package org.apache.accumulo.core.cryptoImpl;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.accumulo.core.spi.crypto.CryptoService;

/* loaded from: input_file:org/apache/accumulo/core/cryptoImpl/AESKeyUtils.class */
public class AESKeyUtils {
    public static final String URI = "uri";
    public static final String KEY_WRAP_TRANSFORM = "AESWrap";

    public static Key generateKey(SecureRandom secureRandom, int i) {
        byte[] bArr = new byte[i];
        secureRandom.nextBytes(bArr);
        return new SecretKeySpec(bArr, "AES");
    }

    @SuppressFBWarnings(value = {"CIPHER_INTEGRITY"}, justification = "integrity not needed for key wrap")
    public static Key unwrapKey(byte[] bArr, Key key) {
        try {
            Cipher cipher = Cipher.getInstance(KEY_WRAP_TRANSFORM);
            cipher.init(4, key);
            return cipher.unwrap(bArr, "AES", 3);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new CryptoService.CryptoException("Unable to unwrap file encryption key", e);
        }
    }

    @SuppressFBWarnings(value = {"CIPHER_INTEGRITY"}, justification = "integrity not needed for key wrap")
    public static byte[] wrapKey(Key key, Key key2) {
        try {
            Cipher cipher = Cipher.getInstance(KEY_WRAP_TRANSFORM);
            cipher.init(3, key2);
            return cipher.wrap(key);
        } catch (InvalidKeyException | NoSuchAlgorithmException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new CryptoService.CryptoException("Unable to wrap file encryption key", e);
        }
    }

    @SuppressFBWarnings(value = {"PATH_TRAVERSAL_IN"}, justification = "keyId specified by admin")
    public static SecretKeySpec loadKekFromUri(String str) {
        try {
            return new SecretKeySpec(Files.readAllBytes(Paths.get(new URI(str).getPath(), new String[0])), "AES");
        } catch (IOException | IllegalArgumentException | URISyntaxException e) {
            throw new CryptoService.CryptoException("Unable to load key encryption key.", e);
        }
    }
}
