package net.snowflake.client.jdbc.cloud.storage;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.channels.FileChannel;
import java.nio.file.Files;
import java.nio.file.StandardOpenOption;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.snowflake.client.jdbc.MatDesc;
import net.snowflake.client.jdbc.internal.snowflake.common.core.RemoteStoreFileEncryptionMaterial;

/* loaded from: input_file:net/snowflake/client/jdbc/cloud/storage/GcmEncryptionProvider.class */
class GcmEncryptionProvider {
    private static final int TAG_LENGTH_IN_BITS = 128;
    private static final int IV_LENGTH_IN_BYTES = 12;
    private static final String AES = "AES";
    private static final String FILE_CIPHER = "AES/GCM/NoPadding";
    private static final String KEY_CIPHER = "AES/GCM/NoPadding";
    private static final int BUFFER_SIZE = 8388608;
    private static final ThreadLocal<SecureRandom> random;
    private static final Base64.Decoder base64Decoder;

    GcmEncryptionProvider() {
    }

    static InputStream encrypt(StorageObjectMetadata storageObjectMetadata, long j, InputStream inputStream, RemoteStoreFileEncryptionMaterial remoteStoreFileEncryptionMaterial, SnowflakeStorageClient snowflakeStorageClient, byte[] bArr, byte[] bArr2) throws InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException {
        byte[] decode = base64Decoder.decode(remoteStoreFileEncryptionMaterial.getQueryStageMasterKey());
        int length = decode.length;
        byte[] bArr3 = new byte[length];
        byte[] bArr4 = new byte[12];
        byte[] bArr5 = new byte[12];
        initRandomIvsAndFileKey(bArr4, bArr5, bArr3);
        byte[] encryptKey = encryptKey(decode, bArr3, bArr5, bArr2);
        CipherInputStream encryptContent = encryptContent(inputStream, bArr3, bArr4, bArr);
        addEncryptionMetadataToStorageClient(storageObjectMetadata, j, remoteStoreFileEncryptionMaterial, snowflakeStorageClient, length, encryptKey, bArr4, bArr5, bArr2, bArr);
        return encryptContent;
    }

    private static void initRandomIvsAndFileKey(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        random.get().nextBytes(bArr);
        random.get().nextBytes(bArr2);
        random.get().nextBytes(bArr3);
    }

    private static byte[] encryptKey(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, "AES");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr3);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKeySpec, gCMParameterSpec);
        if (bArr4 != null) {
            cipher.updateAAD(bArr4);
        }
        return cipher.doFinal(bArr2);
    }

    private static CipherInputStream encryptContent(InputStream inputStream, byte[] bArr, byte[] bArr2, byte[] bArr3) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchAlgorithmException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, "AES");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr2);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(1, secretKeySpec, gCMParameterSpec);
        if (bArr3 != null) {
            cipher.updateAAD(bArr3);
        }
        return new CipherInputStream(inputStream, cipher);
    }

    private static void addEncryptionMetadataToStorageClient(StorageObjectMetadata storageObjectMetadata, long j, RemoteStoreFileEncryptionMaterial remoteStoreFileEncryptionMaterial, SnowflakeStorageClient snowflakeStorageClient, int i, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5) {
        snowflakeStorageClient.addEncryptionMetadataForGcm(storageObjectMetadata, new MatDesc(remoteStoreFileEncryptionMaterial.getSmkId().longValue(), remoteStoreFileEncryptionMaterial.getQueryId(), i * 8), bArr, bArr2, bArr3, bArr4, bArr5, j);
    }

    static void decryptFile(File file, String str, String str2, String str3, RemoteStoreFileEncryptionMaterial remoteStoreFileEncryptionMaterial, String str4, String str5) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, IOException, NoSuchPaddingException, NoSuchAlgorithmException {
        byte[] decode = base64Decoder.decode(str);
        byte[] decode2 = base64Decoder.decode(str2);
        byte[] decode3 = base64Decoder.decode(str3);
        byte[] decode4 = base64Decoder.decode(remoteStoreFileEncryptionMaterial.getQueryStageMasterKey());
        byte[] decode5 = base64Decoder.decode(str5);
        decryptContentFromFile(file, decryptKey(decode4, decode3, decode, decode5), decode2, base64Decoder.decode(str4));
    }

    static InputStream decryptStream(InputStream inputStream, String str, String str2, String str3, RemoteStoreFileEncryptionMaterial remoteStoreFileEncryptionMaterial, String str4, String str5) throws InvalidKeyException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchAlgorithmException {
        byte[] decode = base64Decoder.decode(str);
        byte[] decode2 = base64Decoder.decode(str2);
        byte[] decode3 = base64Decoder.decode(str3);
        return decryptContentFromStream(inputStream, decode2, decryptKey(base64Decoder.decode(remoteStoreFileEncryptionMaterial.getQueryStageMasterKey()), decode3, decode, base64Decoder.decode(str5)), base64Decoder.decode(str4));
    }

    private static CipherInputStream decryptContentFromStream(InputStream inputStream, byte[] bArr, byte[] bArr2, byte[] bArr3) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchAlgorithmException {
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "AES");
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKeySpec, gCMParameterSpec);
        if (bArr3 != null) {
            cipher.updateAAD(bArr3);
        }
        return new CipherInputStream(inputStream, cipher);
    }

    private static void decryptContentFromFile(File file, byte[] bArr, byte[] bArr2, byte[] bArr3) throws InvalidKeyException, InvalidAlgorithmParameterException, IOException, NoSuchPaddingException, NoSuchAlgorithmException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr2);
        byte[] bArr4 = new byte[8388608];
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKeySpec, gCMParameterSpec);
        if (bArr3 != null) {
            cipher.updateAAD(bArr3);
        }
        long j = 0;
        InputStream newInputStream = Files.newInputStream(file.toPath(), StandardOpenOption.READ);
        try {
            CipherInputStream cipherInputStream = new CipherInputStream(newInputStream, cipher);
            try {
                OutputStream newOutputStream = Files.newOutputStream(file.toPath(), StandardOpenOption.CREATE);
                while (true) {
                    try {
                        int read = cipherInputStream.read(bArr4);
                        if (read <= -1) {
                            break;
                        }
                        newOutputStream.write(bArr4, 0, read);
                        j += read;
                    } catch (Throwable th) {
                        if (newOutputStream != null) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                if (newOutputStream != null) {
                    newOutputStream.close();
                }
                cipherInputStream.close();
                if (newInputStream != null) {
                    newInputStream.close();
                }
                FileOutputStream fileOutputStream = new FileOutputStream(file, true);
                try {
                    FileChannel channel = fileOutputStream.getChannel();
                    try {
                        channel.truncate(j);
                        if (channel != null) {
                            channel.close();
                        }
                        fileOutputStream.close();
                    } finally {
                    }
                } catch (Throwable th3) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th5) {
            if (newInputStream != null) {
                try {
                    newInputStream.close();
                } catch (Throwable th6) {
                    th5.addSuppressed(th6);
                }
            }
            throw th5;
        }
    }

    private static byte[] decryptKey(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, 0, bArr.length, "AES");
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr2);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(2, secretKeySpec, gCMParameterSpec);
        if (bArr4 != null) {
            cipher.updateAAD(bArr4);
        }
        return cipher.doFinal(bArr3);
    }

    static {
        new ThreadLocal();
        random = ThreadLocal.withInitial(SecureRandom::new);
        base64Decoder = Base64.getDecoder();
    }
}
