package oracle.net.ano;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.util.logging.Level;
import oracle.jdbc.clio.annotations.Format;
import oracle.jdbc.diagnostics.Parameter;
import oracle.jdbc.diagnostics.SecurityLabel;
import oracle.net.aso.DataIntegrityAlgorithm;
import oracle.net.aso.EncryptionAlgorithm;
import oracle.net.ns.BreakNetException;
import oracle.net.ns.NIONSDataChannel;
import oracle.net.ns.NetException;
import oracle.net.ns.SQLnetDef;
import oracle.net.ns.SessionAtts;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:ojdbc8.jar:oracle/net/ano/CryptoNIONSDataChannel.class */
public class CryptoNIONSDataChannel extends NIONSDataChannel implements SQLnetDef {
    private static final String CLASS_NAME = CryptoNIONSDataChannel.class.getName();
    private EncryptionAlgorithm encryptionAlg;
    private DataIntegrityAlgorithm dataIntegrityAlg;
    private byte foldinByte;
    private int dataExpansionBytes;
    private Ano ano;

    public CryptoNIONSDataChannel(SessionAtts sessionAtts) {
        super(sessionAtts);
        this.encryptionAlg = null;
        this.dataIntegrityAlg = null;
        this.foldinByte = (byte) 0;
        this.dataExpansionBytes = 0;
        this.ano = null;
        this.ano = sessionAtts.ano;
        if (sessionAtts.ano.encryptionAlg != null) {
            this.encryptionAlg = sessionAtts.ano.encryptionAlg;
            this.dataExpansionBytes += this.encryptionAlg.maxDelta();
        }
        if (sessionAtts.ano.dataIntegrityAlg != null) {
            this.dataIntegrityAlg = sessionAtts.ano.dataIntegrityAlg;
            this.dataExpansionBytes += this.dataIntegrityAlg.size();
        }
        this.dataExpansionBytes++;
        if (sessionAtts.isNetworkCompressionEnabled()) {
            initializeNetworkCompressionBuffers();
        }
    }

    @Override // oracle.net.ns.NIONSDataChannel
    public void readDataFromSocketChannel() throws IOException {
        super.readDataFromSocketChannel();
        this.ano = this.session.ano;
        this.dataExpansionBytes = 0;
        if (this.ano.encryptionAlg != null) {
            this.encryptionAlg = this.ano.encryptionAlg;
            this.dataExpansionBytes += this.encryptionAlg.maxDelta();
            if (this.ano.getRenewKey()) {
                this.encryptionAlg.setSessionKey(null, null);
            }
        }
        if (this.ano.dataIntegrityAlg != null) {
            this.dataIntegrityAlg = this.ano.dataIntegrityAlg;
            this.dataExpansionBytes += this.dataIntegrityAlg.size();
            if (this.ano.getRenewKey()) {
                this.dataIntegrityAlg.renew();
            }
        }
        this.dataExpansionBytes++;
        this.ano.setRenewKey(false);
        try {
            decryptAndChecksum();
        } catch (Exception e) {
            this.ano.checkForAnoNegotiationFailure();
            throw e;
        }
    }

    @Override // oracle.net.ns.NIONSDataChannel
    public void writeDataToSocketChannel(int i) throws IOException {
        try {
            if (this.foldinByte == 0) {
                this.foldinByte = this.ano.foldinKey();
            }
            checksumAndEncrypt();
            super.writeDataToSocketChannel(i);
        } catch (IOException e) {
            throw e;
        }
    }

    @Override // oracle.net.ns.NIONSDataChannel
    public int getDataExpansionByteSize() {
        return this.dataExpansionBytes;
    }

    @Override // oracle.net.ns.NIOPacket
    protected void processMarker() throws IOException, NetException, BreakNetException {
        this.session.ano.setRenewKey(true);
    }

    protected void checksumAndEncrypt() throws IOException {
        int position = this.session.payloadDataBufferForWrite.position();
        byte[] bArr = new byte[this.session.payloadDataBufferForWrite.position() - 0];
        this.session.payloadDataBufferForWrite.limit(this.session.payloadDataBufferForWrite.position());
        this.session.payloadDataBufferForWrite.position(0);
        this.session.payloadDataBufferForWrite.get(bArr);
        this.session.payloadDataBufferForWrite.position(0);
        this.session.payloadDataBufferForWrite.limit(this.session.payloadDataBufferForWrite.capacity());
        tracep(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "checksumAndEncrypt", "Packet size before encryption {0}.", "Packet size before encryption {0}. Packet Dump : \n{1}", null, () -> {
            return isSensitiveEnabled() ? new Object[]{Integer.valueOf(bArr.length), Parameter.arg(Format.Style.PACKET_DUMP, ByteBuffer.wrap(bArr), 0, bArr.length)} : new Object[]{Integer.valueOf(bArr.length)};
        });
        byte[] bArr2 = null;
        int i = position - 0;
        if (this.dataIntegrityAlg != null) {
            bArr2 = this.dataIntegrityAlg.compute(bArr, bArr.length);
            if (bArr2 != null) {
                i += bArr2.length;
            }
        }
        byte[] bArr3 = new byte[i];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        if (bArr2 != null) {
            System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        }
        if (this.encryptionAlg != null) {
            byte[] encrypt = this.encryptionAlg.encrypt(bArr3);
            if (encrypt == null) {
                throw new IOException("Fail to encrypt buffer");
            }
            i = encrypt.length;
            this.session.payloadDataBufferForWrite.put(encrypt);
        } else if (this.dataIntegrityAlg != null) {
            this.session.payloadDataBufferForWrite.put(bArr3);
        }
        if (i > 0) {
            this.session.payloadDataBufferForWrite.put(this.foldinByte);
        }
    }

    protected void decryptAndChecksum() throws IOException {
        int position = this.session.payloadDataBufferForRead.position();
        ByteOrder order = this.session.payloadDataBufferForRead.order();
        this.session.payloadDataBufferForRead.order(ByteOrder.BIG_ENDIAN);
        int limit = this.session.payloadDataBufferForRead.limit();
        if (limit > 0) {
            this.session.payloadDataBufferForRead.position(limit - 1);
            this.session.payloadDataBufferForRead.get();
            this.session.payloadDataBufferForRead.position(position);
            this.session.payloadDataBufferForRead.order(order);
            limit--;
        }
        byte[] bArr = new byte[limit];
        int limit2 = this.session.payloadDataBufferForRead.limit();
        this.session.payloadDataBufferForRead.get(bArr);
        this.session.payloadDataBufferForRead.position(position);
        this.session.payloadDataBufferForRead.limit(limit2);
        byte[] decrypt = (this.encryptionAlg == null || limit <= 0) ? bArr : this.encryptionAlg.decrypt(bArr);
        if (decrypt == null) {
            throw new IOException("Bad buffer - Fail to decrypt buffer");
        }
        int length = decrypt.length;
        if (this.dataIntegrityAlg == null || length <= 0) {
            this.session.payloadDataBufferForRead = ByteBuffer.wrap(decrypt, 0, length);
            this.session.payloadDataBufferForRead.limit(length);
            this.session.payloadDataBufferForRead.order(order);
        } else {
            byte[] bArr2 = new byte[this.dataIntegrityAlg.size()];
            int size = length - this.dataIntegrityAlg.size();
            System.arraycopy(decrypt, size, bArr2, 0, this.dataIntegrityAlg.size());
            byte[] bArr3 = new byte[size];
            System.arraycopy(decrypt, 0, bArr3, 0, size);
            if (this.dataIntegrityAlg.compare(bArr3, bArr2)) {
                throw new IOException("Checksum fail");
            }
            this.session.payloadDataBufferForRead = ByteBuffer.wrap(bArr3, 0, size);
            this.session.payloadDataBufferForRead.limit(size);
            this.session.payloadDataBufferForRead.order(order);
        }
        this.session.payloadDataBufferForRead.position(position);
        byte[] bArr4 = decrypt;
        tracep(Level.FINEST, SecurityLabel.UNKNOWN, CLASS_NAME, "decryptAndChecksum", "Packet size after decryption {0}.", "Packet size after decryption {0}. Packet Dump : \n{1}", null, () -> {
            return isSensitiveEnabled() ? new Object[]{Integer.valueOf(bArr4.length), Parameter.arg(Format.Style.PACKET_DUMP, ByteBuffer.wrap(bArr4), 0, bArr4.length)} : new Object[]{Integer.valueOf(bArr4.length)};
        });
    }
}
