package com.couchbase.client.encryption;

import com.couchbase.client.encryption.errors.CryptoProviderKeySizeException;
import com.couchbase.client.encryption.errors.CryptoProviderMissingPublicKeyException;
import com.couchbase.client.encryption.errors.CryptoProviderMissingSigningKeyException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/couchbase/client/encryption/AESCryptoProviderBase.class */
public abstract class AESCryptoProviderBase implements CryptoProvider {
    protected KeyStoreProvider keyStoreProvider;
    private final int IV_SIZE = 16;
    private String alias;

    public KeyStoreProvider getKeyStoreProvider() {
        return this.keyStoreProvider;
    }

    public void setKeyStoreProvider(KeyStoreProvider keyStoreProvider) {
        this.keyStoreProvider = keyStoreProvider;
    }

    public byte[] encrypt(byte[] bArr) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        if (this.keyStoreProvider.publicKeyName() == null) {
            throw new CryptoProviderMissingPublicKeyException("Cryptographic providers require a non-null, empty public and key identifier (kid) be configured for the alias: " + this.alias);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.keyStoreProvider.getKey(this.keyStoreProvider.publicKeyName()), "AES");
        checkKeySize(secretKeySpec);
        byte[] bArr2 = new byte[16];
        new SecureRandom().nextBytes(bArr2);
        cipher.init(1, secretKeySpec, new IvParameterSpec(bArr2));
        byte[] doFinal = cipher.doFinal(bArr);
        byte[] bArr3 = new byte[doFinal.length + 16];
        System.arraycopy(bArr2, 0, bArr3, 0, 16);
        System.arraycopy(doFinal, 0, bArr3, 16, doFinal.length);
        return bArr3;
    }

    public int getIVSize() {
        return 16;
    }

    public byte[] decrypt(byte[] bArr) throws Exception {
        if (this.keyStoreProvider.publicKeyName() == null) {
            throw new CryptoProviderMissingPublicKeyException("Cryptographic providers require a non-null, empty public and key identifier (kid) be configured for the alias: " + this.alias);
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.keyStoreProvider.getKey(this.keyStoreProvider.publicKeyName()), "AES");
        checkKeySize(secretKeySpec);
        byte[] bArr2 = new byte[16];
        System.arraycopy(bArr, 0, bArr2, 0, 16);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        int length = bArr.length - 16;
        byte[] bArr3 = new byte[length];
        System.arraycopy(bArr, 16, bArr3, 0, length);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr3);
    }

    public byte[] getSignature(byte[] bArr) throws Exception {
        if (this.keyStoreProvider.signingKeyName() == null) {
            throw new CryptoProviderMissingSigningKeyException("The authentication failed while checking the signature of the message payload for the alias: " + this.alias);
        }
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(this.keyStoreProvider.getKey(this.keyStoreProvider.signingKeyName()), "HMAC"));
        return mac.doFinal(bArr);
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2) throws Exception {
        return Arrays.equals(getSignature(bArr), bArr2);
    }

    public abstract String getProviderName();

    protected abstract int getKeySize();

    private void checkKeySize(SecretKeySpec secretKeySpec) throws Exception {
        int length = secretKeySpec.getEncoded().length;
        if (length != getKeySize()) {
            throw new CryptoProviderKeySizeException("Invalid key size " + length + " for " + getProviderAlgorithmName() + " Algorithm");
        }
    }

    public abstract boolean checkAlgorithmNameMatch(String str);

    public void setAlias(String str) {
        this.alias = str;
    }
}
