package de.bsvrz.dav.daf.communication.srpAuthentication;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.DigestException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:de/bsvrz/dav/daf/communication/srpAuthentication/SrpTelegramEncryption.class */
public class SrpTelegramEncryption {
    private final int _authTagBits;
    private static final int NONCE_BYTES = 12;
    private final SecretKey _encryptionKey;
    private final byte[] _encryptionNonce;
    private final Cipher _encryptionCipher;
    private final SecretKey _decryptionKey;
    private final byte[] _decryptionNonce;
    private final Cipher _decryptionCipher;
    private final byte[] _encryptTmp = new byte[128];
    private final byte[] _decryptTmp = new byte[128];

    public SrpTelegramEncryption(byte[] bArr, boolean z, SrpCryptoParameter srpCryptoParameter) throws SrpNotSupportedException {
        try {
            this._authTagBits = srpCryptoParameter.getGcmAuthenticationTagBits();
            this._encryptionCipher = Cipher.getInstance("AES_" + srpCryptoParameter.getAesKeyLengthBits() + "/GCM/NoPadding");
            this._decryptionCipher = Cipher.getInstance("AES_" + srpCryptoParameter.getAesKeyLengthBits() + "/GCM/NoPadding");
            int aesKeyLengthBits = srpCryptoParameter.getAesKeyLengthBits() / 8;
            byte[] computeHash = computeHash((2 * aesKeyLengthBits) + 8, srpCryptoParameter.getHashFunction(), bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(computeHash, 0, aesKeyLengthBits, "AES");
            int i = 0 + aesKeyLengthBits;
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(computeHash, i, aesKeyLengthBits, "AES");
            int i2 = i + aesKeyLengthBits;
            byte[] bArr2 = new byte[12];
            byte[] bArr3 = new byte[12];
            for (int i3 = 0; i3 < 4; i3++) {
                bArr2[i3] = computeHash[i2 + i3];
                bArr3[i3] = computeHash[i2 + 4 + i3];
            }
            if (z) {
                this._encryptionKey = secretKeySpec;
                this._encryptionNonce = bArr2;
                this._decryptionKey = secretKeySpec2;
                this._decryptionNonce = bArr3;
            } else {
                this._encryptionKey = secretKeySpec2;
                this._encryptionNonce = bArr3;
                this._decryptionKey = secretKeySpec;
                this._decryptionNonce = bArr2;
            }
        } catch (DigestException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new SrpNotSupportedException("Verschlüsselungs-Verfahren wird nicht unterstützt", e);
        }
    }

    public byte[] encrypt(byte[] bArr) throws IOException {
        try {
            this._encryptionCipher.init(1, this._encryptionKey, nonce(this._encryptionNonce));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length + (this._authTagBits / 8));
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), this._encryptionCipher);
            Throwable th = null;
            while (true) {
                try {
                    try {
                        int read = cipherInputStream.read(this._encryptTmp);
                        if (read == -1) {
                            break;
                        }
                        byteArrayOutputStream.write(this._encryptTmp, 0, read);
                    } catch (Throwable th2) {
                        if (cipherInputStream != null) {
                            if (th != null) {
                                try {
                                    cipherInputStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                cipherInputStream.close();
                            }
                        }
                        throw th2;
                    }
                } finally {
                }
            }
            if (cipherInputStream != null) {
                if (0 != 0) {
                    try {
                        cipherInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    cipherInputStream.close();
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new IOException(e);
        }
    }

    public byte[] decrypt(byte[] bArr) throws IOException {
        try {
            this._decryptionCipher.init(2, this._decryptionKey, nonce(this._decryptionNonce));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(Math.max(0, bArr.length - (this._authTagBits / 8)));
            CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr), this._decryptionCipher);
            Throwable th = null;
            while (true) {
                try {
                    try {
                        int read = cipherInputStream.read(this._decryptTmp);
                        if (read == -1) {
                            break;
                        }
                        byteArrayOutputStream.write(this._decryptTmp, 0, read);
                    } finally {
                    }
                } catch (Throwable th2) {
                    if (cipherInputStream != null) {
                        if (th != null) {
                            try {
                                cipherInputStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            cipherInputStream.close();
                        }
                    }
                    throw th2;
                }
            }
            if (cipherInputStream != null) {
                if (0 != 0) {
                    try {
                        cipherInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    cipherInputStream.close();
                }
            }
            return byteArrayOutputStream.toByteArray();
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new IOException(e);
        }
    }

    private GCMParameterSpec nonce(byte[] bArr) {
        increment(bArr);
        return new GCMParameterSpec(this._authTagBits, bArr);
    }

    public static void increment(byte[] bArr) {
        int length = bArr.length - 1;
        bArr[length] = (byte) (bArr[length] + 1);
        while (length > 0 && bArr[length] == 0) {
            length--;
            bArr[length] = (byte) (bArr[length] + 1);
        }
    }

    public static byte[] computeHash(int i, String str, byte[] bArr) throws NoSuchAlgorithmException, DigestException {
        Objects.requireNonNull(bArr, "data == null");
        if (bArr.length == 0) {
            throw new IllegalArgumentException("Leeres Array");
        }
        MessageDigest messageDigest = MessageDigest.getInstance(str);
        int digestLength = messageDigest.getDigestLength();
        int i2 = ((i + digestLength) - 1) / digestLength;
        byte[] bArr2 = new byte[i2 * digestLength];
        for (int i3 = 0; i3 < i2; i3++) {
            messageDigest.update((byte) (i3 >> 24));
            messageDigest.update((byte) (i3 >> 16));
            messageDigest.update((byte) (i3 >> 8));
            messageDigest.update((byte) i3);
            if (bArr.length == 0) {
                throw new IllegalArgumentException("Leeres Array");
            }
            messageDigest.update(bArr);
            messageDigest.digest(bArr2, i3 * digestLength, digestLength);
        }
        return bArr2;
    }

    public String getCipherName() {
        return this._encryptionCipher.getAlgorithm();
    }
}
