package net.snowflake.ingest.internal.net.snowflake.client.jdbc.cloud.storage;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.channels.FileChannel;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.snowflake.ingest.internal.net.snowflake.client.jdbc.MatDesc;
import net.snowflake.ingest.internal.net.snowflake.client.jdbc.internal.snowflake.common.core.RemoteStoreFileEncryptionMaterial;

/* loaded from: input_file:net/snowflake/ingest/internal/net/snowflake/client/jdbc/cloud/storage/EncryptionProvider.class */
public class EncryptionProvider {
    private static final String AES = "AES";
    private static final String FILE_CIPHER = "AES/CBC/PKCS5Padding";
    private static final String KEY_CIPHER = "AES/ECB/PKCS5Padding";
    private static final int BUFFER_SIZE = 2097152;
    private static ThreadLocal<SecureRandom> secRnd;

    public static InputStream decryptStream(InputStream inputStream, String str, String str2, RemoteStoreFileEncryptionMaterial remoteStoreFileEncryptionMaterial) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException {
        byte[] decode = Base64.getDecoder().decode(remoteStoreFileEncryptionMaterial.getQueryStageMasterKey());
        byte[] decode2 = Base64.getDecoder().decode(str);
        byte[] decode3 = Base64.getDecoder().decode(str2);
        SecretKeySpec secretKeySpec = new SecretKeySpec(decode, 0, decode.length, "AES");
        Cipher cipher = Cipher.getInstance(KEY_CIPHER);
        cipher.init(2, secretKeySpec);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(cipher.doFinal(decode2), "AES");
        Cipher cipher2 = Cipher.getInstance(FILE_CIPHER);
        cipher2.init(2, secretKeySpec2, new IvParameterSpec(decode3));
        return new CipherInputStream(inputStream, cipher2);
    }

    public static void decrypt(File file, String str, String str2, RemoteStoreFileEncryptionMaterial remoteStoreFileEncryptionMaterial) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException {
        byte[] decode = Base64.getDecoder().decode(str);
        byte[] decode2 = Base64.getDecoder().decode(str2);
        byte[] decode3 = Base64.getDecoder().decode(remoteStoreFileEncryptionMaterial.getQueryStageMasterKey());
        Cipher cipher = Cipher.getInstance(KEY_CIPHER);
        cipher.init(2, new SecretKeySpec(decode3, 0, decode3.length, "AES"));
        SecretKeySpec secretKeySpec = new SecretKeySpec(cipher.doFinal(decode), "AES");
        Cipher cipher2 = Cipher.getInstance(FILE_CIPHER);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(decode2);
        byte[] bArr = new byte[2097152];
        cipher2.init(2, secretKeySpec, ivParameterSpec);
        long j = 0;
        InputStream newInputStream = Files.newInputStream(file.toPath(), StandardOpenOption.READ);
        try {
            CipherInputStream cipherInputStream = new CipherInputStream(newInputStream, cipher2);
            try {
                OutputStream newOutputStream = Files.newOutputStream(file.toPath(), StandardOpenOption.CREATE);
                while (true) {
                    try {
                        int read = cipherInputStream.read(bArr);
                        if (read <= -1) {
                            break;
                        }
                        newOutputStream.write(bArr, 0, read);
                        j += read;
                    } catch (Throwable th) {
                        if (newOutputStream != null) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                if (newOutputStream != null) {
                    newOutputStream.close();
                }
                cipherInputStream.close();
                if (newInputStream != null) {
                    newInputStream.close();
                }
                FileChannel channel = new FileOutputStream(file, true).getChannel();
                try {
                    channel.truncate(j);
                    if (channel != null) {
                        channel.close();
                    }
                } catch (Throwable th3) {
                    if (channel != null) {
                        try {
                            channel.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th5) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    public static CipherInputStream encrypt(StorageObjectMetadata storageObjectMetadata, long j, InputStream inputStream, RemoteStoreFileEncryptionMaterial remoteStoreFileEncryptionMaterial, SnowflakeStorageClient snowflakeStorageClient) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, FileNotFoundException, IllegalBlockSizeException, BadPaddingException {
        byte[] decode = Base64.getDecoder().decode(remoteStoreFileEncryptionMaterial.getQueryStageMasterKey());
        int length = decode.length;
        byte[] bArr = new byte[length];
        Cipher cipher = Cipher.getInstance(FILE_CIPHER);
        int blockSize = cipher.getBlockSize();
        byte[] bArr2 = new byte[blockSize];
        secRnd.get().nextBytes(bArr2);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        secRnd.get().nextBytes(bArr);
        cipher.init(1, new SecretKeySpec(bArr, 0, length, "AES"), ivParameterSpec);
        CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
        Cipher cipher2 = Cipher.getInstance(KEY_CIPHER);
        cipher2.init(1, new SecretKeySpec(decode, 0, length, "AES"));
        snowflakeStorageClient.addEncryptionMetadata(storageObjectMetadata, new MatDesc(remoteStoreFileEncryptionMaterial.getSmkId().longValue(), remoteStoreFileEncryptionMaterial.getQueryId(), length * 8), bArr2, cipher2.doFinal(bArr), ((j + blockSize) / blockSize) * blockSize);
        return cipherInputStream;
    }

    static {
        new ThreadLocal();
        secRnd = ThreadLocal.withInitial(SecureRandom::new);
    }
}
