package com.unbound.provider;

import com.dyadicsec.provider.KeyGenSpec;
import com.dyadicsec.provider.KeyParameters;
import com.unbound.common.Log;
import com.unbound.provider.kmip.attribute.CryptoParams;
import com.unbound.provider.kmip.attribute.KeyWrappingSpec;
import com.unbound.provider.kmip.attribute.MessageExt;
import com.unbound.provider.kmip.object.PrivateKey;
import com.unbound.provider.kmip.object.SymmetricKey;
import com.unbound.provider.kmip.request.DecryptRequest;
import com.unbound.provider.kmip.request.EncryptRequest;
import com.unbound.provider.kmip.request.GetRequest;
import com.unbound.provider.kmip.request.RegisterRequest;
import com.unbound.provider.kmip.response.DecryptResponse;
import com.unbound.provider.kmip.response.EncryptResponse;
import com.unbound.provider.kmip.response.GetResponse;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.ArrayList;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;

/* loaded from: input_file:com/unbound/provider/SecretKeyCipher.class */
public class SecretKeyCipher extends CipherSpi {
    private int kmipAlg;
    private KeyParameters unwrapKeyParameter = null;
    private boolean aad = false;
    private boolean wrap = false;
    private boolean encrypt = false;
    private boolean padding = false;
    private int kmipMode = 0;
    private AlgorithmParameterSpec paramSpec = null;
    private byte[] auth = null;
    private byte[] corr = null;
    private UBSecretKey secretKey = null;
    private CryptoParams kmipParams = new CryptoParams();
    private MessageExt kmipExt = null;

    /* loaded from: input_file:com/unbound/provider/SecretKeyCipher$AES.class */
    public static final class AES extends SecretKeyCipher {
        public AES() {
            super(3);
        }
    }

    SecretKeyCipher(int i) {
        this.kmipAlg = i;
    }

    private void init() {
        this.auth = null;
        this.corr = null;
    }

    private void setKmipIV(SecureRandom secureRandom) throws InvalidAlgorithmParameterException {
        if (this.paramSpec == null && this.encrypt) {
            if (secureRandom == null) {
                throw new InvalidAlgorithmParameterException("Can't generate IV");
            }
            byte[] bArr = new byte[engineGetBlockSize()];
            secureRandom.nextBytes(bArr);
            this.paramSpec = new IvParameterSpec(bArr);
        }
        if (this.paramSpec == null || !(this.paramSpec instanceof IvParameterSpec)) {
            throw new InvalidAlgorithmParameterException("IvParameterSpec required");
        }
        IvParameterSpec ivParameterSpec = (IvParameterSpec) this.paramSpec;
        this.kmipExt = new MessageExt();
        this.kmipExt.iv = ivParameterSpec.getIV();
    }

    private ArrayList getAuthParam() {
        if (!this.aad) {
            return null;
        }
        if (this.auth == null) {
            this.auth = new byte[0];
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.auth);
        return arrayList;
    }

    private int execEncDec(byte[] bArr, int i, int i2, byte[] bArr2, int i3, boolean z) throws ShortBufferException {
        byte[] bArr3;
        Log end = Log.func("SecretKeyCipher.execEncDec").log("encrypt", this.encrypt).log("doFinal", z).log("inOffset", i).log("inLen", i2).end();
        try {
            try {
                if (this.secretKey == null) {
                    throw new ProviderException("Not initialized");
                }
                if (this.encrypt) {
                    EncryptRequest encryptRequest = new EncryptRequest();
                    encryptRequest.corr = this.corr;
                    if (i2 > 0) {
                        encryptRequest.data = Arrays.copyOfRange(bArr, i, i + i2);
                    }
                    encryptRequest.initInd = Boolean.valueOf(this.corr == null);
                    encryptRequest.finalInd = Boolean.valueOf(z);
                    encryptRequest.uid = UBObject.uidToStr(this.secretKey.uid);
                    encryptRequest.params = this.kmipParams;
                    encryptRequest.ext = this.kmipExt;
                    if (this.kmipExt != null) {
                        encryptRequest.ext.auth = getAuthParam();
                        encryptRequest.iv = this.kmipExt.iv;
                    }
                    try {
                        EncryptResponse encryptResponse = (EncryptResponse) this.secretKey.partition.transmit(encryptRequest);
                        this.corr = encryptResponse.corr;
                        bArr3 = encryptResponse.data;
                    } catch (IOException e) {
                        throw new ProviderException(e);
                    }
                } else {
                    DecryptRequest decryptRequest = new DecryptRequest();
                    decryptRequest.corr = this.corr;
                    if (i2 > 0) {
                        decryptRequest.data = Arrays.copyOfRange(bArr, i, i + i2);
                    }
                    decryptRequest.initInd = Boolean.valueOf(this.corr == null);
                    decryptRequest.finalInd = Boolean.valueOf(z);
                    decryptRequest.uid = UBObject.uidToStr(this.secretKey.uid);
                    decryptRequest.params = this.kmipParams;
                    decryptRequest.ext = this.kmipExt;
                    if (this.kmipExt != null) {
                        decryptRequest.ext.auth = getAuthParam();
                        decryptRequest.iv = this.kmipExt.iv;
                    }
                    try {
                        DecryptResponse decryptResponse = (DecryptResponse) this.secretKey.partition.transmit(decryptRequest);
                        this.corr = decryptResponse.corr;
                        bArr3 = decryptResponse.data;
                    } catch (IOException e2) {
                        init();
                        throw new ProviderException(e2);
                    }
                }
                if (bArr3.length > bArr2.length - i3) {
                    init();
                    throw new ShortBufferException();
                }
                System.arraycopy(bArr3, 0, bArr2, i3, bArr3.length);
                int length = bArr3.length;
                end.leavePrint().log("outLen", length).end();
                return length;
            } catch (Exception e3) {
                end.failed(e3);
                throw e3;
            }
        } catch (Throwable th) {
            end.leavePrint().log("outLen", -1).end();
            throw th;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
        this.aad = false;
        String upperCase = str.toUpperCase();
        if (upperCase.equalsIgnoreCase("GCM")) {
            this.kmipMode = 9;
            this.aad = true;
            return;
        }
        if (upperCase.equalsIgnoreCase("ECB")) {
            this.kmipMode = 2;
            return;
        }
        if (upperCase.equalsIgnoreCase("CBC")) {
            this.kmipMode = 1;
            return;
        }
        if (upperCase.equalsIgnoreCase("CTR")) {
            this.kmipMode = 6;
        } else if (upperCase.equalsIgnoreCase("OFB128")) {
            this.kmipMode = 5;
        } else {
            if (!upperCase.equalsIgnoreCase("CFB128")) {
                throw new NoSuchAlgorithmException("Mode not supported: " + upperCase);
            }
            this.kmipMode = 4;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        if (str.equalsIgnoreCase("NOPADDING")) {
            this.padding = false;
        } else {
            if (!str.equalsIgnoreCase("PKCS5PADDING")) {
                throw new NoSuchPaddingException("padding not supported");
            }
            if (this.kmipMode != 1) {
                throw new NoSuchPaddingException("padding not supported");
            }
            this.padding = true;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetBlockSize() {
        return 16;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetOutputSize(int i) {
        if (this.kmipMode != 9) {
            return i;
        }
        int tLen = ((GCMParameterSpec) this.paramSpec).getTLen() / 8;
        return this.encrypt ? i + tLen : i - tLen;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        if (this.paramSpec != null && (this.paramSpec instanceof IvParameterSpec)) {
            return ((IvParameterSpec) this.paramSpec).getIV();
        }
        return null;
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        if (this.paramSpec == null) {
            return null;
        }
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("AES", "SunJCE");
            algorithmParameters.init(this.paramSpec);
            return algorithmParameters;
        } catch (GeneralSecurityException e) {
            throw new ProviderException("Could not encode parameters", e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (!(algorithmParameterSpec instanceof KeyGenSpec)) {
            this.unwrapKeyParameter = null;
        } else {
            if (i != 4) {
                throw new InvalidAlgorithmParameterException("KeyParameter is supported only in UNWRAP_MODE");
            }
            this.unwrapKeyParameter = ((KeyGenSpec) algorithmParameterSpec).getKeyParams();
            algorithmParameterSpec = ((KeyGenSpec) algorithmParameterSpec).getOriginal();
        }
        this.secretKey = null;
        init();
        if (i != 3 && i != 4 && i != 1 && i != 2) {
            throw new InvalidParameterException("Invalid mode");
        }
        if (!(key instanceof UBSecretKey)) {
            throw new InvalidKeyException("Invalid key type");
        }
        UBSecretKey uBSecretKey = (UBSecretKey) key;
        if (uBSecretKey.getKmipAlg() != 3) {
            throw new InvalidKeyException("Invalid key type");
        }
        this.wrap = i == 3 || i == 4;
        this.encrypt = i == 1 || i == 3;
        this.paramSpec = algorithmParameterSpec;
        this.kmipParams.mode = Integer.valueOf(this.kmipMode);
        this.kmipParams.padding = Integer.valueOf(this.padding ? 3 : 1);
        switch (this.kmipMode) {
            case 1:
            case 4:
            case 5:
                setKmipIV(secureRandom);
                if (this.kmipExt.iv.length != 16) {
                    throw new InvalidAlgorithmParameterException("Invalid IV length");
                }
                break;
            case 6:
                setKmipIV(secureRandom);
                if (this.kmipExt.iv.length == 16) {
                    this.kmipParams.counterLength = 32;
                    break;
                } else {
                    throw new InvalidAlgorithmParameterException("Invalid IV length");
                }
            case 9:
                if (!(this.paramSpec instanceof GCMParameterSpec)) {
                    throw new InvalidAlgorithmParameterException("GCMParameterSpec required");
                }
                GCMParameterSpec gCMParameterSpec = (GCMParameterSpec) this.paramSpec;
                this.kmipExt = new MessageExt();
                this.kmipExt.iv = gCMParameterSpec.getIV();
                int tLen = gCMParameterSpec.getTLen();
                if (tLen % 8 != 0) {
                    throw new InvalidAlgorithmParameterException("Invalid tag length");
                }
                this.kmipParams.tagLength = Integer.valueOf(tLen / 8);
                if (this.kmipParams.tagLength.intValue() < 1 || this.kmipParams.tagLength.intValue() > 16) {
                    throw new InvalidAlgorithmParameterException("Invalid tag length");
                }
                if (this.kmipExt.iv.length != 12) {
                    throw new InvalidAlgorithmParameterException("Invalid IV length");
                }
                break;
        }
        this.secretKey = uBSecretKey;
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        AlgorithmParameterSpec algorithmParameterSpec = null;
        Class cls = this.kmipMode == 9 ? GCMParameterSpec.class : IvParameterSpec.class;
        if (algorithmParameters != null) {
            try {
                algorithmParameterSpec = algorithmParameters.getParameterSpec(cls);
            } catch (InvalidParameterSpecException e) {
                throw new InvalidAlgorithmParameterException("Wrong parameter");
            }
        }
        engineInit(i, key, algorithmParameterSpec, secureRandom);
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        try {
            engineInit(i, key, (AlgorithmParameterSpec) null, secureRandom);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InvalidKeyException(e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected void engineUpdateAAD(byte[] bArr, int i, int i2) throws IllegalStateException, UnsupportedOperationException {
        if (!this.aad) {
            throw new IllegalStateException("Cipher does not accept AAD");
        }
        if (this.auth == null) {
            this.auth = Arrays.copyOfRange(bArr, i, i + i2);
            return;
        }
        int length = this.auth.length;
        byte[] bArr2 = new byte[length + i2];
        if (length > 0) {
            System.arraycopy(this.auth, 0, bArr2, 0, length);
        }
        System.arraycopy(bArr, i, bArr2, length, i2);
        this.auth = bArr2;
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineUpdate(byte[] bArr, int i, int i2) {
        byte[] bArr2 = new byte[i2 + 32];
        try {
            return Arrays.copyOf(bArr2, engineUpdate(bArr, i, i2, bArr2, 0));
        } catch (ShortBufferException e) {
            throw new ProviderException(e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        byte[] bArr2 = new byte[i2 + 32];
        try {
            return Arrays.copyOf(bArr2, engineDoFinal(bArr, i, i2, bArr2, 0));
        } catch (ShortBufferException e) {
            throw new ProviderException(e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        if (i2 == 0) {
            return 0;
        }
        return execEncDec(bArr, i, i2, bArr2, i3, false);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:4:0x0008. Please report as an issue. */
    @Override // javax.crypto.CipherSpi
    protected int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        if (i2 == 0) {
            switch (this.kmipMode) {
                case 1:
                    if (!this.padding) {
                        return 0;
                    }
                    break;
                case 2:
                case 4:
                case 5:
                case 6:
                    return 0;
            }
        }
        int execEncDec = execEncDec(bArr, i, i2, bArr2, i3, true);
        init();
        return execEncDec;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // javax.crypto.CipherSpi
    protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        Log end = Log.func("SecretKeyCipher.engineWrap").end();
        try {
            try {
                if (this.secretKey == null) {
                    throw new ProviderException("Not initialized");
                }
                if (key == 0) {
                    throw new ProviderException("key is null");
                }
                if (this.corr != null) {
                    throw new ProviderException("engineUpdate called");
                }
                if (!(key instanceof UBSecretKey) && !(key instanceof UBRSAPrivateKey)) {
                    byte[] encoded = key.getEncoded();
                    try {
                        byte[] engineDoFinal = engineDoFinal(encoded, 0, encoded.length);
                        end.leave();
                        return engineDoFinal;
                    } catch (BadPaddingException e) {
                        throw new ProviderException(e);
                    }
                }
                GetRequest getRequest = new GetRequest();
                getRequest.uid = UBObject.uidToStr(((UBObject) key).uid);
                getRequest.formatType = 1;
                getRequest.keyWrap = new KeyWrappingSpec();
                getRequest.keyWrap.encKey.uid = UBObject.uidToStr(this.secretKey.uid);
                getRequest.keyWrap.encKey.params = this.kmipParams;
                getRequest.ext = this.kmipExt;
                if (this.kmipExt != null) {
                    getRequest.ext.auth = getAuthParam();
                }
                try {
                    GetResponse getResponse = (GetResponse) this.secretKey.partition.transmit(getRequest);
                    init();
                    if (getResponse.object instanceof PrivateKey) {
                        byte[] bArr = ((PrivateKey) getResponse.object).keyBlock.buf;
                        end.leave();
                        return bArr;
                    }
                    if (!(getResponse.object instanceof SymmetricKey)) {
                        throw new ProviderException("Invalid managed object returned");
                    }
                    byte[] bArr2 = ((SymmetricKey) getResponse.object).keyBlock.buf;
                    end.leave();
                    return bArr2;
                } catch (IOException e2) {
                    throw new ProviderException(e2);
                }
            } catch (Exception e3) {
                end.failed(e3);
                throw e3;
            }
        } catch (Throwable th) {
            end.leave();
            throw th;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        int i2;
        UBPrivateKey uBECPrivateKey;
        Log end = Log.func("SecretKeyCipher.engineUnwrap").log("wrappedKey.length", bArr.length).log("wrappedKeyAlgorithm", str).log("wrappedKeyType", i).end();
        try {
            try {
                if (this.secretKey == null) {
                    throw new ProviderException("Not initialized");
                }
                if (this.corr != null) {
                    throw new ProviderException("engineUpdate called");
                }
                RegisterRequest registerRequest = new RegisterRequest();
                registerRequest.ext = this.kmipExt;
                if (this.kmipExt != null) {
                    registerRequest.ext.auth = getAuthParam();
                }
                switch (i) {
                    case 2:
                        if (str.equalsIgnoreCase("RSA")) {
                            uBECPrivateKey = new UBRSAPrivateKey(this.secretKey.partition);
                        } else {
                            if (!str.equalsIgnoreCase("EC")) {
                                throw new InvalidKeyException("Unsupported wrappedKeyAlgorithm " + str);
                            }
                            uBECPrivateKey = new UBECPrivateKey(this.secretKey.partition);
                        }
                        try {
                            uBECPrivateKey.unwrap(this.unwrapKeyParameter, registerRequest, this.secretKey.uid, this.kmipParams, bArr);
                            return uBECPrivateKey;
                        } catch (IOException | InvalidKeySpecException e) {
                            throw new ProviderException(e);
                        }
                    case 3:
                        if (str.equalsIgnoreCase("AES")) {
                            i2 = 3;
                        } else {
                            if (!str.equalsIgnoreCase("HMAC")) {
                                throw new InvalidKeyException("Unsupported wrappedKeyAlgorithm " + str);
                            }
                            i2 = 9;
                        }
                        UBSecretKey uBSecretKey = new UBSecretKey(this.secretKey.partition, i2);
                        try {
                            uBSecretKey.unwrap(this.unwrapKeyParameter, registerRequest, this.secretKey.uid, this.kmipParams, bArr);
                            end.leave();
                            return uBSecretKey;
                        } catch (IOException e2) {
                            throw new ProviderException(e2);
                        }
                    default:
                        throw new InvalidKeyException("Unsupported wrappedKeyType");
                }
            } finally {
                end.leave();
            }
        } catch (Exception e3) {
            end.failed(e3);
            throw e3;
        }
    }
}
