package com.amazonaws.encryptionsdk.internal;

import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.CryptoMaterialsManager;
import com.amazonaws.encryptionsdk.DataKey;
import com.amazonaws.encryptionsdk.DefaultCryptoMaterialsManager;
import com.amazonaws.encryptionsdk.MasterKey;
import com.amazonaws.encryptionsdk.MasterKeyProvider;
import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
import com.amazonaws.encryptionsdk.exception.BadCiphertextException;
import com.amazonaws.encryptionsdk.model.CiphertextFooters;
import com.amazonaws.encryptionsdk.model.CiphertextHeaders;
import com.amazonaws.encryptionsdk.model.CiphertextType;
import com.amazonaws.encryptionsdk.model.ContentType;
import com.amazonaws.encryptionsdk.model.DecryptionMaterials;
import com.amazonaws.encryptionsdk.model.DecryptionMaterialsRequest;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/amazonaws/encryptionsdk/internal/DecryptionHandler.class */
public class DecryptionHandler<K extends MasterKey<K>> implements MessageCryptoHandler {
    private final CryptoMaterialsManager materialsManager_;
    private final CiphertextHeaders ciphertextHeaders_;
    private final CiphertextFooters ciphertextFooters_;
    private boolean ciphertextHeadersParsed_;
    private CryptoHandler contentCryptoHandler_;
    private DataKey<K> dataKey_;
    private SecretKey decryptionKey_;
    private CryptoAlgorithm cryptoAlgo_;
    private Signature trailingSig_;
    private Map<String, String> encryptionContext_;
    private byte[] unparsedBytes_;
    private boolean complete_;
    private long ciphertextSizeBound_;
    private long ciphertextBytesSupplied_;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.amazonaws.encryptionsdk.internal.DecryptionHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/amazonaws/encryptionsdk/internal/DecryptionHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$amazonaws$encryptionsdk$model$ContentType = new int[ContentType.values().length];

        static {
            try {
                $SwitchMap$com$amazonaws$encryptionsdk$model$ContentType[ContentType.FRAME.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$amazonaws$encryptionsdk$model$ContentType[ContentType.SINGLEBLOCK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    private DecryptionHandler(CryptoMaterialsManager cryptoMaterialsManager) {
        this.encryptionContext_ = null;
        this.unparsedBytes_ = new byte[0];
        this.complete_ = false;
        this.ciphertextSizeBound_ = -1L;
        this.ciphertextBytesSupplied_ = 0L;
        Utils.assertNonNull(cryptoMaterialsManager, "materialsManager");
        this.materialsManager_ = cryptoMaterialsManager;
        this.ciphertextHeaders_ = new CiphertextHeaders();
        this.ciphertextFooters_ = new CiphertextFooters();
    }

    private DecryptionHandler(CryptoMaterialsManager cryptoMaterialsManager, CiphertextHeaders ciphertextHeaders) throws AwsCryptoException {
        this.encryptionContext_ = null;
        this.unparsedBytes_ = new byte[0];
        this.complete_ = false;
        this.ciphertextSizeBound_ = -1L;
        this.ciphertextBytesSupplied_ = 0L;
        Utils.assertNonNull(cryptoMaterialsManager, "materialsManager");
        this.materialsManager_ = cryptoMaterialsManager;
        this.ciphertextHeaders_ = ciphertextHeaders;
        this.ciphertextFooters_ = new CiphertextFooters();
        readHeaderFields(ciphertextHeaders);
        updateTrailingSignature(ciphertextHeaders);
    }

    public static <K extends MasterKey<K>> DecryptionHandler<K> create(MasterKeyProvider<K> masterKeyProvider) throws AwsCryptoException {
        Utils.assertNonNull(masterKeyProvider, "customerMasterKeyProvider");
        return (DecryptionHandler<K>) create(new DefaultCryptoMaterialsManager(masterKeyProvider));
    }

    public static <K extends MasterKey<K>> DecryptionHandler<K> create(MasterKeyProvider<K> masterKeyProvider, CiphertextHeaders ciphertextHeaders) throws AwsCryptoException {
        Utils.assertNonNull(masterKeyProvider, "customerMasterKeyProvider");
        return (DecryptionHandler<K>) create(new DefaultCryptoMaterialsManager(masterKeyProvider), ciphertextHeaders);
    }

    public static DecryptionHandler<?> create(CryptoMaterialsManager cryptoMaterialsManager) throws AwsCryptoException {
        return new DecryptionHandler<>(cryptoMaterialsManager);
    }

    public static DecryptionHandler<?> create(CryptoMaterialsManager cryptoMaterialsManager, CiphertextHeaders ciphertextHeaders) throws AwsCryptoException {
        return new DecryptionHandler<>(cryptoMaterialsManager, ciphertextHeaders);
    }

    @Override // com.amazonaws.encryptionsdk.internal.CryptoHandler
    public ProcessingSummary processBytes(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws BadCiphertextException, AwsCryptoException {
        if (i2 < 0 || i < 0) {
            throw new AwsCryptoException(String.format("Invalid values for input offset: %d and length: %d", Integer.valueOf(i), Integer.valueOf(i2)));
        }
        if (bArr.length == 0 || i2 == 0) {
            return ProcessingSummary.ZERO;
        }
        long length = this.unparsedBytes_.length + i2;
        if (length > 2147483647L) {
            throw new AwsCryptoException("Size of the total bytes to parse and decrypt exceeded allowed maximum:2147483647");
        }
        checkSizeBound(i2);
        this.ciphertextBytesSupplied_ += i2;
        byte[] bArr3 = new byte[(int) length];
        int length2 = this.unparsedBytes_.length;
        System.arraycopy(this.unparsedBytes_, 0, bArr3, 0, this.unparsedBytes_.length);
        System.arraycopy(bArr, i, bArr3, this.unparsedBytes_.length, i2);
        int i4 = 0;
        if (!this.ciphertextHeadersParsed_) {
            i4 = 0 + this.ciphertextHeaders_.deserialize(bArr3, 0);
            if (!this.ciphertextHeaders_.isComplete().booleanValue()) {
                this.unparsedBytes_ = Arrays.copyOfRange(bArr3, i4, bArr3.length);
                return new ProcessingSummary(0, i2);
            }
            readHeaderFields(this.ciphertextHeaders_);
            updateTrailingSignature(this.ciphertextHeaders_);
            this.unparsedBytes_ = new byte[0];
        }
        int i5 = 0;
        if (!this.contentCryptoHandler_.isComplete()) {
            if (bArr3.length - i4 > 0) {
                ProcessingSummary processBytes = this.contentCryptoHandler_.processBytes(bArr3, i4, bArr3.length - i4, bArr2, i3);
                updateTrailingSignature(bArr3, i4, processBytes.getBytesProcessed());
                i5 = processBytes.getBytesWritten();
                i4 += processBytes.getBytesProcessed();
            }
            if (this.contentCryptoHandler_.isComplete()) {
                i5 += this.contentCryptoHandler_.doFinal(bArr2, i3 + i5);
            }
        }
        if (this.contentCryptoHandler_.isComplete()) {
            if (this.cryptoAlgo_.getTrailingSignatureLength() > 0) {
                i4 += this.ciphertextFooters_.deserialize(bArr3, i4);
                if (this.ciphertextFooters_.isComplete() && this.trailingSig_ != null) {
                    try {
                        if (!this.trailingSig_.verify(this.ciphertextFooters_.getMAuth())) {
                            throw new BadCiphertextException("Bad trailing signature");
                        }
                        this.complete_ = true;
                    } catch (SignatureException e) {
                        throw new BadCiphertextException("Bad trailing signature", e);
                    }
                }
            } else {
                this.complete_ = true;
            }
        }
        return new ProcessingSummary(i5, i4 - length2);
    }

    @Override // com.amazonaws.encryptionsdk.internal.CryptoHandler
    public int doFinal(byte[] bArr, int i) throws BadCiphertextException {
        if (this.contentCryptoHandler_ == null) {
            return 0;
        }
        int doFinal = this.contentCryptoHandler_.doFinal(bArr, i);
        if (this.ciphertextHeaders_.isComplete().booleanValue() && this.contentCryptoHandler_.isComplete()) {
            return doFinal;
        }
        throw new BadCiphertextException("Unable to process entire ciphertext.");
    }

    @Override // com.amazonaws.encryptionsdk.internal.CryptoHandler
    public int estimateOutputSize(int i) {
        if (this.contentCryptoHandler_ != null) {
            return this.contentCryptoHandler_.estimateOutputSize(i);
        }
        if (i > 0) {
            return i;
        }
        return 0;
    }

    @Override // com.amazonaws.encryptionsdk.internal.CryptoHandler
    public int estimatePartialOutputSize(int i) {
        if (this.contentCryptoHandler_ != null) {
            return this.contentCryptoHandler_.estimatePartialOutputSize(i);
        }
        if (i > 0) {
            return i;
        }
        return 0;
    }

    @Override // com.amazonaws.encryptionsdk.internal.CryptoHandler
    public int estimateFinalOutputSize() {
        if (this.contentCryptoHandler_ != null) {
            return this.contentCryptoHandler_.estimateFinalOutputSize();
        }
        return 0;
    }

    @Override // com.amazonaws.encryptionsdk.internal.MessageCryptoHandler
    public Map<String, String> getEncryptionContext() {
        return this.encryptionContext_;
    }

    private void checkSizeBound(long j) {
        if (this.ciphertextSizeBound_ != -1 && this.ciphertextBytesSupplied_ + j > this.ciphertextSizeBound_) {
            throw new IllegalStateException("Ciphertext size exceeds size bound");
        }
    }

    @Override // com.amazonaws.encryptionsdk.internal.MessageCryptoHandler
    public void setMaxInputLength(long j) {
        if (j < 0) {
            throw Utils.cannotBeNegative("Max input length");
        }
        if (this.ciphertextSizeBound_ != -1 && this.ciphertextSizeBound_ < j) {
            this.ciphertextSizeBound_ = j;
        }
        checkSizeBound(0L);
    }

    private void verifyHeaderIntegrity(CiphertextHeaders ciphertextHeaders) throws BadCiphertextException {
        CipherHandler cipherHandler = new CipherHandler(this.decryptionKey_, 2, this.cryptoAlgo_);
        try {
            byte[] headerTag = ciphertextHeaders.getHeaderTag();
            cipherHandler.cipherData(ciphertextHeaders.getHeaderNonce(), ciphertextHeaders.serializeAuthenticatedFields(), headerTag, 0, headerTag.length);
        } catch (BadCiphertextException e) {
            throw new BadCiphertextException("Header integrity check failed.", e);
        }
    }

    private void readHeaderFields(CiphertextHeaders ciphertextHeaders) {
        if (ciphertextHeaders.getVersion() != 1) {
            throw new BadCiphertextException("Invalid version in ciphertext.");
        }
        this.cryptoAlgo_ = ciphertextHeaders.getCryptoAlgoId();
        if (ciphertextHeaders.getType() != CiphertextType.CUSTOMER_AUTHENTICATED_ENCRYPTED_DATA) {
            throw new BadCiphertextException("Invalid type in ciphertext.");
        }
        byte[] messageId = ciphertextHeaders.getMessageId();
        this.encryptionContext_ = ciphertextHeaders.getEncryptionContextMap();
        DecryptionMaterials decryptMaterials = this.materialsManager_.decryptMaterials(DecryptionMaterialsRequest.newBuilder().setAlgorithm(this.cryptoAlgo_).setEncryptionContext(this.encryptionContext_).setEncryptedDataKeys(ciphertextHeaders.getEncryptedKeyBlobs()).build());
        this.dataKey_ = (DataKey<K>) decryptMaterials.getDataKey();
        PublicKey trailingSignatureKey = decryptMaterials.getTrailingSignatureKey();
        try {
            this.decryptionKey_ = this.cryptoAlgo_.getEncryptionKeyFromDataKey(this.dataKey_.getKey(), ciphertextHeaders);
            if (this.cryptoAlgo_.getTrailingSignatureLength() > 0) {
                Utils.assertNonNull(trailingSignatureKey, "trailing public key");
                try {
                    this.trailingSig_ = Signature.getInstance(TrailingSignatureAlgorithm.forCryptoAlgorithm(this.cryptoAlgo_).getHashAndSignAlgorithm());
                    this.trailingSig_.initVerify(trailingSignatureKey);
                } catch (GeneralSecurityException e) {
                    throw new AwsCryptoException(e);
                }
            } else {
                if (trailingSignatureKey != null) {
                    throw new AwsCryptoException("Unexpected trailing signature key in context");
                }
                this.trailingSig_ = null;
            }
            ContentType contentType = ciphertextHeaders.getContentType();
            short nonceLength = ciphertextHeaders.getNonceLength();
            int frameLength = ciphertextHeaders.getFrameLength();
            verifyHeaderIntegrity(ciphertextHeaders);
            switch (AnonymousClass1.$SwitchMap$com$amazonaws$encryptionsdk$model$ContentType[contentType.ordinal()]) {
                case VersionInfo.CURRENT_CIPHERTEXT_VERSION /* 1 */:
                    this.contentCryptoHandler_ = new FrameDecryptionHandler(this.decryptionKey_, (byte) nonceLength, this.cryptoAlgo_, messageId, frameLength);
                    break;
                case 2:
                    this.contentCryptoHandler_ = new BlockDecryptionHandler(this.decryptionKey_, (byte) nonceLength, this.cryptoAlgo_, messageId);
                    break;
            }
            this.ciphertextHeadersParsed_ = true;
        } catch (InvalidKeyException e2) {
            throw new AwsCryptoException(e2);
        }
    }

    private void updateTrailingSignature(CiphertextHeaders ciphertextHeaders) {
        if (this.trailingSig_ != null) {
            byte[] byteArray = ciphertextHeaders.toByteArray();
            updateTrailingSignature(byteArray, 0, byteArray.length);
        }
    }

    private void updateTrailingSignature(byte[] bArr, int i, int i2) {
        if (this.trailingSig_ != null) {
            try {
                this.trailingSig_.update(bArr, i, i2);
            } catch (SignatureException e) {
                throw new AwsCryptoException(e);
            }
        }
    }

    @Override // com.amazonaws.encryptionsdk.internal.MessageCryptoHandler
    public CiphertextHeaders getHeaders() {
        return this.ciphertextHeaders_;
    }

    @Override // com.amazonaws.encryptionsdk.internal.MessageCryptoHandler
    public List<K> getMasterKeys() {
        return Collections.singletonList(this.dataKey_.getMasterKey());
    }

    @Override // com.amazonaws.encryptionsdk.internal.CryptoHandler
    public boolean isComplete() {
        return this.complete_;
    }
}
