSpec;
import java.text.MessageFormat;
import java.util.Iterator;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: SQLServerVSMEnclaveProvider.java */
/* loaded from: input_file:com/microsoft/sqlserver/jdbc/VSMAttestationResponse.class */
public class VSMAttestationResponse extends BaseAttestationResponse {
    private byte[] healthReportCertificate;
    private byte[] enclaveReportPackage;
    private X509Certificate healthCert;

    /* JADX INFO: Access modifiers changed from: package-private */
    public VSMAttestationResponse(byte[] bArr) throws SQLServerException {
        ByteBuffer order = null != bArr ? ByteBuffer.wrap(bArr).order(ByteOrder.LITTLE_ENDIAN) : null;
        if (null != order) {
            this.totalSize = order.getInt();
            this.identitySize = order.getInt();
            int i = order.getInt();
            int i2 = order.getInt();
            this.enclavePK = new byte[this.identitySize];
            this.healthReportCertificate = new byte[i];
            this.enclaveReportPackage = new byte[i2];
            order.get(this.enclavePK, 0, this.identitySize);
            order.get(this.healthReportCertificate, 0, i);
            order.get(this.enclaveReportPackage, 0, i2);
            this.sessionInfoSize = order.getInt();
            order.get(this.sessionID, 0, 8);
            this.DHPKsize = order.getInt();
            this.DHPKSsize = order.getInt();
            this.DHpublicKey = new byte[this.DHPKsize];
            this.publicKeySig = new byte[this.DHPKSsize];
            order.get(this.DHpublicKey, 0, this.DHPKsize);
            order.get(this.publicKeySig, 0, this.DHPKSsize);
        }
        if (null == order || 0 != order.remaining()) {
            SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_EnclaveResponseLengthError"), "0", false);
        }
        try {
            this.healthCert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(this.healthReportCertificate));
        } catch (CertificateException e) {
            SQLServerException.makeFromDriverError(null, null, new MessageFormat(SQLServerException.getErrString("R_HealthCertError")).format(new Object[]{e.getLocalizedMessage()}), null, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateCert(byte[] bArr) throws SQLServerException {
        if (null != bArr) {
            try {
                Iterator<? extends Certificate> it = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(bArr)).iterator();
                while (it.hasNext()) {
                    try {
                        this.healthCert.verify(((X509Certificate) it.next()).getPublicKey());
                        return;
                    } catch (SignatureException e) {
                    }
                }
            } catch (GeneralSecurityException e2) {
                SQLServerException.makeFromDriverError(null, this, e2.getLocalizedMessage(), "0", false);
            }
        }
        SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_InvalidHealthCert"), "0", false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateStatementSignature() throws SQLServerException, GeneralSecurityException {
        Signature signature;
        ByteBuffer order = ByteBuffer.wrap(this.enclaveReportPackage).order(ByteOrder.LITTLE_ENDIAN);
        order.getInt();
        order.getInt();
        order.getInt();
        int i = order.getInt();
        int i2 = order.getInt();
        order.getInt();
        byte[] bArr = new byte[i];
        order.get(bArr, 0, i);
        byte[] bArr2 = new byte[i2];
        order.get(bArr2, 0, i2);
        if (order.remaining() != 0) {
            SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_EnclavePackageLengthError"), "0", false);
        }
        try {
            signature = Signature.getInstance("RSASSA-PSS");
        } catch (NoSuchAlgorithmException e) {
            SQLServerBouncyCastleLoader.loadBouncyCastle();
            signature = Signature.getInstance("RSASSA-PSS");
        }
        signature.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));
        signature.initVerify(this.healthCert);
        signature.update(bArr);
        if (signature.verify(bArr2)) {
            return;
        }
        SQLServerException.makeFromDriverError(null, this, SQLServerResource.getResource("R_InvalidSignedStatement"), "0", false);
    }
}
