package com.microsoft.azure.keyvault.cryptography.algorithms;

import com.microsoft.azure.keyvault.cryptography.ByteExtensions;
import com.microsoft.azure.keyvault.cryptography.IAuthenticatedCryptoTransform;
import com.microsoft.azure.keyvault.cryptography.ICryptoTransform;
import com.microsoft.azure.keyvault.cryptography.SymmetricEncryptionAlgorithm;
import com.microsoft.azure.keyvault.cryptography.algorithms.AesCbc;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.tuple.Triple;

/* loaded from: input_file:com/microsoft/azure/keyvault/cryptography/algorithms/AesCbcHmacSha2.class */
public abstract class AesCbcHmacSha2 extends SymmetricEncryptionAlgorithm {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/microsoft/azure/keyvault/cryptography/algorithms/AesCbcHmacSha2$AesCbcHmacSha2Decryptor.class */
    public static class AesCbcHmacSha2Decryptor implements IAuthenticatedCryptoTransform {
        final byte[] _aad_length;
        final Mac _hmac;
        final byte[] _hmac_key;
        final ICryptoTransform _inner;
        byte[] _tag;

        AesCbcHmacSha2Decryptor(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
            Triple GetAlgorithmParameters = AesCbcHmacSha2.GetAlgorithmParameters(str, bArr);
            this._hmac = (Mac) GetAlgorithmParameters.getRight();
            this._hmac_key = (byte[]) GetAlgorithmParameters.getMiddle();
            this._inner = new AesCbc.AesCbcDecryptor((byte[]) GetAlgorithmParameters.getLeft(), bArr2, provider);
            this._aad_length = AesCbcHmacSha2.toBigEndian(bArr3.length * 8);
            this._tag = bArr4;
            this._hmac.update(bArr3);
            this._hmac.update(bArr2);
        }

        @Override // com.microsoft.azure.keyvault.cryptography.IAuthenticatedCryptoTransform
        public byte[] getTag() {
            return this._tag;
        }

        @Override // com.microsoft.azure.keyvault.cryptography.ICryptoTransform
        public byte[] doFinal(byte[] bArr) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException {
            this._hmac.update(bArr);
            byte[] doFinal = this._hmac.doFinal(this._aad_length);
            byte[] bArr2 = new byte[this._hmac_key.length];
            System.arraycopy(doFinal, 0, bArr2, 0, this._hmac_key.length);
            if (ByteExtensions.sequenceEqualConstantTime(this._tag, bArr2)) {
                return this._inner.doFinal(bArr);
            }
            throw new IllegalArgumentException("Data is not authentic");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/microsoft/azure/keyvault/cryptography/algorithms/AesCbcHmacSha2$AesCbcHmacSha2Encryptor.class */
    public static class AesCbcHmacSha2Encryptor implements IAuthenticatedCryptoTransform {
        final byte[] _aad_length;
        final Mac _hmac;
        final byte[] _hmac_key;
        final ICryptoTransform _inner;
        byte[] _tag;

        AesCbcHmacSha2Encryptor(String str, byte[] bArr, byte[] bArr2, byte[] bArr3, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
            Triple GetAlgorithmParameters = AesCbcHmacSha2.GetAlgorithmParameters(str, bArr);
            this._hmac = (Mac) GetAlgorithmParameters.getRight();
            this._hmac_key = (byte[]) GetAlgorithmParameters.getMiddle();
            this._inner = new AesCbc.AesCbcEncryptor((byte[]) GetAlgorithmParameters.getLeft(), bArr2, provider);
            this._aad_length = AesCbcHmacSha2.toBigEndian(bArr3.length * 8);
            this._hmac.update(bArr3);
            this._hmac.update(bArr2);
        }

        @Override // com.microsoft.azure.keyvault.cryptography.IAuthenticatedCryptoTransform
        public byte[] getTag() {
            return this._tag;
        }

        @Override // com.microsoft.azure.keyvault.cryptography.ICryptoTransform
        public byte[] doFinal(byte[] bArr) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException {
            byte[] doFinal = this._inner.doFinal(bArr);
            this._hmac.update(doFinal);
            byte[] doFinal2 = this._hmac.doFinal(this._aad_length);
            this._tag = new byte[this._hmac_key.length];
            System.arraycopy(doFinal2, 0, this._tag, 0, this._tag.length);
            return doFinal;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AesCbcHmacSha2(String str) {
        super(str);
    }

    @Override // com.microsoft.azure.keyvault.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform CreateDecryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        return CreateDecryptor(bArr, bArr2, bArr3, bArr4, null);
    }

    @Override // com.microsoft.azure.keyvault.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform CreateDecryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        if (bArr == null) {
            throw new IllegalArgumentException("No key material");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("No initialization vector");
        }
        if (bArr3 == null) {
            throw new IllegalArgumentException("No authentication data");
        }
        if (bArr4 == null) {
            throw new IllegalArgumentException("No authentication tag");
        }
        return new AesCbcHmacSha2Decryptor(getName(), bArr, bArr2, bArr3, bArr4, provider);
    }

    @Override // com.microsoft.azure.keyvault.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform CreateEncryptor(byte[] bArr, byte[] bArr2, byte[] bArr3) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        return CreateEncryptor(bArr, bArr2, bArr3, null);
    }

    @Override // com.microsoft.azure.keyvault.cryptography.SymmetricEncryptionAlgorithm
    public ICryptoTransform CreateEncryptor(byte[] bArr, byte[] bArr2, byte[] bArr3, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException {
        if (bArr == null) {
            throw new IllegalArgumentException("No key material");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("No initialization vector");
        }
        if (bArr3 == null) {
            throw new IllegalArgumentException("No authentication data");
        }
        return new AesCbcHmacSha2Encryptor(getName(), bArr, bArr2, bArr3, provider);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Triple<byte[], byte[], Mac> GetAlgorithmParameters(String str, byte[] bArr) throws InvalidKeyException, NoSuchAlgorithmException {
        byte[] bArr2;
        byte[] bArr3;
        Mac mac;
        if (str.equalsIgnoreCase(Aes128CbcHmacSha256.ALGORITHM_NAME)) {
            if ((bArr.length << 3) < 256) {
                throw new IllegalArgumentException(String.format("%s key length in bits %d < 256", str, Integer.valueOf(bArr.length << 3)));
            }
            bArr2 = new byte[16];
            bArr3 = new byte[16];
            System.arraycopy(bArr, 0, bArr2, 0, 16);
            System.arraycopy(bArr, 16, bArr3, 0, 16);
            mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr2, "HmacSHA256"));
        } else if (str.equalsIgnoreCase(Aes192CbcHmacSha384.ALGORITHM_NAME)) {
            if ((bArr.length << 3) < 384) {
                throw new IllegalArgumentException(String.format("%s key length in bits %d < 384", str, Integer.valueOf(bArr.length << 3)));
            }
            bArr2 = new byte[24];
            bArr3 = new byte[24];
            System.arraycopy(bArr, 0, bArr2, 0, 24);
            System.arraycopy(bArr, 24, bArr3, 0, 24);
            mac = Mac.getInstance("HmacSHA384");
            mac.init(new SecretKeySpec(bArr2, "HmacSHA384"));
        } else {
            if (!str.equalsIgnoreCase(Aes256CbcHmacSha512.ALGORITHM_NAME)) {
                throw new IllegalArgumentException(String.format("Unsupported algorithm: %s", str));
            }
            if ((bArr.length << 3) < 512) {
                throw new IllegalArgumentException(String.format("%s key length in bits %d < 512", str, Integer.valueOf(bArr.length << 3)));
            }
            bArr2 = new byte[32];
            bArr3 = new byte[32];
            System.arraycopy(bArr, 0, bArr2, 0, 32);
            System.arraycopy(bArr, 32, bArr3, 0, 32);
            mac = Mac.getInstance("HmacSHA512");
            mac.init(new SecretKeySpec(bArr2, "HmacSHA512"));
        }
        return Triple.of(bArr3, bArr2, mac);
    }

    static byte[] toBigEndian(long j) {
        byte[] byteArray = BigInteger.valueOf(j).toByteArray();
        byte[] bArr = {0, 0, 0, 0, 0, 0, 0, 0};
        System.arraycopy(byteArray, 0, bArr, bArr.length - byteArray.length, byteArray.length);
        return bArr;
    }
}
