package com.microsoft.azure.storage.blob;

import com.microsoft.azure.keyvault.core.IKey;
import com.microsoft.azure.keyvault.core.IKeyResolver;
import com.microsoft.azure.storage.Constants;
import com.microsoft.azure.storage.StorageErrorCodeStrings;
import com.microsoft.azure.storage.StorageException;
import com.microsoft.azure.storage.core.EncryptionAgent;
import com.microsoft.azure.storage.core.EncryptionAlgorithm;
import com.microsoft.azure.storage.core.SR;
import com.microsoft.azure.storage.core.Utility;
import com.microsoft.azure.storage.core.WrappedContentKey;
import java.io.OutputStream;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.tuple.Pair;

/* loaded from: input_file:com/microsoft/azure/storage/blob/BlobEncryptionPolicy.class */
public final class BlobEncryptionPolicy {
    public IKeyResolver keyResolver;
    public IKey keyWrapper;

    public BlobEncryptionPolicy(IKey iKey, IKeyResolver iKeyResolver) {
        this.keyWrapper = iKey;
        this.keyResolver = iKeyResolver;
    }

    public IKey getKey() {
        return this.keyWrapper;
    }

    public IKeyResolver getKeyResolver() {
        return this.keyResolver;
    }

    public void setKey(IKey iKey) {
        this.keyWrapper = iKey;
    }

    public void setKeyResolver(IKeyResolver iKeyResolver) {
        this.keyResolver = iKeyResolver;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OutputStream decryptBlob(OutputStream outputStream, Map<String, String> map, Boolean bool, byte[] bArr, boolean z) throws StorageException {
        byte[] bArr2;
        Utility.assertNotNull(Constants.QueryConstants.METADATA, map);
        String str = map.get(Constants.EncryptionConstants.BLOB_ENCRYPTION_DATA);
        if (str == null) {
            return outputStream;
        }
        try {
            BlobEncryptionData deserialize = BlobEncryptionData.deserialize(str);
            Utility.assertNotNull("encryptionData", deserialize);
            Utility.assertNotNull("contentEncryptionIV", deserialize.getContentEncryptionIV());
            Utility.assertNotNull("encryptedKey", deserialize.getWrappedContentKey().getEncryptedKey());
            if (!Constants.EncryptionConstants.ENCRYPTION_PROTOCOL_V1.equals(deserialize.getEncryptionAgent().getProtocol())) {
                throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.ENCRYPTION_PROTOCOL_VERSION_INVALID, null);
            }
            if (this.keyWrapper == null && this.keyResolver == null) {
                throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.KEY_AND_RESOLVER_MISSING, null);
            }
            if (this.keyResolver != null) {
                IKey iKey = (IKey) this.keyResolver.resolveKeyAsync(deserialize.getWrappedContentKey().getKeyId()).get();
                Utility.assertNotNull("keyEncryptionKey", iKey);
                bArr2 = (byte[]) iKey.unwrapKeyAsync(deserialize.getWrappedContentKey().getEncryptedKey(), deserialize.getWrappedContentKey().getAlgorithm()).get();
            } else {
                if (!deserialize.getWrappedContentKey().getKeyId().equals(this.keyWrapper.getKid())) {
                    throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.KEY_MISMATCH, null);
                }
                bArr2 = (byte[]) this.keyWrapper.unwrapKeyAsync(deserialize.getWrappedContentKey().getEncryptedKey(), deserialize.getWrappedContentKey().getAlgorithm()).get();
            }
            switch (deserialize.getEncryptionAgent().getEncryptionAlgorithm()) {
                case AES_CBC_256:
                    Cipher cipher = z ? Cipher.getInstance("AES/CBC/NoPadding") : Cipher.getInstance("AES/CBC/PKCS5Padding");
                    cipher.init(2, new SecretKeySpec(bArr2, 0, bArr2.length, "AES"), new IvParameterSpec(bArr != null ? bArr : deserialize.getContentEncryptionIV()));
                    return new CipherOutputStream(outputStream, cipher);
                default:
                    throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.INVALID_ENCRYPTION_ALGORITHM, null);
            }
        } catch (StorageException e) {
            throw e;
        } catch (Exception e2) {
            throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.DECRYPTION_LOGIC_ERROR, e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static OutputStream wrapUserStreamWithDecryptStream(CloudBlob cloudBlob, OutputStream outputStream, BlobRequestOptions blobRequestOptions, Map<String, String> map, long j, boolean z, Long l, Long l2, int i, boolean z2) throws StorageException {
        String str = map.get(Constants.EncryptionConstants.BLOB_ENCRYPTION_DATA);
        if (blobRequestOptions.requireEncryption() != null && blobRequestOptions.requireEncryption().booleanValue() && str == null) {
            throw new StorageException(StorageErrorCodeStrings.DECRYPTION_ERROR, SR.ENCRYPTION_DATA_NOT_PRESENT_ERROR, null);
        }
        if (z) {
            return new BlobDecryptStream(outputStream, map, l2, i, z2, cloudBlob.getProperties().getBlobType() == BlobType.PAGE_BLOB || (l != null && l.longValue() < j - 16), blobRequestOptions.getEncryptionPolicy(), blobRequestOptions.requireEncryption());
        }
        return blobRequestOptions.getEncryptionPolicy().decryptBlob(outputStream, map, blobRequestOptions.requireEncryption(), null, cloudBlob.getProperties().getBlobType() == BlobType.PAGE_BLOB);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Cipher createAndSetEncryptionContext(Map<String, String> map, boolean z) throws StorageException {
        Utility.assertNotNull(Constants.QueryConstants.METADATA, map);
        if (this.keyWrapper == null) {
            throw new IllegalArgumentException(SR.KEY_MISSING);
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            keyGenerator.init(Constants.BATCH_MAX_REQUESTS);
            Cipher cipher = z ? Cipher.getInstance("AES/CBC/NoPadding") : Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKey generateKey = keyGenerator.generateKey();
            cipher.init(1, generateKey);
            BlobEncryptionData blobEncryptionData = new BlobEncryptionData();
            if (blobEncryptionData.getKeyWrappingMetadata() == null) {
                blobEncryptionData.setKeyWrappingMetadata(new HashMap<>());
            }
            blobEncryptionData.getKeyWrappingMetadata().put(Constants.EncryptionConstants.ENCRYPTION_LIBRARY, "Java 8.6.4");
            blobEncryptionData.setEncryptionAgent(new EncryptionAgent(Constants.EncryptionConstants.ENCRYPTION_PROTOCOL_V1, EncryptionAlgorithm.AES_CBC_256));
            Pair pair = (Pair) this.keyWrapper.wrapKeyAsync(generateKey.getEncoded(), (String) null).get();
            blobEncryptionData.setWrappedContentKey(new WrappedContentKey(this.keyWrapper.getKid(), (byte[]) pair.getKey(), (String) pair.getValue()));
            blobEncryptionData.setContentEncryptionIV(cipher.getIV());
            map.put(Constants.EncryptionConstants.BLOB_ENCRYPTION_DATA, blobEncryptionData.serialize());
            return cipher;
        } catch (Exception e) {
            throw StorageException.translateClientException(e);
        }
    }
}
