package org.apache.spark.network.crypto;

import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.channel.ChannelOutboundHandlerAdapter;
import io.netty.channel.ChannelPromise;
import io.netty.channel.FileRegion;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.ReadableByteChannel;
import java.nio.channels.WritableByteChannel;
import java.util.Properties;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.crypto.stream.CryptoInputStream;
import org.apache.commons.crypto.stream.CryptoOutputStream;
import org.apache.spark.network.util.AbstractFileRegion;
import org.apache.spark.network.util.ByteArrayReadableChannel;
import org.apache.spark.network.util.ByteArrayWritableChannel;
import org.sparkproject.guava.annotations.VisibleForTesting;
import org.sparkproject.guava.base.Preconditions;

/* loaded from: input_file:org/apache/spark/network/crypto/TransportCipher.class */
public class TransportCipher {

    @VisibleForTesting
    static final String ENCRYPTION_HANDLER_NAME = "TransportEncryption";
    private static final String DECRYPTION_HANDLER_NAME = "TransportDecryption";

    @VisibleForTesting
    static final int STREAM_BUFFER_SIZE = 32768;
    private final Properties conf;
    private final String cipher;
    private final SecretKeySpec key;
    private final byte[] inIv;
    private final byte[] outIv;

    /* loaded from: input_file:org/apache/spark/network/crypto/TransportCipher$DecryptionHandler.class */
    private static class DecryptionHandler extends ChannelInboundHandlerAdapter {
        private final CryptoInputStream cis;
        private final ByteArrayReadableChannel byteChannel = new ByteArrayReadableChannel();
        private boolean isCipherValid = true;

        DecryptionHandler(TransportCipher transportCipher) throws IOException {
            this.cis = transportCipher.createInputStream(this.byteChannel);
        }

        public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) throws Exception {
            ByteBuf byteBuf = (ByteBuf) obj;
            try {
                if (!this.isCipherValid) {
                    throw new IOException("Cipher is in invalid state.");
                }
                byte[] bArr = new byte[byteBuf.readableBytes()];
                this.byteChannel.feedData(byteBuf);
                int i = 0;
                while (i < bArr.length) {
                    try {
                        i += this.cis.read(bArr, i, bArr.length - i);
                    } catch (InternalError e) {
                        this.isCipherValid = false;
                        throw e;
                    }
                }
                channelHandlerContext.fireChannelRead(Unpooled.wrappedBuffer(bArr, 0, bArr.length));
                byteBuf.release();
            } catch (Throwable th) {
                byteBuf.release();
                throw th;
            }
        }

        public void handlerRemoved(ChannelHandlerContext channelHandlerContext) throws Exception {
            try {
                if (this.isCipherValid) {
                    this.cis.close();
                }
            } finally {
                super.handlerRemoved(channelHandlerContext);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:org/apache/spark/network/crypto/TransportCipher$EncryptedMessage.class */
    public static class EncryptedMessage extends AbstractFileRegion {
        private final boolean isByteBuf;
        private final ByteBuf buf;
        private final FileRegion region;
        private final CryptoOutputStream cos;
        private final EncryptionHandler handler;
        private final long count;
        private long transferred;
        private final ByteArrayWritableChannel byteEncChannel;
        private final ByteArrayWritableChannel byteRawChannel;
        private ByteBuffer currentEncrypted;

        EncryptedMessage(EncryptionHandler encryptionHandler, CryptoOutputStream cryptoOutputStream, Object obj, ByteArrayWritableChannel byteArrayWritableChannel, ByteArrayWritableChannel byteArrayWritableChannel2) {
            Preconditions.checkArgument((obj instanceof ByteBuf) || (obj instanceof FileRegion), "Unrecognized message type: %s", obj.getClass().getName());
            this.handler = encryptionHandler;
            this.isByteBuf = obj instanceof ByteBuf;
            this.buf = this.isByteBuf ? (ByteBuf) obj : null;
            this.region = this.isByteBuf ? null : (FileRegion) obj;
            this.transferred = 0L;
            this.cos = cryptoOutputStream;
            this.byteEncChannel = byteArrayWritableChannel;
            this.byteRawChannel = byteArrayWritableChannel2;
            this.count = this.isByteBuf ? this.buf.readableBytes() : this.region.count();
        }

        public long count() {
            return this.count;
        }

        public long position() {
            return 0L;
        }

        public long transferred() {
            return this.transferred;
        }

        @Override // org.apache.spark.network.util.AbstractFileRegion
        /* renamed from: touch */
        public EncryptedMessage mo7touch(Object obj) {
            super.mo7touch(obj);
            if (this.region != null) {
                this.region.touch(obj);
            }
            if (this.buf != null) {
                this.buf.touch(obj);
            }
            return this;
        }

        @Override // org.apache.spark.network.util.AbstractFileRegion
        /* renamed from: retain */
        public EncryptedMessage mo8retain(int i) {
            super.mo8retain(i);
            if (this.region != null) {
                this.region.retain(i);
            }
            if (this.buf != null) {
                this.buf.retain(i);
            }
            return this;
        }

        public boolean release(int i) {
            if (this.region != null) {
                this.region.release(i);
            }
            if (this.buf != null) {
                this.buf.release(i);
            }
            return super.release(i);
        }

        public long transferTo(WritableByteChannel writableByteChannel, long j) throws IOException {
            Preconditions.checkArgument(j == transferred(), "Invalid position.");
            if (this.transferred == this.count) {
                return 0L;
            }
            long j2 = 0;
            do {
                if (this.currentEncrypted == null) {
                    encryptMore();
                }
                long remaining = this.currentEncrypted.remaining();
                if (remaining == 0) {
                    this.currentEncrypted = null;
                    this.byteEncChannel.reset();
                    return j2;
                }
                long write = writableByteChannel.write(this.currentEncrypted);
                j2 += write;
                this.transferred += write;
                if (write < remaining) {
                    break;
                }
                this.currentEncrypted = null;
                this.byteEncChannel.reset();
            } while (this.transferred < this.count);
            return j2;
        }

        private void encryptMore() throws IOException {
            if (!this.handler.isCipherValid()) {
                throw new IOException("Cipher is in invalid state.");
            }
            this.byteRawChannel.reset();
            if (this.isByteBuf) {
                this.buf.skipBytes(this.byteRawChannel.write(this.buf.nioBuffer()));
            } else {
                this.region.transferTo(this.byteRawChannel, this.region.transferred());
            }
            try {
                this.cos.write(this.byteRawChannel.getData(), 0, this.byteRawChannel.length());
                this.cos.flush();
                this.currentEncrypted = ByteBuffer.wrap(this.byteEncChannel.getData(), 0, this.byteEncChannel.length());
            } catch (InternalError e) {
                this.handler.reportError();
                throw e;
            }
        }

        protected void deallocate() {
            this.byteRawChannel.reset();
            this.byteEncChannel.reset();
            if (this.region != null) {
                this.region.release();
            }
            if (this.buf != null) {
                this.buf.release();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    /* loaded from: input_file:org/apache/spark/network/crypto/TransportCipher$EncryptionHandler.class */
    public static class EncryptionHandler extends ChannelOutboundHandlerAdapter {
        private final CryptoOutputStream cos;
        private final ByteArrayWritableChannel byteEncChannel = new ByteArrayWritableChannel(TransportCipher.STREAM_BUFFER_SIZE);
        private final ByteArrayWritableChannel byteRawChannel = new ByteArrayWritableChannel(TransportCipher.STREAM_BUFFER_SIZE);
        private boolean isCipherValid = true;

        EncryptionHandler(TransportCipher transportCipher) throws IOException {
            this.cos = transportCipher.createOutputStream(this.byteEncChannel);
        }

        public void write(ChannelHandlerContext channelHandlerContext, Object obj, ChannelPromise channelPromise) throws Exception {
            channelHandlerContext.write(createEncryptedMessage(obj), channelPromise);
        }

        @VisibleForTesting
        EncryptedMessage createEncryptedMessage(Object obj) {
            return new EncryptedMessage(this, this.cos, obj, this.byteEncChannel, this.byteRawChannel);
        }

        public void close(ChannelHandlerContext channelHandlerContext, ChannelPromise channelPromise) throws Exception {
            try {
                if (this.isCipherValid) {
                    this.cos.close();
                }
            } finally {
                super.close(channelHandlerContext, channelPromise);
            }
        }

        void reportError() {
            this.isCipherValid = false;
        }

        boolean isCipherValid() {
            return this.isCipherValid;
        }
    }

    public TransportCipher(Properties properties, String str, SecretKeySpec secretKeySpec, byte[] bArr, byte[] bArr2) {
        this.conf = properties;
        this.cipher = str;
        this.key = secretKeySpec;
        this.inIv = bArr;
        this.outIv = bArr2;
    }

    public String getCipherTransformation() {
        return this.cipher;
    }

    @VisibleForTesting
    SecretKeySpec getKey() {
        return this.key;
    }

    public byte[] getInputIv() {
        return this.inIv;
    }

    public byte[] getOutputIv() {
        return this.outIv;
    }

    @VisibleForTesting
    CryptoOutputStream createOutputStream(WritableByteChannel writableByteChannel) throws IOException {
        return new CryptoOutputStream(this.cipher, this.conf, writableByteChannel, this.key, new IvParameterSpec(this.outIv));
    }

    @VisibleForTesting
    CryptoInputStream createInputStream(ReadableByteChannel readableByteChannel) throws IOException {
        return new CryptoInputStream(this.cipher, this.conf, readableByteChannel, this.key, new IvParameterSpec(this.inIv));
    }

    public void addToChannel(Channel channel) throws IOException {
        channel.pipeline().addFirst(ENCRYPTION_HANDLER_NAME, new EncryptionHandler(this)).addFirst(DECRYPTION_HANDLER_NAME, new DecryptionHandler(this));
    }
}
