package com.amazonaws.services.s3.internal.crypto.keywrap;

import com.amazonaws.util.Throwables;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: input_file:WEB-INF/lib/aws-java-sdk-s3-1.12.705.jar:com/amazonaws/services/s3/internal/crypto/keywrap/AesGcmKeyWrapper.class */
public final class AesGcmKeyWrapper implements KeyWrapper {
    private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding";
    private static final int IV_LENGTH_IN_BYTES = 12;
    private static final int TAG_LENGTH_IN_BYTES = 16;
    private static final int TAG_LENGTH_IN_BITS = 128;
    private final CipherProvider cipherProvider;
    private final SecureRandom secureRandom;
    private final String cekAlgorithm;

    /* loaded from: input_file:WEB-INF/lib/aws-java-sdk-s3-1.12.705.jar:com/amazonaws/services/s3/internal/crypto/keywrap/AesGcmKeyWrapper$Builder.class */
    public static final class Builder {
        private CipherProvider cipherProvider;
        private SecureRandom secureRandom;
        private String cekAlgorithm;

        private Builder() {
        }

        public Builder cipherProvider(CipherProvider cipherProvider) {
            this.cipherProvider = cipherProvider;
            return this;
        }

        public Builder secureRandom(SecureRandom secureRandom) {
            this.secureRandom = secureRandom;
            return this;
        }

        public Builder cekAlgorithm(String str) {
            this.cekAlgorithm = str;
            return this;
        }

        public AesGcmKeyWrapper build() {
            return new AesGcmKeyWrapper(this);
        }
    }

    private AesGcmKeyWrapper(Builder builder) {
        this.cipherProvider = (CipherProvider) validateNotNull(builder.cipherProvider, "cipherProvider");
        this.secureRandom = builder.secureRandom;
        this.cekAlgorithm = (String) validateNotNull(builder.cekAlgorithm, "cekAlgorithm");
    }

    public static Builder builder() {
        return new Builder();
    }

    public static String cipherAlgorithm() {
        return CIPHER_ALGORITHM;
    }

    public CipherProvider cipherProvider() {
        return this.cipherProvider;
    }

    public SecureRandom secureRandom() {
        return this.secureRandom;
    }

    public String cekAlgorithm() {
        return this.cekAlgorithm;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.keywrap.KeyWrapper
    public byte[] unwrapCek(byte[] bArr, Key key) {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte[] bArr2 = new byte[IV_LENGTH_IN_BYTES];
        byte[] bArr3 = new byte[bArr.length - IV_LENGTH_IN_BYTES];
        wrap.get(bArr2);
        wrap.get(bArr3);
        Cipher createCipher = this.cipherProvider.createCipher();
        try {
            createCipher.init(2, key, new GCMParameterSpec(TAG_LENGTH_IN_BITS, bArr2));
            createCipher.updateAAD(this.cekAlgorithm.getBytes(StandardCharsets.UTF_8));
            return createCipher.doFinal(bArr3);
        } catch (Exception e) {
            throw Throwables.failure(e, "An exception was thrown when attempting to decrypt the Content Encryption Key");
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.keywrap.KeyWrapper
    public byte[] wrapCek(byte[] bArr, Key key) {
        if (this.secureRandom == null) {
            throw new NullPointerException("Error initializing AesGcmKeyWrapper for wrapping: 'secureRandom' cannot be null");
        }
        Cipher createCipher = this.cipherProvider.createCipher();
        byte[] bArr2 = new byte[IV_LENGTH_IN_BYTES];
        this.secureRandom.nextBytes(bArr2);
        try {
            createCipher.init(1, key, new GCMParameterSpec(TAG_LENGTH_IN_BITS, bArr2), this.secureRandom);
            createCipher.updateAAD(this.cekAlgorithm.getBytes(StandardCharsets.UTF_8));
            return concat(createCipher.getIV(), createCipher.doFinal(bArr));
        } catch (Exception e) {
            throw Throwables.failure(e, "An exception was thrown when attempting to encrypt the Content Encryption Key");
        }
    }

    private <T> T validateNotNull(T t, String str) {
        if (t == null) {
            throw new NullPointerException("Error initializing AesGcmKeyWrapper: '" + str + "' cannot be null");
        }
        return t;
    }

    private static byte[] concat(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }
}
