package net.java.truevfs.comp.zip;

import edu.umd.cs.findbugs.annotations.CreatesObligation;
import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SeekableByteChannel;
import java.util.Arrays;
import javax.annotation.WillCloseWhenClosed;
import javax.annotation.concurrent.NotThreadSafe;
import net.java.truecommons.io.IntervalReadOnlyChannel;
import net.java.truecommons.io.PowerBuffer;
import net.java.truecommons.io.ReadOnlyChannel;
import net.java.truevfs.comp.zip.crypto.CipherReadOnlyChannel;
import net.java.truevfs.key.spec.param.AesKeyStrength;
import net.java.truevfs.key.spec.util.SuspensionPenalty;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.Mac;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* JADX INFO: Access modifiers changed from: package-private */
@NotThreadSafe
/* loaded from: input_file:net/java/truevfs/comp/zip/WinZipAesEntryReadOnlyChannel.class */
public final class WinZipAesEntryReadOnlyChannel extends ReadOnlyChannel {
    private final ByteBuffer authenticationCode;
    private final KeyParameter sha1MacParam;
    private final ZipEntry entry;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    @CreatesObligation
    public WinZipAesEntryReadOnlyChannel(@WillCloseWhenClosed SeekableByteChannel seekableByteChannel, WinZipAesEntryParameters winZipAesEntryParameters) throws IOException {
        super(seekableByteChannel);
        KeyParameter generateDerivedParameters;
        CipherParameters parametersWithIV;
        KeyParameter keyParameter;
        ZipEntry entry = winZipAesEntryParameters.getEntry();
        if (!$assertionsDisabled && !entry.isEncrypted()) {
            throw new AssertionError();
        }
        WinZipAesEntryExtraField winZipAesEntryExtraField = (WinZipAesEntryExtraField) entry.getExtraField(39169);
        if (null == winZipAesEntryExtraField) {
            throw new ZipCryptoException(entry.getName() + " (missing extra field for WinZip AES entry)");
        }
        AesKeyStrength keyStrength = winZipAesEntryExtraField.getKeyStrength();
        int bits = keyStrength.getBits();
        int bytes = keyStrength.getBytes();
        ByteBuffer buffer = PowerBuffer.allocate(bytes / 2).load(seekableByteChannel.position(0L)).buffer();
        ByteBuffer buffer2 = PowerBuffer.allocate(2).load(seekableByteChannel).buffer();
        PowerBuffer allocate = PowerBuffer.allocate(new HMac(new SHA1Digest()).getMacSize() / 2);
        long position = seekableByteChannel.position();
        long size = seekableByteChannel.size() - allocate.limit();
        long j = size - position;
        if (0 > j) {
            throw new ZipCryptoException(entry.getName() + " (false positive WinZip AES entry is too short)", new EOFException());
        }
        allocate.load(seekableByteChannel.position(size));
        if (seekableByteChannel.position() != seekableByteChannel.size()) {
            throw new ZipCryptoException("Expected end of file after WinZip AES authentication code!");
        }
        this.authenticationCode = allocate.buffer();
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        long j2 = 0;
        do {
            byte[] readPassword = winZipAesEntryParameters.getReadPassword(0 != j2);
            if (!$assertionsDisabled && null == readPassword) {
                throw new AssertionError();
            }
            pKCS5S2ParametersGenerator.init(readPassword, buffer.array(), 1000);
            if (!$assertionsDisabled && 128 > bits) {
                throw new AssertionError();
            }
            generateDerivedParameters = pKCS5S2ParametersGenerator.generateDerivedParameters((2 * bits) + 16);
            Arrays.fill(readPassword, (byte) 0);
            parametersWithIV = new ParametersWithIV(new KeyParameter(generateDerivedParameters.getKey(), 0, bytes), new byte[16]);
            keyParameter = new KeyParameter(generateDerivedParameters.getKey(), bytes, bytes);
            j2 = SuspensionPenalty.enforce(j2);
        } while (!buffer2.equals(ByteBuffer.wrap(generateDerivedParameters.getKey()).position(2 * bytes)));
        this.sha1MacParam = keyParameter;
        this.entry = entry;
        WinZipAesCipher winZipAesCipher = new WinZipAesCipher();
        winZipAesCipher.init(false, parametersWithIV);
        this.channel = new CipherReadOnlyChannel(winZipAesCipher, new IntervalReadOnlyChannel(seekableByteChannel.position(position), j));
        winZipAesEntryParameters.setKeyStrength(keyStrength);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void authenticate() throws IOException {
        Mac hMac = new HMac(new SHA1Digest());
        hMac.init(this.sha1MacParam);
        byte[] mac = ((CipherReadOnlyChannel) this.channel).mac(hMac);
        if (!this.authenticationCode.equals(ByteBuffer.wrap(mac, 0, mac.length / 2))) {
            throw new ZipAuthenticationException(this.entry.getName() + " (authenticated WinZip AES entry content has been tampered with)");
        }
    }

    static {
        $assertionsDisabled = !WinZipAesEntryReadOnlyChannel.class.desiredAssertionStatus();
    }
}
