package org.cryptomator.cloudaccess;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import org.cryptomator.cloudaccess.api.CloudPath;
import org.cryptomator.cloudaccess.api.CloudProvider;
import org.cryptomator.cloudaccess.api.ProgressListener;
import org.cryptomator.cloudaccess.api.exceptions.CloudProviderException;
import org.cryptomator.cloudaccess.api.exceptions.VaultKeyVerificationFailedException;
import org.cryptomator.cloudaccess.api.exceptions.VaultVerificationFailedException;
import org.cryptomator.cloudaccess.api.exceptions.VaultVersionVerificationFailedException;
import org.cryptomator.cloudaccess.localfs.LocalFsCloudProvider;
import org.cryptomator.cloudaccess.vaultformat8.VaultFormat8ProviderDecorator;
import org.cryptomator.cloudaccess.webdav.WebDavCloudProvider;
import org.cryptomator.cloudaccess.webdav.WebDavCredential;
import org.cryptomator.cryptolib.Cryptors;
import org.cryptomator.cryptolib.api.Cryptor;

/* loaded from: input_file:org/cryptomator/cloudaccess/CloudAccess.class */
public class CloudAccess {
    private CloudAccess() {
    }

    public static CloudProvider vaultFormat8GCMCloudAccess(CloudProvider cloudProvider, CloudPath cloudPath, byte[] bArr) {
        Preconditions.checkArgument(bArr.length == 64, "masterkey needs to be 512 bit");
        try {
            Cryptor createFromRawKey = Cryptors.version2(SecureRandom.getInstanceStrong()).createFromRawKey(bArr);
            verifyVaultFormat8GCMConfig(cloudProvider, cloudPath, bArr);
            VaultFormat8ProviderDecorator vaultFormat8ProviderDecorator = new VaultFormat8ProviderDecorator(cloudProvider, cloudPath.resolve("d"), createFromRawKey);
            vaultFormat8ProviderDecorator.initialize();
            return new MetadataCachingProviderDecorator(vaultFormat8ProviderDecorator);
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new CloudProviderException("Vault initialization interrupted.", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("JVM doesn't supply a CSPRNG", e2);
        }
    }

    private static void verifyVaultFormat8GCMConfig(CloudProvider cloudProvider, CloudPath cloudPath, byte[] bArr) {
        CloudPath resolve = cloudPath.resolve("vaultconfig.jwt");
        JWTVerifier build = JWT.require(Algorithm.HMAC256(bArr)).withClaim("format", 8).withClaim("cipherCombo", "SIV_GCM").withClaim("shorteningThreshold", Integer.MAX_VALUE).build();
        try {
            InputStream join = cloudProvider.read(resolve, ProgressListener.NO_PROGRESS_AWARE).toCompletableFuture().join();
            try {
                build.verify(new String(join.readAllBytes(), StandardCharsets.US_ASCII));
                if (join != null) {
                    join.close();
                }
            } catch (Throwable th) {
                if (join != null) {
                    try {
                        join.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | CloudProviderException e) {
            throw new CloudProviderException(e);
        } catch (JWTVerificationException e2) {
            if (!e2.getMessage().equals("The Claim 'format' value doesn't match the required one.")) {
                throw new VaultVerificationFailedException(e2);
            }
            throw new VaultVersionVerificationFailedException(e2);
        } catch (SignatureVerificationException e3) {
            throw new VaultKeyVerificationFailedException((JWTVerificationException) e3);
        }
    }

    public static CloudProvider toWebDAV(URL url, String str, CharSequence charSequence) {
        return WebDavCloudProvider.from(WebDavCredential.from(url, str, charSequence.toString()));
    }

    public static CloudProvider toLocalFileSystem(Path path) {
        return new LocalFsCloudProvider(path);
    }
}
