package freenet.crypt;

import freenet.client.async.ClientContext;
import freenet.support.Fields;
import freenet.support.Logger;
import freenet.support.api.LockableRandomAccessBuffer;
import freenet.support.io.BucketTools;
import freenet.support.io.FilenameGenerator;
import freenet.support.io.PersistentFileTracker;
import freenet.support.io.ResumeFailedException;
import freenet.support.io.StorageFormatException;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.SecretKey;
import org.bouncycastle.crypto.SkippingStreamCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* loaded from: classes2.dex */
public final class EncryptedRandomAccessBuffer implements LockableRandomAccessBuffer, Serializable {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    private static final long END_MAGIC = 3176597310644858067L;
    public static final int MAGIC = 971674818;
    private static final int VERSION_AND_MAGIC_LENGTH = 12;
    private static final long serialVersionUID = 1;
    private transient ParametersWithIV cipherParams;
    private transient SkippingStreamCipher cipherRead;
    private transient SkippingStreamCipher cipherWrite;
    private transient byte[] headerEncIV;
    private transient SecretKey headerEncKey;
    private transient SecretKey headerMacKey;
    private final EncryptedRandomAccessBufferType type;
    private final LockableRandomAccessBuffer underlyingBuffer;
    private transient SecretKey unencryptedBaseKey;
    private int version;
    private final ReentrantLock readLock = new ReentrantLock();
    private final ReentrantLock writeLock = new ReentrantLock();
    private volatile transient boolean isClosed = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public enum kdfInput {
        underlyingKey,
        underlyingIV;

        public final String input = name();

        kdfInput() {
        }
    }

    public EncryptedRandomAccessBuffer(EncryptedRandomAccessBufferType encryptedRandomAccessBufferType, LockableRandomAccessBuffer lockableRandomAccessBuffer, MasterSecret masterSecret, boolean z) throws IOException, GeneralSecurityException {
        this.type = encryptedRandomAccessBufferType;
        this.underlyingBuffer = lockableRandomAccessBuffer;
        setup(masterSecret, z);
    }

    public static LockableRandomAccessBuffer create(DataInputStream dataInputStream, FilenameGenerator filenameGenerator, PersistentFileTracker persistentFileTracker, MasterSecret masterSecret) throws IOException, StorageFormatException, ResumeFailedException {
        EncryptedRandomAccessBufferType byBitmask = EncryptedRandomAccessBufferType.getByBitmask(dataInputStream.readInt());
        if (byBitmask == null) {
            throw new StorageFormatException("Unknown EncryptedRandomAccessBufferType");
        }
        try {
            return new EncryptedRandomAccessBuffer(byBitmask, BucketTools.restoreRAFFrom(dataInputStream, filenameGenerator, persistentFileTracker, masterSecret), masterSecret, false);
        } catch (GeneralSecurityException e) {
            Logger.error((Class<?>) EncryptedRandomAccessBuffer.class, "Crypto error resuming: " + e, (Throwable) e);
            throw new ResumeFailedException(e);
        }
    }

    private void setup(MasterSecret masterSecret, boolean z) throws IOException, GeneralSecurityException {
        this.cipherRead = this.type.get();
        this.cipherWrite = this.type.get();
        this.headerEncKey = masterSecret.deriveKey(this.type.encryptKey);
        this.headerMacKey = masterSecret.deriveKey(this.type.macKey);
        if (this.underlyingBuffer.size() < this.type.headerLen) {
            throw new IOException("Underlying RandomAccessBuffer is not long enough to include the footer.");
        }
        byte[] bArr = new byte[12];
        this.underlyingBuffer.pread(this.type.headerLen - 12, bArr, 0, 12);
        int i = ByteBuffer.wrap(bArr, 0, 4).getInt();
        long j = ByteBuffer.wrap(bArr, 4, 8).getLong();
        if (!z && END_MAGIC != j) {
            throw new IOException("This is not an EncryptedRandomAccessBuffer!");
        }
        int i2 = this.type.bitmask;
        this.version = i2;
        if (z) {
            this.headerEncIV = KeyGenUtils.genIV(this.type.encryptType.ivSize.intValue()).getIV();
            this.unencryptedBaseKey = KeyGenUtils.genSecretKey(this.type.encryptKey);
            writeHeader();
        } else {
            if (i != i2) {
                throw new IOException("Version of the underlying RandomAccessBuffer is incompatible with this ERATType");
            }
            if (!verifyHeader()) {
                throw new GeneralSecurityException("MAC is incorrect");
            }
        }
        try {
            ParametersWithIV parametersWithIV = new ParametersWithIV(new KeyParameter(KeyGenUtils.deriveSecretKey(this.unencryptedBaseKey, getClass(), kdfInput.underlyingKey.input, this.type.encryptKey).getEncoded()), KeyGenUtils.deriveIvParameterSpec(this.unencryptedBaseKey, getClass(), kdfInput.underlyingIV.input, this.type.encryptKey).getIV());
            this.cipherParams = parametersWithIV;
            this.cipherRead.init(false, parametersWithIV);
            this.cipherWrite.init(true, this.cipherParams);
        } catch (InvalidKeyException e) {
            throw new IllegalStateException(e);
        }
    }

    private boolean verifyHeader() throws IOException, InvalidKeyException {
        if (this.isClosed) {
            throw new IOException("This RandomAccessBuffer has already been closed. This should not happen.");
        }
        byte[] bArr = new byte[this.type.headerLen - 12];
        this.underlyingBuffer.pread(0L, bArr, 0, this.type.headerLen - 12);
        byte[] bArr2 = new byte[this.type.encryptType.ivSize.intValue()];
        this.headerEncIV = bArr2;
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        int length = this.headerEncIV.length + 0;
        int i = this.type.encryptKey.keySize >> 3;
        byte[] bArr3 = new byte[i];
        System.arraycopy(bArr, length, bArr3, 0, i);
        int i2 = length + i;
        try {
            this.unencryptedBaseKey = KeyGenUtils.getSecretKey(this.type.encryptKey, new CryptByteBuffer(this.type.encryptType, this.headerEncKey, this.headerEncIV).decryptCopy(bArr3));
            byte[] bArr4 = new byte[this.type.macLen];
            System.arraycopy(bArr, i2, bArr4, 0, this.type.macLen);
            return new MessageAuthCode(this.type.macType, this.headerMacKey).verifyData(bArr4, this.headerEncIV, this.unencryptedBaseKey.getEncoded(), ByteBuffer.allocate(4).putInt(this.version).array());
        } catch (InvalidAlgorithmParameterException unused) {
            throw new IOException("Error reading encryption keys from header.");
        } catch (InvalidKeyException unused2) {
            throw new IOException("Error reading encryption keys from header.");
        }
    }

    private void writeHeader() throws IOException, GeneralSecurityException {
        if (this.isClosed) {
            throw new IOException("This RandomAccessBuffer has already been closed. This should not happen.");
        }
        int i = this.type.headerLen;
        byte[] bArr = new byte[i];
        byte[] bArr2 = this.headerEncIV;
        int length = bArr2.length;
        System.arraycopy(bArr2, 0, bArr, 0, length);
        int i2 = length + 0;
        try {
            byte[] encryptCopy = new CryptByteBuffer(this.type.encryptType, this.headerEncKey, this.headerEncIV).encryptCopy(this.unencryptedBaseKey.getEncoded());
            System.arraycopy(encryptCopy, 0, bArr, i2, encryptCopy.length);
            int length2 = i2 + encryptCopy.length;
            byte[] array = ByteBuffer.allocate(4).putInt(this.version).array();
            try {
                byte[] copyToArray = Fields.copyToArray(new MessageAuthCode(this.type.macType, this.headerMacKey).genMac(this.headerEncIV, this.unencryptedBaseKey.getEncoded(), array));
                System.arraycopy(copyToArray, 0, bArr, length2, copyToArray.length);
                int length3 = length2 + copyToArray.length;
                System.arraycopy(array, 0, bArr, length3, array.length);
                int length4 = length3 + array.length;
                byte[] array2 = ByteBuffer.allocate(8).putLong(END_MAGIC).array();
                System.arraycopy(array2, 0, bArr, length4, array2.length);
                this.underlyingBuffer.pwrite(0L, bArr, 0, i);
            } catch (InvalidKeyException e) {
                throw new GeneralSecurityException("Something went wrong with key generation. please report", e.fillInStackTrace());
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new GeneralSecurityException("Something went wrong with key generation. please report", e2.fillInStackTrace());
        } catch (InvalidKeyException e3) {
            throw new GeneralSecurityException("Something went wrong with key generation. please report", e3.fillInStackTrace());
        }
    }

    @Override // freenet.support.api.RandomAccessBuffer, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.isClosed) {
            return;
        }
        this.isClosed = true;
        this.underlyingBuffer.close();
    }

    @Override // freenet.support.api.LockableRandomAccessBuffer
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        EncryptedRandomAccessBuffer encryptedRandomAccessBuffer = (EncryptedRandomAccessBuffer) obj;
        if (this.type != encryptedRandomAccessBuffer.type) {
            return false;
        }
        return this.underlyingBuffer.equals(encryptedRandomAccessBuffer.underlyingBuffer);
    }

    @Override // freenet.support.api.RandomAccessBuffer
    public void free() {
        close();
        this.underlyingBuffer.free();
    }

    @Override // freenet.support.api.LockableRandomAccessBuffer
    public int hashCode() {
        EncryptedRandomAccessBufferType encryptedRandomAccessBufferType = this.type;
        int hashCode = ((encryptedRandomAccessBufferType == null ? 0 : encryptedRandomAccessBufferType.hashCode()) + 31) * 31;
        LockableRandomAccessBuffer lockableRandomAccessBuffer = this.underlyingBuffer;
        return hashCode + (lockableRandomAccessBuffer != null ? lockableRandomAccessBuffer.hashCode() : 0);
    }

    @Override // freenet.support.api.LockableRandomAccessBuffer
    public LockableRandomAccessBuffer.RAFLock lockOpen() throws IOException {
        return this.underlyingBuffer.lockOpen();
    }

    @Override // freenet.support.api.LockableRandomAccessBuffer
    public void onResume(ClientContext clientContext) throws ResumeFailedException {
        this.underlyingBuffer.onResume(clientContext);
        try {
            setup(clientContext.getPersistentMasterSecret(), false);
        } catch (IOException e) {
            Logger.error(this, "Disk I/O error resuming: " + e, e);
            throw new ResumeFailedException(e);
        } catch (GeneralSecurityException e2) {
            Logger.error(this, "Impossible security error resuming - maybe we lost a codec?: " + e2, e2);
            throw new ResumeFailedException(e2);
        }
    }

    @Override // freenet.support.api.RandomAccessBuffer
    public void pread(long j, byte[] bArr, int i, int i2) throws IOException {
        if (this.isClosed) {
            throw new IOException("This RandomAccessBuffer has already been closed. It can no longer be read from.");
        }
        if (j < 0) {
            throw new IllegalArgumentException("Cannot read before zero");
        }
        long j2 = i2 + j;
        if (j2 > size()) {
            throw new IOException("Cannot read after end: trying to read from " + j + " to " + j2 + " on block length " + size());
        }
        byte[] bArr2 = new byte[i2];
        this.underlyingBuffer.pread(this.type.headerLen + j, bArr2, 0, i2);
        this.readLock.lock();
        try {
            this.cipherRead.skip(j - this.cipherRead.getPosition());
            this.cipherRead.processBytes(bArr2, 0, i2, bArr, i);
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // freenet.support.api.RandomAccessBuffer
    public void pwrite(long j, byte[] bArr, int i, int i2) throws IOException {
        if (this.isClosed) {
            throw new IOException("This RandomAccessBuffer has already been closed. It can no longer be written to.");
        }
        if (j < 0) {
            throw new IllegalArgumentException("Cannot read before zero");
        }
        long j2 = i2 + j;
        if (j2 > size()) {
            throw new IOException("Cannot write after end: trying to write from " + j + " to " + j2 + " on block length " + size());
        }
        byte[] bArr2 = new byte[i2];
        this.writeLock.lock();
        try {
            this.cipherWrite.skip(j - this.cipherWrite.getPosition());
            this.cipherWrite.processBytes(bArr, i, i2, bArr2, 0);
            this.writeLock.unlock();
            this.underlyingBuffer.pwrite(this.type.headerLen + j, bArr2, 0, i2);
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @Override // freenet.support.api.RandomAccessBuffer
    public long size() {
        return this.underlyingBuffer.size() - this.type.headerLen;
    }

    @Override // freenet.support.api.LockableRandomAccessBuffer
    public void storeTo(DataOutputStream dataOutputStream) throws IOException {
        dataOutputStream.writeInt(MAGIC);
        dataOutputStream.writeInt(this.type.bitmask);
        this.underlyingBuffer.storeTo(dataOutputStream);
    }
}
