package com.joyent.manta.serialization;

import com.esotericsoftware.kryo.Kryo;
import com.esotericsoftware.kryo.io.ByteBufferOutput;
import com.esotericsoftware.kryo.io.Input;
import com.joyent.manta.client.crypto.SupportedCipherDetails;
import com.joyent.manta.client.crypto.SupportedHmacsLookupMap;
import com.joyent.manta.client.multipart.AbstractMultipartUpload;
import com.joyent.manta.client.multipart.EncryptedMultipartUpload;
import com.joyent.manta.exception.MantaClientEncryptionCiphertextAuthenticationException;
import com.joyent.manta.exception.MantaClientEncryptionException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.function.Supplier;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/joyent/manta/serialization/EncryptedMultipartUploaSerializationHelper.class */
public class EncryptedMultipartUploaSerializationHelper<WRAPPED extends AbstractMultipartUpload> {
    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptedMultipartUploaSerializationHelper.class);
    private static final int CIPHER_ID_SIZE_BYTES = 16;
    private static final int ENCRYPTED_MULTIPART_UPLOAD_SERIALIZATION_VERSION = 1;
    private final Kryo kryo;
    private final SecretKey secretKey;
    private final SupportedCipherDetails cipherDetails;
    private final Class<WRAPPED> wrappedMultipartClass;

    public EncryptedMultipartUploaSerializationHelper(Kryo kryo, SecretKey secretKey, SupportedCipherDetails supportedCipherDetails, Class<WRAPPED> cls) {
        this.kryo = kryo;
        this.secretKey = secretKey;
        this.wrappedMultipartClass = cls;
        this.cipherDetails = supportedCipherDetails;
        registerClasses();
    }

    private void registerClasses() {
        this.kryo.register(EncryptedMultipartUpload.class, new EncryptedMultipartSerializer(this.kryo, EncryptedMultipartUpload.class, this.wrappedMultipartClass, this.secretKey));
    }

    /* JADX WARN: Type inference failed for: r0v36, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v58, types: [byte[], byte[][]] */
    public byte[] serialize(EncryptedMultipartUpload<WRAPPED> encryptedMultipartUpload) {
        Cipher cipher = this.cipherDetails.getCipher();
        byte[] generateIv = this.cipherDetails.generateIv();
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Writing IV: {}", Hex.toHexString(generateIv));
        }
        try {
            cipher.init(ENCRYPTED_MULTIPART_UPLOAD_SERIALIZATION_VERSION, this.secretKey, this.cipherDetails.getEncryptionParameterSpec(generateIv));
            ByteBufferOutput byteBufferOutput = new ByteBufferOutput(8192, 16384);
            Throwable th = null;
            try {
                try {
                    byteBufferOutput.writeVarInt(ENCRYPTED_MULTIPART_UPLOAD_SERIALIZATION_VERSION, true);
                    this.kryo.writeClassAndObject(byteBufferOutput, encryptedMultipartUpload);
                    byteBufferOutput.flush();
                    byte[] bytes = byteBufferOutput.toBytes();
                    $closeResource(null, byteBufferOutput);
                    try {
                        byte[] doFinal = cipher.doFinal(bytes);
                        if (this.cipherDetails.isAEADCipher()) {
                            return addAll(new byte[]{generateIv, doFinal});
                        }
                        HMac authenticationHmac = this.cipherDetails.getAuthenticationHmac();
                        authenticationHmac.update(generateIv, 0, generateIv.length);
                        authenticationHmac.update(doFinal, 0, doFinal.length);
                        byte[] bArr = new byte[authenticationHmac.getMacSize()];
                        authenticationHmac.doFinal(bArr, 0);
                        if (LOGGER.isDebugEnabled()) {
                            LOGGER.debug("Writing HMAC: {}", Hex.toHexString(bArr));
                        }
                        byte[] bArr2 = new byte[CIPHER_ID_SIZE_BYTES];
                        byte[] bytes2 = SupportedHmacsLookupMap.hmacNameFromInstance(authenticationHmac).getBytes(StandardCharsets.US_ASCII);
                        System.arraycopy(bytes2, 0, bArr2, 0, bytes2.length);
                        return addAll(new byte[]{generateIv, doFinal, bArr, bArr2});
                    } catch (GeneralSecurityException e) {
                        throw new MantaClientEncryptionException("Error encrypting serialized data", e);
                    }
                } finally {
                }
            } catch (Throwable th2) {
                $closeResource(th, byteBufferOutput);
                throw th2;
            }
        } catch (GeneralSecurityException e2) {
            throw new MantaClientEncryptionException(String.format("Unable to initialize cipher [%s]", this.cipherDetails.getCipherId()), e2);
        }
    }

    public EncryptedMultipartUpload<WRAPPED> deserialize(byte[] bArr) {
        byte[] extractCipherText;
        byte[] copyOf = Arrays.copyOf(bArr, this.cipherDetails.getIVLengthInBytes());
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Reading IV: {}", Hex.toHexString(copyOf));
        }
        Cipher cipher = this.cipherDetails.getCipher();
        try {
            cipher.init(2, this.secretKey, this.cipherDetails.getEncryptionParameterSpec(copyOf));
            if (this.cipherDetails.isAEADCipher()) {
                extractCipherText = extractCipherText(bArr, copyOf.length, null);
            } else {
                String trim = new String(Arrays.copyOfRange(bArr, bArr.length - CIPHER_ID_SIZE_BYTES, bArr.length), StandardCharsets.US_ASCII).trim();
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Verifying checksum with [{}]", trim);
                }
                Supplier supplier = (Supplier) SupportedHmacsLookupMap.INSTANCE.get(trim);
                if (supplier == null) {
                    throw new MantaClientEncryptionException(String.format("Unknown HMAC: [%s]", trim));
                }
                HMac hMac = (HMac) supplier.get();
                int macSize = hMac.getMacSize();
                extractCipherText = extractCipherText(bArr, copyOf.length, Integer.valueOf(macSize));
                hMac.update(copyOf, 0, copyOf.length);
                hMac.update(extractCipherText, 0, extractCipherText.length);
                byte[] bArr2 = new byte[macSize];
                hMac.doFinal(bArr2, 0);
                byte[] copyOfRange = Arrays.copyOfRange(bArr, (bArr.length - macSize) - CIPHER_ID_SIZE_BYTES, bArr.length - CIPHER_ID_SIZE_BYTES);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Expected HMAC:   {}", Hex.toHexString(copyOfRange));
                    LOGGER.debug("Calculated HMAC: {}", Hex.toHexString(bArr2));
                }
                if (!Arrays.areEqual(bArr2, copyOfRange)) {
                    MantaClientEncryptionCiphertextAuthenticationException mantaClientEncryptionCiphertextAuthenticationException = new MantaClientEncryptionCiphertextAuthenticationException("Serialization data ciphertext failed cryptographic authentication");
                    mantaClientEncryptionCiphertextAuthenticationException.setContextValue("expected", Hex.toHexString(copyOfRange));
                    mantaClientEncryptionCiphertextAuthenticationException.setContextValue("calculated", Hex.toHexString(bArr2));
                    throw mantaClientEncryptionCiphertextAuthenticationException;
                }
            }
            try {
                Input input = new Input(cipher.doFinal(extractCipherText));
                Throwable th = null;
                try {
                    try {
                        int readVarInt = input.readVarInt(true);
                        if (readVarInt != ENCRYPTED_MULTIPART_UPLOAD_SERIALIZATION_VERSION) {
                            LOGGER.warn("Deserialized version [%d] is different than serialization version [%d", Integer.valueOf(readVarInt), Integer.valueOf(ENCRYPTED_MULTIPART_UPLOAD_SERIALIZATION_VERSION));
                        }
                        EncryptedMultipartUpload<WRAPPED> encryptedMultipartUpload = (EncryptedMultipartUpload) this.kryo.readClassAndObject(input);
                        $closeResource(null, input);
                        return encryptedMultipartUpload;
                    } finally {
                    }
                } catch (Throwable th2) {
                    $closeResource(th, input);
                    throw th2;
                }
            } catch (GeneralSecurityException e) {
                throw new MantaClientEncryptionException("Error decrypting serialized object data", e);
            }
        } catch (GeneralSecurityException e2) {
            throw new MantaClientEncryptionException(String.format("Unable to initialize cipher [%s]", this.cipherDetails.getCipherId()), e2);
        }
    }

    private byte[] extractCipherText(byte[] bArr, int i, Integer num) {
        return num == null ? Arrays.copyOfRange(bArr, i, bArr.length) : Arrays.copyOfRange(bArr, i, (bArr.length - num.intValue()) - CIPHER_ID_SIZE_BYTES);
    }

    static byte[] addAll(byte[]... bArr) {
        int i = 0;
        int length = bArr.length;
        for (int i2 = 0; i2 < length; i2 += ENCRYPTED_MULTIPART_UPLOAD_SERIALIZATION_VERSION) {
            byte[] bArr2 = bArr[i2];
            if (bArr2 != null) {
                i += bArr2.length;
            }
        }
        byte[] bArr3 = new byte[i];
        int i3 = 0;
        int length2 = bArr.length;
        for (int i4 = 0; i4 < length2; i4 += ENCRYPTED_MULTIPART_UPLOAD_SERIALIZATION_VERSION) {
            byte[] bArr4 = bArr[i4];
            if (bArr4 != null) {
                System.arraycopy(bArr4, 0, bArr3, i3, bArr4.length);
                i3 += bArr4.length;
            }
        }
        return bArr3;
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
