package org.cumulus4j.store.crypto.keymanager;

import java.io.IOException;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.cumulus4j.crypto.Cipher;
import org.cumulus4j.crypto.CryptoRegistry;
import org.cumulus4j.crypto.MACCalculator;
import org.cumulus4j.keymanager.back.shared.GetActiveEncryptionKeyRequest;
import org.cumulus4j.keymanager.back.shared.GetActiveEncryptionKeyResponse;
import org.cumulus4j.keymanager.back.shared.GetKeyRequest;
import org.cumulus4j.keymanager.back.shared.GetKeyResponse;
import org.cumulus4j.keymanager.back.shared.KeyEncryptionUtil;
import org.cumulus4j.store.crypto.AbstractCryptoSession;
import org.cumulus4j.store.crypto.Ciphertext;
import org.cumulus4j.store.crypto.CryptoContext;
import org.cumulus4j.store.crypto.Plaintext;
import org.cumulus4j.store.crypto.keymanager.messagebroker.MessageBroker;
import org.cumulus4j.store.crypto.keymanager.messagebroker.MessageBrokerRegistry;
import org.cumulus4j.store.model.EncryptionCoordinateSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/cumulus4j/store/crypto/keymanager/KeyManagerCryptoSession.class */
public class KeyManagerCryptoSession extends AbstractCryptoSession {
    private static final String keyEncryptionTransformation = "RSA//OAEPWITHSHA1ANDMGF1PADDING";
    private static final Logger logger = LoggerFactory.getLogger(KeyManagerCryptoSession.class);
    private static final byte[] EMPTY_BYTE_ARRAY = new byte[0];

    private MessageBroker getMessageBroker() {
        return MessageBrokerRegistry.sharedInstance().getActiveMessageBroker();
    }

    public Ciphertext encrypt(CryptoContext cryptoContext, Plaintext plaintext) {
        EncryptionCoordinateSet createEncryptionCoordinateSet = cryptoContext.getEncryptionCoordinateSetManager().createEncryptionCoordinateSet(cryptoContext.getPersistenceManagerConnection(), getCryptoManager().getEncryptionAlgorithm(), getCryptoManager().getMACAlgorithm());
        String cipherTransformation = createEncryptionCoordinateSet.getCipherTransformation();
        if (createEncryptionCoordinateSet.getEncryptionCoordinateSetID() < 0) {
            throw new IllegalStateException("The encryptionCoordinateSetID = " + createEncryptionCoordinateSet.getEncryptionCoordinateSetID() + " is out of range! It must be >= 0!!!");
        }
        if (createEncryptionCoordinateSet.getEncryptionCoordinateSetID() > 65534) {
            throw new IllegalStateException("The encryptionCoordinateSetID is out of range! The maximum is 65534, because the value is encoded as UNsigned 2-byte-number! This means, you changed the encryption algorithm or the MAC algorithm too often. Switch back to settings you already used before!");
        }
        CryptoCache cryptoCache = getCryptoManager().getCryptoCache();
        CryptoCacheKeyDecrypterEntry cryptoCacheKeyDecrypterEntry = null;
        CryptoCacheCipherEntry cryptoCacheCipherEntry = null;
        try {
            try {
                long activeEncryptionKeyID = cryptoCache.getActiveEncryptionKeyID();
                if (activeEncryptionKeyID >= 0) {
                    cryptoCacheCipherEntry = cryptoCache.acquireEncrypter(cipherTransformation, activeEncryptionKeyID);
                }
                if (cryptoCacheCipherEntry == null) {
                    cryptoCacheKeyDecrypterEntry = cryptoCache.acquireKeyDecryptor(keyEncryptionTransformation);
                    try {
                        GetActiveEncryptionKeyResponse query = getMessageBroker().query(GetActiveEncryptionKeyResponse.class, new GetActiveEncryptionKeyRequest(getCryptoSessionID(), keyEncryptionTransformation, cryptoCacheKeyDecrypterEntry.getKeyEncryptionKey().getEncodedPublicKey()));
                        byte[] decryptKey = KeyEncryptionUtil.decryptKey(cryptoCacheKeyDecrypterEntry.getKeyDecryptor(), query.getKeyEncodedEncrypted());
                        activeEncryptionKeyID = query.getKeyID();
                        cryptoCache.setActiveEncryptionKeyID(activeEncryptionKeyID, query.getActiveUntilExcl());
                        cryptoCacheCipherEntry = cryptoCache.acquireEncrypter(cipherTransformation, activeEncryptionKeyID, decryptKey);
                    } catch (Exception e) {
                        logger.warn("Could not query active encryption key: " + e, e);
                        throw new RuntimeException(e);
                    }
                }
                Cipher cipher = cryptoCacheCipherEntry.getCipher();
                byte[] bArr = EMPTY_BYTE_ARRAY;
                byte[] bArr2 = EMPTY_BYTE_ARRAY;
                byte[] bArr3 = EMPTY_BYTE_ARRAY;
                if (!"NONE".equals(createEncryptionCoordinateSet.getMACAlgorithm())) {
                    MACCalculator createMACCalculator = CryptoRegistry.sharedInstance().createMACCalculator(createEncryptionCoordinateSet.getMACAlgorithm(), true);
                    bArr = createMACCalculator.doFinal(plaintext.getData());
                    if (createMACCalculator.getParameters() instanceof ParametersWithIV) {
                        ParametersWithIV parameters = createMACCalculator.getParameters();
                        bArr3 = parameters.getIV();
                        bArr2 = parameters.getParameters().getKey();
                    } else {
                        if (!(createMACCalculator.getParameters() instanceof KeyParameter)) {
                            throw new IllegalStateException("macCalculator.getParameters() returned an instance of an unknown type: " + (createMACCalculator.getParameters() == null ? null : createMACCalculator.getParameters().getClass().getName()));
                        }
                        bArr2 = createMACCalculator.getParameters().getKey();
                    }
                }
                byte[] iv = cipher.getParameters().getIV();
                if (iv.length > 255) {
                    throw new IllegalStateException("IV too long! Cannot encode length in 1 byte!");
                }
                if (bArr2.length > 255) {
                    throw new IllegalStateException("macKey too long! Cannot encode length in 1 byte!");
                }
                if (bArr3.length > 255) {
                    throw new IllegalStateException("macIV too long! Cannot encode length in 1 byte!");
                }
                if (bArr.length > 255) {
                    throw new IllegalStateException("mac too long! Cannot encode length in 1 byte!");
                }
                int length = 4 + iv.length + 1 + 1 + 1 + cipher.getOutputSize(bArr2.length + bArr3.length + plaintext.getData().length + bArr.length);
                byte[] bArr4 = new byte[length];
                int i = 0 + 1;
                bArr4[0] = 1;
                int i2 = i + 1;
                bArr4[i] = (byte) (createEncryptionCoordinateSet.getEncryptionCoordinateSetID() >>> 8);
                int i3 = i2 + 1;
                bArr4[i2] = (byte) createEncryptionCoordinateSet.getEncryptionCoordinateSetID();
                int i4 = i3 + 1;
                bArr4[i3] = (byte) iv.length;
                System.arraycopy(iv, 0, bArr4, i4, iv.length);
                int length2 = i4 + iv.length;
                int i5 = length2 + 1;
                bArr4[length2] = (byte) bArr2.length;
                int i6 = i5 + 1;
                bArr4[i5] = (byte) bArr3.length;
                int i7 = i6 + 1;
                bArr4[i6] = (byte) bArr.length;
                int update = i7 + cipher.update(bArr2, 0, bArr2.length, bArr4, i7);
                int update2 = update + cipher.update(bArr3, 0, bArr3.length, bArr4, update);
                int update3 = update2 + cipher.update(plaintext.getData(), 0, plaintext.getData().length, bArr4, update2);
                int update4 = update3 + cipher.update(bArr, 0, bArr.length, bArr4, update3);
                int doFinal = update4 + cipher.doFinal(bArr4, update4);
                if (doFinal < length) {
                    logger.warn("encrypt: Output byte array was created bigger than necessary. Will shrink it now. outOff={} encryptedLength={}", Integer.valueOf(doFinal), Integer.valueOf(length));
                    byte[] bArr5 = new byte[doFinal];
                    System.arraycopy(bArr4, 0, bArr5, 0, bArr5.length);
                    bArr4 = bArr5;
                }
                Ciphertext ciphertext = new Ciphertext();
                ciphertext.setData(bArr4);
                ciphertext.setKeyID(activeEncryptionKeyID);
                cryptoCache.releaseKeyDecryptor(cryptoCacheKeyDecrypterEntry);
                cryptoCache.releaseCipherEntry(cryptoCacheCipherEntry);
                return ciphertext;
            } catch (RuntimeException e2) {
                logger.error("encrypt: " + e2, e2);
                throw e2;
            } catch (Exception e3) {
                logger.error("encrypt: " + e3, e3);
                throw new RuntimeException(e3);
            }
        } catch (Throwable th) {
            cryptoCache.releaseKeyDecryptor(null);
            cryptoCache.releaseCipherEntry(null);
            throw th;
        }
    }

    public Plaintext decrypt(CryptoContext cryptoContext, Ciphertext ciphertext) {
        CipherParameters parametersWithIV;
        CryptoCache cryptoCache = getCryptoManager().getCryptoCache();
        CryptoCacheKeyDecrypterEntry cryptoCacheKeyDecrypterEntry = null;
        try {
            try {
                long keyID = ciphertext.getKeyID();
                byte[] data = ciphertext.getData();
                int i = 0 + 1;
                int i2 = data[0] & 255;
                if (i2 != 1) {
                    throw new IllegalArgumentException("Ciphertext is of version " + i2 + " which is not supported!");
                }
                int i3 = i + 1;
                int i4 = (data[i] << 8) & 65535;
                int i5 = i3 + 1;
                int i6 = i4 + (data[i3] & 255);
                EncryptionCoordinateSet encryptionCoordinateSet = cryptoContext.getEncryptionCoordinateSetManager().getEncryptionCoordinateSet(cryptoContext.getPersistenceManagerConnection(), i6);
                if (encryptionCoordinateSet == null) {
                    throw new IllegalStateException("There is no EncryptionCoordinateSet with encryptionCoordinateSetID=" + i6 + "!");
                }
                int i7 = i5 + 1;
                byte[] bArr = new byte[data[i5] & 255];
                System.arraycopy(data, i7, bArr, 0, bArr.length);
                int length = i7 + bArr.length;
                int i8 = length + 1;
                int i9 = data[length] & 255;
                int i10 = i8 + 1;
                int i11 = data[i8] & 255;
                int i12 = i10 + 1;
                int i13 = data[i10] & 255;
                CryptoCacheCipherEntry acquireDecrypter = cryptoCache.acquireDecrypter(encryptionCoordinateSet.getCipherTransformation(), keyID, bArr);
                if (acquireDecrypter == null) {
                    cryptoCacheKeyDecrypterEntry = cryptoCache.acquireKeyDecryptor(keyEncryptionTransformation);
                    try {
                        acquireDecrypter = cryptoCache.acquireDecrypter(encryptionCoordinateSet.getCipherTransformation(), keyID, KeyEncryptionUtil.decryptKey(cryptoCacheKeyDecrypterEntry.getKeyDecryptor(), getMessageBroker().query(GetKeyResponse.class, new GetKeyRequest(getCryptoSessionID(), ciphertext.getKeyID(), keyEncryptionTransformation, cryptoCacheKeyDecrypterEntry.getKeyEncryptionKey().getEncodedPublicKey())).getKeyEncodedEncrypted()), bArr);
                    } catch (Exception e) {
                        logger.warn("Could not query key " + ciphertext.getKeyID() + ": " + e, e);
                        throw new RuntimeException(e);
                    }
                }
                int length2 = data.length - i12;
                int outputSize = acquireDecrypter.getCipher().getOutputSize(length2);
                byte[] bArr2 = new byte[outputSize];
                int update = 0 + acquireDecrypter.getCipher().update(data, i12, length2, bArr2, 0);
                int doFinal = update + acquireDecrypter.getCipher().doFinal(bArr2, update);
                if (logger.isDebugEnabled() && doFinal != outputSize) {
                    logger.debug("decrypt: precalculated output-size does not match actually written output: expected={} actual={}", Integer.valueOf(outputSize), Integer.valueOf(doFinal));
                }
                int i14 = 0;
                MACCalculator mACCalculator = null;
                if (!"NONE".equals(encryptionCoordinateSet.getMACAlgorithm())) {
                    mACCalculator = CryptoRegistry.sharedInstance().createMACCalculator(encryptionCoordinateSet.getMACAlgorithm(), false);
                    CipherParameters keyParameter = new KeyParameter(bArr2, 0, i9);
                    i14 = 0 + i9;
                    if (i11 == 0) {
                        parametersWithIV = keyParameter;
                    } else {
                        parametersWithIV = new ParametersWithIV(keyParameter, bArr2, i14, i11);
                        i14 += i11;
                    }
                    mACCalculator.init(parametersWithIV);
                }
                int i15 = (doFinal - i14) - i13;
                int i16 = i14 + i15;
                if (mACCalculator != null) {
                    byte[] bArr3 = new byte[mACCalculator.getMacSize()];
                    mACCalculator.update(bArr2, i14, i15);
                    mACCalculator.doFinal(bArr3, 0);
                    if (bArr3.length != i13) {
                        throw new IOException("MACs have different length! Expected MAC has " + i13 + " bytes and newly calculated MAC has " + bArr3.length + " bytes!");
                    }
                    for (int i17 = 0; i17 < i13; i17++) {
                        byte b = bArr2[i16 + i17];
                        if (b != bArr3[i17]) {
                            throw new IOException("MAC mismatch! mac[" + i17 + "] was expected to be " + ((int) b) + " but was " + ((int) bArr3[i17]));
                        }
                    }
                }
                byte[] bArr4 = new byte[i15];
                System.arraycopy(bArr2, i14, bArr4, 0, bArr4.length);
                Plaintext plaintext = new Plaintext();
                plaintext.setData(bArr4);
                cryptoCache.releaseKeyDecryptor(cryptoCacheKeyDecrypterEntry);
                cryptoCache.releaseCipherEntry(acquireDecrypter);
                return plaintext;
            } catch (RuntimeException e2) {
                logger.error("decrypt: " + e2, e2);
                throw e2;
            } catch (Exception e3) {
                logger.error("decrypt: " + e3, e3);
                throw new RuntimeException(e3);
            }
        } catch (Throwable th) {
            cryptoCache.releaseKeyDecryptor(null);
            cryptoCache.releaseCipherEntry(null);
            throw th;
        }
    }

    public void close() {
        super.close();
        doNothing();
    }

    private static final void doNothing() {
    }
}
