package io.kroxylicious.filter.encryption.dek;

import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.nio.BufferOverflowException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.IntUnaryOperator;
import java.util.function.LongUnaryOperator;
import java.util.function.Supplier;
import javax.annotation.concurrent.NotThreadSafe;
import javax.annotation.concurrent.ThreadSafe;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;

@ThreadSafe
/* loaded from: input_file:io/kroxylicious/filter/encryption/dek/Dek.class */
public final class Dek<E> {
    private final E edek;
    private final AtomicReference<DestroyableRawSecretKey> atomicKey;
    private final AtomicLong remainingEncryptions;
    private final AtomicLong outstandingCryptors;
    private static final long START = combine(1, 1);
    private static final long END = combine(-1, -1);
    private final CipherSpec cipherSpec;

    @NotThreadSafe
    /* loaded from: input_file:io/kroxylicious/filter/encryption/dek/Dek$Decryptor.class */
    public final class Decryptor implements AutoCloseable {
        private final Cipher cipher;
        private SecretKey key;
        private final CipherSpec cipherSpec;

        private Decryptor(CipherSpec cipherSpec, SecretKey secretKey) {
            this.cipher = cipherSpec.newCipher();
            this.cipherSpec = cipherSpec;
            this.key = secretKey;
        }

        public void decrypt(@NonNull ByteBuffer byteBuffer, @Nullable ByteBuffer byteBuffer2, @NonNull ByteBuffer byteBuffer3, @NonNull ByteBuffer byteBuffer4) {
            try {
                this.cipher.init(2, this.key, this.cipherSpec.readParameters(byteBuffer3));
                if (byteBuffer2 != null) {
                    this.cipher.updateAAD(byteBuffer2);
                }
                this.cipher.doFinal(byteBuffer, byteBuffer4);
            } catch (GeneralSecurityException e) {
                throw new DekException(e);
            }
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            if (this.key != null) {
                this.key = null;
                Dek.this.maybeDestroyKey(Dek::releaseDecryptor);
            }
        }
    }

    @NotThreadSafe
    /* loaded from: input_file:io/kroxylicious/filter/encryption/dek/Dek$Encryptor.class */
    public final class Encryptor implements AutoCloseable {
        private final Cipher cipher;
        private SecretKey key;
        private final Supplier<AlgorithmParameterSpec> paramSupplier;
        private final CipherSpec cipherSpec;
        private int numEncryptions;
        private boolean haveParameters = false;

        private Encryptor(CipherSpec cipherSpec, SecretKey secretKey, int i) {
            if (i <= 0) {
                throw new IllegalArgumentException();
            }
            this.cipherSpec = (CipherSpec) Objects.requireNonNull(cipherSpec);
            this.key = (SecretKey) Objects.requireNonNull(secretKey);
            this.numEncryptions = i;
            this.cipher = cipherSpec.newCipher();
            this.paramSupplier = cipherSpec.paramSupplier();
        }

        @NonNull
        public E edek() {
            return (E) Dek.this.edek();
        }

        public ByteBuffer generateParameters(@NonNull EncryptAllocator encryptAllocator) {
            if (this.numEncryptions <= 0) {
                throw new DekUsageException("The Encryptor has no more operations allowed");
            }
            this.numEncryptions--;
            try {
                AlgorithmParameterSpec algorithmParameterSpec = this.paramSupplier.get();
                this.cipher.init(1, this.key, algorithmParameterSpec);
                ByteBuffer buffer = encryptAllocator.buffer(this.cipherSpec.size(algorithmParameterSpec));
                this.cipherSpec.writeParameters(buffer, algorithmParameterSpec);
                buffer.flip();
                this.haveParameters = true;
                return buffer;
            } catch (BufferOverflowException e) {
                throw new BufferTooSmallException();
            } catch (GeneralSecurityException e2) {
                throw new DekException(e2);
            }
        }

        public ByteBuffer encrypt(@NonNull ByteBuffer byteBuffer, @Nullable ByteBuffer byteBuffer2, @NonNull EncryptAllocator encryptAllocator) {
            if (!this.haveParameters) {
                throw new IllegalStateException("Expecting a prior call to generateParameters()");
            }
            this.haveParameters = false;
            if (byteBuffer2 != null) {
                try {
                    this.cipher.updateAAD(byteBuffer2);
                    byteBuffer2.rewind();
                } catch (ShortBufferException e) {
                    throw new BufferTooSmallException();
                } catch (GeneralSecurityException e2) {
                    throw new DekException(e2);
                }
            }
            ByteBuffer buffer = encryptAllocator.buffer(this.cipher.getOutputSize(byteBuffer.remaining()));
            int position = byteBuffer.position();
            this.cipher.doFinal(byteBuffer, buffer);
            byteBuffer.position(position);
            buffer.flip();
            if (this.numEncryptions == 0) {
                close();
            }
            return buffer;
        }

        @Override // java.lang.AutoCloseable
        public void close() {
            if (this.key != null) {
                this.key = null;
                Dek.this.maybeDestroyKey(Dek::releaseEncryptor);
            }
        }

        @NonNull
        public CipherSpec cipherSpec() {
            return this.cipherSpec;
        }
    }

    private static long combine(int i, int i2) {
        return (i << 32) | (4294967295L & i2);
    }

    private static int encryptorCount(long j) {
        return (int) (j >> 32);
    }

    private static int decryptorCount(long j) {
        return (int) j;
    }

    private static long update(long j, IntUnaryOperator intUnaryOperator, IntUnaryOperator intUnaryOperator2) {
        return combine(intUnaryOperator.applyAsInt(encryptorCount(j)), intUnaryOperator2.applyAsInt(decryptorCount(j)));
    }

    private static int incrementCounterIfNotDestroyed(int i) {
        return i > 0 ? i + 1 : i;
    }

    private static int decrementCounter(int i) {
        return i > 0 ? i - 1 : i + 1;
    }

    private static int destroyCounterIfNecessary(int i) {
        return i < 0 ? i : -i;
    }

    private static int identity(int i) {
        return i;
    }

    private static long acquireEncryptor(long j) {
        return update(j, Dek::incrementCounterIfNotDestroyed, Dek::identity);
    }

    private static long acquireDecryptor(long j) {
        return update(j, Dek::identity, Dek::incrementCounterIfNotDestroyed);
    }

    private static long releaseEncryptor(long j) {
        return update(j, Dek::decrementCounter, Dek::identity);
    }

    private static long releaseDecryptor(long j) {
        return update(j, Dek::identity, Dek::decrementCounter);
    }

    private static long commenceDestroyEncryptor(long j) {
        return update(j, Dek::destroyCounterIfNecessary, Dek::identity);
    }

    private static long commenceDestroyDecryptor(long j) {
        return update(j, Dek::identity, Dek::destroyCounterIfNecessary);
    }

    private static long commenceDestroyBoth(long j) {
        return update(j, Dek::destroyCounterIfNecessary, Dek::destroyCounterIfNecessary);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Dek(@NonNull E e, @NonNull DestroyableRawSecretKey destroyableRawSecretKey, @NonNull CipherSpec cipherSpec, long j) {
        Objects.requireNonNull(e);
        if (((DestroyableRawSecretKey) Objects.requireNonNull(destroyableRawSecretKey)).isDestroyed()) {
            throw new IllegalArgumentException();
        }
        Objects.requireNonNull(cipherSpec);
        if (j < 0) {
            throw new IllegalArgumentException();
        }
        this.edek = e;
        this.atomicKey = new AtomicReference<>(destroyableRawSecretKey);
        this.cipherSpec = cipherSpec;
        this.remainingEncryptions = new AtomicLong(j);
        this.outstandingCryptors = new AtomicLong(j == 0 ? combine(-1, 1) : START);
    }

    @NonNull
    public Dek<E>.Encryptor encryptor(int i) {
        if (i <= 0) {
            throw new IllegalArgumentException();
        }
        if (this.remainingEncryptions.addAndGet(-i) < 0) {
            throw new ExhaustedDekException("This DEK does not have " + i + " encryptions available");
        }
        if (encryptorCount(this.outstandingCryptors.updateAndGet(Dek::acquireEncryptor)) <= 0) {
            throw new DestroyedDekException();
        }
        return new Encryptor(this.cipherSpec, this.atomicKey.get(), i);
    }

    public Dek<E>.Decryptor decryptor() {
        if (decryptorCount(this.outstandingCryptors.updateAndGet(Dek::acquireDecryptor)) <= 0) {
            throw new DestroyedDekException();
        }
        return new Decryptor(this.cipherSpec, this.atomicKey.get());
    }

    public void destroyForEncrypt() {
        maybeDestroyKey(Dek::commenceDestroyEncryptor);
    }

    public void destroy() {
        maybeDestroyKey(Dek::commenceDestroyBoth);
    }

    public void destroyForDecrypt() {
        maybeDestroyKey(Dek::commenceDestroyDecryptor);
    }

    private void maybeDestroyKey(LongUnaryOperator longUnaryOperator) {
        DestroyableRawSecretKey andSet;
        if (this.outstandingCryptors.updateAndGet(longUnaryOperator) != END || (andSet = this.atomicKey.getAndSet(null)) == null) {
            return;
        }
        andSet.destroy();
    }

    public boolean isDestroyed() {
        DestroyableRawSecretKey destroyableRawSecretKey = this.atomicKey.get();
        return destroyableRawSecretKey == null || destroyableRawSecretKey.isDestroyed();
    }

    public E edek() {
        return this.edek;
    }
}
