package com.emc.vipr.transform.encryption;

import ch.qos.logback.core.net.ssl.SSL;
import com.emc.vipr.transform.TransformConstants;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* loaded from: input_file:BOOT-INF/lib/vipr-object-transformations-2.0.3.jar:com/emc/vipr/transform/encryption/BasicEncryptionOutputTransform.class */
public class BasicEncryptionOutputTransform extends EncryptionOutputTransform {
    byte[] iv;
    SecretKey k;
    private String masterEncryptionKeyFingerprint;
    private KeyPair masterKey;

    public BasicEncryptionOutputTransform(OutputStream outputStream, Map<String, String> map, String str, KeyPair keyPair, String str2, int i, Provider provider) {
        super(outputStream, map, "ENC:" + str2, provider);
        this.masterEncryptionKeyFingerprint = str;
        this.masterKey = keyPair;
        try {
            this.pushStream = new EncryptionOutputStream(outputStream, initCipher(str2, i), provider != null ? MessageDigest.getInstance("SHA1", provider) : MessageDigest.getInstance("SHA1"));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Error initializing output transform: " + e.getMessage(), e);
        }
    }

    public BasicEncryptionOutputTransform(InputStream inputStream, Map<String, String> map, String str, KeyPair keyPair, String str2, int i, Provider provider) {
        super(inputStream, map, "ENC:" + str2, provider);
        this.masterEncryptionKeyFingerprint = str;
        this.masterKey = keyPair;
        try {
            this.pullStream = new EncryptionInputFilter(inputStream, initCipher(str2, i), provider != null ? MessageDigest.getInstance("SHA1", provider) : MessageDigest.getInstance("SHA1"));
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Error initializing output transform: " + e.getMessage(), e);
        }
    }

    private Cipher initCipher(String str, int i) throws GeneralSecurityException {
        Cipher cipher = this.provider != null ? Cipher.getInstance(str, this.provider) : Cipher.getInstance(str);
        SecureRandom secureRandom = this.provider != null ? SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM, this.provider) : SecureRandom.getInstance(SSL.DEFAULT_SECURE_RANDOM_ALGORITHM);
        String[] split = str.split("/");
        KeyGenerator keyGenerator = this.provider != null ? KeyGenerator.getInstance(split[0], this.provider) : KeyGenerator.getInstance(split[0]);
        keyGenerator.init(i, secureRandom);
        this.k = keyGenerator.generateKey();
        cipher.init(1, this.k, secureRandom);
        this.iv = cipher.getIV();
        return cipher;
    }

    @Override // com.emc.vipr.transform.OutputTransform
    public Map<String, String> getEncodedMetadata() {
        HashMap hashMap = new HashMap();
        hashMap.putAll(this.metadataToEncode);
        hashMap.put(TransformConstants.META_ENCRYPTION_IV, KeyUtils.urlSafeEncodeBase64(this.iv));
        hashMap.put(TransformConstants.META_ENCRYPTION_KEY_ID, this.masterEncryptionKeyFingerprint);
        try {
            hashMap.put(TransformConstants.META_ENCRYPTION_OBJECT_KEY, KeyUtils.encryptKey(this.k, this.provider, this.masterKey.getPublic()));
            switch (getStreamMode()) {
                case PULL:
                    EncryptionInputFilter encryptionInputFilter = (EncryptionInputFilter) this.pullStream;
                    hashMap.put(TransformConstants.META_ENCRYPTION_UNENC_SHA1, KeyUtils.toHexPadded(encryptionInputFilter.getDigest()));
                    hashMap.put(TransformConstants.META_ENCRYPTION_UNENC_SIZE, "" + encryptionInputFilter.getByteCount());
                    break;
                case PUSH:
                    EncryptionOutputStream encryptionOutputStream = (EncryptionOutputStream) this.pushStream;
                    hashMap.put(TransformConstants.META_ENCRYPTION_UNENC_SHA1, KeyUtils.toHexPadded(encryptionOutputStream.getDigest()));
                    hashMap.put(TransformConstants.META_ENCRYPTION_UNENC_SIZE, "" + encryptionOutputStream.getByteCount());
                    break;
            }
            hashMap.put(TransformConstants.META_ENCRYPTION_META_SIG, KeyUtils.signMetadata(hashMap, (RSAPrivateKey) this.masterKey.getPrivate(), this.provider));
            return hashMap;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Could not encrypt key: " + e, e);
        }
    }
}
