package com.google.crypto.tink.aead.internal;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.aead.ChaCha20Poly1305Key;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.subtle.EngineFactory;
import com.google.crypto.tink.subtle.Hex;
import com.google.crypto.tink.subtle.Random;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.util.Arrays;
import javax.annotation.Nullable;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public final class ChaCha20Poly1305Jce implements Aead {
    private static final String CIPHER_NAME = "ChaCha20-Poly1305";
    private static final String KEY_NAME = "ChaCha20";
    private static final int KEY_SIZE_IN_BYTES = 32;
    private static final int NONCE_SIZE_IN_BYTES = 12;
    private static final int TAG_SIZE_IN_BYTES = 16;
    private final SecretKey keySpec;
    private final byte[] outputPrefix;
    private static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_NOT_FIPS;
    private static final byte[] TEST_KEY = Hex.decode("808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f");
    private static final byte[] TEST_NONCE = Hex.decode("070000004041424344454647");
    private static final byte[] TEST_CIPHERTEXT_OF_EMPTY = Hex.decode("a0784d7a4716f3feb4f64e7f4b39bf04");
    private static final ThreadLocal<Cipher> localCipher = new ThreadLocal<Cipher>() { // from class: com.google.crypto.tink.aead.internal.ChaCha20Poly1305Jce.1
        @Override // java.lang.ThreadLocal
        @Nullable
        public Cipher initialValue() {
            try {
                Cipher engineFactory = EngineFactory.CIPHER.getInstance(ChaCha20Poly1305Jce.CIPHER_NAME);
                if (ChaCha20Poly1305Jce.isValid(engineFactory)) {
                    return engineFactory;
                }
                return null;
            } catch (GeneralSecurityException unused) {
                return null;
            }
        }
    };

    private ChaCha20Poly1305Jce(byte[] bArr, byte[] bArr2) {
        if (!FIPS.isCompatible()) {
            throw new GeneralSecurityException("Can not use ChaCha20Poly1305 in FIPS-mode.");
        }
        if (!isSupported()) {
            throw new GeneralSecurityException("JCE does not support algorithm: ChaCha20-Poly1305");
        }
        if (bArr.length != 32) {
            throw new InvalidKeyException("The key length in bytes must be 32.");
        }
        this.keySpec = new SecretKeySpec(bArr, KEY_NAME);
        this.outputPrefix = bArr2;
    }

    @AccessesPartialKey
    public static Aead create(ChaCha20Poly1305Key chaCha20Poly1305Key) {
        return new ChaCha20Poly1305Jce(chaCha20Poly1305Key.getKeyBytes().toByteArray(InsecureSecretKeyAccess.get()), chaCha20Poly1305Key.getOutputPrefix().toByteArray());
    }

    @Nullable
    public static Cipher getThreadLocalCipherOrNull() {
        return localCipher.get();
    }

    public static boolean isSupported() {
        return localCipher.get() != null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isValid(Cipher cipher) {
        try {
            IvParameterSpec ivParameterSpec = new IvParameterSpec(TEST_NONCE);
            byte[] bArr = TEST_KEY;
            cipher.init(2, new SecretKeySpec(bArr, KEY_NAME), ivParameterSpec);
            byte[] bArr2 = TEST_CIPHERTEXT_OF_EMPTY;
            if (cipher.doFinal(bArr2).length != 0) {
                return false;
            }
            cipher.init(2, new SecretKeySpec(bArr, KEY_NAME), ivParameterSpec);
            return cipher.doFinal(bArr2).length == 0;
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] decrypt(byte[] bArr, byte[] bArr2) {
        if (bArr == null) {
            throw new NullPointerException("ciphertext is null");
        }
        int length = bArr.length;
        byte[] bArr3 = this.outputPrefix;
        if (length < bArr3.length + 28) {
            throw new GeneralSecurityException("ciphertext too short");
        }
        if (!Util.isPrefix(bArr3, bArr)) {
            throw new GeneralSecurityException("Decryption failed (OutputPrefix mismatch).");
        }
        byte[] bArr4 = new byte[12];
        System.arraycopy(bArr, this.outputPrefix.length, bArr4, 0, 12);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr4);
        Cipher cipher = localCipher.get();
        cipher.init(2, this.keySpec, ivParameterSpec);
        if (bArr2 != null && bArr2.length != 0) {
            cipher.updateAAD(bArr2);
        }
        byte[] bArr5 = this.outputPrefix;
        return cipher.doFinal(bArr, bArr5.length + 12, (bArr.length - bArr5.length) - 12);
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] encrypt(byte[] bArr, byte[] bArr2) {
        if (bArr == null) {
            throw new NullPointerException("plaintext is null");
        }
        byte[] randBytes = Random.randBytes(12);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(randBytes);
        Cipher cipher = localCipher.get();
        cipher.init(1, this.keySpec, ivParameterSpec);
        if (bArr2 != null && bArr2.length != 0) {
            cipher.updateAAD(bArr2);
        }
        int outputSize = cipher.getOutputSize(bArr.length);
        byte[] bArr3 = this.outputPrefix;
        if (outputSize > 2147483635 - bArr3.length) {
            throw new GeneralSecurityException("plaintext too long");
        }
        byte[] copyOf = Arrays.copyOf(bArr3, bArr3.length + 12 + outputSize);
        System.arraycopy(randBytes, 0, copyOf, this.outputPrefix.length, 12);
        if (cipher.doFinal(bArr, 0, bArr.length, copyOf, this.outputPrefix.length + 12) == outputSize) {
            return copyOf;
        }
        throw new GeneralSecurityException("not enough data written");
    }
}
