package io.minio.admin;

import java.io.ByteArrayOutputStream;
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Arrays;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.modes.AEADCipher;
import org.bouncycastle.crypto.modes.ChaCha20Poly1305;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.modes.GCMModeCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.crypto.params.KeyParameter;

/* loaded from: input_file:io/minio/admin/Crypto.class */
public class Crypto {
    private static final int TAG_LENGTH = 16;
    private static final int CHUNK_SIZE = 16384;
    private static final int MAX_CHUNK_SIZE = 16400;
    private static final int SALT_LENGTH = 32;
    private static final int NONCE_LENGTH = 8;
    private static final SecureRandom RANDOM = new SecureRandom();

    /* loaded from: input_file:io/minio/admin/Crypto$DecryptReader.class */
    public static class DecryptReader {
        private InputStream inputStream;
        private byte[] secret;
        private byte[] key;
        private byte[] additionalData;
        private byte[] salt = new byte[Crypto.SALT_LENGTH];
        private byte[] aeadId = new byte[1];
        private byte[] nonce = new byte[Crypto.NONCE_LENGTH];
        private int count = 0;
        private byte[] chunk = new byte[Crypto.MAX_CHUNK_SIZE];
        private byte[] oneByte = null;
        private boolean eof = false;

        /* JADX WARN: Type inference failed for: r0v23, types: [byte[], byte[][]] */
        public DecryptReader(InputStream inputStream, byte[] bArr) throws EOFException, IOException, InvalidCipherTextException {
            this.key = null;
            this.additionalData = null;
            this.inputStream = inputStream;
            this.secret = bArr;
            Crypto.readFully(this.inputStream, this.salt, true);
            Crypto.readFully(this.inputStream, this.aeadId, true);
            Crypto.readFully(this.inputStream, this.nonce, true);
            this.key = Crypto.generateKey(this.secret, this.salt);
            this.additionalData = Crypto.generateDecryptAdditionalData(this.aeadId[0], this.key, Crypto.appendBytes(new byte[]{this.nonce, new byte[]{0, 0, 0, 0}}));
        }

        private byte[] decrypt(byte[] bArr, boolean z) throws InvalidCipherTextException {
            this.count++;
            if (z) {
                this.additionalData = Crypto.markAsLast(this.additionalData);
            }
            AEADCipher decryptCipher = Crypto.getDecryptCipher(this.aeadId[0], this.key, Crypto.updateNonceId(this.nonce, this.count));
            decryptCipher.processAADBytes(this.additionalData, 0, this.additionalData.length);
            byte[] bArr2 = new byte[decryptCipher.getOutputSize(bArr.length)];
            decryptCipher.doFinal(bArr2, decryptCipher.processBytes(bArr, 0, bArr.length, bArr2, 0));
            return bArr2;
        }

        private byte[] readChunk() throws IOException {
            if (this.eof) {
                return new byte[0];
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            if (this.oneByte != null) {
                byteArrayOutputStream.write(this.oneByte);
            }
            int[] readFully = Crypto.readFully(this.inputStream, this.chunk, false);
            int i = readFully[0];
            this.eof = readFully[1] == 1;
            if (i == this.chunk.length) {
                if (this.oneByte != null) {
                    i--;
                    this.oneByte[0] = this.chunk[i];
                } else if (!this.eof) {
                    this.oneByte = new byte[]{0};
                    this.eof = Crypto.readFully(this.inputStream, this.oneByte, false)[1] == 1;
                    if (this.eof) {
                        this.oneByte = null;
                    }
                }
            }
            byteArrayOutputStream.write(this.chunk, 0, i);
            return byteArrayOutputStream.toByteArray();
        }

        public byte[] readAllBytes() throws IOException, InvalidCipherTextException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            while (!this.eof) {
                byteArrayOutputStream.write(decrypt(readChunk(), this.eof));
            }
            return byteArrayOutputStream.toByteArray();
        }
    }

    private static byte[] random(int i) {
        byte[] bArr = new byte[i];
        RANDOM.nextBytes(bArr);
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] appendBytes(byte[]... bArr) {
        if (bArr.length == 1) {
            return bArr[0];
        }
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        ByteBuffer allocate = ByteBuffer.allocate(i);
        for (byte[] bArr3 : bArr) {
            allocate.put(bArr3);
        }
        return allocate.array();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int[] readFully(InputStream inputStream, byte[] bArr, boolean z) throws EOFException, IOException {
        int i = 0;
        int i2 = 0;
        int i3 = 0;
        while (true) {
            int i4 = i3;
            if (i >= bArr.length) {
                break;
            }
            int read = inputStream.read(bArr, i4, bArr.length - i);
            if (read >= 0) {
                i += read;
                i3 = i4 + read;
            } else {
                if (z) {
                    throw new EOFException("EOF occurred");
                }
                i2 = 1;
            }
        }
        return new int[]{i, i2};
    }

    private static AEADCipher getEncryptDecryptCipher(boolean z, int i, byte[] bArr, byte[] bArr2) {
        GCMModeCipher chaCha20Poly1305;
        switch (i) {
            case 0:
                chaCha20Poly1305 = GCMBlockCipher.newInstance(AESEngine.newInstance());
                break;
            case 1:
                chaCha20Poly1305 = new ChaCha20Poly1305();
                break;
            default:
                throw new IllegalArgumentException("unknown AEAD ID " + i);
        }
        chaCha20Poly1305.init(z, new AEADParameters(new KeyParameter(bArr), 128, bArr2));
        return chaCha20Poly1305;
    }

    private static AEADCipher getEncryptCipher(int i, byte[] bArr, byte[] bArr2) {
        return getEncryptDecryptCipher(true, i, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static AEADCipher getDecryptCipher(int i, byte[] bArr, byte[] bArr2) {
        return getEncryptDecryptCipher(false, i, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] generateKey(byte[] bArr, byte[] bArr2) {
        Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
        argon2BytesGenerator.init(new Argon2Parameters.Builder(2).withVersion(19).withSalt(bArr2).withMemoryAsKB(65536).withParallelism(4).withIterations(1).build());
        byte[] bArr3 = new byte[SALT_LENGTH];
        argon2BytesGenerator.generateBytes(bArr, bArr3);
        return bArr3;
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
    private static byte[] generateEncryptDecryptAdditionalData(boolean z, int i, byte[] bArr, byte[] bArr2) throws InvalidCipherTextException {
        AEADCipher encryptCipher = getEncryptCipher(i, bArr, bArr2);
        byte[] bArr3 = new byte[encryptCipher.getMac().length];
        encryptCipher.doFinal(bArr3, 0);
        return appendBytes(new byte[]{new byte[]{0}, bArr3});
    }

    private static byte[] generateEncryptAdditionalData(int i, byte[] bArr, byte[] bArr2) throws InvalidCipherTextException {
        return generateEncryptDecryptAdditionalData(true, i, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] generateDecryptAdditionalData(int i, byte[] bArr, byte[] bArr2) throws InvalidCipherTextException {
        return generateEncryptDecryptAdditionalData(false, i, bArr, bArr2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] markAsLast(byte[] bArr) {
        bArr[0] = Byte.MIN_VALUE;
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Type inference failed for: r0v7, types: [byte[], byte[][]] */
    public static byte[] updateNonceId(byte[] bArr, int i) {
        return appendBytes(new byte[]{bArr, new byte[]{(byte) (i & 255), (byte) ((i >> NONCE_LENGTH) & 255), (byte) ((i >> TAG_LENGTH) & 255), (byte) ((i >> 24) & 255)}});
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v16, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v43, types: [byte[], byte[][]] */
    public static byte[] encrypt(byte[] bArr, String str) throws InvalidCipherTextException {
        byte[] random = random(NONCE_LENGTH);
        byte[] random2 = random(SALT_LENGTH);
        byte[] generateKey = generateKey(str.getBytes(StandardCharsets.UTF_8), random2);
        byte[] bArr2 = {0};
        byte[] generateEncryptAdditionalData = generateEncryptAdditionalData(bArr2[0], generateKey, appendBytes(new byte[]{random, new byte[]{0, 0, 0, 0}}));
        byte[] appendBytes = appendBytes(new byte[]{random2, bArr2, random});
        int i = 0;
        boolean z = false;
        int i2 = 1;
        while (!z) {
            int i3 = i + CHUNK_SIZE;
            if (i3 > bArr.length) {
                generateEncryptAdditionalData = markAsLast(generateEncryptAdditionalData);
                i3 = bArr.length;
                z = true;
            }
            byte[] copyOfRange = Arrays.copyOfRange(bArr, i, i3);
            AEADCipher encryptCipher = getEncryptCipher(bArr2[0], generateKey, updateNonceId(random, i2));
            encryptCipher.processAADBytes(generateEncryptAdditionalData, 0, generateEncryptAdditionalData.length);
            byte[] bArr3 = new byte[encryptCipher.getOutputSize(copyOfRange.length)];
            encryptCipher.doFinal(bArr3, encryptCipher.processBytes(copyOfRange, 0, copyOfRange.length, bArr3, 0));
            appendBytes = appendBytes(new byte[]{appendBytes, bArr3});
            i = i3;
            i2++;
        }
        return appendBytes;
    }

    public static byte[] decrypt(InputStream inputStream, String str) throws EOFException, IOException, InvalidCipherTextException {
        return new DecryptReader(inputStream, str.getBytes(StandardCharsets.UTF_8)).readAllBytes();
    }
}
