package eu.xenit.gradle.docker.internal.shadow.de.schlichtherle.truezip.zip;

import edu.umd.cs.findbugs.annotations.CreatesObligation;
import edu.umd.cs.findbugs.annotations.SuppressWarnings;
import eu.xenit.gradle.docker.internal.shadow.de.schlichtherle.truezip.crypto.CipherReadOnlyFile;
import eu.xenit.gradle.docker.internal.shadow.de.schlichtherle.truezip.crypto.SuspensionPenalty;
import eu.xenit.gradle.docker.internal.shadow.de.schlichtherle.truezip.crypto.param.AesKeyStrength;
import eu.xenit.gradle.docker.internal.shadow.de.schlichtherle.truezip.rof.ReadOnlyFile;
import eu.xenit.gradle.docker.internal.shadow.de.schlichtherle.truezip.util.ArrayHelper;
import java.io.EOFException;
import java.io.IOException;
import javax.annotation.WillCloseWhenClosed;
import javax.annotation.concurrent.NotThreadSafe;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* JADX INFO: Access modifiers changed from: package-private */
@NotThreadSafe
/* loaded from: input_file:eu/xenit/gradle/docker/internal/shadow/de/schlichtherle/truezip/zip/WinZipAesEntryReadOnlyFile.class */
public final class WinZipAesEntryReadOnlyFile extends CipherReadOnlyFile {
    private final byte[] authenticationCode;
    private final KeyParameter sha1MacParam;
    private final ZipEntry entry;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    @CreatesObligation
    @SuppressWarnings({"OBL_UNSATISFIED_OBLIGATION"})
    public WinZipAesEntryReadOnlyFile(@WillCloseWhenClosed ReadOnlyFile readOnlyFile, WinZipAesEntryParameters winZipAesEntryParameters) throws IOException {
        super(readOnlyFile);
        KeyParameter generateDerivedParameters;
        CipherParameters parametersWithIV;
        KeyParameter keyParameter;
        ZipEntry entry = winZipAesEntryParameters.getEntry();
        if (!$assertionsDisabled && !entry.isEncrypted()) {
            throw new AssertionError();
        }
        WinZipAesEntryExtraField winZipAesEntryExtraField = (WinZipAesEntryExtraField) entry.getExtraField(39169);
        if (null == winZipAesEntryExtraField) {
            throw new ZipCryptoException(entry.getName() + " (missing extra field for WinZip AES entry)");
        }
        AesKeyStrength keyStrength = winZipAesEntryExtraField.getKeyStrength();
        int bits = keyStrength.getBits();
        int bytes = keyStrength.getBytes();
        byte[] bArr = new byte[bytes / 2];
        readOnlyFile.seek(0L);
        readOnlyFile.readFully(bArr);
        byte[] bArr2 = new byte[2];
        readOnlyFile.readFully(bArr2);
        this.authenticationCode = new byte[new HMac(new SHA1Digest()).getMacSize() / 2];
        long filePointer = readOnlyFile.getFilePointer();
        long length = readOnlyFile.length() - this.authenticationCode.length;
        long j = length - filePointer;
        if (0 > j) {
            throw new ZipCryptoException(entry.getName() + " (false positive WinZip AES entry is too short)", new EOFException());
        }
        readOnlyFile.seek(length);
        readOnlyFile.readFully(this.authenticationCode);
        if (-1 != readOnlyFile.read()) {
            throw new ZipCryptoException("Expected end of file after WinZip AES authentication code!");
        }
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        long j2 = 0;
        do {
            byte[] readPassword = winZipAesEntryParameters.getReadPassword(0 != j2);
            if (!$assertionsDisabled && null == readPassword) {
                throw new AssertionError();
            }
            pKCS5S2ParametersGenerator.init(readPassword, bArr, 1000);
            if (!$assertionsDisabled && 128 > bits) {
                throw new AssertionError();
            }
            generateDerivedParameters = pKCS5S2ParametersGenerator.generateDerivedParameters((2 * bits) + 16);
            paranoidWipe(readPassword);
            parametersWithIV = new ParametersWithIV(new KeyParameter(generateDerivedParameters.getKey(), 0, bytes), new byte[16]);
            keyParameter = new KeyParameter(generateDerivedParameters.getKey(), bytes, bytes);
            j2 = SuspensionPenalty.enforce(j2);
        } while (!ArrayHelper.equals(generateDerivedParameters.getKey(), 2 * bytes, bArr2, 0, 2));
        this.sha1MacParam = keyParameter;
        this.entry = entry;
        WinZipAesCipher winZipAesCipher = new WinZipAesCipher();
        winZipAesCipher.init(false, parametersWithIV);
        init(winZipAesCipher, filePointer, j);
        winZipAesEntryParameters.setKeyStrength(keyStrength);
    }

    private void paranoidWipe(byte[] bArr) {
        int length = bArr.length;
        while (true) {
            length--;
            if (length < 0) {
                return;
            } else {
                bArr[length] = 0;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticate() throws IOException {
        HMac hMac = new HMac(new SHA1Digest());
        hMac.init(this.sha1MacParam);
        if (!ArrayHelper.equals(computeMac(hMac), 0, this.authenticationCode, 0, this.authenticationCode.length)) {
            throw new ZipAuthenticationException(this.entry.getName() + " (authenticated WinZip AES entry content has been tampered with)");
        }
    }

    static {
        $assertionsDisabled = !WinZipAesEntryReadOnlyFile.class.desiredAssertionStatus();
    }
}
