package com.couchbase.client.encryption.internal;

import com.couchbase.client.core.annotation.Stability;
import com.couchbase.client.core.util.CbObjects;
import com.couchbase.client.encryption.errors.InvalidCiphertextException;
import com.couchbase.client.encryption.errors.InvalidKeySizeException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;

@Stability.Internal
/* loaded from: input_file:com/couchbase/client/encryption/internal/AeadAes256CbcHmacSha512Cipher.class */
public class AeadAes256CbcHmacSha512Cipher {
    private static final int AUTH_TAG_LEN = 32;
    private static final int IV_LEN = 16;
    private final SecureRandom secureRandom;
    private final CryptoFactory cryptoFactory;

    public AeadAes256CbcHmacSha512Cipher() {
        this(null, null);
    }

    public AeadAes256CbcHmacSha512Cipher(SecureRandom secureRandom, Provider provider) {
        this.cryptoFactory = new CryptoFactory(provider);
        this.secureRandom = (SecureRandom) CbObjects.defaultIfNull(secureRandom, SecureRandom::new);
        failFastIfMissingAlgorithms();
    }

    private void failFastIfMissingAlgorithms() {
        try {
            newHmacSha512();
            newAesCscPkcs7();
        } catch (Exception e) {
            throw new RuntimeException("Security provider does not support required crypto algorithm.", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v3, types: [byte[], byte[][]] */
    public byte[] encrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        checkKeyLength(bArr);
        Zeroizer zeroizer = new Zeroizer();
        Throwable th = null;
        try {
            try {
                byte[] add = zeroizer.add(Arrays.copyOfRange(bArr, 0, AUTH_TAG_LEN));
                byte[] encryptAesCbcPkcs7 = encryptAesCbcPkcs7(zeroizer.add(Arrays.copyOfRange(bArr, AUTH_TAG_LEN, 64)), bArr2);
                byte[] concat = concat(encryptAesCbcPkcs7, truncate(zeroizer.add(hmacSha512(add, new byte[]{bArr3, encryptAesCbcPkcs7, longToBytes(lengthInBits(bArr3))})), AUTH_TAG_LEN));
                if (zeroizer != null) {
                    if (0 != 0) {
                        try {
                            zeroizer.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        zeroizer.close();
                    }
                }
                return concat;
            } finally {
            }
        } catch (Throwable th3) {
            if (zeroizer != null) {
                if (th != null) {
                    try {
                        zeroizer.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    zeroizer.close();
                }
            }
            throw th3;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v4, types: [byte[], byte[][]] */
    public byte[] decrypt(byte[] bArr, byte[] bArr2, byte[] bArr3) throws Exception {
        checkKeyLength(bArr);
        Zeroizer zeroizer = new Zeroizer();
        Throwable th = null;
        try {
            byte[] add = zeroizer.add(Arrays.copyOfRange(bArr, 0, AUTH_TAG_LEN));
            byte[] add2 = zeroizer.add(Arrays.copyOfRange(bArr, AUTH_TAG_LEN, 64));
            int length = bArr2.length - AUTH_TAG_LEN;
            byte[] copyOfRange = Arrays.copyOfRange(bArr2, 0, length);
            if (!MessageDigest.isEqual(Arrays.copyOfRange(bArr2, length, length + AUTH_TAG_LEN), truncate(zeroizer.add(hmacSha512(add, new byte[]{bArr3, copyOfRange, longToBytes(lengthInBits(bArr3))})), AUTH_TAG_LEN))) {
                throw new InvalidCiphertextException("Failed to authenticate the ciphertext and associated data.");
            }
            byte[] decryptAesCbcPkcs7 = decryptAesCbcPkcs7(add2, copyOfRange);
            if (zeroizer != null) {
                if (0 != 0) {
                    try {
                        zeroizer.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    zeroizer.close();
                }
            }
            return decryptAesCbcPkcs7;
        } catch (Throwable th3) {
            if (zeroizer != null) {
                if (0 != 0) {
                    try {
                        zeroizer.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    zeroizer.close();
                }
            }
            throw th3;
        }
    }

    private static void checkKeyLength(byte[] bArr) {
        if (bArr.length != 64) {
            throw new InvalidKeySizeException("Expected key to be 64 bytes but got " + bArr.length + " bytes.");
        }
    }

    private byte[] encryptAesCbcPkcs7(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        byte[] bArr3 = new byte[IV_LEN];
        this.secureRandom.nextBytes(bArr3);
        Cipher newAesCscPkcs7 = newAesCscPkcs7();
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr3);
        ZeroizableSecretKey zeroizableSecretKey = new ZeroizableSecretKey(bArr, "AES");
        Throwable th = null;
        try {
            try {
                newAesCscPkcs7.init(1, zeroizableSecretKey, ivParameterSpec);
                byte[] concat = concat(bArr3, newAesCscPkcs7.doFinal(bArr2));
                if (zeroizableSecretKey != null) {
                    if (0 != 0) {
                        try {
                            zeroizableSecretKey.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        zeroizableSecretKey.close();
                    }
                }
                return concat;
            } finally {
            }
        } catch (Throwable th3) {
            if (zeroizableSecretKey != null) {
                if (th != null) {
                    try {
                        zeroizableSecretKey.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    zeroizableSecretKey.close();
                }
            }
            throw th3;
        }
    }

    private byte[] decryptAesCbcPkcs7(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        Cipher newAesCscPkcs7 = newAesCscPkcs7();
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2, 0, IV_LEN);
        ZeroizableSecretKey zeroizableSecretKey = new ZeroizableSecretKey(bArr, "AES");
        Throwable th = null;
        try {
            try {
                newAesCscPkcs7.init(2, zeroizableSecretKey, ivParameterSpec);
                byte[] doFinal = newAesCscPkcs7.doFinal(bArr2, IV_LEN, bArr2.length - IV_LEN);
                if (zeroizableSecretKey != null) {
                    if (0 != 0) {
                        try {
                            zeroizableSecretKey.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        zeroizableSecretKey.close();
                    }
                }
                return doFinal;
            } finally {
            }
        } catch (Throwable th3) {
            if (zeroizableSecretKey != null) {
                if (th != null) {
                    try {
                        zeroizableSecretKey.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    zeroizableSecretKey.close();
                }
            }
            throw th3;
        }
    }

    private byte[] hmacSha512(byte[] bArr, byte[]... bArr2) throws GeneralSecurityException {
        Mac newHmacSha512 = newHmacSha512();
        ZeroizableSecretKey zeroizableSecretKey = new ZeroizableSecretKey(bArr, "HMAC");
        Throwable th = null;
        try {
            try {
                newHmacSha512.init(zeroizableSecretKey);
                for (byte[] bArr3 : bArr2) {
                    newHmacSha512.update(bArr3);
                }
                byte[] doFinal = newHmacSha512.doFinal();
                if (zeroizableSecretKey != null) {
                    if (0 != 0) {
                        try {
                            zeroizableSecretKey.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        zeroizableSecretKey.close();
                    }
                }
                return doFinal;
            } finally {
            }
        } catch (Throwable th3) {
            if (zeroizableSecretKey != null) {
                if (th != null) {
                    try {
                        zeroizableSecretKey.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    zeroizableSecretKey.close();
                }
            }
            throw th3;
        }
    }

    private Cipher newAesCscPkcs7() {
        return this.cryptoFactory.newCipher("AES/CBC/PKCS5Padding");
    }

    private Mac newHmacSha512() {
        return this.cryptoFactory.newMac("HmacSHA512");
    }

    private static long lengthInBits(byte[] bArr) {
        return bArr.length * 8;
    }

    private static byte[] concat(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }

    private static byte[] truncate(byte[] bArr, int i) {
        return Arrays.copyOfRange(bArr, 0, i);
    }

    private static byte[] longToBytes(long j) {
        return ByteBuffer.allocate(8).putLong(j).array();
    }
}
