package net.snowflake.client.jdbc.cloud.storage;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.AEADBadTagException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import net.snowflake.client.jdbc.MatDesc;
import net.snowflake.common.core.RemoteStoreFileEncryptionMaterial;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;

/* loaded from: input_file:net/snowflake/client/jdbc/cloud/storage/GcmEncryptionProviderTest.class */
public class GcmEncryptionProviderTest {
    private final SecureRandom random = new SecureRandom();
    private final ArgumentCaptor<StorageObjectMetadata> storageObjectMetadataArgumentCaptor = ArgumentCaptor.forClass(StorageObjectMetadata.class);
    private final ArgumentCaptor<MatDesc> matDescArgumentCaptor = ArgumentCaptor.forClass(MatDesc.class);
    private final ArgumentCaptor<byte[]> dataIvDataArgumentCaptor = ArgumentCaptor.forClass(byte[].class);
    private final ArgumentCaptor<byte[]> keyIvDataArgumentCaptor = ArgumentCaptor.forClass(byte[].class);
    private final ArgumentCaptor<byte[]> encKeyArgumentCaptor = ArgumentCaptor.forClass(byte[].class);
    private final ArgumentCaptor<byte[]> keyAadArgumentCaptor = ArgumentCaptor.forClass(byte[].class);
    private final ArgumentCaptor<byte[]> dataAadArgumentCaptor = ArgumentCaptor.forClass(byte[].class);
    private final ArgumentCaptor<Long> contentLengthArgumentCaptor = ArgumentCaptor.forClass(Long.class);
    private final StorageObjectMetadata meta = (StorageObjectMetadata) Mockito.mock(StorageObjectMetadata.class);
    private final SnowflakeStorageClient storageClient = (SnowflakeStorageClient) Mockito.mock(SnowflakeStorageClient.class);
    private final String queryStageMasterKey = Base64.getEncoder().encodeToString(this.random.generateSeed(16));
    private final RemoteStoreFileEncryptionMaterial encMat = new RemoteStoreFileEncryptionMaterial();
    byte[] plainText = "the quick brown fox jumps over the lazy dog".getBytes(StandardCharsets.UTF_8);
    byte[] dataAad = "data aad".getBytes(StandardCharsets.UTF_8);
    byte[] keyAad = "key aad".getBytes(StandardCharsets.UTF_8);

    @BeforeEach
    public void setUp() {
        this.encMat.setQueryStageMasterKey(this.queryStageMasterKey);
        this.encMat.setSmkId(123L);
        this.encMat.setQueryId("query-id");
    }

    @Test
    public void testEncryptAndDecryptStreamWithoutAad() throws Exception {
        Assertions.assertArrayEquals(this.plainText, IOUtils.toByteArray(decryptStream(encryptStream(new ByteArrayInputStream(this.plainText), null, null), null, null)));
    }

    @Test
    public void testEncryptAndDecryptStreamWithAad() throws Exception {
        Assertions.assertArrayEquals(this.plainText, IOUtils.toByteArray(decryptStream(encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad), this.dataAad, this.keyAad)));
    }

    @Test
    public void testDecryptStreamWithInvalidKeyAad() throws Exception {
        byte[] encryptStream = encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad);
        Assertions.assertThrows(AEADBadTagException.class, () -> {
            decryptStream(encryptStream, this.dataAad, new byte[]{97});
        });
    }

    @Test
    public void testDecryptStreamWithInvalidDataAad() throws Exception {
        byte[] encryptStream = encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad);
        Assertions.assertEquals(((IOException) Assertions.assertThrows(IOException.class, () -> {
            IOUtils.toByteArray(decryptStream(encryptStream, new byte[]{97}, this.keyAad));
        })).getCause().getClass(), AEADBadTagException.class);
    }

    @Test
    public void testDecryptStreamWithInvalidCipherText() throws Exception {
        byte[] encryptStream = encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad);
        encryptStream[0] = (byte) ((encryptStream[0] + 1) % 255);
        Assertions.assertEquals(((IOException) Assertions.assertThrows(IOException.class, () -> {
            IOUtils.toByteArray(decryptStream(encryptStream, this.dataAad, this.keyAad));
        })).getCause().getClass(), AEADBadTagException.class);
    }

    @Test
    public void testDecryptStreamWithInvalidTag() throws Exception {
        byte[] encryptStream = encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad);
        encryptStream[encryptStream.length - 1] = (byte) ((encryptStream[encryptStream.length - 1] + 1) % 255);
        Assertions.assertEquals(((IOException) Assertions.assertThrows(IOException.class, () -> {
            IOUtils.toByteArray(decryptStream(encryptStream, this.dataAad, this.keyAad));
        })).getCause().getClass(), AEADBadTagException.class);
    }

    @Test
    public void testDecryptStreamWithInvalidKey() throws Exception {
        byte[] encryptStream = encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad);
        byte[] bArr = (byte[]) this.encKeyArgumentCaptor.getValue();
        bArr[0] = (byte) ((bArr[0] + 1) % 255);
        Assertions.assertThrows(AEADBadTagException.class, () -> {
            IOUtils.toByteArray(GcmEncryptionProvider.decryptStream(new ByteArrayInputStream(encryptStream), Base64.getEncoder().encodeToString(bArr), Base64.getEncoder().encodeToString((byte[]) this.dataIvDataArgumentCaptor.getValue()), Base64.getEncoder().encodeToString((byte[]) this.keyIvDataArgumentCaptor.getValue()), this.encMat, this.dataAad == null ? "" : Base64.getEncoder().encodeToString(this.dataAad), this.keyAad == null ? "" : Base64.getEncoder().encodeToString(this.keyAad)));
        });
    }

    @Test
    public void testDecryptStreamWithInvalidDataIV() throws Exception {
        byte[] encryptStream = encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad);
        byte[] bArr = (byte[]) this.dataIvDataArgumentCaptor.getValue();
        bArr[0] = (byte) ((bArr[0] + 1) % 255);
        Assertions.assertEquals(((IOException) Assertions.assertThrows(IOException.class, () -> {
            IOUtils.toByteArray(GcmEncryptionProvider.decryptStream(new ByteArrayInputStream(encryptStream), Base64.getEncoder().encodeToString((byte[]) this.encKeyArgumentCaptor.getValue()), Base64.getEncoder().encodeToString(bArr), Base64.getEncoder().encodeToString((byte[]) this.keyIvDataArgumentCaptor.getValue()), this.encMat, this.dataAad == null ? "" : Base64.getEncoder().encodeToString(this.dataAad), this.keyAad == null ? "" : Base64.getEncoder().encodeToString(this.keyAad)));
        })).getCause().getClass(), AEADBadTagException.class);
    }

    @Test
    public void testDecryptStreamWithInvalidKeyIV() throws Exception {
        byte[] encryptStream = encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad);
        byte[] bArr = (byte[]) this.keyIvDataArgumentCaptor.getValue();
        bArr[0] = (byte) ((bArr[0] + 1) % 255);
        Assertions.assertThrows(AEADBadTagException.class, () -> {
            IOUtils.toByteArray(GcmEncryptionProvider.decryptStream(new ByteArrayInputStream(encryptStream), Base64.getEncoder().encodeToString((byte[]) this.encKeyArgumentCaptor.getValue()), Base64.getEncoder().encodeToString((byte[]) this.dataIvDataArgumentCaptor.getValue()), Base64.getEncoder().encodeToString(bArr), this.encMat, this.dataAad == null ? "" : Base64.getEncoder().encodeToString(this.dataAad), this.keyAad == null ? "" : Base64.getEncoder().encodeToString(this.keyAad)));
        });
    }

    private byte[] encryptStream(InputStream inputStream, byte[] bArr, byte[] bArr2) throws InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException, IOException {
        byte[] byteArray = IOUtils.toByteArray(GcmEncryptionProvider.encrypt(this.meta, this.plainText.length, inputStream, this.encMat, this.storageClient, bArr, bArr2));
        captureKeysAndIvs();
        return byteArray;
    }

    private InputStream decryptStream(byte[] bArr, byte[] bArr2, byte[] bArr3) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchAlgorithmException {
        return GcmEncryptionProvider.decryptStream(new ByteArrayInputStream(bArr), Base64.getEncoder().encodeToString((byte[]) this.encKeyArgumentCaptor.getValue()), Base64.getEncoder().encodeToString((byte[]) this.dataIvDataArgumentCaptor.getValue()), Base64.getEncoder().encodeToString((byte[]) this.keyIvDataArgumentCaptor.getValue()), this.encMat, bArr2 == null ? "" : Base64.getEncoder().encodeToString(bArr2), bArr3 == null ? "" : Base64.getEncoder().encodeToString(bArr3));
    }

    @Test
    public void testEncryptAndDecryptFileWithoutAad() throws Exception {
        File file = Files.createTempFile("encryption", "", new FileAttribute[0]).toFile();
        file.deleteOnExit();
        FileUtils.writeByteArrayToFile(file, IOUtils.toByteArray(new ByteArrayInputStream(encryptStream(new ByteArrayInputStream(this.plainText), null, null))));
        captureKeysAndIvs();
        decryptFile(file, null, null);
        Assertions.assertArrayEquals(this.plainText, FileUtils.readFileToByteArray(file));
    }

    @Test
    public void testEncryptAndDecryptFileWithAad() throws Exception {
        File file = Files.createTempFile("encryption", "", new FileAttribute[0]).toFile();
        file.deleteOnExit();
        FileUtils.writeByteArrayToFile(file, IOUtils.toByteArray(new ByteArrayInputStream(encryptStream(new ByteArrayInputStream(this.plainText), this.dataAad, this.keyAad))));
        captureKeysAndIvs();
        decryptFile(file, this.dataAad, this.keyAad);
        Assertions.assertArrayEquals(this.plainText, FileUtils.readFileToByteArray(file));
    }

    private void decryptFile(File file, byte[] bArr, byte[] bArr2) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException, NoSuchPaddingException, NoSuchAlgorithmException {
        GcmEncryptionProvider.decryptFile(file, Base64.getEncoder().encodeToString((byte[]) this.encKeyArgumentCaptor.getValue()), Base64.getEncoder().encodeToString((byte[]) this.dataIvDataArgumentCaptor.getValue()), Base64.getEncoder().encodeToString((byte[]) this.keyIvDataArgumentCaptor.getValue()), this.encMat, this.dataAadArgumentCaptor.getValue() == null ? "" : Base64.getEncoder().encodeToString((byte[]) this.dataAadArgumentCaptor.getValue()), this.keyAadArgumentCaptor.getValue() == null ? "" : Base64.getEncoder().encodeToString((byte[]) this.keyAadArgumentCaptor.getValue()));
    }

    private void captureKeysAndIvs() {
        ((SnowflakeStorageClient) Mockito.verify(this.storageClient)).addEncryptionMetadataForGcm((StorageObjectMetadata) this.storageObjectMetadataArgumentCaptor.capture(), (MatDesc) this.matDescArgumentCaptor.capture(), (byte[]) this.encKeyArgumentCaptor.capture(), (byte[]) this.dataIvDataArgumentCaptor.capture(), (byte[]) this.keyIvDataArgumentCaptor.capture(), (byte[]) this.keyAadArgumentCaptor.capture(), (byte[]) this.dataAadArgumentCaptor.capture(), ((Long) this.contentLengthArgumentCaptor.capture()).longValue());
    }
}
