package com.emc.codec.encryption;

import com.emc.codec.AbstractCodec;
import com.emc.codec.CodecChain;
import com.emc.codec.EncodeInputStream;
import com.emc.codec.EncodeListener;
import com.emc.codec.EncodeMetadata;
import com.emc.codec.EncodeOutputStream;
import com.emc.codec.EncodeStream;
import com.emc.codec.util.CodecUtil;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.apache.log4j.LogMF;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/emc/codec/encryption/EncryptionCodec.class */
public class EncryptionCodec extends AbstractCodec<EncryptionMetadata> {
    private static final Logger log = Logger.getLogger(EncryptionCodec.class);
    public static final int PRIORITY = 1000;
    public static final String SECURE_RANDOM_INSTANCE = "SHA1PRNG";
    public static final String AES_CBC_PKCS5_CIPHER = "AES/CBC/PKCS5Padding";
    public static final String PROP_KEY_SIZE = "com.emc.codec.encryption.EncryptionCodec.keySize";
    public static final String PROP_KEY_PROVIDER = "com.emc.codec.encryption.EncryptionCodec.keyProvider";
    public static final String PROP_SECURITY_PROVIDER = "com.emc.codec.encryption.EncryptionCodec.securityProvider";
    public static final int DEFAULT_KEY_SIZE = 128;

    /* loaded from: input_file:com/emc/codec/encryption/EncryptionCodec$SigningEncodeMetadataListener.class */
    protected class SigningEncodeMetadataListener implements EncodeListener<EncryptionMetadata> {
        private KeyProvider keyProvider;
        private Provider provider;

        public SigningEncodeMetadataListener(KeyProvider keyProvider, Provider provider) {
            this.keyProvider = keyProvider;
            this.provider = provider;
        }

        @Override // com.emc.codec.EncodeListener
        public void encodeComplete(EncodeStream<EncryptionMetadata> encodeStream) {
            encodeStream.getEncodeMetadata().setMasterKeyFingerprint(this.keyProvider.getMasterKeyFingerprint());
            encodeStream.getEncodeMetadata().sign((RSAPrivateKey) this.keyProvider.getMasterKey().getPrivate(), this.provider);
        }
    }

    public static String encodeSpec(String str) {
        return CodecUtil.getEncodeSpec(EncryptionConstants.ENCRYPTION_TYPE, str);
    }

    public static int getKeySize(Map<String, Object> map) {
        return ((Integer) CodecUtil.getCodecProperty(PROP_KEY_SIZE, map, Integer.valueOf(DEFAULT_KEY_SIZE))).intValue();
    }

    public static void setKeySize(Map<String, Object> map, int i) {
        map.put(PROP_KEY_SIZE, Integer.valueOf(i));
    }

    public static KeyProvider getKeyProvider(Map<String, Object> map) {
        return (KeyProvider) CodecUtil.getCodecProperty(PROP_KEY_PROVIDER, map, null);
    }

    public static void setKeyProvider(Map<String, Object> map, KeyProvider keyProvider) {
        map.put(PROP_KEY_PROVIDER, keyProvider);
    }

    public static Provider getSecurityProvider(Map<String, Object> map) {
        return (Provider) CodecUtil.getCodecProperty(PROP_SECURITY_PROVIDER, map, null);
    }

    public static void setPropSecurityProvider(Map<String, Object> map, Provider provider) {
        map.put(PROP_SECURITY_PROVIDER, provider);
    }

    @Override // com.emc.codec.AbstractCodec
    public boolean canProcess(String str) {
        if (!EncryptionConstants.ENCRYPTION_TYPE.equals(CodecUtil.getEncodeType(str))) {
            return false;
        }
        String cipherSpec = EncryptionUtil.getCipherSpec(str);
        try {
            Cipher.getInstance(cipherSpec);
            return true;
        } catch (Exception e) {
            LogMF.warn(log, "cannot process cipher %s: %s", cipherSpec, e);
            return false;
        }
    }

    @Override // com.emc.codec.Encoder
    public String getDefaultEncodeSpec() {
        return encodeSpec(AES_CBC_PKCS5_CIPHER);
    }

    @Override // com.emc.codec.Encoder, com.emc.codec.Decoder
    public int getPriority() {
        return PRIORITY;
    }

    @Override // com.emc.codec.Decoder
    public EncryptionMetadata createEncodeMetadata(String str, Map<String, String> map) {
        return new EncryptionMetadata(str, map);
    }

    @Override // com.emc.codec.Decoder
    public long getDecodedSize(EncryptionMetadata encryptionMetadata) {
        return encryptionMetadata.getOriginalSize();
    }

    public OutputStream getDecodingStream(OutputStream outputStream, EncryptionMetadata encryptionMetadata, Map<String, Object> map) {
        return new CipherOutputStream(outputStream, initDecryptCipher(encryptionMetadata, _getKeyProvider(map), getSecurityProvider(map)));
    }

    public InputStream getDecodingStream(InputStream inputStream, EncryptionMetadata encryptionMetadata, Map<String, Object> map) {
        return new CipherInputStream(inputStream, initDecryptCipher(encryptionMetadata, _getKeyProvider(map), getSecurityProvider(map)));
    }

    @Override // com.emc.codec.Encoder
    public boolean isSizePredictable() {
        return true;
    }

    @Override // com.emc.codec.Encoder
    public long getEncodedSize(long j, String str, Map<String, Object> map) {
        String cipherSpec = EncryptionUtil.getCipherSpec(str);
        Provider securityProvider = getSecurityProvider(map);
        Cipher initEncryptCipher = initEncryptCipher(cipherSpec, generateKey(cipherSpec, getKeySize(map), securityProvider), securityProvider);
        try {
            return (j - (j % initEncryptCipher.getBlockSize())) + initEncryptCipher.doFinal(new byte[(int) r0]).length;
        } catch (Exception e) {
            throw new UnsupportedOperationException("Cipher error", e);
        }
    }

    @Override // com.emc.codec.Encoder
    public EncodeOutputStream<EncryptionMetadata> getEncodingStream(OutputStream outputStream, String str, Map<String, Object> map) {
        String cipherSpec = EncryptionUtil.getCipherSpec(str);
        Provider securityProvider = getSecurityProvider(map);
        KeyProvider _getKeyProvider = _getKeyProvider(map);
        SecretKey generateKey = generateKey(cipherSpec, getKeySize(map), securityProvider);
        EncryptionOutputStream encryptionOutputStream = new EncryptionOutputStream(outputStream, str, initEncryptCipher(cipherSpec, generateKey, securityProvider), encryptKey(generateKey, _getKeyProvider.getMasterKey(), securityProvider));
        encryptionOutputStream.addListener(new SigningEncodeMetadataListener(_getKeyProvider, securityProvider));
        return encryptionOutputStream;
    }

    @Override // com.emc.codec.Encoder
    public EncodeInputStream<EncryptionMetadata> getEncodingStream(InputStream inputStream, String str, Map<String, Object> map) {
        String cipherSpec = EncryptionUtil.getCipherSpec(str);
        Provider securityProvider = getSecurityProvider(map);
        KeyProvider _getKeyProvider = _getKeyProvider(map);
        SecretKey generateKey = generateKey(cipherSpec, getKeySize(map), securityProvider);
        EncryptionInputStream encryptionInputStream = new EncryptionInputStream(inputStream, str, initEncryptCipher(cipherSpec, generateKey, securityProvider), encryptKey(generateKey, _getKeyProvider.getMasterKey(), securityProvider));
        encryptionInputStream.addListener(new SigningEncodeMetadataListener(_getKeyProvider, securityProvider));
        return encryptionInputStream;
    }

    public void rekey(Map<String, String> map, Map<String, Object> map2) {
        String str = null;
        String[] encodeSpecs = CodecChain.getEncodeSpecs(map);
        int length = encodeSpecs.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            String str2 = encodeSpecs[i];
            if (canDecode(str2)) {
                str = str2;
                break;
            }
            i++;
        }
        if (str == null) {
            throw new IllegalArgumentException("object is not encrypted");
        }
        EncryptionMetadata encryptionMetadata = new EncryptionMetadata(str, map);
        rekey(encryptionMetadata, map2);
        map.putAll(encryptionMetadata.toMap());
    }

    public void rekey(EncryptionMetadata encryptionMetadata, Map<String, Object> map) {
        KeyProvider keyProvider = getKeyProvider(map);
        Provider securityProvider = getSecurityProvider(map);
        if (encryptionMetadata.getMasterKeyFingerprint().equals(keyProvider.getMasterKeyFingerprint())) {
            throw new DoesNotNeedRekeyException("Object is already using the current master key");
        }
        KeyPair key = keyProvider.getKey(encryptionMetadata.getMasterKeyFingerprint());
        if (key == null) {
            throw new EncryptionException(String.format("Master key with fingerprint %s not found", encryptionMetadata.getMasterKeyFingerprint()));
        }
        encryptionMetadata.setSecretKey(encryptionMetadata.getSecretKey((RSAPrivateKey) key.getPrivate(), securityProvider), keyProvider.getMasterKey().getPublic(), securityProvider);
        encryptionMetadata.setMasterKeyFingerprint(keyProvider.getMasterKeyFingerprint());
        encryptionMetadata.sign((RSAPrivateKey) keyProvider.getMasterKey().getPrivate(), securityProvider);
    }

    protected Cipher initEncryptCipher(String str, SecretKey secretKey, Provider provider) {
        try {
            Cipher createCipher = createCipher(str, provider);
            createCipher.init(1, secretKey, getSecureRandom(provider));
            return createCipher;
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Error initializing cipher", e);
        }
    }

    protected Cipher initDecryptCipher(EncryptionMetadata encryptionMetadata, KeyProvider keyProvider, Provider provider) {
        try {
            Cipher createCipher = createCipher(EncryptionUtil.getCipherSpec(encryptionMetadata.getEncodeSpec()), provider);
            KeyPair key = keyProvider.getKey(encryptionMetadata.getMasterKeyFingerprint());
            if (key == null) {
                throw new EncryptionException(String.format("Could not decrypt object. no master key with ID %s found", encryptionMetadata.getMasterKeyFingerprint()));
            }
            createCipher.init(2, encryptionMetadata.getSecretKey((RSAPrivateKey) key.getPrivate(), provider), new IvParameterSpec(encryptionMetadata.getInitVector()));
            return createCipher;
        } catch (GeneralSecurityException e) {
            throw new EncryptionException("Error initializing cipher", e);
        }
    }

    protected Cipher createCipher(String str, Provider provider) {
        try {
            return provider != null ? Cipher.getInstance(str, provider) : Cipher.getInstance(str);
        } catch (GeneralSecurityException e) {
            throw new UnsupportedOperationException("Could not get cipher instance for algorithm " + str, e);
        }
    }

    protected SecretKey generateKey(String str, int i, Provider provider) {
        String baseAlgorithm = EncryptionUtil.getBaseAlgorithm(str);
        try {
            if (i > Cipher.getMaxAllowedKeyLength(str)) {
                throw new InvalidKeyException(String.format("Key size of %d bits is larger than the maximum allowed of %d", Integer.valueOf(i), Integer.valueOf(Cipher.getMaxAllowedKeyLength(str))));
            }
            KeyGenerator keyGenerator = provider != null ? KeyGenerator.getInstance(baseAlgorithm, provider) : KeyGenerator.getInstance(baseAlgorithm);
            keyGenerator.init(i, getSecureRandom(provider));
            return keyGenerator.generateKey();
        } catch (GeneralSecurityException e) {
            throw new UnsupportedOperationException("Could not generate key for algorithm " + baseAlgorithm, e);
        }
    }

    public String encryptKey(SecretKey secretKey, KeyPair keyPair, Provider provider) {
        return EncryptionUtil.encryptKey(secretKey, provider, keyPair.getPublic());
    }

    protected KeyProvider _getKeyProvider(Map<String, Object> map) {
        KeyProvider keyProvider = getKeyProvider(map);
        if (keyProvider == null) {
            throw new EncryptionException("no key provider specified");
        }
        return keyProvider;
    }

    protected SecureRandom getSecureRandom(Provider provider) {
        try {
            return provider != null ? SecureRandom.getInstance(SECURE_RANDOM_INSTANCE, provider) : SecureRandom.getInstance(SECURE_RANDOM_INSTANCE);
        } catch (GeneralSecurityException e) {
            throw new UnsupportedOperationException("Could not get secure random instance for SHA1PRNG", e);
        }
    }

    @Override // com.emc.codec.Decoder
    public /* bridge */ /* synthetic */ InputStream getDecodingStream(InputStream inputStream, EncodeMetadata encodeMetadata, Map map) {
        return getDecodingStream(inputStream, (EncryptionMetadata) encodeMetadata, (Map<String, Object>) map);
    }

    @Override // com.emc.codec.Decoder
    public /* bridge */ /* synthetic */ OutputStream getDecodingStream(OutputStream outputStream, EncodeMetadata encodeMetadata, Map map) {
        return getDecodingStream(outputStream, (EncryptionMetadata) encodeMetadata, (Map<String, Object>) map);
    }

    @Override // com.emc.codec.Decoder
    public /* bridge */ /* synthetic */ EncodeMetadata createEncodeMetadata(String str, Map map) {
        return createEncodeMetadata(str, (Map<String, String>) map);
    }
}
