package com.fortanix.sdkms.jce.provider.ciphers;

import com.fortanix.dsm.accelerator.Algorithm;
import com.fortanix.dsm.accelerator.CipherMode;
import com.fortanix.dsm.accelerator.DSMAccelerator;
import com.fortanix.dsm.accelerator.DSMAcceleratorException;
import com.fortanix.dsm.accelerator.DecryptRequest;
import com.fortanix.dsm.accelerator.DecryptResponse;
import com.fortanix.dsm.accelerator.EncryptRequest;
import com.fortanix.dsm.accelerator.EncryptResponse;
import com.fortanix.sdkms.jce.provider.service.ISdkmsCommand;
import com.fortanix.sdkms.jce.provider.service.SDKMSLogger;
import com.fortanix.sdkms.jce.provider.valentino.DSMAcceleratorClientSetup;
import com.fortanix.sdkms.v1.ApiException;
import com.fortanix.sdkms.v1.model.CryptMode;
import com.fortanix.sdkms.v1.model.DecryptRequestEx;
import com.fortanix.sdkms.v1.model.EncryptRequestEx;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/ciphers/DSMACipher.class */
public class DSMACipher {
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(DSMACipher.class));
    private static final List<Integer> validGcmTagLength = Arrays.asList(128, 120, 112, 104, 96, 64, 32);

    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/ciphers/DSMACipher$CipherAndTag.class */
    public static class CipherAndTag {
        public byte[] cipher;
        public int cipherOffset;
        public int cipherLen;
        public byte[] tag;

        public CipherAndTag() {
        }

        public CipherAndTag(byte[] bArr, int i, int i2, byte[] bArr2) {
            this.cipher = bArr;
            this.cipherOffset = i;
            this.cipherLen = i2;
            this.tag = bArr2;
        }
    }

    public static void attachGCMTag(ByteArrayOutputStream byteArrayOutputStream, CryptMode cryptMode, byte[] bArr, int i) throws IOException {
        if (isGCM(cryptMode)) {
            if (bArr == null) {
                LOGGER.logAndRaiseProviderException(String.format("%s tag is missing", cryptMode), null);
            }
            if (bArr.length * 8 != i) {
                LOGGER.logAndRaiseProviderException(String.format("SDKMS generated tag length doesn't matched, Expected: %s, Actual: %s", Integer.valueOf(i), Integer.valueOf(bArr.length)), null);
            }
            byteArrayOutputStream.write(bArr);
        }
    }

    public static byte[] encrypt(final EncryptRequestEx encryptRequestEx) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = null;
        final DSMAccelerator dsmAcceleratorClient = DSMAcceleratorClientSetup.getInstance().getDsmAcceleratorClient();
        try {
            Integer tagLen = encryptRequestEx.getTagLen();
            EncryptResponse encryptResponse = (EncryptResponse) DSMAcceleratorClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.ciphers.DSMACipher.1
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    try {
                        return DSMAccelerator.this.encrypt(EncryptRequest.builder().setKid(encryptRequestEx.getKey().getKid()).setPlain(encryptRequestEx.getPlain()).setAlg(Algorithm.valueOf(encryptRequestEx.getAlg().getValue())).setMode(CipherMode.valueOf(encryptRequestEx.getMode().getValue())).setAd(encryptRequestEx.getAd()).setIv(encryptRequestEx.getIv()).setTagLen(encryptRequestEx.getTagLen() != null ? encryptRequestEx.getTagLen().intValue() : 0).build());
                    } catch (DSMAcceleratorException e) {
                        DSMACipher.LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + encryptRequestEx.getMode(), e);
                        return null;
                    }
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "Encrypt";
                }
            });
            byteArrayOutputStream.write(encryptResponse.getCipher());
            if (isGCM(encryptRequestEx.getMode())) {
                attachGCMTag(byteArrayOutputStream, encryptRequestEx.getMode(), encryptResponse.getTag(), tagLen.intValue());
            }
            bArr = byteArrayOutputStream.toByteArray();
        } catch (IOException | ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + encryptRequestEx.getMode(), e);
        }
        return bArr;
    }

    public static byte[] decrypt(Integer num, final DecryptRequestEx decryptRequestEx) {
        DecryptResponse decryptResponse = null;
        final DSMAccelerator dsmAcceleratorClient = DSMAcceleratorClientSetup.getInstance().getDsmAcceleratorClient();
        try {
            if (isGCM(decryptRequestEx.getMode())) {
                CipherAndTag extractGCMTag = extractGCMTag(num.intValue(), decryptRequestEx.getCipher(), 0, decryptRequestEx.getCipher().length);
                decryptRequestEx.setCipher(extractGCMTag.cipher);
                decryptRequestEx.setTag(extractGCMTag.tag);
            }
            decryptResponse = (DecryptResponse) DSMAcceleratorClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.ciphers.DSMACipher.2
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    try {
                        return DSMAccelerator.this.decrypt(DecryptRequest.builder().setKid(decryptRequestEx.getKey().getKid()).setCipher(decryptRequestEx.getCipher()).setAlg(Algorithm.valueOf(decryptRequestEx.getAlg().getValue())).setMode(CipherMode.valueOf(decryptRequestEx.getMode().getValue())).setIv(decryptRequestEx.getIv()).setTag(decryptRequestEx.getTag()).build());
                    } catch (DSMAcceleratorException e) {
                        DSMACipher.LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + decryptRequestEx.getMode(), e);
                        return null;
                    }
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "Encrypt";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during Cipher encryption. Selected mode was " + decryptRequestEx.getMode(), e);
        }
        return decryptResponse.getPlain();
    }

    public static boolean isGCM(CryptMode cryptMode) {
        return cryptMode == CryptMode.GCM || cryptMode == CryptMode.CCM;
    }

    public static CipherAndTag extractGCMTag(int i, byte[] bArr, int i2, int i3) {
        CipherAndTag cipherAndTag = new CipherAndTag();
        if (bArr == null || bArr.length == 0 || i3 == 0) {
            return cipherAndTag;
        }
        int i4 = i / 8;
        int i5 = i3 - i4;
        cipherAndTag.tag = new byte[i4];
        cipherAndTag.cipher = new byte[i5];
        cipherAndTag.cipherOffset = 0;
        cipherAndTag.cipherLen = i5;
        System.arraycopy(bArr, i2 + i5, cipherAndTag.tag, 0, i4);
        System.arraycopy(bArr, i2, cipherAndTag.cipher, 0, i5);
        return cipherAndTag;
    }
}
