package software.amazon.encryption.s3.materials;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import software.amazon.encryption.s3.S3EncryptionClientException;
import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
import software.amazon.encryption.s3.internal.CryptoFactory;
import software.amazon.encryption.s3.materials.S3Keyring;

/* loaded from: input_file:software/amazon/encryption/s3/materials/AesKeyring.class */
public class AesKeyring extends S3Keyring {
    private static final String KEY_ALGORITHM = "AES";
    private final SecretKey _wrappingKey;
    private final DecryptDataKeyStrategy _aesStrategy;
    private final DecryptDataKeyStrategy _aesWrapStrategy;
    private final DataKeyStrategy _aesGcmStrategy;
    private final Map<String, DecryptDataKeyStrategy> decryptStrategies;

    /* loaded from: input_file:software/amazon/encryption/s3/materials/AesKeyring$Builder.class */
    public static class Builder extends S3Keyring.Builder<AesKeyring, Builder> {
        private SecretKey _wrappingKey;

        private Builder() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // software.amazon.encryption.s3.materials.S3Keyring.Builder
        public Builder builder() {
            return this;
        }

        public Builder wrappingKey(SecretKey secretKey) {
            if (secretKey == null) {
                throw new S3EncryptionClientException("Wrapping key cannot be null!");
            }
            if (!secretKey.getAlgorithm().equals(AesKeyring.KEY_ALGORITHM)) {
                throw new S3EncryptionClientException("Invalid algorithm: " + secretKey.getAlgorithm() + ", expecting " + AesKeyring.KEY_ALGORITHM);
            }
            this._wrappingKey = secretKey;
            return builder();
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // software.amazon.encryption.s3.materials.S3Keyring.Builder
        /* renamed from: build */
        public AesKeyring build2() {
            return new AesKeyring(this);
        }
    }

    private AesKeyring(Builder builder) {
        super(builder);
        this._aesStrategy = new DecryptDataKeyStrategy() { // from class: software.amazon.encryption.s3.materials.AesKeyring.1
            private static final String KEY_PROVIDER_INFO = "AES";
            private static final String CIPHER_ALGORITHM = "AES";

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public boolean isLegacy() {
                return true;
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public String keyProviderInfo() {
                return AesKeyring.KEY_ALGORITHM;
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public byte[] decryptDataKey(DecryptionMaterials decryptionMaterials, byte[] bArr) throws GeneralSecurityException {
                Cipher createCipher = CryptoFactory.createCipher(AesKeyring.KEY_ALGORITHM, decryptionMaterials.cryptoProvider());
                createCipher.init(2, AesKeyring.this._wrappingKey);
                return createCipher.doFinal(bArr);
            }
        };
        this._aesWrapStrategy = new DecryptDataKeyStrategy() { // from class: software.amazon.encryption.s3.materials.AesKeyring.2
            private static final String KEY_PROVIDER_INFO = "AESWrap";
            private static final String CIPHER_ALGORITHM = "AESWrap";

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public boolean isLegacy() {
                return true;
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public String keyProviderInfo() {
                return "AESWrap";
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public byte[] decryptDataKey(DecryptionMaterials decryptionMaterials, byte[] bArr) throws GeneralSecurityException {
                Cipher createCipher = CryptoFactory.createCipher("AESWrap", decryptionMaterials.cryptoProvider());
                createCipher.init(4, AesKeyring.this._wrappingKey);
                return createCipher.unwrap(bArr, "AESWrap", 3).getEncoded();
            }
        };
        this._aesGcmStrategy = new DataKeyStrategy() { // from class: software.amazon.encryption.s3.materials.AesKeyring.3
            private static final String KEY_PROVIDER_INFO = "AES/GCM";
            private static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding";
            private static final int IV_LENGTH_BYTES = 12;
            private static final int TAG_LENGTH_BYTES = 16;
            private static final int TAG_LENGTH_BITS = 128;

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public boolean isLegacy() {
                return false;
            }

            @Override // software.amazon.encryption.s3.materials.EncryptDataKeyStrategy, software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public String keyProviderInfo() {
                return KEY_PROVIDER_INFO;
            }

            @Override // software.amazon.encryption.s3.materials.EncryptDataKeyStrategy
            public byte[] encryptDataKey(SecureRandom secureRandom, EncryptionMaterials encryptionMaterials) throws GeneralSecurityException {
                byte[] bArr = new byte[IV_LENGTH_BYTES];
                secureRandom.nextBytes(bArr);
                GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(TAG_LENGTH_BITS, bArr);
                Cipher createCipher = CryptoFactory.createCipher(CIPHER_ALGORITHM, encryptionMaterials.cryptoProvider());
                createCipher.init(1, AesKeyring.this._wrappingKey, gCMParameterSpec, secureRandom);
                createCipher.updateAAD(AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8));
                byte[] doFinal = createCipher.doFinal(encryptionMaterials.plaintextDataKey());
                byte[] bArr2 = new byte[bArr.length + doFinal.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr.length);
                System.arraycopy(doFinal, 0, bArr2, bArr.length, doFinal.length);
                return bArr2;
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public byte[] decryptDataKey(DecryptionMaterials decryptionMaterials, byte[] bArr) throws GeneralSecurityException {
                byte[] bArr2 = new byte[IV_LENGTH_BYTES];
                byte[] bArr3 = new byte[bArr.length - bArr2.length];
                System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
                System.arraycopy(bArr, bArr2.length, bArr3, 0, bArr3.length);
                GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(TAG_LENGTH_BITS, bArr2);
                Cipher createCipher = CryptoFactory.createCipher(CIPHER_ALGORITHM, decryptionMaterials.cryptoProvider());
                createCipher.init(2, AesKeyring.this._wrappingKey, gCMParameterSpec);
                createCipher.updateAAD(AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8));
                return createCipher.doFinal(bArr3);
            }
        };
        this.decryptStrategies = new HashMap();
        this._wrappingKey = builder._wrappingKey;
        this.decryptStrategies.put(this._aesStrategy.keyProviderInfo(), this._aesStrategy);
        this.decryptStrategies.put(this._aesWrapStrategy.keyProviderInfo(), this._aesWrapStrategy);
        this.decryptStrategies.put(this._aesGcmStrategy.keyProviderInfo(), this._aesGcmStrategy);
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // software.amazon.encryption.s3.materials.S3Keyring
    protected EncryptDataKeyStrategy encryptStrategy() {
        return this._aesGcmStrategy;
    }

    @Override // software.amazon.encryption.s3.materials.S3Keyring
    protected Map<String, DecryptDataKeyStrategy> decryptStrategies() {
        return this.decryptStrategies;
    }
}
