package com.fortanix.sdkms.jce.provider.service;

import com.fortanix.sdkms.v1.ApiException;
import com.fortanix.sdkms.v1.api.EncryptionAndDecryptionApi;
import com.fortanix.sdkms.v1.api.WrappingAndUnwrappingApi;
import com.fortanix.sdkms.v1.model.CryptMode;
import com.fortanix.sdkms.v1.model.DecryptFinalRequestEx;
import com.fortanix.sdkms.v1.model.DecryptFinalResponse;
import com.fortanix.sdkms.v1.model.DecryptInitRequestEx;
import com.fortanix.sdkms.v1.model.DecryptInitResponse;
import com.fortanix.sdkms.v1.model.DecryptRequestEx;
import com.fortanix.sdkms.v1.model.DecryptResponse;
import com.fortanix.sdkms.v1.model.DecryptUpdateRequestEx;
import com.fortanix.sdkms.v1.model.DecryptUpdateResponse;
import com.fortanix.sdkms.v1.model.EncryptFinalRequestEx;
import com.fortanix.sdkms.v1.model.EncryptFinalResponse;
import com.fortanix.sdkms.v1.model.EncryptInitRequestEx;
import com.fortanix.sdkms.v1.model.EncryptInitResponse;
import com.fortanix.sdkms.v1.model.EncryptRequestEx;
import com.fortanix.sdkms.v1.model.EncryptResponse;
import com.fortanix.sdkms.v1.model.EncryptUpdateRequestEx;
import com.fortanix.sdkms.v1.model.EncryptUpdateResponse;
import com.fortanix.sdkms.v1.model.KeyObject;
import com.fortanix.sdkms.v1.model.UnwrapKeyRequestEx;
import com.fortanix.sdkms.v1.model.WrapKeyRequestEx;
import com.fortanix.sdkms.v1.model.WrapKeyResponse;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/service/SdkmsCipher.class */
public class SdkmsCipher {
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(SdkmsCipher.class));
    private static final List<Integer> validGcmTagLength = Arrays.asList(128, 120, 112, 104, 96, 64, 32);

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/service/SdkmsCipher$CipherAndTag.class */
    public static class CipherAndTag {
        public byte[] cipher;
        public int cipherOffset;
        public int cipherLen;
        public byte[] tag;

        public CipherAndTag() {
        }

        public CipherAndTag(byte[] bArr, int i, int i2, byte[] bArr2) {
            this.cipher = bArr;
            this.cipherOffset = i;
            this.cipherLen = i2;
            this.tag = bArr2;
        }
    }

    public static void attachGCMTag(ByteArrayOutputStream byteArrayOutputStream, CryptMode cryptMode, byte[] bArr, int i) throws IOException {
        if (isGCM(cryptMode)) {
            if (bArr == null) {
                LOGGER.logAndRaiseProviderException(String.format("%s tag is missing", cryptMode), null);
            }
            if (bArr.length * 8 != i) {
                LOGGER.logAndRaiseProviderException(String.format("SDKMS generated tag length doesn't matched, Expected: %s, Actual: %s", Integer.valueOf(i), Integer.valueOf(bArr.length)), null);
            }
            byteArrayOutputStream.write(bArr);
        }
    }

    public static byte[] encrypt(final EncryptRequestEx encryptRequestEx) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = null;
        try {
            Integer tagLen = encryptRequestEx.getTagLen();
            EncryptResponse encryptResponse = (EncryptResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.1
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).encryptEx(encryptRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "Encrypt";
                }
            });
            byteArrayOutputStream.write(encryptResponse.getCipher());
            if (isGCM(encryptRequestEx.getMode())) {
                attachGCMTag(byteArrayOutputStream, encryptRequestEx.getMode(), encryptResponse.getTag(), tagLen.intValue());
            }
            bArr = byteArrayOutputStream.toByteArray();
        } catch (ApiException | IOException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + encryptRequestEx.getMode(), e);
        }
        return bArr;
    }

    public static EncryptInitResponse encryptInit(final EncryptInitRequestEx encryptInitRequestEx) {
        EncryptInitResponse encryptInitResponse = null;
        try {
            encryptInitResponse = (EncryptInitResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.2
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).encryptInitEx(encryptInitRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "EncryptInit";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher Init. Selected mode was " + encryptInitRequestEx.getMode(), e);
        }
        return encryptInitResponse;
    }

    public static EncryptUpdateResponse encryptUpdate(final EncryptUpdateRequestEx encryptUpdateRequestEx) {
        EncryptUpdateResponse encryptUpdateResponse = null;
        try {
            encryptUpdateResponse = (EncryptUpdateResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.3
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).encryptUpdateEx(encryptUpdateRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "EncryptUpdate";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encrypt update", e);
        }
        return encryptUpdateResponse;
    }

    public static byte[] encryptFinal(final EncryptFinalRequestEx encryptFinalRequestEx, CryptMode cryptMode) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = null;
        try {
            Integer tagLen = encryptFinalRequestEx.getTagLen();
            EncryptFinalResponse encryptFinalResponse = (EncryptFinalResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.4
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).encryptFinalEx(encryptFinalRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "EncryptFinal";
                }
            });
            byteArrayOutputStream.write(encryptFinalResponse.getCipher());
            if (isGCM(cryptMode)) {
                attachGCMTag(byteArrayOutputStream, cryptMode, encryptFinalResponse.getTag(), tagLen.intValue());
            }
            bArr = byteArrayOutputStream.toByteArray();
        } catch (ApiException | IOException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + cryptMode, e);
        }
        return bArr;
    }

    public static byte[] decrypt(Integer num, final DecryptRequestEx decryptRequestEx) {
        DecryptResponse decryptResponse = null;
        try {
            if (isGCM(decryptRequestEx.getMode())) {
                CipherAndTag extractGCMTag = extractGCMTag(num.intValue(), decryptRequestEx.getCipher(), 0, decryptRequestEx.getCipher().length);
                decryptRequestEx.setCipher(extractGCMTag.cipher);
                decryptRequestEx.setTag(extractGCMTag.tag);
            }
            decryptResponse = (DecryptResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.5
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).decryptEx(decryptRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "Decrypt";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + decryptRequestEx.getMode(), e);
        }
        return decryptResponse.getPlain();
    }

    public static DecryptInitResponse decryptInit(final DecryptInitRequestEx decryptInitRequestEx) {
        DecryptInitResponse decryptInitResponse = null;
        try {
            decryptInitResponse = (DecryptInitResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.6
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).decryptInitEx(decryptInitRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "DecryptInit";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher Decrypt Init. Selected mode was " + decryptInitRequestEx.getMode(), e);
        }
        return decryptInitResponse;
    }

    public static DecryptUpdateResponse decryptUpdate(final DecryptUpdateRequestEx decryptUpdateRequestEx) {
        DecryptUpdateResponse decryptUpdateResponse = null;
        try {
            decryptUpdateResponse = (DecryptUpdateResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.7
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).decryptUpdateEx(decryptUpdateRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "DecryptUpdate";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encrypt update", e);
        }
        return decryptUpdateResponse;
    }

    public static byte[] decryptFinal(final DecryptFinalRequestEx decryptFinalRequestEx) {
        DecryptFinalResponse decryptFinalResponse = null;
        try {
            decryptFinalResponse = (DecryptFinalResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.8
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new EncryptionAndDecryptionApi(ApiClientSetup.getInstance().getApiClient()).decryptFinalEx(decryptFinalRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "DecryptFinal";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. ", e);
        }
        return decryptFinalResponse.getPlain();
    }

    public static byte[] wrapKey(final WrapKeyRequestEx wrapKeyRequestEx) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Integer tagLen = wrapKeyRequestEx.getTagLen();
        try {
            WrapKeyResponse wrapKeyResponse = (WrapKeyResponse) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.9
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new WrappingAndUnwrappingApi(ApiClientSetup.getInstance().getApiClient()).wrapKeyEx(wrapKeyRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "WrapKey";
                }
            });
            byteArrayOutputStream.write(wrapKeyResponse.getWrappedKey());
            if (isGCM(wrapKeyRequestEx.getMode())) {
                attachGCMTag(byteArrayOutputStream, wrapKeyRequestEx.getMode(), wrapKeyResponse.getTag(), tagLen.intValue());
            }
        } catch (ApiException | IOException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + wrapKeyRequestEx.getMode(), e);
        }
        return byteArrayOutputStream.toByteArray();
    }

    public static KeyObject unwrapKey(Integer num, final UnwrapKeyRequestEx unwrapKeyRequestEx) {
        KeyObject keyObject = null;
        try {
            if (isGCM(unwrapKeyRequestEx.getMode())) {
                CipherAndTag extractGCMTag = extractGCMTag(num.intValue(), unwrapKeyRequestEx.getWrappedKey(), 0, unwrapKeyRequestEx.getWrappedKey().length);
                unwrapKeyRequestEx.setWrappedKey(extractGCMTag.cipher);
                unwrapKeyRequestEx.setTag(extractGCMTag.tag);
            }
            keyObject = (KeyObject) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsCipher.10
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new WrappingAndUnwrappingApi(ApiClientSetup.getInstance().getApiClient()).unwrapKeyEx(unwrapKeyRequestEx);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "UnwrapKey";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + unwrapKeyRequestEx.getMode(), e);
        }
        return keyObject;
    }

    public static boolean isGCM(CryptMode cryptMode) {
        return cryptMode == CryptMode.GCM || cryptMode == CryptMode.CCM;
    }

    public static boolean isGCM(String str) {
        return isGCM(CryptMode.fromValue(str));
    }

    public static boolean isValidTagLength(Integer num) {
        return validGcmTagLength.contains(num);
    }

    public static String supportedGcmTagLength() {
        return validGcmTagLength.toString();
    }

    public static CipherAndTag extractGCMTag(int i, byte[] bArr, int i2, int i3) {
        CipherAndTag cipherAndTag = new CipherAndTag();
        if (bArr == null || bArr.length == 0 || i3 == 0) {
            return cipherAndTag;
        }
        int i4 = i / 8;
        int i5 = i3 - i4;
        cipherAndTag.tag = new byte[i4];
        cipherAndTag.cipher = new byte[i5];
        cipherAndTag.cipherOffset = 0;
        cipherAndTag.cipherLen = i5;
        System.arraycopy(bArr, i2 + i5, cipherAndTag.tag, 0, i4);
        System.arraycopy(bArr, i2, cipherAndTag.cipher, 0, i5);
        return cipherAndTag;
    }
}
