package org.cryptomator.cryptolib.v1;

import com.google.common.base.Preconditions;
import java.nio.ByteBuffer;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.cryptomator.cryptolib.api.CryptorProvider;
import org.cryptomator.cryptolib.api.InvalidPassphraseException;
import org.cryptomator.cryptolib.api.KeyFile;
import org.cryptomator.cryptolib.api.UnsupportedVaultFormatException;
import org.cryptomator.cryptolib.common.AesKeyWrap;
import org.cryptomator.cryptolib.common.MacSupplier;
import org.cryptomator.cryptolib.common.Scrypt;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class CryptorProviderImpl implements CryptorProvider {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CryptorProviderImpl.class);
    private final KeyGenerator encKeyGen;
    private final KeyGenerator macKeyGen;
    private final SecureRandom random;

    public CryptorProviderImpl(SecureRandom secureRandom) {
        assertRequiredKeyLengthIsAllowed();
        this.random = secureRandom;
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            this.encKeyGen = keyGenerator;
            keyGenerator.init(256, secureRandom);
            KeyGenerator keyGenerator2 = KeyGenerator.getInstance("HmacSHA256");
            this.macKeyGen = keyGenerator2;
            keyGenerator2.init(256, secureRandom);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Hard-coded algorithm doesn't exist.", e);
        }
    }

    private static void assertRequiredKeyLengthIsAllowed() {
        if (isRequiredKeyLengthAllowed()) {
            return;
        }
        LOG.error("Required key length not supported. See https://github.com/cryptomator/cryptolib/wiki/Restricted-Key-Size.");
        throw new IllegalStateException("Required key length not supported.");
    }

    private CryptorImpl createFromKeyFile(KeyFileImpl keyFileImpl, SecretKey secretKey, int i) throws UnsupportedVaultFormatException, InvalidPassphraseException {
        if (i != keyFileImpl.getVersion()) {
            throw new UnsupportedVaultFormatException(Integer.valueOf(keyFileImpl.getVersion()), Integer.valueOf(i));
        }
        try {
            SecretKey unwrap = AesKeyWrap.unwrap(secretKey, keyFileImpl.macMasterKey, "HmacSHA256");
            byte[] doFinal = MacSupplier.HMAC_SHA256.withKey(unwrap).doFinal(ByteBuffer.allocate(4).putInt(i).array());
            if (keyFileImpl.versionMac == null || !MessageDigest.isEqual(doFinal, keyFileImpl.versionMac)) {
                throw new UnsupportedVaultFormatException(Integer.MAX_VALUE, Integer.valueOf(i));
            }
            return new CryptorImpl(AesKeyWrap.unwrap(secretKey, keyFileImpl.encryptionMasterKey, "AES"), unwrap, this.random);
        } catch (InvalidKeyException unused) {
            throw new InvalidPassphraseException();
        }
    }

    private static boolean isRequiredKeyLengthAllowed() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES") >= 256;
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException("Hard-coded algorithm \"AES\" not supported.", e);
        }
    }

    @Override // org.cryptomator.cryptolib.api.CryptorProvider
    public CryptorImpl createFromKeyFile(KeyFile keyFile, CharSequence charSequence, int i) throws UnsupportedVaultFormatException, InvalidPassphraseException {
        return createFromKeyFile(keyFile, charSequence, new byte[0], i);
    }

    @Override // org.cryptomator.cryptolib.api.CryptorProvider
    public CryptorImpl createFromKeyFile(KeyFile keyFile, CharSequence charSequence, byte[] bArr, int i) throws UnsupportedVaultFormatException, InvalidPassphraseException {
        KeyFileImpl keyFileImpl = (KeyFileImpl) keyFile.as(KeyFileImpl.class);
        byte[] bArr2 = keyFileImpl.scryptSalt;
        byte[] bArr3 = new byte[bArr2.length + bArr.length];
        System.arraycopy(bArr2, 0, bArr3, 0, bArr2.length);
        System.arraycopy(bArr, 0, bArr3, bArr2.length, bArr.length);
        byte[] scrypt = Scrypt.scrypt(charSequence, bArr3, keyFileImpl.scryptCostParam, keyFileImpl.scryptBlockSize, 32);
        try {
            return createFromKeyFile(keyFileImpl, new SecretKeySpec(scrypt, "AES"), i);
        } finally {
            Arrays.fill(scrypt, (byte) 0);
        }
    }

    @Override // org.cryptomator.cryptolib.api.CryptorProvider
    public CryptorImpl createFromRawKey(byte[] bArr) throws IllegalArgumentException {
        Preconditions.checkArgument(bArr.length == 64, "Invalid raw key length %s", bArr.length);
        return new CryptorImpl(new SecretKeySpec(bArr, 0, 32, "AES"), new SecretKeySpec(bArr, 0, 32, "HmacSHA256"), this.random);
    }

    @Override // org.cryptomator.cryptolib.api.CryptorProvider
    public CryptorImpl createNew() {
        return new CryptorImpl(this.encKeyGen.generateKey(), this.macKeyGen.generateKey(), this.random);
    }
}
