package org.apache.hadoop.hbase.io.crypto.aes;

import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Properties;
import javax.crypto.Mac;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.security.sasl.SaslException;
import org.apache.hadoop.hbase.HConstants;
import org.apache.phoenix.shaded.org.apache.commons.crypto.cipher.CryptoCipher;
import org.apache.phoenix.shaded.org.apache.commons.crypto.utils.Utils;
import org.apache.phoenix.shaded.org.apache.yetus.audience.InterfaceAudience;
import org.apache.phoenix.shaded.org.apache.yetus.audience.InterfaceStability;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/hbase/io/crypto/aes/CryptoAES.class */
public class CryptoAES {
    private final CryptoCipher encryptor;
    private final CryptoCipher decryptor;
    private final Integrity integrity;

    /* loaded from: input_file:org/apache/hadoop/hbase/io/crypto/aes/CryptoAES$Integrity.class */
    private static class Integrity {
        private int mySeqNum = 0;
        private int peerSeqNum = 0;
        private byte[] seqNum = new byte[4];
        private byte[] myKey;
        private byte[] peerKey;

        Integrity(byte[] bArr, byte[] bArr2) throws IOException {
            this.myKey = bArr;
            this.peerKey = bArr2;
        }

        byte[] getHMAC(byte[] bArr, int i, int i2) throws SaslException {
            intToByte(this.mySeqNum);
            return calculateHMAC(this.myKey, this.seqNum, bArr, i, i2);
        }

        boolean compareHMAC(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) throws SaslException {
            return Arrays.equals(calculateHMAC(this.peerKey, bArr2, bArr3, i, i2), bArr);
        }

        boolean comparePeerSeqNum(byte[] bArr) {
            return this.peerSeqNum == byteToInt(bArr);
        }

        byte[] getSeqNum() {
            return this.seqNum;
        }

        void incMySeqNum() {
            this.mySeqNum++;
        }

        void incPeerSeqNum() {
            this.peerSeqNum++;
        }

        private byte[] calculateHMAC(byte[] bArr, byte[] bArr2, byte[] bArr3, int i, int i2) throws SaslException {
            byte[] bArr4 = new byte[4 + i2];
            System.arraycopy(bArr2, 0, bArr4, 0, 4);
            System.arraycopy(bArr3, i, bArr4, 4, i2);
            try {
                SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HmacMD5");
                Mac mac = Mac.getInstance("HmacMD5");
                mac.init(secretKeySpec);
                mac.update(bArr4);
                byte[] doFinal = mac.doFinal();
                byte[] bArr5 = new byte[10];
                System.arraycopy(doFinal, 0, bArr5, 0, 10);
                return bArr5;
            } catch (InvalidKeyException e) {
                throw new SaslException("Invalid bytes used for key of HMAC-MD5 hash.", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SaslException("Error creating instance of MD5 MAC algorithm", e2);
            }
        }

        private void intToByte(int i) {
            for (int i2 = 3; i2 >= 0; i2--) {
                this.seqNum[i2] = (byte) (i & 255);
                i >>>= 8;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public int byteToInt(byte[] bArr) {
            int i = 0;
            for (int i2 = 0; i2 < 4; i2++) {
                i = (i << 8) | (bArr[i2] & 255);
            }
            return i;
        }
    }

    public CryptoAES(String str, Properties properties, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws IOException {
        checkTransformation(str);
        this.encryptor = Utils.getCipherInstance(str, properties);
        try {
            this.encryptor.init(1, new SecretKeySpec(bArr2, HConstants.CIPHER_AES), new IvParameterSpec(bArr4));
            this.decryptor = Utils.getCipherInstance(str, properties);
            try {
                this.decryptor.init(2, new SecretKeySpec(bArr, HConstants.CIPHER_AES), new IvParameterSpec(bArr3));
                this.integrity = new Integrity(bArr2, bArr);
            } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
                throw new IOException("Failed to initialize decryptor", e);
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e2) {
            throw new IOException("Failed to initialize encryptor", e2);
        }
    }

    public byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        byte[] hmac = this.integrity.getHMAC(bArr, i, i2);
        this.integrity.incMySeqNum();
        byte[] bArr2 = new byte[i2 + 10];
        try {
            this.encryptor.update(hmac, 0, 10, bArr2, this.encryptor.update(bArr, i, i2, bArr2, 0));
            byte[] bArr3 = new byte[bArr2.length + 4];
            System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
            System.arraycopy(this.integrity.getSeqNum(), 0, bArr3, bArr2.length, 4);
            return bArr3;
        } catch (ShortBufferException e) {
            throw new SaslException("Error happens during encrypt data", e);
        }
    }

    public byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        byte[] bArr2 = new byte[i2 - 4];
        byte[] bArr3 = new byte[4];
        try {
            this.decryptor.update(bArr, i, i2 - 4, bArr2, 0);
            System.arraycopy(bArr, i + bArr2.length, bArr3, 0, 4);
            byte[] bArr4 = new byte[bArr2.length - 10];
            byte[] bArr5 = new byte[10];
            System.arraycopy(bArr2, 0, bArr4, 0, bArr4.length);
            System.arraycopy(bArr2, bArr4.length, bArr5, 0, 10);
            if (!this.integrity.compareHMAC(bArr5, bArr3, bArr4, 0, bArr4.length)) {
                throw new SaslException("Unmatched MAC");
            }
            if (!this.integrity.comparePeerSeqNum(bArr3)) {
                throw new SaslException("Out of order sequencing of messages. Got: " + this.integrity.byteToInt(bArr3) + " Expected: " + this.integrity.peerSeqNum);
            }
            this.integrity.incPeerSeqNum();
            return bArr4;
        } catch (ShortBufferException e) {
            throw new SaslException("Error happens during decrypt data", e);
        }
    }

    private void checkTransformation(String str) throws IOException {
        if (!"AES/CTR/NoPadding".equalsIgnoreCase(str)) {
            throw new IOException("AES cipher transformation is not supported: " + str);
        }
    }
}
