package com.joyent.manta.client.crypto;

import com.joyent.manta.exception.MantaClientEncryptionException;
import com.joyent.manta.exception.MantaIOException;
import com.joyent.manta.http.MantaContentTypes;
import com.joyent.manta.http.entity.EmbeddedHttpContent;
import com.joyent.manta.util.HmacOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.CountingOutputStream;
import org.apache.commons.lang3.Validate;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.message.BasicHeader;
import org.bouncycastle.crypto.macs.HMac;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/joyent/manta/client/crypto/EncryptingEntity.class */
public class EncryptingEntity implements HttpEntity {
    public static final long UNKNOWN_LENGTH = -1;
    private long originalLength;
    private EncryptionContext encryptionContext;
    private final HttpEntity wrapped;
    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptingEntity.class);
    private static final Header CRYPTO_TRANSFER_ENCODING = null;
    private static final Header CRYPTO_CONTENT_TYPE = new BasicHeader("Content-Type", MantaContentTypes.ENCRYPTED_OBJECT.toString());

    public EncryptingEntity(SecretKey secretKey, SupportedCipherDetails supportedCipherDetails, HttpEntity httpEntity) {
        if (this.originalLength > supportedCipherDetails.getMaximumPlaintextSizeInBytes()) {
            throw new MantaClientEncryptionException(String.format("Input content length exceeded maximum [%d] number of bytes supported by cipher [%s]", Long.valueOf(supportedCipherDetails.getMaximumPlaintextSizeInBytes()), supportedCipherDetails.getCipherAlgorithm()));
        }
        this.encryptionContext = new EncryptionContext(secretKey, supportedCipherDetails);
        this.originalLength = httpEntity.getContentLength();
        this.wrapped = httpEntity;
    }

    @Override // org.apache.http.HttpEntity
    public boolean isRepeatable() {
        return this.wrapped.isRepeatable();
    }

    @Override // org.apache.http.HttpEntity
    public boolean isChunked() {
        return this.originalLength < 0;
    }

    @Override // org.apache.http.HttpEntity
    public long getContentLength() {
        if (this.originalLength >= 0) {
            return this.encryptionContext.getCipherDetails().ciphertextSize(this.originalLength);
        }
        return -1L;
    }

    public long getOriginalLength() {
        return this.originalLength;
    }

    @Override // org.apache.http.HttpEntity
    public Header getContentType() {
        return CRYPTO_CONTENT_TYPE;
    }

    @Override // org.apache.http.HttpEntity
    public Header getContentEncoding() {
        return CRYPTO_TRANSFER_ENCODING;
    }

    @Override // org.apache.http.HttpEntity
    public InputStream getContent() throws IOException, UnsupportedOperationException {
        return this.wrapped.getContent();
    }

    @Override // org.apache.http.HttpEntity
    public void writeTo(OutputStream outputStream) throws IOException {
        this.encryptionContext = new EncryptionContext(this.encryptionContext.getSecretKey(), this.encryptionContext.getCipherDetails(), this.encryptionContext.getCipher().getIV());
        OutputStream makeCipherOutputForStream = EncryptingEntityHelper.makeCipherOutputForStream(outputStream, this.encryptionContext);
        copyContentToOutputStream(makeCipherOutputForStream);
        makeCipherOutputForStream.close();
        if (makeCipherOutputForStream instanceof HmacOutputStream) {
            HMac hmac = ((HmacOutputStream) makeCipherOutputForStream).getHmac();
            int macSize = hmac.getMacSize();
            byte[] bArr = new byte[macSize];
            hmac.doFinal(bArr, 0);
            Validate.isTrue(bArr.length == macSize, "HMAC actual bytes doesn't equal the number of bytes expected", new Object[0]);
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("HMAC: {}", Hex.encodeHexString(bArr));
            }
            outputStream.write(bArr);
        }
    }

    private void copyContentToOutputStream(OutputStream outputStream) throws IOException {
        long copy;
        if (this.wrapped.getClass().equals(EmbeddedHttpContent.class)) {
            OutputStream countingOutputStream = new CountingOutputStream(outputStream);
            this.wrapped.writeTo(countingOutputStream);
            countingOutputStream.flush();
            copy = countingOutputStream.getByteCount();
        } else {
            InputStream content = getContent();
            copy = IOUtils.copy(content, outputStream, 128);
            outputStream.flush();
            try {
                content.close();
            } catch (IOException e) {
                LOGGER.error("Failed to close content stream in EncryptingEntity.", e);
            }
        }
        if (this.originalLength == -1) {
            this.originalLength = copy;
        } else if (this.originalLength != copy) {
            MantaIOException mantaIOException = new MantaIOException("Bytes copied doesn't equal the specified content length");
            mantaIOException.setContextValue("specifiedContentLength", Long.valueOf(this.originalLength));
            mantaIOException.setContextValue("actualContentLength", Long.valueOf(copy));
            throw mantaIOException;
        }
    }

    @Override // org.apache.http.HttpEntity
    public boolean isStreaming() {
        return this.wrapped.isStreaming();
    }

    @Override // org.apache.http.HttpEntity
    public void consumeContent() throws IOException {
        this.wrapped.consumeContent();
    }

    public Cipher getCipher() {
        return this.encryptionContext.getCipher();
    }
}
