package com.joyent.manta.client.crypto;

import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.bouncycastle.crypto.macs.HMac;

/* loaded from: input_file:com/joyent/manta/client/crypto/AbstractAesCipherDetails.class */
public abstract class AbstractAesCipherDetails implements SupportedCipherDetails {
    private static final Duration SEED_REFRESH_INTERVAL = Duration.ofHours(1);
    protected static final String DEFAULT_HMAC_ALGORITHM = "HmacMD5";
    private final String hmacAlgorithm;
    private final int authenticationTagOrHmacLength;
    private final int keyLengthBits;
    private final String cipherId;
    private final String cipherAlgorithmJavaName;
    private final boolean isAEADCipher;
    private final SecureRandom random;
    private volatile Instant seedLastRefreshedTimestamp;

    public AbstractAesCipherDetails(int i, String str, int i2) {
        this.random = findSecureRandomImplementation();
        this.seedLastRefreshedTimestamp = Instant.now();
        this.keyLengthBits = i;
        this.cipherAlgorithmJavaName = str;
        this.cipherId = createMantaCipherIdFromJavaAlgorithmId(str, i);
        this.hmacAlgorithm = null;
        this.authenticationTagOrHmacLength = i2;
        this.isAEADCipher = true;
    }

    public AbstractAesCipherDetails(int i, String str, String str2) {
        this.random = findSecureRandomImplementation();
        this.seedLastRefreshedTimestamp = Instant.now();
        this.keyLengthBits = i;
        this.cipherAlgorithmJavaName = str;
        this.cipherId = createMantaCipherIdFromJavaAlgorithmId(str, i);
        this.hmacAlgorithm = str2;
        this.authenticationTagOrHmacLength = getAuthenticationHmac().getMacSize();
        this.isAEADCipher = false;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public String getKeyGenerationAlgorithm() {
        return "AES";
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public long getMaximumPlaintextSizeInBytes() {
        return Long.MAX_VALUE - getAuthenticationTagOrHmacLengthInBytes();
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public int getAuthenticationTagOrHmacLengthInBytes() {
        return this.authenticationTagOrHmacLength;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public int getBlockSizeInBytes() {
        return 16;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public int getIVLengthInBytes() {
        return 16;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public int getKeyLengthBits() {
        return this.keyLengthBits;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public String getCipherId() {
        return this.cipherId;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public String getCipherAlgorithm() {
        return this.cipherAlgorithmJavaName;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public Cipher getCipher() {
        if (ExternalSecurityProviderLoader.getPkcs11Provider() == null) {
            return SupportedCipherDetails.findCipher(this.cipherAlgorithmJavaName, ExternalSecurityProviderLoader.getBouncyCastleProvider());
        }
        return SupportedCipherDetails.findCipher(this.cipherAlgorithmJavaName, ExternalSecurityProviderLoader.getPkcs11Provider().containsKey(new StringBuilder().append("Cipher.").append(this.cipherAlgorithmJavaName).toString()) ? ExternalSecurityProviderLoader.getPkcs11Provider() : ExternalSecurityProviderLoader.getBouncyCastleProvider());
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public Cipher getBouncyCastleCipher() {
        return SupportedCipherDetails.findCipher(this.cipherAlgorithmJavaName, ExternalSecurityProviderLoader.getBouncyCastleProvider());
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public HMac getAuthenticationHmac() {
        if (this.isAEADCipher) {
            return null;
        }
        return SupportedHmacsLookupMap.INSTANCE.get(this.hmacAlgorithm).get();
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public AlgorithmParameterSpec getEncryptionParameterSpec(byte[] bArr) {
        Validate.notNull(bArr, "Initialization vector must not be null", new Object[0]);
        Validate.isTrue(bArr.length == getIVLengthInBytes(), "Initialization vector has the wrong byte count [%d] expected [%d] bytes", new Object[]{Integer.valueOf(bArr.length), Integer.valueOf(getIVLengthInBytes())});
        return new IvParameterSpec(bArr);
    }

    private static String createMantaCipherIdFromJavaAlgorithmId(String str, int i) {
        String[] split = StringUtils.split(str, '/');
        if (split.length < 3) {
            throw new IllegalArgumentException("There must be three slashes [/] in the algorithm name");
        }
        return split[0] + i + '/' + split[1] + '/' + split[2];
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public boolean isAEADCipher() {
        return this.isAEADCipher;
    }

    @Override // com.joyent.manta.client.crypto.SupportedCipherDetails
    public byte[] generateIv() {
        byte[] bArr = new byte[getIVLengthInBytes()];
        getSecureRandom().nextBytes(bArr);
        return bArr;
    }

    protected SecureRandom getSecureRandom() {
        if (this.seedLastRefreshedTimestamp.isAfter(this.seedLastRefreshedTimestamp.plus((TemporalAmount) SEED_REFRESH_INTERVAL))) {
            this.random.setSeed(this.random.generateSeed(32));
            this.seedLastRefreshedTimestamp = Instant.now();
        }
        return this.random;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AbstractAesCipherDetails abstractAesCipherDetails = (AbstractAesCipherDetails) obj;
        return this.authenticationTagOrHmacLength == abstractAesCipherDetails.authenticationTagOrHmacLength && this.keyLengthBits == abstractAesCipherDetails.keyLengthBits && this.isAEADCipher == abstractAesCipherDetails.isAEADCipher && Objects.equals(this.hmacAlgorithm, abstractAesCipherDetails.hmacAlgorithm) && Objects.equals(this.cipherId, abstractAesCipherDetails.cipherId) && Objects.equals(this.cipherAlgorithmJavaName, abstractAesCipherDetails.cipherAlgorithmJavaName);
    }

    public int hashCode() {
        return Objects.hash(this.hmacAlgorithm, Integer.valueOf(this.authenticationTagOrHmacLength), Integer.valueOf(this.keyLengthBits), this.cipherId, this.cipherAlgorithmJavaName, Boolean.valueOf(this.isAEADCipher));
    }

    public String toString() {
        return new ToStringBuilder(this).append("hmacAlgorithm", this.hmacAlgorithm).append("authenticationTagOrHmacLength", this.authenticationTagOrHmacLength).append("keyLengthBits", this.keyLengthBits).append("cipherId", this.cipherId).append("cipherAlgorithmJavaName", this.cipherAlgorithmJavaName).append("isAEADCipher", this.isAEADCipher).toString();
    }

    private static SecureRandom findSecureRandomImplementation() {
        try {
            return SecureRandom.getInstance("NativePRNGNonBlocking", "SUN");
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            return new SecureRandom();
        }
    }
}
