package net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import net.snowflake.client.jdbc.internal.amazonaws.services.s3.internal.crypto.JceEncryptionConstants;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.Algorithm;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AuthenticationParametersWithIV;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.CipherOutputStream;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.CryptoServicesRegistrar;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.IllegalKeyException;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.InvalidWrappingException;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OperatorUsingSecureRandom;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputEncryptor;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.ParametersWithIV;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.PlainInputProcessingException;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.SymmetricKey;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.SymmetricSecretKey;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.UpdateOutputStream;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.general.FipsRegister;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.BlockCipher;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.BufferedBlockCipher;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.InvalidCipherTextException;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.KeyGenerationParameters;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.Mac;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.StreamCipher;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.ValidatedSymmetricKey;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.Wrapper;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.io.CipherInputStream;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.io.CipherOutputStreamImpl;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.macs.AEADCipherMac;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.macs.CMac;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.macs.GMac;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.modes.AEADBlockCipher;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.modes.CCMBlockCipher;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.modes.GCMBlockCipher;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.params.AEADParameters;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.params.KeyParameterImpl;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.test.BasicKatTest;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.wrappers.SP80038FWrapEngine;
import net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.wrappers.SP80038FWrapWithPaddingEngine;
import net.snowflake.client.jdbc.internal.org.bouncycastle.util.Arrays;
import net.snowflake.client.jdbc.internal.org.bouncycastle.util.encoders.Hex;

/* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES.class */
public final class FipsAES {
    static final FipsEngineProvider<BlockCipher> ENGINE_PROVIDER;
    public static final FipsAlgorithm ALGORITHM = new FipsAlgorithm(JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
    public static final Parameters ECB = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.ECB));
    public static final Parameters ECBwithPKCS7 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.ECB, Padding.PKCS7));
    public static final Parameters ECBwithISO10126_2 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.ECB, Padding.ISO10126_2));
    public static final Parameters ECBwithX923 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.ECB, Padding.X923));
    public static final Parameters ECBwithISO7816_4 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.ECB, Padding.ISO7816_4));
    public static final Parameters ECBwithTBC = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.ECB, Padding.TBC));
    public static final Parameters CBC = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC));
    public static final Parameters CBCwithPKCS7 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.PKCS7));
    public static final Parameters CBCwithISO10126_2 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.ISO10126_2));
    public static final Parameters CBCwithX923 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.X923));
    public static final Parameters CBCwithISO7816_4 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.ISO7816_4));
    public static final Parameters CBCwithTBC = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.TBC));
    public static final Parameters CBCwithCS1 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.CS1));
    public static final Parameters CBCwithCS2 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.CS2));
    public static final Parameters CBCwithCS3 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CBC, Padding.CS3));
    public static final Parameters CFB8 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CFB8));
    public static final Parameters CFB128 = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CFB128));
    public static final Parameters OFB = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.OFB128));
    public static final Parameters CTR = new Parameters(new FipsAlgorithm(ALGORITHM, Mode.CTR));
    public static final AuthParameters GCM = new AuthParameters(new FipsAlgorithm(ALGORITHM, Mode.GCM));
    public static final AuthParameters CCM = new AuthParameters(new FipsAlgorithm(ALGORITHM, Mode.CCM));
    public static final AuthParameters CMAC = new AuthParameters(new FipsAlgorithm(ALGORITHM, Mode.CMAC));
    public static final AuthParameters GMAC = new AuthParameters(new FipsAlgorithm(ALGORITHM, Mode.GMAC));
    public static final WrapParameters KW = new WrapParameters(new FipsAlgorithm(ALGORITHM, Mode.WRAP));
    public static final WrapParameters KWP = new WrapParameters(new FipsAlgorithm(ALGORITHM, Mode.WRAPPAD));

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$AEADOperatorFactory.class */
    public static final class AEADOperatorFactory extends FipsAEADOperatorFactory<AuthParameters> {

        /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$AEADOperatorFactory$AADStream.class */
        private static class AADStream extends UpdateOutputStream {
            private AEADBlockCipher cipher;

            public AADStream(AEADBlockCipher aEADBlockCipher) {
                this.cipher = aEADBlockCipher;
            }

            @Override // java.io.OutputStream
            public void write(byte[] bArr, int i, int i2) throws IOException {
                this.cipher.processAADBytes(bArr, i, i2);
            }

            @Override // java.io.OutputStream
            public void write(int i) throws IOException {
                this.cipher.processAADByte((byte) i);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$AEADOperatorFactory$OutEncryptor.class */
        public static class OutEncryptor extends FipsOutputAEADEncryptor<AuthParameters> {
            private final AuthParameters parameters;
            private final AEADBlockCipher cipher;

            public OutEncryptor(ValidatedSymmetricKey validatedSymmetricKey, AuthParameters authParameters) {
                this.parameters = authParameters;
                this.cipher = BlockCipherUtils.createAEADCipher(authParameters.getAlgorithm(), FipsAES.ENGINE_PROVIDER);
                if (authParameters.iv == null) {
                    throw new IllegalArgumentException("AEAD encryption requires an iv/nonce to be provided.");
                }
                this.cipher.init(true, Utils.getAEADParameters(validatedSymmetricKey, authParameters.iv, authParameters.macLenInBits));
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputEncryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
            public AuthParameters getParameters() {
                return this.parameters;
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
            public int getMaxOutputSize(int i) {
                return this.cipher.getOutputSize(i);
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
            public int getUpdateOutputSize(int i) {
                return this.cipher.getUpdateOutputSize(i);
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputAEADEncryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AADProcessor
            public UpdateOutputStream getAADStream() {
                return new AADStream(this.cipher);
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputAEADEncryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputEncryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputEncryptor
            public CipherOutputStream getEncryptingStream(OutputStream outputStream) {
                return new CipherOutputStreamImpl(outputStream, this.cipher);
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputAEADEncryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AADProcessor
            public byte[] getMAC() {
                return this.cipher.getMac();
            }
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAEADOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AEADOperatorFactory
        public FipsOutputAEADEncryptor<AuthParameters> createOutputAEADEncryptor(SymmetricKey symmetricKey, AuthParameters authParameters) {
            return new OutEncryptor(FipsAES.validateKey(symmetricKey, authParameters.getAlgorithm()), authParameters);
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAEADOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AEADOperatorFactory
        public FipsOutputAEADDecryptor<AuthParameters> createOutputAEADDecryptor(SymmetricKey symmetricKey, final AuthParameters authParameters) {
            ValidatedSymmetricKey validateKey = FipsAES.validateKey(symmetricKey, authParameters.getAlgorithm());
            final AEADBlockCipher createAEADCipher = BlockCipherUtils.createAEADCipher(authParameters.getAlgorithm(), FipsAES.ENGINE_PROVIDER);
            if (authParameters.iv == null) {
                throw new IllegalArgumentException("AEAD decryption requires an iv/nonce to be provided.");
            }
            createAEADCipher.init(false, Utils.getAEADParameters(validateKey, authParameters.iv, authParameters.macLenInBits));
            return new FipsOutputAEADDecryptor<AuthParameters>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.AEADOperatorFactory.1
                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
                public AuthParameters getParameters() {
                    return authParameters;
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
                public int getMaxOutputSize(int i) {
                    return createAEADCipher.getOutputSize(i);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
                public int getUpdateOutputSize(int i) {
                    return createAEADCipher.getUpdateOutputSize(i);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputAEADDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AADProcessor
                public UpdateOutputStream getAADStream() {
                    return new AADStream(createAEADCipher);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputAEADDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputDecryptor
                public CipherOutputStream getDecryptingStream(OutputStream outputStream) {
                    return new CipherOutputStreamImpl(outputStream, createAEADCipher);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputAEADDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AADProcessor
                public byte[] getMAC() {
                    return createAEADCipher.getMac();
                }
            };
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAEADOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AEADOperatorFactory
        public FipsInputAEADDecryptor<AuthParameters> createInputAEADDecryptor(SymmetricKey symmetricKey, final AuthParameters authParameters) {
            ValidatedSymmetricKey validateKey = FipsAES.validateKey(symmetricKey, authParameters.getAlgorithm());
            final AEADBlockCipher createAEADCipher = BlockCipherUtils.createAEADCipher(authParameters.getAlgorithm(), FipsAES.ENGINE_PROVIDER);
            if (authParameters.iv == null) {
                throw new IllegalArgumentException("AEAD decryption requires an iv/nonce to be provided.");
            }
            createAEADCipher.init(false, Utils.getAEADParameters(validateKey, authParameters.iv, authParameters.macLenInBits));
            return new FipsInputAEADDecryptor<AuthParameters>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.AEADOperatorFactory.2
                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsInputAEADDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.InputDecryptor
                public AuthParameters getParameters() {
                    return authParameters;
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsInputAEADDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AADProcessor
                public UpdateOutputStream getAADStream() {
                    return new AADStream(createAEADCipher);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsInputAEADDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.InputDecryptor
                public InputStream getDecryptingStream(InputStream inputStream) {
                    return new CipherInputStream(inputStream, createAEADCipher);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsInputAEADDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AADProcessor
                public byte[] getMAC() {
                    return createAEADCipher.getMac();
                }
            };
        }
    }

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$AuthParameters.class */
    public static final class AuthParameters extends FipsParameters implements AuthenticationParametersWithIV {
        private final byte[] iv;
        private final int macLenInBits;

        AuthParameters(FipsAlgorithm fipsAlgorithm) {
            this(fipsAlgorithm, null, Utils.getDefaultMacSize(fipsAlgorithm, 128));
        }

        private AuthParameters(FipsAlgorithm fipsAlgorithm, byte[] bArr, int i) {
            super(fipsAlgorithm);
            this.iv = bArr;
            this.macLenInBits = i;
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AuthenticationParameters
        public int getMACSizeInBits() {
            return this.macLenInBits;
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.ParametersWithIV
        public byte[] getIV() {
            return Arrays.clone(this.iv);
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.ParametersWithIV
        public AuthParameters withIV(byte[] bArr) {
            return new AuthParameters(getAlgorithm(), Arrays.clone(bArr), this.macLenInBits);
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.ParametersWithIV
        public AuthParameters withIV(SecureRandom secureRandom) {
            if (CryptoServicesRegistrar.isInApprovedOnlyMode() && getAlgorithm().equals(FipsAES.GCM.getAlgorithm())) {
                Utils.validateRandom(secureRandom, FipsAES.GCM.getAlgorithm(), "GCM IV can only be generated by an approved DRGB");
            }
            return new AuthParameters(getAlgorithm(), getAlgorithm().createDefaultIvIfNecessary(16, secureRandom), this.macLenInBits);
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AuthenticationParametersWithIV
        public AuthParameters withIV(SecureRandom secureRandom, int i) {
            if (CryptoServicesRegistrar.isInApprovedOnlyMode() && getAlgorithm().equals(FipsAES.GCM.getAlgorithm())) {
                Utils.validateRandom(secureRandom, FipsAES.GCM.getAlgorithm(), "GCM IV can only be generated by an approved DRGB");
                if (i < 12) {
                    throw new FipsUnapprovedOperationError("GCM IV must be at least 96 bits", FipsAES.GCM.getAlgorithm());
                }
            }
            return new AuthParameters(getAlgorithm(), getAlgorithm().createIvIfNecessary(i, secureRandom), this.macLenInBits);
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.AuthenticationParameters
        public AuthParameters withMACSize(int i) {
            return new AuthParameters(getAlgorithm(), Arrays.clone(this.iv), i);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$EngineProvider.class */
    public static final class EngineProvider extends FipsEngineProvider<BlockCipher> {
        private EngineProvider() {
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.EngineProvider
        public BlockCipher createEngine() {
            return (BlockCipher) SelfTestExecutor.validate(FipsAES.ALGORITHM, new AESEngine(), new VariantKatTest<AESEngine>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.EngineProvider.1
                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.VariantKatTest
                public void evaluate(AESEngine aESEngine) {
                    byte[] decode = Hex.decode("00112233445566778899aabbccddeeff");
                    byte[] decode2 = Hex.decode("8ea2b7ca516745bfeafc49904b496089");
                    byte[] bArr = new byte[decode.length];
                    KeyParameterImpl keyParameterImpl = new KeyParameterImpl(Hex.decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"));
                    aESEngine.init(true, keyParameterImpl);
                    aESEngine.processBlock(decode, 0, bArr, 0);
                    if (!Arrays.areEqual(decode2, bArr)) {
                        fail("Failed self test on encryption");
                    }
                    aESEngine.init(false, keyParameterImpl);
                    aESEngine.processBlock(bArr, 0, bArr, 0);
                    if (Arrays.areEqual(decode, bArr)) {
                        return;
                    }
                    fail("Failed self test on decryption");
                }
            });
        }
    }

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$KeyGenerator.class */
    public static final class KeyGenerator extends FipsSymmetricKeyGenerator<SymmetricSecretKey> {
        private final FipsAlgorithm algorithm;
        private final int keySizeInBits;
        private final SecureRandom random;

        public KeyGenerator(int i, SecureRandom secureRandom) {
            this(FipsAES.ALGORITHM, i, secureRandom);
        }

        public KeyGenerator(FipsParameters fipsParameters, int i, SecureRandom secureRandom) {
            this(fipsParameters.getAlgorithm(), i, secureRandom);
        }

        private KeyGenerator(FipsAlgorithm fipsAlgorithm, int i, SecureRandom secureRandom) {
            if (CryptoServicesRegistrar.isInApprovedOnlyMode()) {
                Utils.validateKeyGenRandom(secureRandom, i, fipsAlgorithm);
            }
            if (i != 128 && i != 192 && i != 256) {
                throw new IllegalArgumentException("Attempt to create key with invalid key size [" + i + "]: " + fipsAlgorithm.getName());
            }
            this.algorithm = fipsAlgorithm;
            this.keySizeInBits = i;
            this.random = secureRandom;
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.SymmetricKeyGenerator
        public SymmetricSecretKey generateKey() {
            CipherKeyGenerator cipherKeyGenerator = new CipherKeyGenerator();
            cipherKeyGenerator.init(new KeyGenerationParameters(this.random, this.keySizeInBits));
            return new SymmetricSecretKey(this.algorithm, cipherKeyGenerator.generateKey());
        }
    }

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$KeyWrapOperatorFactory.class */
    public static final class KeyWrapOperatorFactory extends FipsKeyWrapOperatorFactory<WrapParameters, SymmetricKey> {
        private Wrapper createWrapper(FipsAlgorithm fipsAlgorithm, boolean z) {
            Wrapper sP80038FWrapWithPaddingEngine;
            switch ((Mode) fipsAlgorithm.basicVariation()) {
                case WRAP:
                    sP80038FWrapWithPaddingEngine = new SP80038FWrapEngine(FipsAES.ENGINE_PROVIDER.createEngine(), z);
                    break;
                case WRAPPAD:
                    sP80038FWrapWithPaddingEngine = new SP80038FWrapWithPaddingEngine(FipsAES.ENGINE_PROVIDER.createEngine(), z);
                    break;
                default:
                    throw new IllegalArgumentException("Unknown algorithm passed to FipsAES.KeyWrapOperatorFactory: " + fipsAlgorithm.getName());
            }
            return sP80038FWrapWithPaddingEngine;
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsKeyWrapOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.KeyWrapOperatorFactory
        public FipsKeyWrapper<WrapParameters> createKeyWrapper(SymmetricKey symmetricKey, final WrapParameters wrapParameters) {
            ValidatedSymmetricKey validateKey = FipsAES.validateKey(symmetricKey, wrapParameters.getAlgorithm());
            final Wrapper createWrapper = createWrapper(wrapParameters.getAlgorithm(), wrapParameters.useInverse);
            createWrapper.init(true, Utils.getKeyParameter(validateKey));
            return new FipsKeyWrapper<WrapParameters>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.KeyWrapOperatorFactory.1
                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.KeyWrapper
                public WrapParameters getParameters() {
                    return wrapParameters;
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.KeyWrapper
                public byte[] wrap(byte[] bArr, int i, int i2) throws PlainInputProcessingException {
                    try {
                        return createWrapper.wrap(bArr, i, i2);
                    } catch (Exception e) {
                        throw new PlainInputProcessingException("Unable to wrap key: " + e.getMessage(), e);
                    }
                }
            };
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsKeyWrapOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.KeyWrapOperatorFactory
        public FipsKeyUnwrapper<WrapParameters> createKeyUnwrapper(SymmetricKey symmetricKey, final WrapParameters wrapParameters) {
            ValidatedSymmetricKey validateKey = FipsAES.validateKey(symmetricKey, wrapParameters.getAlgorithm());
            final Wrapper createWrapper = createWrapper(wrapParameters.getAlgorithm(), wrapParameters.useInverse);
            createWrapper.init(false, Utils.getKeyParameter(validateKey));
            return new FipsKeyUnwrapper<WrapParameters>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.KeyWrapOperatorFactory.2
                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.KeyUnwrapper
                public WrapParameters getParameters() {
                    return wrapParameters;
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsKeyUnwrapper, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.KeyUnwrapper
                public byte[] unwrap(byte[] bArr, int i, int i2) throws InvalidWrappingException {
                    try {
                        return createWrapper.unwrap(bArr, i, i2);
                    } catch (InvalidCipherTextException e) {
                        throw new InvalidWrappingException("Unable to unwrap key: " + e.getMessage(), e);
                    }
                }
            };
        }
    }

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$MACOperatorFactory.class */
    public static final class MACOperatorFactory extends FipsMACOperatorFactory<AuthParameters> {
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsMACOperatorFactory
        public int calculateMACSize(AuthParameters authParameters) {
            return FipsAES.makeMAC(authParameters).getMacSize();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsMACOperatorFactory
        public Mac createMAC(SymmetricKey symmetricKey, AuthParameters authParameters) {
            Mac makeMAC = FipsAES.makeMAC(authParameters);
            ValidatedSymmetricKey validateKey = FipsAES.validateKey(symmetricKey, authParameters.getAlgorithm());
            if (authParameters.getIV() != null) {
                makeMAC.init(Utils.getParametersWithIV(validateKey, authParameters.getIV()));
            } else {
                makeMAC.init(Utils.getKeyParameter(validateKey));
            }
            return makeMAC;
        }
    }

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$OperatorFactory.class */
    public static final class OperatorFactory extends FipsSymmetricOperatorFactory<Parameters> {
        private final SecureRandom random;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$OperatorFactory$OutEncryptor.class */
        public static class OutEncryptor extends FipsOutputEncryptor<Parameters> implements OperatorUsingSecureRandom<OutputEncryptor<Parameters>> {
            private final Parameters parameters;
            private final ValidatedSymmetricKey key;
            private final BufferedBlockCipher cipher;

            public OutEncryptor(ValidatedSymmetricKey validatedSymmetricKey, Parameters parameters, SecureRandom secureRandom) {
                this.key = validatedSymmetricKey;
                this.parameters = parameters;
                this.cipher = BlockCipherUtils.createStandardCipher(true, validatedSymmetricKey, FipsAES.ENGINE_PROVIDER, parameters, secureRandom);
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputEncryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputEncryptor
            public CipherOutputStream getEncryptingStream(OutputStream outputStream) {
                return this.cipher.getUnderlyingCipher() instanceof StreamCipher ? new CipherOutputStreamImpl(outputStream, (StreamCipher) this.cipher.getUnderlyingCipher()) : new CipherOutputStreamImpl(outputStream, this.cipher);
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OperatorUsingSecureRandom
            public OutputEncryptor<Parameters> withSecureRandom(SecureRandom secureRandom) {
                return new OutEncryptor(this.key, this.parameters, secureRandom);
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputEncryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
            public Parameters getParameters() {
                return this.parameters;
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
            public int getMaxOutputSize(int i) {
                return this.cipher.getOutputSize(i);
            }

            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
            public int getUpdateOutputSize(int i) {
                return this.cipher.getUpdateOutputSize(i);
            }
        }

        public OperatorFactory() {
            this(null);
        }

        private OperatorFactory(SecureRandom secureRandom) {
            this.random = secureRandom;
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsSymmetricOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.SymmetricOperatorFactory
        public FipsOutputEncryptor<Parameters> createOutputEncryptor(SymmetricKey symmetricKey, Parameters parameters) {
            return new OutEncryptor(FipsAES.validateKey(symmetricKey, parameters.getAlgorithm()), parameters, null);
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsSymmetricOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.SymmetricOperatorFactory
        public FipsOutputDecryptor<Parameters> createOutputDecryptor(SymmetricKey symmetricKey, final Parameters parameters) {
            final BufferedBlockCipher createStandardCipher = BlockCipherUtils.createStandardCipher(false, FipsAES.validateKey(symmetricKey, parameters.getAlgorithm()), FipsAES.ENGINE_PROVIDER, parameters, this.random);
            return new FipsOutputDecryptor<Parameters>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.OperatorFactory.1
                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
                public Parameters getParameters() {
                    return parameters;
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
                public int getMaxOutputSize(int i) {
                    return createStandardCipher.getOutputSize(i);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputCipher
                public int getUpdateOutputSize(int i) {
                    return createStandardCipher.getUpdateOutputSize(i);
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsOutputDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.OutputDecryptor
                public CipherOutputStream getDecryptingStream(OutputStream outputStream) {
                    return createStandardCipher.getUnderlyingCipher() instanceof StreamCipher ? new CipherOutputStreamImpl(outputStream, (StreamCipher) createStandardCipher.getUnderlyingCipher()) : new CipherOutputStreamImpl(outputStream, createStandardCipher);
                }
            };
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsSymmetricOperatorFactory, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.SymmetricOperatorFactory
        public FipsInputDecryptor<Parameters> createInputDecryptor(SymmetricKey symmetricKey, final Parameters parameters) {
            final BufferedBlockCipher createStandardCipher = BlockCipherUtils.createStandardCipher(false, FipsAES.validateKey(symmetricKey, parameters.getAlgorithm()), FipsAES.ENGINE_PROVIDER, parameters, this.random);
            return new FipsInputDecryptor<Parameters>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.OperatorFactory.2
                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsInputDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.InputDecryptor
                public Parameters getParameters() {
                    return parameters;
                }

                @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsInputDecryptor, net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.InputDecryptor
                public InputStream getDecryptingStream(InputStream inputStream) {
                    return createStandardCipher.getUnderlyingCipher() instanceof StreamCipher ? new CipherInputStream(inputStream, (StreamCipher) createStandardCipher.getUnderlyingCipher()) : new CipherInputStream(inputStream, createStandardCipher);
                }
            };
        }
    }

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$Parameters.class */
    public static final class Parameters extends FipsParameters implements ParametersWithIV {
        private final byte[] iv;

        Parameters(FipsAlgorithm fipsAlgorithm) {
            this(fipsAlgorithm, null);
        }

        private Parameters(FipsAlgorithm fipsAlgorithm, byte[] bArr) {
            super(fipsAlgorithm);
            ((Mode) fipsAlgorithm.basicVariation()).checkIv(bArr, 16);
            this.iv = bArr;
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.ParametersWithIV
        public Parameters withIV(byte[] bArr) {
            return new Parameters(getAlgorithm(), Arrays.clone(bArr));
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.ParametersWithIV
        public Parameters withIV(SecureRandom secureRandom) {
            return new Parameters(getAlgorithm(), getAlgorithm().createDefaultIvIfNecessary(16, secureRandom));
        }

        @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.ParametersWithIV
        public byte[] getIV() {
            return Arrays.clone(this.iv);
        }
    }

    /* loaded from: input_file:net/snowflake/client/jdbc/internal/org/bouncycastle/crypto/fips/FipsAES$WrapParameters.class */
    public static final class WrapParameters extends FipsParameters {
        private final boolean useInverse;

        WrapParameters(FipsAlgorithm fipsAlgorithm) {
            this(fipsAlgorithm, false);
        }

        private WrapParameters(FipsAlgorithm fipsAlgorithm, boolean z) {
            super(fipsAlgorithm);
            this.useInverse = z;
        }

        public boolean isUsingInverseFunction() {
            return this.useInverse;
        }

        public WrapParameters withUsingInverseFunction(boolean z) {
            return new WrapParameters(getAlgorithm(), z);
        }
    }

    private FipsAES() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FipsEngineProvider<Mac> getMacProvider(FipsAlgorithm fipsAlgorithm) {
        FipsEngineProvider<Mac> fipsEngineProvider;
        switch ((Mode) fipsAlgorithm.basicVariation()) {
            case CMAC:
                fipsEngineProvider = new FipsEngineProvider<Mac>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.1
                    @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.EngineProvider
                    public Mac createEngine() {
                        return new CMac(FipsAES.ENGINE_PROVIDER.createEngine());
                    }
                };
                break;
            case GMAC:
                fipsEngineProvider = new FipsEngineProvider<Mac>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.2
                    @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.EngineProvider
                    public Mac createEngine() {
                        return new GMac(new GCMBlockCipher(FipsAES.ENGINE_PROVIDER.createEngine()));
                    }
                };
                break;
            default:
                throw new IllegalArgumentException("Unknown algorithm passed to FipsAES MAC Provider: " + fipsAlgorithm);
        }
        return fipsEngineProvider;
    }

    static Mac makeMAC(AuthParameters authParameters) {
        Mac gMac;
        switch ((Mode) authParameters.getAlgorithm().basicVariation()) {
            case CMAC:
                gMac = new CMac(ENGINE_PROVIDER.createEngine(), authParameters.macLenInBits);
                break;
            case GMAC:
                gMac = new GMac(new GCMBlockCipher(ENGINE_PROVIDER.createEngine()), authParameters.macLenInBits);
                break;
            case CCM:
                gMac = new AEADCipherMac(new CCMBlockCipher(ENGINE_PROVIDER.createEngine()), authParameters.macLenInBits);
                break;
            default:
                throw new IllegalArgumentException("Unknown algorithm passed to FipsAES.OperatorFactory.createMACCalculator: " + authParameters.getAlgorithm());
        }
        return gMac;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ValidatedSymmetricKey validateKey(SymmetricKey symmetricKey, FipsAlgorithm fipsAlgorithm) {
        ValidatedSymmetricKey validatedKey = PrivilegedUtils.getValidatedKey(symmetricKey);
        int keySizeInBits = validatedKey.getKeySizeInBits();
        if (keySizeInBits != 128 && keySizeInBits != 192 && keySizeInBits != 256) {
            throw new IllegalKeyException("AES key must be of length 128, 192, or 256");
        }
        Algorithm algorithm = validatedKey.getAlgorithm();
        if (algorithm.equals(ALGORITHM) || algorithm.equals(fipsAlgorithm)) {
            return validatedKey;
        }
        throw new IllegalKeyException("FIPS Key not for specified algorithm");
    }

    private static void ccmStartUpTest(EngineProvider engineProvider) {
        SelfTestExecutor.validate(CCM.getAlgorithm(), engineProvider, new VariantKatTest<EngineProvider>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.3
            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.VariantKatTest
            public void evaluate(EngineProvider engineProvider2) throws Exception {
                byte[] decode = Hex.decode("404142434445464748494a4b4c4d4e4f");
                byte[] decode2 = Hex.decode("10111213141516");
                byte[] decode3 = Hex.decode("0001020304050607");
                byte[] decode4 = Hex.decode("20212223");
                byte[] decode5 = Hex.decode("7162015b4dac255d");
                byte[] decode6 = Hex.decode("6084341b");
                CCMBlockCipher cCMBlockCipher = new CCMBlockCipher(engineProvider2.createEngine());
                CCMBlockCipher cCMBlockCipher2 = new CCMBlockCipher(engineProvider2.createEngine());
                int length = decode6.length * 8;
                KeyParameterImpl keyParameterImpl = new KeyParameterImpl(decode);
                cCMBlockCipher.init(true, new AEADParameters(keyParameterImpl, length, decode2, decode3));
                byte[] bArr = new byte[decode5.length];
                cCMBlockCipher.doFinal(bArr, cCMBlockCipher.processBytes(decode4, 0, decode4.length, bArr, 0));
                if (!Arrays.areEqual(decode5, bArr)) {
                    fail("Encrypted stream fails to match in self test");
                }
                if (!Arrays.areEqual(decode6, cCMBlockCipher.getMac())) {
                    fail("MAC fails to match in self test encrypt");
                }
                cCMBlockCipher2.init(false, new AEADParameters(keyParameterImpl, length, decode2, decode3));
                byte[] bArr2 = new byte[bArr.length];
                int processBytes = cCMBlockCipher2.processBytes(bArr, 0, bArr.length, bArr2, 0);
                int doFinal = processBytes + cCMBlockCipher2.doFinal(bArr2, processBytes);
                byte[] bArr3 = new byte[doFinal];
                System.arraycopy(bArr2, 0, bArr3, 0, doFinal);
                if (!Arrays.areEqual(decode4, bArr3)) {
                    fail("Decrypted stream fails to match in self test");
                }
                if (Arrays.areEqual(decode6, cCMBlockCipher2.getMac())) {
                    return;
                }
                fail("MAC fails to match in self test");
            }
        });
    }

    private static void cmacStartUpTest(final EngineProvider engineProvider) {
        SelfTestExecutor.validate(CMAC.getAlgorithm(), engineProvider, new BasicKatTest<EngineProvider>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.4
            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.internal.test.BasicKatTest
            public boolean hasTestPassed(EngineProvider engineProvider2) {
                byte[] decode = Hex.decode("2b7e151628aed2a6abf7158809cf4f3c");
                byte[] decode2 = Hex.decode("6bc1bee22e409f96e93d7e117393172a");
                byte[] decode3 = Hex.decode("070a16b46b4d4144f79bdd9dd04a287c");
                CMac cMac = new CMac(EngineProvider.this.createEngine(), 128);
                cMac.init(new KeyParameterImpl(decode));
                cMac.update(decode2, 0, decode2.length);
                byte[] bArr = new byte[16];
                cMac.doFinal(bArr, 0);
                return Arrays.areEqual(bArr, decode3);
            }
        });
    }

    private static void gcmStartUpTest(EngineProvider engineProvider) {
        SelfTestExecutor.validate(GCM.getAlgorithm(), engineProvider, new VariantKatTest<EngineProvider>() { // from class: net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.FipsAES.5
            @Override // net.snowflake.client.jdbc.internal.org.bouncycastle.crypto.fips.VariantKatTest
            public void evaluate(EngineProvider engineProvider2) throws Exception {
                GCMBlockCipher gCMBlockCipher = new GCMBlockCipher(engineProvider2.createEngine());
                GCMBlockCipher gCMBlockCipher2 = new GCMBlockCipher(engineProvider2.createEngine());
                byte[] decode = Hex.decode("feffe9928665731c6d6a8f9467308308");
                byte[] decode2 = Hex.decode("d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39");
                byte[] decode3 = Hex.decode("feedfacedeadbeeffeedfacedeadbeefabaddad2");
                byte[] decode4 = Hex.decode("cafebabefacedbaddecaf888");
                byte[] decode5 = Hex.decode("42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091");
                byte[] decode6 = Hex.decode("5bc94fbc3221a5db94fae95ae7121a47");
                AEADParameters aEADParameters = new AEADParameters(new KeyParameterImpl(decode), decode6.length * 8, decode4, decode3);
                gCMBlockCipher.init(true, aEADParameters);
                gCMBlockCipher2.init(false, aEADParameters);
                byte[] bArr = new byte[gCMBlockCipher.getOutputSize(decode2.length)];
                int processBytes = gCMBlockCipher.processBytes(decode2, 0, decode2.length, bArr, 0);
                if (bArr.length != processBytes + gCMBlockCipher.doFinal(bArr, processBytes)) {
                    fail("Encryption reported incorrect length");
                }
                byte[] mac = gCMBlockCipher.getMac();
                byte[] bArr2 = new byte[decode2.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
                byte[] bArr3 = new byte[bArr.length - decode2.length];
                System.arraycopy(bArr, decode2.length, bArr3, 0, bArr3.length);
                if (!Arrays.areEqual(decode5, bArr2)) {
                    fail("Incorrect encrypt");
                }
                if (!Arrays.areEqual(decode6, mac)) {
                    fail("getMac() returned wrong MAC");
                }
                if (!Arrays.areEqual(decode6, bArr3)) {
                    fail("Stream contained wrong MAC");
                }
                byte[] bArr4 = new byte[gCMBlockCipher2.getOutputSize(bArr.length)];
                gCMBlockCipher2.doFinal(bArr4, gCMBlockCipher2.processBytes(bArr, 0, bArr.length, bArr4, 0));
                byte[] mac2 = gCMBlockCipher2.getMac();
                byte[] bArr5 = new byte[decode5.length];
                System.arraycopy(bArr4, 0, bArr5, 0, bArr5.length);
                if (!Arrays.areEqual(decode2, bArr5)) {
                    fail("Incorrect decrypt");
                }
                if (Arrays.areEqual(decode6, mac2)) {
                    return;
                }
                fail("Incorrect MAC on decrypt");
            }
        });
    }

    static {
        EngineProvider engineProvider = new EngineProvider();
        engineProvider.createEngine();
        ccmStartUpTest(engineProvider);
        cmacStartUpTest(engineProvider);
        gcmStartUpTest(engineProvider);
        ENGINE_PROVIDER = engineProvider;
        FipsRegister.registerEngineProvider(ALGORITHM, engineProvider);
    }
}
