package co.privacyone.security.crypto;

import co.privacyone.security.IvGenerator;
import co.privacyone.security.exception.EncryptionException;
import co.privacyone.security.exception.InvalidCipherHeaderException;
import co.privacyone.security.exception.WrongKeyException;
import co.privacyone.security.key.Key;
import co.privacyone.security.key.KeySpec;
import co.privacyone.security.util.BitsBytesConverter;
import co.privacyone.security.util.DynamicCipherInputStream;
import com.google.common.io.BaseEncoding;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.AEADBadTagException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:co/privacyone/security/crypto/AesHandlerV1.class */
public class AesHandlerV1 implements CipherHandler {
    private static final String CIPHER_ALGO = "AES/GCM/NoPadding";
    private static final int TAG_SIZE_IN_BYTES = 16;
    private static final int IV_SIZE_IN_BYTES = 12;
    private static final byte VERSION = 1;
    private static final int VERSION_BYTES = 1;
    private static final int KEY_VERSION_BYTES = 1;
    public static final int STREAM_BLOCK = 33554432;
    public static final String CRYPTO_ALGORITHM_AES = "AES";
    private final ThreadLocal<Cipher> cipherThreadLocal = ThreadLocal.withInitial(() -> {
        try {
            return Cipher.getInstance(CIPHER_ALGO);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new RuntimeException(e);
        }
    });

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:co/privacyone/security/crypto/AesHandlerV1$EnvelopeCipher.class */
    public static class EnvelopeCipher {
        private final byte[] cipher;
        private final KeySpec keySpec;

        private EnvelopeCipher(KeySpec keySpec, byte[] bArr) {
            this.keySpec = keySpec;
            this.cipher = bArr;
        }

        public KeySpec getKeySpec() {
            return this.keySpec;
        }

        public byte[] getCipher() {
            return this.cipher;
        }

        static EnvelopeCipher from(KeySpec keySpec, byte[] bArr) {
            return new EnvelopeCipher(keySpec, bArr);
        }

        static EnvelopeCipher deserialize(byte[] bArr, String str) throws EncryptionException {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            AesHandlerV1.validateHeader(wrap.remaining() >= 2, "EnvelopeCipher is too short");
            byte b = wrap.get();
            AesHandlerV1.validateHeader(b == 1, String.format("Invalid version '%d'.", Byte.valueOf(b)));
            KeySpec keySpec = new KeySpec(str, Byte.valueOf(wrap.get()));
            byte[] bArr2 = new byte[wrap.remaining()];
            wrap.get(bArr2);
            return new EnvelopeCipher(keySpec, bArr2);
        }

        byte[] serialize() {
            ByteBuffer wrap = ByteBuffer.wrap(new byte[2 + this.cipher.length]);
            wrap.put((byte) 1);
            wrap.put(this.keySpec.getVersion().byteValue());
            wrap.put(this.cipher);
            return wrap.array();
        }
    }

    @Override // co.privacyone.security.crypto.CipherHandler
    public byte getVersion() {
        return (byte) 1;
    }

    @Override // co.privacyone.security.crypto.CipherHandler
    public byte[] encrypt(byte[] bArr, Key key) {
        byte[] bArr2 = new byte[12 + bArr.length + 16];
        byte[] generate = IvGenerator.generate(12);
        System.arraycopy(generate, 0, bArr2, 0, 12);
        Cipher cipher = this.cipherThreadLocal.get();
        try {
            cipher.init(1, new SecretKeySpec(key.getKey(), CRYPTO_ALGORITHM_AES), new GCMParameterSpec(BitsBytesConverter.bytesToBits(16), generate));
            cipher.updateAAD(key.getKeySpec().getCategory().getBytes(StandardCharsets.UTF_8));
            cipher.doFinal(bArr, 0, bArr.length, bArr2, 12);
            return EnvelopeCipher.from(key.getKeySpec(), bArr2).serialize();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | ShortBufferException e) {
            throw new RuntimeException("Unexpected encryption error", e);
        }
    }

    @Override // co.privacyone.security.crypto.CipherHandler
    public void encryptStream(InputStream inputStream, File file, Key key) throws IOException {
        byte[] generate = IvGenerator.generate(12);
        Cipher cipher = this.cipherThreadLocal.get();
        try {
            cipher.init(1, new SecretKeySpec(key.getKey(), CRYPTO_ALGORITHM_AES), new GCMParameterSpec(BitsBytesConverter.bytesToBits(16), generate));
            cipher.updateAAD(key.getKeySpec().getCategory().getBytes(StandardCharsets.UTF_8));
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(1);
            fileOutputStream.write(key.getKeySpec().getVersion().byteValue());
            fileOutputStream.write(generate);
            CipherOutputStream cipherOutputStream = new CipherOutputStream(fileOutputStream, cipher);
            streamCopy(inputStream, cipherOutputStream);
            cipherOutputStream.close();
            fileOutputStream.close();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new RuntimeException("Unexpected encryption error", e);
        }
    }

    public String encryptAndEncode(byte[] bArr, Key key) {
        return BaseEncoding.base64().encode(encrypt(bArr, key));
    }

    @Override // co.privacyone.security.crypto.CipherHandler
    public byte[] decrypt(byte[] bArr, Key key) throws EncryptionException {
        try {
            String category = key.getKeySpec().getCategory();
            EnvelopeCipher deserialize = EnvelopeCipher.deserialize(bArr, category);
            if (deserialize.getKeySpec().compareTo(key.getKeySpec()) != 0) {
                throw new WrongKeyException("Key id or Key version mismatch");
            }
            SecretKeySpec secretKeySpec = new SecretKeySpec(key.getKey(), CRYPTO_ALGORITHM_AES);
            if (bArr.length < 28) {
                throw new EncryptionException("Ciphertext is malformed");
            }
            byte[] cipher = deserialize.getCipher();
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(BitsBytesConverter.bytesToBits(16), cipher, 0, 12);
            Cipher cipher2 = this.cipherThreadLocal.get();
            cipher2.init(2, secretKeySpec, gCMParameterSpec);
            cipher2.updateAAD(category.getBytes(StandardCharsets.UTF_8));
            return cipher2.doFinal(cipher, 12, cipher.length - 12);
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new RuntimeException("Unexpected encryption error", e);
        } catch (AEADBadTagException e2) {
            throw new EncryptionException("Authentication failure. Data has been tampered.");
        } catch (BadPaddingException e3) {
            throw new EncryptionException("Bad padding");
        } catch (IllegalBlockSizeException e4) {
            throw new EncryptionException("Invalid block size");
        }
    }

    public byte[] decodeAndDecrypt(String str, Key key) throws EncryptionException {
        return decrypt(BaseEncoding.base64().decode(str), key);
    }

    @Override // co.privacyone.security.crypto.CipherHandler
    public void decryptStream(InputStream inputStream, File file, Key key) throws IOException, EncryptionException {
        byte[] bArr = new byte[2];
        inputStream.read(bArr);
        byte b = bArr[0];
        validateHeader(b == 1, String.format("Invalid version '%d'.", Byte.valueOf(b)));
        Byte.valueOf(bArr[1]);
        try {
            if (inputStream.available() < 28) {
                throw new EncryptionException("Ciphertext is malformed");
            }
            byte[] bArr2 = new byte[12];
            inputStream.read(bArr2);
            GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(BitsBytesConverter.bytesToBits(16), bArr2, 0, 12);
            Cipher cipher = this.cipherThreadLocal.get();
            cipher.init(2, new SecretKeySpec(key.getKey(), CRYPTO_ALGORITHM_AES), gCMParameterSpec);
            cipher.updateAAD(key.getKeySpec().getCategory().getBytes(StandardCharsets.UTF_8));
            InputStream dynamicCipherInputStream = new DynamicCipherInputStream(inputStream, cipher, STREAM_BLOCK);
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            streamCopy(dynamicCipherInputStream, fileOutputStream);
            dynamicCipherInputStream.close();
            fileOutputStream.close();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new RuntimeException("Unexpected encryption error", e);
        }
    }

    private void streamCopy(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[STREAM_BLOCK];
        while (true) {
            try {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    return;
                } else {
                    outputStream.write(bArr, 0, read);
                }
            } catch (Exception e) {
                e.getCause();
                return;
            }
        }
    }

    private static void validateHeader(boolean z, String str) throws InvalidCipherHeaderException {
        if (!z) {
            throw new InvalidCipherHeaderException(String.valueOf(str));
        }
    }
}
