package com.microsoft.azure.storage.table;

import com.microsoft.azure.keyvault.core.IKey;
import com.microsoft.azure.keyvault.core.IKeyResolver;
import com.microsoft.azure.storage.Constants;
import com.microsoft.azure.storage.StorageErrorCodeStrings;
import com.microsoft.azure.storage.StorageException;
import com.microsoft.azure.storage.core.EncryptionAgent;
import com.microsoft.azure.storage.core.EncryptionAlgorithm;
import com.microsoft.azure.storage.core.EncryptionData;
import com.microsoft.azure.storage.core.SR;
import com.microsoft.azure.storage.core.Utility;
import com.microsoft.azure.storage.core.WrappedContentKey;
import com.microsoft.azure.storage.table.TableRequestOptions;
import java.security.Key;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:WEB-INF/lib/azure-storage-6.1.0.jar:com/microsoft/azure/storage/table/TableEncryptionPolicy.class */
public class TableEncryptionPolicy {
    public IKey keyWrapper;
    public IKeyResolver keyResolver;

    public TableEncryptionPolicy(IKey iKey, IKeyResolver iKeyResolver) {
        this.keyWrapper = iKey;
        this.keyResolver = iKeyResolver;
    }

    public IKey getKey() {
        return this.keyWrapper;
    }

    public IKeyResolver getKeyResolver() {
        return this.keyResolver;
    }

    public void setKey(IKey iKey) {
        this.keyWrapper = iKey;
    }

    public void setKeyResolver(IKeyResolver iKeyResolver) {
        this.keyResolver = iKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, EntityProperty> encryptEntity(Map<String, EntityProperty> map, String str, String str2, TableRequestOptions.EncryptionResolver encryptionResolver) throws StorageException {
        Utility.assertNotNull(Constants.QueryConstants.PROPERTIES, map);
        if (this.keyWrapper == null) {
            throw new IllegalArgumentException(SR.KEY_MISSING);
        }
        EncryptionData encryptionData = new EncryptionData();
        if (encryptionData.getKeyWrappingMetadata() == null) {
            encryptionData.setKeyWrappingMetadata(new HashMap<>());
        }
        encryptionData.getKeyWrappingMetadata().put(Constants.EncryptionConstants.ENCRYPTION_LIBRARY, "Java 6.1.0");
        encryptionData.setEncryptionAgent(new EncryptionAgent("1.0", EncryptionAlgorithm.AES_CBC_256));
        try {
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(256);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey);
            Pair<byte[], String> pair = this.keyWrapper.wrapKeyAsync(generateKey.getEncoded(), null).get();
            encryptionData.setWrappedContentKey(new WrappedContentKey(this.keyWrapper.getKid(), pair.getKey(), pair.getValue()));
            encryptionData.setContentEncryptionIV(cipher.getIV());
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            for (Map.Entry<String, EntityProperty> entry : map.entrySet()) {
                if (encryptionResolver != null && encryptionResolver.encryptionResolver(str, str2, entry.getKey())) {
                    if (entry.getValue() == null) {
                        throw new IllegalArgumentException(SR.ENCRYPTING_NULL_PROPERTIES_NOT_ALLOWED);
                    }
                    entry.getValue().setIsEncrypted(true);
                }
                if (entry.getValue() == null || !entry.getValue().isEncrypted()) {
                    hashMap.put(entry.getKey(), entry.getValue());
                } else {
                    if (entry.getValue().getEdmType() != EdmType.STRING) {
                        throw new IllegalArgumentException(String.format(SR.UNSUPPORTED_PROPERTY_TYPE_FOR_ENCRYPTION, entry.getValue().getEdmType()));
                    }
                    byte[] digest = messageDigest.digest(Utility.binaryAppend(encryptionData.getContentEncryptionIV(), (str + str2 + entry.getKey()).getBytes("UTF-8")));
                    byte[] bArr = new byte[16];
                    System.arraycopy(digest, 0, bArr, 0, 16);
                    cipher.init(1, generateKey, new IvParameterSpec(bArr));
                    if (entry.getValue() == null) {
                        throw new IllegalArgumentException(SR.ENCRYPTING_NULL_PROPERTIES_NOT_ALLOWED);
                    }
                    byte[] bytes = entry.getValue().getValueAsString().getBytes("UTF-8");
                    hashMap.put(entry.getKey(), new EntityProperty(cipher.doFinal(bytes, 0, bytes.length)));
                    hashSet.add(entry.getKey());
                }
                byte[] digest2 = messageDigest.digest(Utility.binaryAppend(encryptionData.getContentEncryptionIV(), (str + str2 + Constants.EncryptionConstants.TABLE_ENCRYPTION_PROPERTY_DETAILS).getBytes("UTF-8")));
                byte[] bArr2 = new byte[16];
                System.arraycopy(digest2, 0, bArr2, 0, 16);
                cipher.init(1, generateKey, new IvParameterSpec(bArr2));
                byte[] bytes2 = Arrays.toString(hashSet.toArray()).getBytes("UTF-8");
                hashMap.put(Constants.EncryptionConstants.TABLE_ENCRYPTION_PROPERTY_DETAILS, new EntityProperty(cipher.doFinal(bytes2, 0, bytes2.length)));
            }
            hashMap.put(Constants.EncryptionConstants.TABLE_ENCRYPTION_KEY_DETAILS, new EntityProperty(encryptionData.serialize()));
            return hashMap;
        } catch (Exception e) {
            throw StorageException.translateClientException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CEKReturn decryptMetadataAndReturnCEK(String str, String str2, EntityProperty entityProperty, EntityProperty entityProperty2, EncryptionData encryptionData) throws StorageException {
        byte[] bArr;
        if (this.keyWrapper == null && this.keyResolver == null) {
            throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.KEY_AND_RESOLVER_MISSING, null);
        }
        try {
            encryptionData.copyValues(EncryptionData.deserialize(entityProperty.getValueAsString()));
            Utility.assertNotNull("contentEncryptionIV", encryptionData.getContentEncryptionIV());
            Utility.assertNotNull("encryptedKey", encryptionData.getWrappedContentKey().getEncryptedKey());
            if (!"1.0".equals(encryptionData.getEncryptionAgent().getProtocol())) {
                throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.ENCRYPTION_PROTOCOL_VERSION_INVALID, null);
            }
            Boolean valueOf = Boolean.valueOf(encryptionData.getEncryptionAgent().getProtocol().equals("1.0") && (encryptionData.getKeyWrappingMetadata() == null || (encryptionData.getKeyWrappingMetadata().containsKey(Constants.EncryptionConstants.ENCRYPTION_LIBRARY) && encryptionData.getKeyWrappingMetadata().get(Constants.EncryptionConstants.ENCRYPTION_LIBRARY).contains("Java"))));
            if (this.keyResolver != null) {
                IKey iKey = this.keyResolver.resolveKeyAsync(encryptionData.getWrappedContentKey().getKeyId()).get();
                Utility.assertNotNull("keyEncryptionKey", iKey);
                bArr = iKey.unwrapKeyAsync(encryptionData.getWrappedContentKey().getEncryptedKey(), encryptionData.getWrappedContentKey().getAlgorithm()).get();
            } else {
                if (!encryptionData.getWrappedContentKey().getKeyId().equals(this.keyWrapper.getKid())) {
                    throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.KEY_MISMATCH, null);
                }
                bArr = this.keyWrapper.unwrapKeyAsync(encryptionData.getWrappedContentKey().getEncryptedKey(), encryptionData.getWrappedContentKey().getAlgorithm()).get();
            }
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(Utility.binaryAppend(encryptionData.getContentEncryptionIV(), (valueOf.booleanValue() ? str + str2 + Constants.EncryptionConstants.TABLE_ENCRYPTION_PROPERTY_DETAILS : str2 + str + Constants.EncryptionConstants.TABLE_ENCRYPTION_PROPERTY_DETAILS).getBytes("UTF-8")));
            byte[] bArr2 = new byte[16];
            System.arraycopy(digest, 0, bArr2, 0, 16);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, "AES");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            byte[] valueAsByteArray = entityProperty2.getValueAsByteArray();
            entityProperty2.setValue(cipher.doFinal(valueAsByteArray, 0, valueAsByteArray.length));
            CEKReturn cEKReturn = new CEKReturn();
            cEKReturn.key = secretKeySpec;
            cEKReturn.isJavaV1 = valueOf;
            return cEKReturn;
        } catch (StorageException e) {
            throw e;
        } catch (Exception e2) {
            throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.DECRYPTION_LOGIC_ERROR, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public HashMap<String, EntityProperty> decryptEntity(HashMap<String, EntityProperty> hashMap, HashSet<String> hashSet, String str, String str2, Key key, EncryptionData encryptionData, Boolean bool) throws StorageException {
        HashMap<String, EntityProperty> hashMap2 = new HashMap<>();
        try {
            switch (encryptionData.getEncryptionAgent().getEncryptionAlgorithm()) {
                case AES_CBC_256:
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                    for (Map.Entry<String, EntityProperty> entry : hashMap.entrySet()) {
                        if (entry.getKey() != Constants.EncryptionConstants.TABLE_ENCRYPTION_KEY_DETAILS && entry.getKey() != Constants.EncryptionConstants.TABLE_ENCRYPTION_PROPERTY_DETAILS) {
                            if (hashSet.contains(entry.getKey())) {
                                byte[] digest = MessageDigest.getInstance("SHA-256").digest(Utility.binaryAppend(encryptionData.getContentEncryptionIV(), (bool.booleanValue() ? str + str2 + entry.getKey() : str2 + str + entry.getKey()).getBytes("UTF-8")));
                                byte[] bArr = new byte[16];
                                System.arraycopy(digest, 0, bArr, 0, 16);
                                cipher.init(2, key, new IvParameterSpec(bArr));
                                byte[] valueAsByteArray = entry.getValue().getValueAsByteArray();
                                hashMap2.put(entry.getKey(), new EntityProperty(new String(cipher.doFinal(valueAsByteArray, 0, valueAsByteArray.length), "UTF-8")));
                            } else {
                                hashMap2.put(entry.getKey(), entry.getValue());
                            }
                        }
                    }
                    return hashMap2;
                default:
                    throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.INVALID_ENCRYPTION_ALGORITHM, null);
            }
        } catch (StorageException e) {
            throw e;
        } catch (Exception e2) {
            throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.DECRYPTION_LOGIC_ERROR, e2);
        }
    }
}
