package com.microsoft.azure.storage.queue;

import com.microsoft.azure.keyvault.core.IKey;
import com.microsoft.azure.keyvault.core.IKeyResolver;
import com.microsoft.azure.storage.Constants;
import com.microsoft.azure.storage.StorageErrorCodeStrings;
import com.microsoft.azure.storage.StorageException;
import com.microsoft.azure.storage.core.Base64;
import com.microsoft.azure.storage.core.EncryptionAgent;
import com.microsoft.azure.storage.core.EncryptionAlgorithm;
import com.microsoft.azure.storage.core.EncryptionData;
import com.microsoft.azure.storage.core.SR;
import com.microsoft.azure.storage.core.Utility;
import com.microsoft.azure.storage.core.WrappedContentKey;
import java.util.HashMap;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.tuple.Pair;
import org.jose4j.keys.AesKey;

/* loaded from: input_file:WEB-INF/lib/azure-storage-6.1.0.jar:com/microsoft/azure/storage/queue/QueueEncryptionPolicy.class */
public final class QueueEncryptionPolicy {
    public IKey keyWrapper;
    public IKeyResolver keyResolver;

    public QueueEncryptionPolicy(IKey iKey, IKeyResolver iKeyResolver) {
        this.keyWrapper = iKey;
        this.keyResolver = iKeyResolver;
    }

    public IKey getKey() {
        return this.keyWrapper;
    }

    public IKeyResolver getKeyResolver() {
        return this.keyResolver;
    }

    public void setKey(IKey iKey) {
        this.keyWrapper = iKey;
    }

    public void setKeyResolver(IKeyResolver iKeyResolver) {
        this.keyResolver = iKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String encryptMessage(byte[] bArr) throws StorageException {
        Utility.assertNotNull("inputMessage", bArr);
        if (this.keyWrapper == null) {
            throw new IllegalArgumentException(SR.KEY_MISSING);
        }
        CloudQueueEncryptedMessage cloudQueueEncryptedMessage = new CloudQueueEncryptedMessage();
        EncryptionData encryptionData = new EncryptionData();
        if (encryptionData.getKeyWrappingMetadata() == null) {
            encryptionData.setKeyWrappingMetadata(new HashMap<>());
        }
        encryptionData.getKeyWrappingMetadata().put(Constants.EncryptionConstants.ENCRYPTION_LIBRARY, "Java 6.1.0");
        encryptionData.setEncryptionAgent(new EncryptionAgent(Constants.EncryptionConstants.ENCRYPTION_PROTOCOL_V1, EncryptionAlgorithm.AES_CBC_256));
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(AesKey.ALGORITHM);
            keyGenerator.init(256);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey);
            Pair<byte[], String> pair = this.keyWrapper.wrapKeyAsync(generateKey.getEncoded(), null).get();
            encryptionData.setWrappedContentKey(new WrappedContentKey(this.keyWrapper.getKid(), (byte[]) pair.getKey(), (String) pair.getValue()));
            cloudQueueEncryptedMessage.setEncryptedMessageContents(new String(Base64.encode(cipher.doFinal(bArr, 0, bArr.length))));
            encryptionData.setContentEncryptionIV(cipher.getIV());
            cloudQueueEncryptedMessage.setEncryptionData(encryptionData);
            return cloudQueueEncryptedMessage.serialize();
        } catch (Exception e) {
            throw StorageException.translateClientException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] decryptMessage(String str, Boolean bool) throws StorageException {
        byte[] bArr;
        Utility.assertNotNull("inputMessage", str);
        try {
            CloudQueueEncryptedMessage deserialize = CloudQueueEncryptedMessage.deserialize(str);
            if (bool != null && bool.booleanValue() && deserialize.getEncryptionData() == null) {
                throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.ENCRYPTION_DATA_NOT_PRESENT_ERROR, null);
            }
            if (deserialize.getEncryptionData() == null) {
                return Base64.decode(deserialize.getEncryptedMessageContents());
            }
            EncryptionData encryptionData = deserialize.getEncryptionData();
            Utility.assertNotNull("contentEncryptionIV", encryptionData.getContentEncryptionIV());
            Utility.assertNotNull("encryptedKey", encryptionData.getWrappedContentKey().getEncryptedKey());
            if (!Constants.EncryptionConstants.ENCRYPTION_PROTOCOL_V1.equals(encryptionData.getEncryptionAgent().getProtocol())) {
                throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.ENCRYPTION_PROTOCOL_VERSION_INVALID, null);
            }
            if (this.keyWrapper == null && this.keyResolver == null) {
                throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.KEY_AND_RESOLVER_MISSING, null);
            }
            if (this.keyResolver != null) {
                IKey iKey = this.keyResolver.resolveKeyAsync(encryptionData.getWrappedContentKey().getKeyId()).get();
                Utility.assertNotNull("keyEncryptionKey", iKey);
                bArr = iKey.unwrapKeyAsync(encryptionData.getWrappedContentKey().getEncryptedKey(), encryptionData.getWrappedContentKey().getAlgorithm()).get();
            } else {
                if (!encryptionData.getWrappedContentKey().getKeyId().equals(this.keyWrapper.getKid())) {
                    throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.KEY_MISMATCH, null);
                }
                bArr = this.keyWrapper.unwrapKeyAsync(encryptionData.getWrappedContentKey().getEncryptedKey(), encryptionData.getWrappedContentKey().getAlgorithm()).get();
            }
            switch (encryptionData.getEncryptionAgent().getEncryptionAlgorithm()) {
                case AES_CBC_256:
                    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                    cipher.init(2, new SecretKeySpec(bArr, 0, bArr.length, AesKey.ALGORITHM), new IvParameterSpec(encryptionData.getContentEncryptionIV()));
                    byte[] decode = Base64.decode(deserialize.getEncryptedMessageContents());
                    return cipher.doFinal(decode, 0, decode.length);
                default:
                    throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.INVALID_ENCRYPTION_ALGORITHM, null);
            }
        } catch (StorageException e) {
            throw e;
        } catch (Exception e2) {
            throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.DECRYPTION_LOGIC_ERROR, e2);
        }
    }
}
