package org.eclipse.californium.elements.util;

import ch.qos.logback.core.net.SyslogConstants;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/californium/elements/util/EncryptedStreamUtil.class */
public class EncryptedStreamUtil {

    @Deprecated
    public static final String DEFAULT_CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
    public static final int DEFAULT_KEY_SIZE_BITS = 128;
    private static final String HMAC_ALGORITHM = "HmacSHA256";
    private static final int NONCE_SIZE = 16;
    private static final CipherDefinition DEFAULT_CIPHER_DEFINITION;
    private CipherDefinition writeCipherDefinition;
    private CipherDefinition readCipherDefinition;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) EncryptedStreamUtil.class);
    private static final byte[] EXPANSION_LABEL = "key expansion".getBytes();
    private static final Map<Integer, CipherDefinition> CIPHER_DEFINITIONS = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/elements/util/EncryptedStreamUtil$CipherDefinition.class */
    public static final class CipherDefinition {
        private final int id;
        private final String spec;
        private final String algorithm;
        private final int keySizeBits;
        private final boolean gcm;
        private final boolean supported;

        private CipherDefinition(int i, String str, int i2) {
            String[] split = str.split("/");
            this.spec = split[0] + "/" + split[1] + "/" + i2;
            this.id = i;
            this.algorithm = str;
            this.keySizeBits = i2;
            this.gcm = str.contains("/GCM/");
            boolean z = false;
            try {
                Cipher.getInstance(str);
                z = i2 <= Cipher.getMaxAllowedKeyLength(str);
            } catch (NoSuchAlgorithmException e) {
            } catch (NoSuchPaddingException e2) {
            }
            this.supported = z;
        }

        public int hashCode() {
            return (31 * ((31 * ((31 * 1) + (this.algorithm == null ? 0 : this.algorithm.hashCode()))) + this.id)) + this.keySizeBits;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            CipherDefinition cipherDefinition = (CipherDefinition) obj;
            if (this.id == cipherDefinition.id && this.keySizeBits == cipherDefinition.keySizeBits) {
                return this.algorithm == null ? cipherDefinition.algorithm == null : this.algorithm.equals(cipherDefinition.algorithm);
            }
            return false;
        }
    }

    private static boolean addInternal(int i, String str, int i2) {
        CipherDefinition cipherDefinition = new CipherDefinition(i, str, i2);
        CIPHER_DEFINITIONS.put(Integer.valueOf(i), new CipherDefinition(i, str, i2));
        return cipherDefinition.supported;
    }

    private static CipherDefinition getCipherDefinition(String str, int i) {
        for (CipherDefinition cipherDefinition : CIPHER_DEFINITIONS.values()) {
            if (cipherDefinition.algorithm.equals(str) && cipherDefinition.keySizeBits == i) {
                return cipherDefinition;
            }
        }
        return null;
    }

    private static CipherDefinition getCipherDefinition(String str) {
        for (CipherDefinition cipherDefinition : CIPHER_DEFINITIONS.values()) {
            if (cipherDefinition.spec.equals(str)) {
                return cipherDefinition;
            }
        }
        return null;
    }

    public static boolean add(int i, String str, int i2) {
        CipherDefinition cipherDefinition = CIPHER_DEFINITIONS.get(Integer.valueOf(i));
        CipherDefinition cipherDefinition2 = getCipherDefinition(str, i2);
        if (cipherDefinition != null) {
            if (cipherDefinition.equals(cipherDefinition2)) {
                return cipherDefinition.supported;
            }
            throw new IllegalArgumentException("0x" + Integer.toHexString(i) + " already in use for " + cipherDefinition.algorithm + "/" + cipherDefinition.keySizeBits + "!");
        }
        if (cipherDefinition2 != null) {
            throw new IllegalArgumentException(cipherDefinition2.algorithm + "/" + cipherDefinition2.keySizeBits + " already defined as 0x" + Integer.toHexString(i) + "!");
        }
        if (i < 61440 || i > 65279) {
            throw new IllegalArgumentException("0x" + Integer.toHexString(i) + " is not in custom range [0xf000-0xfeff]!");
        }
        return addInternal(i, str, i2);
    }

    public EncryptedStreamUtil() {
        setDefaultWriteCipher();
    }

    public EncryptedStreamUtil(String str) {
        setWriteCipher(str);
    }

    public EncryptedStreamUtil(String str, int i) {
        setWriteCipher(str, i);
    }

    public String getWriteCipher() {
        return this.writeCipherDefinition.spec;
    }

    public String getReadCipher() {
        if (this.readCipherDefinition == null) {
            return null;
        }
        return this.readCipherDefinition.spec;
    }

    @Deprecated
    public void setCipher(String str, int i) {
        try {
            setWriteCipher(str, i);
        } catch (IllegalArgumentException e) {
        }
    }

    public void setDefaultWriteCipher() {
        this.writeCipherDefinition = DEFAULT_CIPHER_DEFINITION;
    }

    public void setWriteCipher(String str, int i) {
        CipherDefinition cipherDefinition = getCipherDefinition(str, i);
        if (cipherDefinition == null || !cipherDefinition.supported) {
            throw new IllegalArgumentException(str + "/" + i + " is not supported!");
        }
        this.writeCipherDefinition = cipherDefinition;
    }

    public void setWriteCipher(String str) {
        CipherDefinition cipherDefinition = getCipherDefinition(str);
        if (cipherDefinition == null || !cipherDefinition.supported) {
            throw new IllegalArgumentException(str + " is not supported!");
        }
        this.writeCipherDefinition = cipherDefinition;
    }

    private Cipher init(int i, SecretKey secretKey, byte[] bArr) {
        CipherDefinition cipherDefinition = null;
        if (i == 1) {
            cipherDefinition = this.writeCipherDefinition;
        } else if (i == 2) {
            if (this.readCipherDefinition == null) {
                throw new IllegalArgumentException("Read cipher definition not available!");
            }
            cipherDefinition = this.readCipherDefinition;
        }
        if (cipherDefinition == null) {
            throw new IllegalArgumentException("Invalid mode!");
        }
        try {
            Mac mac = Mac.getInstance(HMAC_ALGORITHM);
            mac.init(secretKey);
            int i2 = ((cipherDefinition.keySizeBits + 8) - 1) / 8;
            byte[] doExpansion = doExpansion(mac, EXPANSION_LABEL, bArr, i2 + 16);
            SecretKeySpec secretKeySpec = new SecretKeySpec(doExpansion, 0, i2, "AES");
            AlgorithmParameterSpec gCMParameterSpec = cipherDefinition.gcm ? new GCMParameterSpec(128, doExpansion, i2, 16) : new IvParameterSpec(doExpansion, i2, 16);
            Bytes.clear(doExpansion);
            Cipher cipher = Cipher.getInstance(cipherDefinition.algorithm);
            cipher.init(i, secretKeySpec, gCMParameterSpec);
            return cipher;
        } catch (GeneralSecurityException e) {
            LOGGER.warn("encryption error:", (Throwable) e);
            return null;
        }
    }

    public byte[] readSeed(InputStream inputStream) {
        DataStreamReader dataStreamReader = new DataStreamReader(inputStream);
        int read = dataStreamReader.read(8);
        if (read == 0) {
            return Bytes.EMPTY;
        }
        if (read == 16) {
            this.readCipherDefinition = getCipherDefinition("AES/CBC/128");
            return dataStreamReader.readBytes(read);
        }
        int read2 = (read << 8) | dataStreamReader.read(8);
        CipherDefinition cipherDefinition = CIPHER_DEFINITIONS.get(Integer.valueOf(read2));
        if (cipherDefinition == null) {
            LOGGER.warn("Cipher {} is not available!", Integer.toHexString(read2));
            return Bytes.EMPTY;
        }
        if (cipherDefinition.supported) {
            this.readCipherDefinition = cipherDefinition;
            return dataStreamReader.readVarBytes(8);
        }
        LOGGER.warn("Cipher {}/{} is not supported!", Integer.toHexString(read2), cipherDefinition.spec);
        return Bytes.EMPTY;
    }

    public InputStream prepare(InputStream inputStream, SecretKey secretKey) {
        return prepare(readSeed(inputStream), inputStream, secretKey);
    }

    public InputStream prepare(byte[] bArr, InputStream inputStream, SecretKey secretKey) {
        if (bArr != null && bArr.length > 0) {
            if (secretKey == null) {
                LOGGER.warn("missing password!");
                return new ByteArrayInputStream(Bytes.EMPTY);
            }
            Cipher init = init(2, secretKey, bArr);
            if (init == null) {
                LOGGER.warn("crypto error!");
                return new ByteArrayInputStream(Bytes.EMPTY);
            }
            inputStream = new CipherInputStream(inputStream, init);
            if (!inputStream.markSupported()) {
                inputStream = new BufferedInputStream(inputStream);
            }
        }
        return inputStream;
    }

    public OutputStream prepare(OutputStream outputStream, SecretKey secretKey) throws IOException {
        return prepare((byte[]) null, outputStream, secretKey);
    }

    public OutputStream prepare(byte[] bArr, OutputStream outputStream, SecretKey secretKey) throws IOException {
        DatagramWriter datagramWriter = new DatagramWriter();
        if (secretKey != null) {
            byte[] bArr2 = new byte[bArr == null ? 16 : bArr.length];
            SecureRandom secureRandom = new SecureRandom();
            int i = 0;
            secureRandom.nextBytes(bArr2);
            while (bArr != null && Arrays.equals(bArr, bArr2)) {
                i++;
                if (i > 5) {
                    throw new IOException("Random seed failed!");
                }
                secureRandom.nextBytes(bArr2);
            }
            if (bArr != null) {
                System.arraycopy(bArr2, 0, bArr, 0, bArr.length);
            }
            Cipher init = init(1, secretKey, bArr2);
            if (init != null) {
                datagramWriter.write(this.writeCipherDefinition.id, 16);
                datagramWriter.writeVarBytes(bArr2, 8);
                datagramWriter.writeTo(outputStream);
                outputStream = new CipherOutputStream(outputStream, init);
            } else {
                LOGGER.warn("crypto error!");
                secretKey = null;
            }
        }
        if (secretKey == null) {
            datagramWriter.writeVarBytes(Bytes.EMPTY, 8);
            datagramWriter.writeTo(outputStream);
        }
        return outputStream;
    }

    /* JADX WARN: Code restructure failed: missing block: B:16:0x0057, code lost:
    
        r7.doFinal(r0, 0);
        java.lang.System.arraycopy(r0, 0, r0, r11, r10 - r11);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static final byte[] doExpansion(javax.crypto.Mac r7, byte[] r8, byte[] r9, int r10) {
        /*
            r0 = 0
            r11 = r0
            r0 = r7
            int r0 = r0.getMacLength()
            r12 = r0
            r0 = r12
            r1 = r8
            int r1 = r1.length
            int r0 = r0 + r1
            r1 = r9
            int r1 = r1.length
            int r0 = r0 + r1
            byte[] r0 = new byte[r0]
            r13 = r0
            r0 = r10
            byte[] r0 = new byte[r0]
            r14 = r0
            r0 = r8
            r1 = 0
            r2 = r13
            r3 = r12
            r4 = r8
            int r4 = r4.length     // Catch: javax.crypto.ShortBufferException -> L93
            java.lang.System.arraycopy(r0, r1, r2, r3, r4)     // Catch: javax.crypto.ShortBufferException -> L93
            r0 = r9
            r1 = 0
            r2 = r13
            r3 = r12
            r4 = r8
            int r4 = r4.length     // Catch: javax.crypto.ShortBufferException -> L93
            int r3 = r3 + r4
            r4 = r9
            int r4 = r4.length     // Catch: javax.crypto.ShortBufferException -> L93
            java.lang.System.arraycopy(r0, r1, r2, r3, r4)     // Catch: javax.crypto.ShortBufferException -> L93
            r0 = r7
            r1 = r8
            r0.update(r1)     // Catch: javax.crypto.ShortBufferException -> L93
            r0 = r7
            r1 = r9
            r0.update(r1)     // Catch: javax.crypto.ShortBufferException -> L93
        L3d:
            r0 = r7
            r1 = r13
            r2 = 0
            r0.doFinal(r1, r2)     // Catch: javax.crypto.ShortBufferException -> L93
            r0 = r7
            r1 = r13
            r0.update(r1)     // Catch: javax.crypto.ShortBufferException -> L93
            r0 = r11
            r1 = r12
            int r0 = r0 + r1
            r15 = r0
            r0 = r15
            r1 = r10
            if (r0 <= r1) goto L6f
            r0 = r7
            r1 = r13
            r2 = 0
            r0.doFinal(r1, r2)     // Catch: javax.crypto.ShortBufferException -> L93
            r0 = r13
            r1 = 0
            r2 = r14
            r3 = r11
            r4 = r10
            r5 = r11
            int r4 = r4 - r5
            java.lang.System.arraycopy(r0, r1, r2, r3, r4)     // Catch: javax.crypto.ShortBufferException -> L93
            goto L90
        L6f:
            r0 = r7
            r1 = r14
            r2 = r11
            r0.doFinal(r1, r2)     // Catch: javax.crypto.ShortBufferException -> L93
            r0 = r15
            r1 = r10
            if (r0 != r1) goto L80
            goto L90
        L80:
            r0 = r15
            r11 = r0
            r0 = r7
            r1 = r13
            r2 = 0
            r3 = r12
            r0.update(r1, r2, r3)     // Catch: javax.crypto.ShortBufferException -> L93
            goto L3d
        L90:
            goto L9a
        L93:
            r15 = move-exception
            r0 = r15
            r0.printStackTrace()
        L9a:
            r0 = r13
            org.eclipse.californium.elements.util.Bytes.clear(r0)
            r0 = r14
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.californium.elements.util.EncryptedStreamUtil.doExpansion(javax.crypto.Mac, byte[], byte[], int):byte[]");
    }

    static {
        addInternal(513, "AES/CBC/PKCS5Padding", 128);
        addInternal(SyslogConstants.SYSLOG_PORT, "AES/CBC/PKCS5Padding", 256);
        addInternal(769, "AES/GCM/NoPadding", 128);
        addInternal(770, "AES/GCM/NoPadding", 256);
        addInternal(1025, "ARIA/GCM/NoPadding", 128);
        addInternal(1026, "ARIA/GCM/NoPadding", 256);
        CipherDefinition cipherDefinition = CIPHER_DEFINITIONS.get(769);
        if (cipherDefinition == null || !cipherDefinition.supported) {
            cipherDefinition = CIPHER_DEFINITIONS.get(513);
        }
        DEFAULT_CIPHER_DEFINITION = cipherDefinition;
    }
}
