package com.azure.security.keyvault.keys.cryptography;

import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.keys.cryptography.AesCbc;
import com.azure.security.keyvault.keys.cryptography.ICryptoTransform;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:WEB-INF/lib/azure-security-keyvault-keys-4.3.1.jar:com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2.class */
abstract class AesCbcHmacSha2 extends SymmetricEncryptionAlgorithm {
    private static final long BYTE_TO_BITS = 8;
    private final ClientLogger logger;

    /* loaded from: input_file:WEB-INF/lib/azure-security-keyvault-keys-4.3.1.jar:com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2$AbstractAesCbcHmacSha2CryptoTransform.class */
    static abstract class AbstractAesCbcHmacSha2CryptoTransform implements IAuthenticatedCryptoTransform {
        byte[] tag;
        final byte[] aadLength;
        final Mac hmac;
        final byte[] hmacKey;
        final ICryptoTransform inner;

        AbstractAesCbcHmacSha2CryptoTransform(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, ICryptoTransform.Factory<byte[]> factory) throws InvalidKeyException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchPaddingException {
            Triplet<byte[], byte[], Mac> algorithmParameters = getAlgorithmParameters(str, bArr);
            this.inner = factory.create(algorithmParameters.getLeft());
            this.hmacKey = algorithmParameters.getMiddle();
            this.hmac = algorithmParameters.getRight();
            this.aadLength = toBigEndian(bArr3.length * 8);
            this.hmac.update(bArr3);
            this.hmac.update(bArr2);
        }

        @Override // com.azure.security.keyvault.keys.cryptography.IAuthenticatedCryptoTransform
        public byte[] getTag() {
            return this.tag;
        }

        private byte[] toBigEndian(long j) {
            byte[] byteArray = BigInteger.valueOf(j).toByteArray();
            byte[] bArr = {0, 0, 0, 0, 0, 0, 0, 0};
            System.arraycopy(byteArray, 0, bArr, bArr.length - byteArray.length, byteArray.length);
            return bArr;
        }

        private Triplet<byte[], byte[], Mac> getAlgorithmParameters(String str, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException {
            byte[] bArr2;
            byte[] bArr3;
            Mac mac;
            if (str.equalsIgnoreCase("A128CBC-HS256")) {
                if ((bArr.length << 3) < 256) {
                    throw new IllegalArgumentException(String.format("%s key length in bits %d < 256", str, Integer.valueOf(bArr.length << 3)));
                }
                bArr2 = new byte[16];
                bArr3 = new byte[16];
                System.arraycopy(bArr, 0, bArr2, 0, 16);
                System.arraycopy(bArr, 16, bArr3, 0, 16);
                mac = Mac.getInstance("HmacSHA256");
                mac.init(new SecretKeySpec(bArr2, "HmacSHA256"));
            } else if (str.equalsIgnoreCase(Aes192CbcHmacSha384.ALGORITHM_NAME)) {
                if ((bArr.length << 3) < 384) {
                    throw new IllegalArgumentException(String.format("%s key length in bits %d < 384", str, Integer.valueOf(bArr.length << 3)));
                }
                bArr2 = new byte[24];
                bArr3 = new byte[24];
                System.arraycopy(bArr, 0, bArr2, 0, 24);
                System.arraycopy(bArr, 24, bArr3, 0, 24);
                mac = Mac.getInstance("HmacSHA384");
                mac.init(new SecretKeySpec(bArr2, "HmacSHA384"));
            } else {
                if (!str.equalsIgnoreCase(Aes256CbcHmacSha512.ALGORITHM_NAME)) {
                    throw new IllegalArgumentException(String.format("Unsupported algorithm: %s", str));
                }
                if ((bArr.length << 3) < 512) {
                    throw new IllegalArgumentException(String.format("%s key length in bits %d < 512", str, Integer.valueOf(bArr.length << 3)));
                }
                bArr2 = new byte[32];
                bArr3 = new byte[32];
                System.arraycopy(bArr, 0, bArr2, 0, 32);
                System.arraycopy(bArr, 32, bArr3, 0, 32);
                mac = Mac.getInstance("HmacSHA512");
                mac.init(new SecretKeySpec(bArr2, "HmacSHA512"));
            }
            return new Triplet<>(bArr3, bArr2, mac);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/azure-security-keyvault-keys-4.3.1.jar:com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2$AesCbcHmacSha2Decryptor.class */
    public static class AesCbcHmacSha2Decryptor extends AbstractAesCbcHmacSha2CryptoTransform {
        final ClientLogger logger;

        AesCbcHmacSha2Decryptor(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
            super(str, bArr, bArr2, bArr3, bArr5 -> {
                return new AesCbc.AesCbcDecryptor(bArr5, bArr2, provider);
            });
            this.logger = new ClientLogger((Class<?>) AesCbcHmacSha2Decryptor.class);
            this.tag = bArr4;
        }

        @Override // com.azure.security.keyvault.keys.cryptography.ICryptoTransform
        public byte[] doFinal(byte[] bArr) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException {
            this.hmac.update(bArr);
            byte[] doFinal = this.hmac.doFinal(this.aadLength);
            byte[] bArr2 = new byte[this.hmacKey.length];
            System.arraycopy(doFinal, 0, bArr2, 0, this.hmacKey.length);
            if (ByteExtensions.sequenceEqualConstantTime(bArr2, bArr2)) {
                return this.inner.doFinal(bArr);
            }
            throw this.logger.logExceptionAsWarning(new IllegalArgumentException("Data is not authentic"));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/azure-security-keyvault-keys-4.3.1.jar:com/azure/security/keyvault/keys/cryptography/AesCbcHmacSha2$AesCbcHmacSha2Encryptor.class */
    public static class AesCbcHmacSha2Encryptor extends AbstractAesCbcHmacSha2CryptoTransform {
        AesCbcHmacSha2Encryptor(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
            super(str, bArr, bArr2, bArr3, bArr4 -> {
                return new AesCbc.AesCbcEncryptor(bArr4, bArr2, provider);
            });
        }

        @Override // com.azure.security.keyvault.keys.cryptography.ICryptoTransform
        public byte[] doFinal(byte[] bArr) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException {
            byte[] doFinal = this.inner.doFinal(bArr);
            this.hmac.update(doFinal);
            byte[] doFinal2 = this.hmac.doFinal(this.aadLength);
            this.tag = new byte[this.hmacKey.length];
            System.arraycopy(doFinal2, 0, this.tag, 0, this.tag.length);
            return doFinal;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AesCbcHmacSha2(String str) {
        super(str);
        this.logger = new ClientLogger((Class<?>) AesCbcHmacSha2.class);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform createDecryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        return createDecryptor(bArr, bArr2, bArr3, bArr4, null);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform createDecryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        if (bArr == null) {
            throw this.logger.logExceptionAsWarning(new IllegalArgumentException("No key material"));
        }
        if (bArr2 == null) {
            throw this.logger.logExceptionAsWarning(new IllegalArgumentException("No initialization vector"));
        }
        if (bArr3 == null) {
            throw this.logger.logExceptionAsWarning(new IllegalArgumentException("No authentication data"));
        }
        if (bArr4 == null) {
            throw this.logger.logExceptionAsWarning(new IllegalArgumentException("No authentication tag"));
        }
        return new AesCbcHmacSha2Decryptor(getName(), bArr, bArr2, bArr3, bArr4, provider);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform createEncryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        return createEncryptor(bArr, bArr2, bArr3, null, null);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform createEncryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        if (bArr == null) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("No key material"));
        }
        if (bArr2 == null) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("No initialization vector"));
        }
        if (bArr3 == null) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("No authentication data"));
        }
        return new AesCbcHmacSha2Encryptor(getName(), bArr, bArr2, bArr3, provider);
    }
}
