package io.nessus.cipher;

import io.nessus.cipher.utils.AESUtils;
import io.nessus.utils.AssertArgument;
import io.nessus.utils.AssertState;
import io.nessus.utils.StreamUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: input_file:io/nessus/cipher/AESCipher.class */
public class AESCipher {
    private final SecureRandom secureRandom = new SecureRandom();

    public InputStream encrypt(SecretKey secretKey, InputStream inputStream) throws IOException, GeneralSecurityException {
        return encrypt(secretKey, inputStream, null);
    }

    public InputStream encrypt(SecretKey secretKey, InputStream inputStream, byte[] bArr) throws IOException, GeneralSecurityException {
        byte[] bArr2 = new byte[12];
        this.secureRandom.nextBytes(bArr2);
        return encrypt(secretKey, bArr2, inputStream, bArr);
    }

    public InputStream encrypt(SecretKey secretKey, byte[] bArr, InputStream inputStream, byte[] bArr2) throws IOException, GeneralSecurityException {
        AssertArgument.assertNotNull(secretKey, "Null secKey");
        AssertArgument.assertNotNull(inputStream, "Null input");
        AssertArgument.assertNotNull(bArr, "Null iv");
        AssertArgument.assertTrue(Boolean.valueOf(bArr.length == 12), "Invalid iv");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKey, new GCMParameterSpec(AESUtils.DEFAULT_STRENGTH, bArr));
        if (bArr2 != null) {
            cipher.updateAAD(bArr2);
        }
        CipherInputStream cipherInputStream = new CipherInputStream(inputStream, cipher);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        StreamUtils.copyStream(cipherInputStream, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        ByteBuffer allocate = ByteBuffer.allocate(4 + bArr.length + byteArray.length);
        allocate.putInt(bArr.length);
        allocate.put(bArr);
        allocate.put(byteArray);
        return new ByteArrayInputStream(allocate.array());
    }

    public InputStream decrypt(SecretKey secretKey, InputStream inputStream) throws IOException, GeneralSecurityException {
        return decrypt(secretKey, inputStream, null);
    }

    public InputStream decrypt(SecretKey secretKey, InputStream inputStream, byte[] bArr) throws IOException, GeneralSecurityException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        StreamUtils.copyStream(inputStream, byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        AssertArgument.assertTrue(Boolean.valueOf(byteArray.length > 0), "Secret message cannot be empty");
        ByteBuffer wrap = ByteBuffer.wrap(byteArray);
        byte[] bArr2 = new byte[wrap.getInt()];
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.remaining()];
        wrap.get(bArr3);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKey, new GCMParameterSpec(AESUtils.DEFAULT_STRENGTH, bArr2));
        if (bArr != null) {
            cipher.updateAAD(bArr);
        }
        CipherInputStream cipherInputStream = new CipherInputStream(new ByteArrayInputStream(bArr3), cipher);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        StreamUtils.copyStream(cipherInputStream, byteArrayOutputStream2);
        byte[] byteArray2 = byteArrayOutputStream2.toByteArray();
        AssertState.assertTrue(Boolean.valueOf(byteArray2.length > 0), "Decryption results in empty message");
        return new ByteArrayInputStream(byteArray2);
    }
}
