package org.apache.james.blob.objectstorage;

import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PipedInputStream;
import java.io.PipedOutputStream;
import java.security.GeneralSecurityException;
import org.apache.commons.io.IOUtils;
import org.apache.james.blob.objectstorage.crypto.CryptoConfig;
import org.apache.james.blob.objectstorage.crypto.PBKDF2StreamingAeadFactory;
import org.jclouds.io.Payload;
import org.jclouds.io.Payloads;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/james/blob/objectstorage/AESPayloadCodec.class */
public class AESPayloadCodec implements PayloadCodec {
    private static final Logger LOGGER = LoggerFactory.getLogger(AESPayloadCodec.class);
    private final AesGcmHkdfStreaming streamingAead;

    public AESPayloadCodec(CryptoConfig cryptoConfig) {
        this.streamingAead = PBKDF2StreamingAeadFactory.newAesGcmHkdfStreaming(cryptoConfig);
    }

    @Override // org.apache.james.blob.objectstorage.PayloadCodec
    public Payload write(InputStream inputStream) {
        PipedInputStream pipedInputStream = new PipedInputStream();
        try {
            OutputStream newEncryptingStream = this.streamingAead.newEncryptingStream(new PipedOutputStream(pipedInputStream), PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
            Thread thread = new Thread(() -> {
                Throwable th = null;
                try {
                    try {
                        try {
                            IOUtils.copy(inputStream, newEncryptingStream);
                            if (newEncryptingStream != null) {
                                if (0 != 0) {
                                    try {
                                        newEncryptingStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    newEncryptingStream.close();
                                }
                            }
                        } catch (IOException e) {
                            throw new RuntimeException("Stream copy failure ", e);
                        }
                    } finally {
                    }
                } finally {
                }
            });
            thread.setUncaughtExceptionHandler((thread2, th) -> {
                LOGGER.error("Unable to encrypt payload's input stream", th);
            });
            thread.start();
            return Payloads.newInputStreamPayload(pipedInputStream);
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Unable to build payload for object storage, failed to encrypt", e);
        }
    }

    @Override // org.apache.james.blob.objectstorage.PayloadCodec
    public InputStream read(Payload payload) throws IOException {
        try {
            return this.streamingAead.newDecryptingStream(payload.openStream(), PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
        } catch (GeneralSecurityException e) {
            throw new IOException("Incorrect crypto setup", e);
        }
    }
}
