package de.schlichtherle.truezip.zip;

import de.schlichtherle.truezip.crypto.CipherOutputStream;
import de.schlichtherle.truezip.crypto.param.AesKeyStrength;
import de.schlichtherle.truezip.io.LEDataOutputStream;
import java.io.IOException;
import java.security.SecureRandom;
import javax.annotation.concurrent.NotThreadSafe;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.Mac;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;
import org.bouncycastle.crypto.io.MacOutputStream;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

@NotThreadSafe
/* loaded from: input_file:de/schlichtherle/truezip/zip/WinZipAesEntryOutputStream.class */
final class WinZipAesEntryOutputStream extends CipherOutputStream {
    static final int ITERATION_COUNT = 1000;
    static final int AES_BLOCK_SIZE_BITS = 128;
    static final int PWD_VERIFIER_BITS = 16;
    private final SecureRandom shaker;
    private final WinZipAesEntryParameters param;
    private Mac mac;
    private LEDataOutputStream dos;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public WinZipAesEntryOutputStream(LEDataOutputStream lEDataOutputStream, WinZipAesEntryParameters winZipAesEntryParameters) throws IOException {
        super(lEDataOutputStream, new BufferedBlockCipher(new WinZipAesCipher()));
        this.shaker = new SecureRandom();
        if (!$assertionsDisabled && null == lEDataOutputStream) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && null == winZipAesEntryParameters) {
            throw new AssertionError();
        }
        this.param = winZipAesEntryParameters;
        AesKeyStrength keyStrength = winZipAesEntryParameters.getKeyStrength();
        int bits = keyStrength.getBits();
        int bytes = keyStrength.getBytes();
        byte[] bArr = new byte[bytes / 2];
        this.shaker.nextBytes(bArr);
        byte[] writePassword = winZipAesEntryParameters.getWritePassword();
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator();
        pKCS5S2ParametersGenerator.init(writePassword, bArr, 1000);
        if (!$assertionsDisabled && 128 > bits) {
            throw new AssertionError();
        }
        KeyParameter keyParameter = (KeyParameter) pKCS5S2ParametersGenerator.generateDerivedParameters((2 * bits) + 16);
        paranoidWipe(writePassword);
        ParametersWithIV parametersWithIV = new ParametersWithIV(new KeyParameter(keyParameter.getKey(), 0, bytes), new byte[16]);
        KeyParameter keyParameter2 = new KeyParameter(keyParameter.getKey(), bytes, bytes);
        this.cipher.init(true, parametersWithIV);
        HMac hMac = new HMac(new SHA1Digest());
        this.mac = hMac;
        hMac.init(keyParameter2);
        this.dos = (LEDataOutputStream) this.delegate;
        this.delegate = new MacOutputStream(this.dos, hMac);
        this.dos.write(bArr);
        writePasswordVerifier(keyParameter);
    }

    private void writePasswordVerifier(KeyParameter keyParameter) throws IOException {
        this.dos.write(keyParameter.getKey(), 2 * this.param.getKeyStrength().getBytes(), 2);
    }

    private void paranoidWipe(byte[] bArr) {
        this.shaker.nextBytes(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.schlichtherle.truezip.crypto.CipherOutputStream
    public void finish() throws IOException {
        super.finish();
        Mac mac = this.mac;
        byte[] bArr = new byte[mac.getMacSize()];
        int doFinal = mac.doFinal(bArr, 0);
        if (!$assertionsDisabled && doFinal != bArr.length) {
            throw new AssertionError();
        }
        this.dos.write(bArr, 0, doFinal / 2);
    }

    static {
        $assertionsDisabled = !WinZipAesEntryOutputStream.class.desiredAssertionStatus();
    }
}
