package net.java.truevfs.driver.zip.raes.crypto;

import java.io.EOFException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.channels.SeekableByteChannel;
import java.util.Arrays;
import javax.annotation.WillCloseWhenClosed;
import javax.annotation.concurrent.NotThreadSafe;
import net.java.truecommons.io.IntervalReadOnlyChannel;
import net.java.truecommons.io.MutableBuffer;
import net.java.truecommons.key.spec.common.AesKeyStrength;
import net.java.truecommons.key.spec.util.SuspensionPenalty;
import net.java.truevfs.comp.zip.crypto.CipherReadOnlyChannel;
import net.java.truevfs.comp.zip.crypto.CtrBlockCipher;
import org.antlr.v4.runtime.tree.xpath.XPath;
import org.bouncycastle.crypto.PBEParametersGenerator;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.generators.PKCS12ParametersGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* JADX INFO: Access modifiers changed from: package-private */
@NotThreadSafe
/* loaded from: input_file:net/java/truevfs/driver/zip/raes/crypto/Type0RaesReadOnlyChannel.class */
public final class Type0RaesReadOnlyChannel extends RaesReadOnlyChannel {
    private final AesKeyStrength keyStrength;
    private final ByteBuffer authenticationCode;
    private final KeyParameter sha256MacParam;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Type0RaesReadOnlyChannel(Type0RaesParameters type0RaesParameters, @WillCloseWhenClosed SeekableByteChannel seekableByteChannel) throws IOException {
        ParametersWithIV parametersWithIV;
        KeyParameter keyParameter;
        byte[] bArr;
        if (!$assertionsDisabled && null == type0RaesParameters) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && null == seekableByteChannel) {
            throw new AssertionError();
        }
        MutableBuffer load = MutableBuffer.allocate(8).littleEndian().load(seekableByteChannel.position(0L));
        int uByte = load.position(4).getUByte();
        if (!$assertionsDisabled && 0 != uByte) {
            throw new AssertionError();
        }
        int uByte2 = load.getUByte();
        try {
            AesKeyStrength aesKeyStrength = AesKeyStrength.values()[uByte2];
            if (!$assertionsDisabled && aesKeyStrength.ordinal() != uByte2) {
                throw new AssertionError();
            }
            int bytes = aesKeyStrength.getBytes();
            int bits = aesKeyStrength.getBits();
            this.keyStrength = aesKeyStrength;
            int uShort = load.getUShort();
            if (1024 > uShort) {
                throw new RaesException("Iteration count must be 1024 or greater, but is " + uShort + XPath.NOT);
            }
            MutableBuffer load2 = MutableBuffer.allocate(bytes).load(seekableByteChannel);
            HMac hMac = new HMac(new SHA256Digest());
            MutableBuffer allocate = MutableBuffer.allocate(hMac.getMacSize());
            long position = seekableByteChannel.position();
            long size = seekableByteChannel.size() - allocate.limit();
            long j = size - position;
            if (0 > j) {
                throw new RaesException("False positive Type 0 RAES file is too short!", new EOFException());
            }
            allocate.load(seekableByteChannel.position(size)).position(allocate.limit() / 2);
            if (seekableByteChannel.position() != seekableByteChannel.size()) {
                throw new RaesException("Expected end of file after data envelope trailer!");
            }
            this.authenticationCode = allocate.slice().buffer();
            ByteBuffer buffer = allocate.flip().buffer();
            PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA256Digest());
            long j2 = 0;
            do {
                char[] passwordForReading = type0RaesParameters.getPasswordForReading(0 != j2);
                if (!$assertionsDisabled && null == passwordForReading) {
                    throw new AssertionError();
                }
                byte[] PKCS12PasswordToBytes = PBEParametersGenerator.PKCS12PasswordToBytes(passwordForReading);
                Arrays.fill(passwordForReading, (char) 0);
                pKCS12ParametersGenerator.init(PKCS12PasswordToBytes, load2.array(), uShort);
                parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(bits, 128);
                keyParameter = (KeyParameter) pKCS12ParametersGenerator.generateDerivedMacParameters(bits);
                Arrays.fill(PKCS12PasswordToBytes, (byte) 0);
                j2 = SuspensionPenalty.enforce(j2);
                hMac.init(keyParameter);
                byte[] key = ((KeyParameter) parametersWithIV.getParameters()).getKey();
                hMac.update(key, 0, key.length);
                bArr = new byte[hMac.getMacSize()];
                RaesOutputStream.klac(hMac, j, bArr);
            } while (!buffer.equals(ByteBuffer.wrap(bArr, 0, bArr.length / 2)));
            this.sha256MacParam = keyParameter;
            CtrBlockCipher ctrBlockCipher = new CtrBlockCipher(new AESEngine());
            ctrBlockCipher.init(false, parametersWithIV);
            this.channel = new CipherReadOnlyChannel(ctrBlockCipher, new IntervalReadOnlyChannel(seekableByteChannel.position(position), j));
            type0RaesParameters.setKeyStrength(aesKeyStrength);
        } catch (ArrayIndexOutOfBoundsException e) {
            throw new RaesException("Unknown index for cipher key strength: " + uByte2);
        }
    }

    @Override // net.java.truevfs.driver.zip.raes.crypto.RaesReadOnlyChannel
    public AesKeyStrength getKeyStrength() {
        return this.keyStrength;
    }

    @Override // net.java.truevfs.driver.zip.raes.crypto.RaesReadOnlyChannel
    public void authenticate() throws IOException {
        HMac hMac = new HMac(new SHA256Digest());
        hMac.init(this.sha256MacParam);
        byte[] mac = ((CipherReadOnlyChannel) this.channel).mac(hMac);
        if (!$assertionsDisabled && mac.length != hMac.getMacSize()) {
            throw new AssertionError();
        }
        if (!this.authenticationCode.equals(ByteBuffer.wrap(mac, 0, mac.length / 2))) {
            throw new RaesAuthenticationException();
        }
    }

    static {
        $assertionsDisabled = !Type0RaesReadOnlyChannel.class.desiredAssertionStatus();
    }
}
