package io.kroxylicious.filter.encryption.inband;

import edu.umd.cs.findbugs.annotations.NonNull;
import io.kroxylicious.filter.encryption.EncryptionException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Objects;
import javax.annotation.concurrent.NotThreadSafe;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;

/* JADX INFO: Access modifiers changed from: package-private */
@NotThreadSafe
/* loaded from: input_file:io/kroxylicious/filter/encryption/inband/AesGcmEncryptor.class */
public class AesGcmEncryptor implements Destroyable {
    private int lastCall;
    private static final int OUTPUT_SIZE = 0;
    private static final int ENCRYPT = 1;
    private static final int DECRYPT = 2;
    private SecretKey key;
    private Cipher cipher;
    private final int numAuthBits = 128;
    private final byte[] iv;
    private final AesGcmIvGenerator ivGenerator;

    private AesGcmEncryptor(int i, AesGcmIvGenerator aesGcmIvGenerator, @NonNull SecretKey secretKey) {
        this.iv = new byte[i];
        this.ivGenerator = aesGcmIvGenerator;
        this.key = (SecretKey) Objects.requireNonNull(secretKey);
        try {
            this.cipher = Cipher.getInstance("AES_256/GCM/NoPadding");
        } catch (GeneralSecurityException e) {
            throw new EncryptionException(e);
        }
    }

    public static AesGcmEncryptor forEncrypt(@NonNull AesGcmIvGenerator aesGcmIvGenerator, @NonNull SecretKey secretKey) {
        Objects.requireNonNull(aesGcmIvGenerator);
        AesGcmEncryptor aesGcmEncryptor = new AesGcmEncryptor(aesGcmIvGenerator.sizeBytes(), aesGcmIvGenerator, secretKey);
        aesGcmEncryptor.lastCall = ENCRYPT;
        return aesGcmEncryptor;
    }

    @NonNull
    public static AesGcmEncryptor forDecrypt(@NonNull SecretKey secretKey) {
        AesGcmEncryptor aesGcmEncryptor = new AesGcmEncryptor(12, null, secretKey);
        aesGcmEncryptor.init(DECRYPT);
        aesGcmEncryptor.lastCall = DECRYPT;
        return aesGcmEncryptor;
    }

    public int outputSize(int i) {
        checkNotDestroyed();
        this.ivGenerator.generateIv(this.iv);
        init(ENCRYPT);
        int headerSize = headerSize() + this.cipher.getOutputSize(i);
        this.lastCall = OUTPUT_SIZE;
        return headerSize;
    }

    private int headerSize() {
        return DECRYPT + this.ivGenerator.sizeBytes();
    }

    public void encrypt(@NonNull ByteBuffer byteBuffer, @NonNull ByteBuffer byteBuffer2) {
        checkNotDestroyed();
        if (this.lastCall != 0) {
            throw new IllegalStateException("Call to encrypt() without last call being to outputSize()");
        }
        this.lastCall = ENCRYPT;
        int position = byteBuffer2.position();
        byteBuffer2.position(position + headerSize());
        try {
            this.cipher.doFinal(byteBuffer, byteBuffer2);
            int position2 = byteBuffer2.position();
            byteBuffer2.position(position);
            byteBuffer2.put((byte) 0);
            byteBuffer2.put((byte) this.iv.length);
            byteBuffer2.put(this.iv);
            byteBuffer2.position(position2);
        } catch (GeneralSecurityException e) {
            throw new EncryptionException(e);
        }
    }

    private void init(int i) {
        try {
            this.cipher.init(i, this.key, new GCMParameterSpec(this.numAuthBits, this.iv));
        } catch (GeneralSecurityException e) {
            throw new EncryptionException(e);
        }
    }

    public void decrypt(@NonNull ByteBuffer byteBuffer, @NonNull ByteBuffer byteBuffer2) {
        checkNotDestroyed();
        if (this.lastCall != DECRYPT) {
            throw new IllegalStateException();
        }
        byte b = byteBuffer.get();
        if (b != 0) {
            throw new EncryptionException("Unknown version " + b);
        }
        if (byteBuffer.get() != this.iv.length) {
            throw new EncryptionException("Unexpected IV length");
        }
        byteBuffer.get(this.iv, OUTPUT_SIZE, this.iv.length);
        init(DECRYPT);
        try {
            this.cipher.doFinal(byteBuffer, byteBuffer2);
        } catch (GeneralSecurityException e) {
            throw new EncryptionException(e);
        }
    }

    private void checkNotDestroyed() {
        if (this.key == null) {
            throw new IllegalStateException();
        }
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() throws DestroyFailedException {
        this.ivGenerator.destroy();
        Arrays.fill(this.iv, (byte) 0);
        try {
            try {
                if (this.key != null) {
                    this.key.destroy();
                }
            } catch (DestroyFailedException e) {
                throw new DestroyFailedException("On key of " + String.valueOf(this.key.getClass()));
            }
        } finally {
            this.key = null;
            this.cipher = null;
        }
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.key == null;
    }
}
