package org.cryptomator.cryptolib.v1;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.MessageDigest;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import org.cryptomator.cryptolib.api.AuthenticationFailedException;
import org.cryptomator.cryptolib.api.FileContentCryptor;
import org.cryptomator.cryptolib.api.FileHeader;
import org.cryptomator.cryptolib.api.Masterkey;
import org.cryptomator.cryptolib.common.CipherSupplier;
import org.cryptomator.cryptolib.common.DestroyableSecretKey;
import org.cryptomator.cryptolib.common.MacSupplier;
import org.cryptomator.cryptolib.common.ObjectPool;

/* loaded from: input_file:org/cryptomator/cryptolib/v1/FileContentCryptorImpl.class */
class FileContentCryptorImpl implements FileContentCryptor {
    private final Masterkey masterkey;
    private final SecureRandom random;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FileContentCryptorImpl(Masterkey masterkey, SecureRandom secureRandom) {
        this.masterkey = masterkey;
        this.random = secureRandom;
    }

    @Override // org.cryptomator.cryptolib.api.FileContentCryptor
    public boolean canSkipAuthentication() {
        return true;
    }

    @Override // org.cryptomator.cryptolib.api.FileContentCryptor
    public int cleartextChunkSize() {
        return 32768;
    }

    @Override // org.cryptomator.cryptolib.api.FileContentCryptor
    public int ciphertextChunkSize() {
        return 32816;
    }

    @Override // org.cryptomator.cryptolib.api.FileContentCryptor
    public ByteBuffer encryptChunk(ByteBuffer byteBuffer, long j, FileHeader fileHeader) {
        ByteBuffer allocate = ByteBuffer.allocate(32816);
        encryptChunk(byteBuffer, allocate, j, fileHeader);
        allocate.flip();
        return allocate;
    }

    @Override // org.cryptomator.cryptolib.api.FileContentCryptor
    public void encryptChunk(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, long j, FileHeader fileHeader) {
        if (byteBuffer.remaining() <= 0 || byteBuffer.remaining() > 32768) {
            throw new IllegalArgumentException("Invalid cleartext chunk size: " + byteBuffer.remaining() + ", expected range [1, 32768]");
        }
        if (byteBuffer2.remaining() < 32816) {
            throw new IllegalArgumentException("Invalid cipehrtext chunk size: " + byteBuffer2.remaining() + ", must fit up to 32816 bytes.");
        }
        FileHeaderImpl cast = FileHeaderImpl.cast(fileHeader);
        encryptChunk(byteBuffer, byteBuffer2, j, cast.getNonce(), cast.getPayload().getContentKey());
    }

    @Override // org.cryptomator.cryptolib.api.FileContentCryptor
    public ByteBuffer decryptChunk(ByteBuffer byteBuffer, long j, FileHeader fileHeader, boolean z) throws AuthenticationFailedException {
        ByteBuffer allocate = ByteBuffer.allocate(32768);
        decryptChunk(byteBuffer, allocate, j, fileHeader, z);
        allocate.flip();
        return allocate;
    }

    @Override // org.cryptomator.cryptolib.api.FileContentCryptor
    public void decryptChunk(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, long j, FileHeader fileHeader, boolean z) throws AuthenticationFailedException {
        if (byteBuffer.remaining() < 48 || byteBuffer.remaining() > 32816) {
            throw new IllegalArgumentException("Invalid ciphertext chunk size: " + byteBuffer.remaining() + ", expected range [48, 32816]");
        }
        if (byteBuffer2.remaining() < 32768) {
            throw new IllegalArgumentException("Invalid cleartext chunk size: " + byteBuffer2.remaining() + ", must fit up to 32768 bytes.");
        }
        FileHeaderImpl cast = FileHeaderImpl.cast(fileHeader);
        if (z && !checkChunkMac(cast.getNonce(), j, byteBuffer)) {
            throw new AuthenticationFailedException("Authentication of chunk " + j + " failed.");
        }
        decryptChunk(byteBuffer, byteBuffer2, cast.getPayload().getContentKey());
    }

    void encryptChunk(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, long j, byte[] bArr, DestroyableSecretKey destroyableSecretKey) {
        try {
            DestroyableSecretKey copy = destroyableSecretKey.copy();
            try {
                byte[] bArr2 = new byte[16];
                this.random.nextBytes(bArr2);
                byteBuffer2.put(bArr2);
                ObjectPool.Lease<Cipher> encryptionCipher = CipherSupplier.AES_CTR.encryptionCipher(copy, new IvParameterSpec(bArr2));
                try {
                    if (!$assertionsDisabled && byteBuffer2.remaining() < encryptionCipher.get().getOutputSize(byteBuffer.remaining()) + 32) {
                        throw new AssertionError();
                    }
                    encryptionCipher.get().doFinal(byteBuffer, byteBuffer2);
                    if (encryptionCipher != null) {
                        encryptionCipher.close();
                    }
                    ByteBuffer duplicate = byteBuffer2.duplicate();
                    duplicate.flip();
                    byte[] calcChunkMac = calcChunkMac(bArr, j, duplicate);
                    if (!$assertionsDisabled && calcChunkMac.length != 32) {
                        throw new AssertionError();
                    }
                    byteBuffer2.put(calcChunkMac);
                    if (copy != null) {
                        copy.close();
                    }
                } catch (Throwable th) {
                    if (encryptionCipher != null) {
                        try {
                            encryptionCipher.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                if (copy != null) {
                    try {
                        copy.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                }
                throw th3;
            }
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new IllegalStateException("Unexpected exception for CTR ciphers.", e);
        } catch (ShortBufferException e2) {
            throw new IllegalStateException("Buffer allocated for reported output size apparently not big enough.", e2);
        }
    }

    void decryptChunk(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, DestroyableSecretKey destroyableSecretKey) {
        if (!$assertionsDisabled && byteBuffer.remaining() < 48) {
            throw new AssertionError();
        }
        try {
            DestroyableSecretKey copy = destroyableSecretKey.copy();
            try {
                byte[] bArr = new byte[16];
                byteBuffer.get(bArr, 0, 16);
                ByteBuffer duplicate = byteBuffer.duplicate();
                duplicate.position(16).limit(byteBuffer.limit() - 32);
                ObjectPool.Lease<Cipher> decryptionCipher = CipherSupplier.AES_CTR.decryptionCipher(copy, new IvParameterSpec(bArr));
                try {
                    if (!$assertionsDisabled && byteBuffer2.remaining() < decryptionCipher.get().getOutputSize(duplicate.remaining())) {
                        throw new AssertionError();
                    }
                    decryptionCipher.get().doFinal(duplicate, byteBuffer2);
                    if (decryptionCipher != null) {
                        decryptionCipher.close();
                    }
                    if (copy != null) {
                        copy.close();
                    }
                } catch (Throwable th) {
                    if (decryptionCipher != null) {
                        try {
                            decryptionCipher.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new IllegalStateException("Unexpected exception for CTR ciphers.", e);
        } catch (ShortBufferException e2) {
            throw new IllegalStateException("Buffer allocated for reported output size apparently not big enough.", e2);
        }
    }

    boolean checkChunkMac(byte[] bArr, long j, ByteBuffer byteBuffer) {
        if (!$assertionsDisabled && byteBuffer.remaining() < 48) {
            throw new AssertionError();
        }
        ByteBuffer duplicate = byteBuffer.duplicate();
        duplicate.position(0).limit(byteBuffer.limit() - 32);
        ByteBuffer duplicate2 = byteBuffer.duplicate();
        duplicate2.position(byteBuffer.limit() - 32);
        byte[] bArr2 = new byte[32];
        duplicate2.get(bArr2);
        return MessageDigest.isEqual(bArr2, calcChunkMac(bArr, j, duplicate));
    }

    private byte[] calcChunkMac(byte[] bArr, long j, ByteBuffer byteBuffer) {
        DestroyableSecretKey macKey = this.masterkey.getMacKey();
        try {
            ObjectPool.Lease<Mac> keyed = MacSupplier.HMAC_SHA256.keyed(macKey);
            try {
                byte[] array = ByteBuffer.allocate(8).order(ByteOrder.BIG_ENDIAN).putLong(j).array();
                keyed.get().update(bArr);
                keyed.get().update(array);
                keyed.get().update(byteBuffer);
                byte[] doFinal = keyed.get().doFinal();
                if (keyed != null) {
                    keyed.close();
                }
                if (macKey != null) {
                    macKey.close();
                }
                return doFinal;
            } finally {
            }
        } catch (Throwable th) {
            if (macKey != null) {
                try {
                    macKey.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    static {
        $assertionsDisabled = !FileContentCryptorImpl.class.desiredAssertionStatus();
    }
}
