package freenet.crypt;

import freenet.client.async.ClientContext;
import freenet.clients.http.updateableelements.UpdaterConstants;
import freenet.crypt.EncryptedRandomAccessBuffer;
import freenet.support.Fields;
import freenet.support.Logger;
import freenet.support.api.LockableRandomAccessBuffer;
import freenet.support.api.RandomAccessBucket;
import freenet.support.io.BucketTools;
import freenet.support.io.FilenameGenerator;
import freenet.support.io.NullInputStream;
import freenet.support.io.PersistentFileTracker;
import freenet.support.io.ResumeFailedException;
import freenet.support.io.StorageFormatException;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.EOFException;
import java.io.FilterInputStream;
import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import org.bouncycastle.crypto.SkippingStreamCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* loaded from: input_file:freenet/crypt/EncryptedRandomAccessBucket.class */
public class EncryptedRandomAccessBucket implements RandomAccessBucket, Serializable {
    private static final long serialVersionUID = 1;
    private final EncryptedRandomAccessBufferType type;
    private final RandomAccessBucket underlying;
    private transient ParametersWithIV cipherParams;
    private transient SecretKey headerMacKey;
    private volatile transient boolean isFreed = false;
    private transient SecretKey unencryptedBaseKey;
    private transient SecretKey headerEncKey;
    private transient byte[] headerEncIV;
    private int version;
    private transient MasterSecret masterKey;
    private static final long END_MAGIC = 3176597310644858067L;
    private static final int VERSION_AND_MAGIC_LENGTH = 12;
    public static final int MAGIC = -658879362;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:freenet/crypt/EncryptedRandomAccessBucket$MyInputStream.class */
    public class MyInputStream extends FilterInputStream {
        private final SkippingStreamCipher cipherRead;

        public MyInputStream(InputStream inputStream, SkippingStreamCipher skippingStreamCipher) {
            super(inputStream);
            this.cipherRead = skippingStreamCipher;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read() throws IOException {
            byte[] bArr = new byte[1];
            if (read(bArr, 0, 1) > 0) {
                return Byte.toUnsignedInt(bArr[0]);
            }
            return -1;
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read(byte[] bArr) throws IOException {
            return read(bArr, 0, bArr.length);
        }

        @Override // java.io.FilterInputStream, java.io.InputStream
        public int read(byte[] bArr, int i, int i2) throws IOException {
            int read = this.in.read(bArr, i, i2);
            if (read <= 0) {
                return read;
            }
            this.cipherRead.processBytes(bArr, i, read, bArr, i);
            return read;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:freenet/crypt/EncryptedRandomAccessBucket$MyOutputStream.class */
    public class MyOutputStream extends FilterOutputStream {
        private final SkippingStreamCipher cipherWrite;

        public MyOutputStream(OutputStream outputStream, SkippingStreamCipher skippingStreamCipher) {
            super(outputStream);
            this.cipherWrite = skippingStreamCipher;
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(int i) throws IOException {
            write(new byte[]{(byte) i}, 0, 1);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr) throws IOException {
            write(bArr, 0, bArr.length);
        }

        @Override // java.io.FilterOutputStream, java.io.OutputStream
        public void write(byte[] bArr, int i, int i2) throws IOException {
            byte[] bArr2 = new byte[i2];
            this.cipherWrite.processBytes(bArr, i, i2, bArr2, 0);
            this.out.write(bArr2);
        }
    }

    public EncryptedRandomAccessBucket(EncryptedRandomAccessBufferType encryptedRandomAccessBufferType, RandomAccessBucket randomAccessBucket, MasterSecret masterSecret) {
        this.type = encryptedRandomAccessBufferType;
        this.underlying = randomAccessBucket;
        this.masterKey = masterSecret;
        baseSetup(masterSecret);
    }

    private void baseSetup(MasterSecret masterSecret) {
        this.headerEncKey = masterSecret.deriveKey(this.type.encryptKey);
        this.headerMacKey = masterSecret.deriveKey(this.type.macKey);
        this.version = this.type.bitmask;
    }

    private SkippingStreamCipher setup(OutputStream outputStream) throws GeneralSecurityException, IOException {
        this.headerEncIV = KeyGenUtils.genIV(this.type.encryptType.ivSize.intValue()).getIV();
        this.unencryptedBaseKey = KeyGenUtils.genSecretKey(this.type.encryptKey);
        writeHeader(outputStream);
        setupKeys();
        SkippingStreamCipher skippingStreamCipher = this.type.get();
        skippingStreamCipher.init(true, this.cipherParams);
        return skippingStreamCipher;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v16, types: [byte[], byte[][]] */
    private void writeHeader(OutputStream outputStream) throws GeneralSecurityException, IOException {
        byte[] bArr = new byte[this.type.headerLen];
        int length = this.headerEncIV.length;
        System.arraycopy(this.headerEncIV, 0, bArr, 0, length);
        int i = 0 + length;
        try {
            byte[] encryptCopy = new CryptByteBuffer(this.type.encryptType, this.headerEncKey, this.headerEncIV).encryptCopy(this.unencryptedBaseKey.getEncoded());
            System.arraycopy(encryptCopy, 0, bArr, i, encryptCopy.length);
            int length2 = i + encryptCopy.length;
            byte[] array = ByteBuffer.allocate(4).putInt(this.version).array();
            try {
                byte[] copyToArray = Fields.copyToArray(new MessageAuthCode(this.type.macType, this.headerMacKey).genMac((byte[][]) new byte[]{this.headerEncIV, this.unencryptedBaseKey.getEncoded(), array}));
                System.arraycopy(copyToArray, 0, bArr, length2, copyToArray.length);
                int length3 = length2 + copyToArray.length;
                System.arraycopy(array, 0, bArr, length3, array.length);
                int length4 = length3 + array.length;
                byte[] array2 = ByteBuffer.allocate(8).putLong(END_MAGIC).array();
                System.arraycopy(array2, 0, bArr, length4, array2.length);
                outputStream.write(bArr);
            } catch (InvalidKeyException e) {
                throw new GeneralSecurityException("Something went wrong with key generation. please report", e.fillInStackTrace());
            }
        } catch (InvalidAlgorithmParameterException e2) {
            throw new GeneralSecurityException("Something went wrong with key generation. please report", e2.fillInStackTrace());
        } catch (InvalidKeyException e3) {
            throw new GeneralSecurityException("Something went wrong with key generation. please report", e3.fillInStackTrace());
        }
    }

    private SkippingStreamCipher setup(InputStream inputStream) throws IOException, GeneralSecurityException {
        byte[] bArr = new byte[this.type.headerLen];
        try {
            new DataInputStream(inputStream).readFully(bArr);
            byte[] copyOfRange = Arrays.copyOfRange(bArr, bArr.length - 12, bArr.length);
            int i = ByteBuffer.wrap(copyOfRange, 0, 4).getInt();
            if (END_MAGIC != ByteBuffer.wrap(copyOfRange, 0 + 4, 8).getLong()) {
                throw new IOException("This is not an EncryptedRandomAccessBuffer!");
            }
            if (i != this.version) {
                throw new IOException("Version of the underlying RandomAccessBuffer is incompatible with this ERATType");
            }
            if (!verifyHeader(bArr)) {
                throw new GeneralSecurityException("MAC is incorrect");
            }
            setupKeys();
            SkippingStreamCipher skippingStreamCipher = this.type.get();
            skippingStreamCipher.init(false, this.cipherParams);
            return skippingStreamCipher;
        } catch (EOFException e) {
            throw new IOException("Underlying RandomAccessBuffer is not long enough to include the footer.");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r2v18, types: [byte[], byte[][]] */
    private boolean verifyHeader(byte[] bArr) throws IOException, InvalidKeyException {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, bArr.length - 12);
        this.headerEncIV = new byte[this.type.encryptType.ivSize.intValue()];
        System.arraycopy(copyOfRange, 0, this.headerEncIV, 0, this.headerEncIV.length);
        int length = 0 + this.headerEncIV.length;
        int i = this.type.encryptKey.keySize >> 3;
        byte[] bArr2 = new byte[i];
        System.arraycopy(copyOfRange, length, bArr2, 0, i);
        int i2 = length + i;
        try {
            this.unencryptedBaseKey = KeyGenUtils.getSecretKey(this.type.encryptKey, new CryptByteBuffer(this.type.encryptType, this.headerEncKey, this.headerEncIV).decryptCopy(bArr2));
            byte[] bArr3 = new byte[this.type.macLen];
            System.arraycopy(copyOfRange, i2, bArr3, 0, this.type.macLen);
            return new MessageAuthCode(this.type.macType, this.headerMacKey).verifyData(bArr3, (byte[][]) new byte[]{this.headerEncIV, this.unencryptedBaseKey.getEncoded(), ByteBuffer.allocate(4).putInt(this.version).array()});
        } catch (InvalidAlgorithmParameterException e) {
            throw new IOException("Error reading encryption keys from header.");
        } catch (InvalidKeyException e2) {
            throw new IOException("Error reading encryption keys from header.");
        }
    }

    private void setupKeys() {
        try {
            this.cipherParams = new ParametersWithIV(new KeyParameter(KeyGenUtils.deriveSecretKey(this.unencryptedBaseKey, EncryptedRandomAccessBuffer.class, EncryptedRandomAccessBuffer.kdfInput.underlyingKey.input, this.type.encryptKey).getEncoded()), KeyGenUtils.deriveIvParameterSpec(this.unencryptedBaseKey, EncryptedRandomAccessBuffer.class, EncryptedRandomAccessBuffer.kdfInput.underlyingIV.input, this.type.encryptKey).getIV());
        } catch (InvalidKeyException e) {
            throw new IllegalStateException(e);
        }
    }

    @Override // freenet.support.api.Bucket
    public OutputStream getOutputStreamUnbuffered() throws IOException {
        if (this.isFreed) {
            throw new IOException("This RandomAccessBuffer has already been closed. This should not happen.");
        }
        OutputStream outputStreamUnbuffered = this.underlying.getOutputStreamUnbuffered();
        try {
            return new MyOutputStream(outputStreamUnbuffered, setup(outputStreamUnbuffered));
        } catch (GeneralSecurityException e) {
            Logger.error(this, "Unable to create encrypted bucket: " + e, e);
            throw new IOException(e);
        }
    }

    @Override // freenet.support.api.Bucket
    public InputStream getInputStreamUnbuffered() throws IOException {
        if (size() == 0) {
            return new NullInputStream();
        }
        if (this.isFreed) {
            throw new IOException("This RandomAccessBuffer has already been closed. This should not happen.");
        }
        InputStream inputStreamUnbuffered = this.underlying.getInputStreamUnbuffered();
        try {
            return new MyInputStream(inputStreamUnbuffered, setup(inputStreamUnbuffered));
        } catch (GeneralSecurityException e) {
            Logger.error(this, "Unable to read encrypted bucket: " + e, e);
            throw new IOException(e);
        }
    }

    @Override // freenet.support.api.Bucket
    public String getName() {
        return getClass().getName() + UpdaterConstants.SEPARATOR + this.underlying.getName();
    }

    @Override // freenet.support.api.Bucket
    public long size() {
        long size = this.underlying.size();
        if (size == 0) {
            return 0L;
        }
        return size - this.type.headerLen;
    }

    @Override // freenet.support.api.Bucket
    public boolean isReadOnly() {
        return this.underlying.isReadOnly();
    }

    @Override // freenet.support.api.Bucket
    public void setReadOnly() {
        this.underlying.setReadOnly();
    }

    @Override // freenet.support.api.Bucket
    public void free() {
        if (this.isFreed) {
            return;
        }
        this.isFreed = true;
        this.underlying.free();
    }

    @Override // freenet.support.api.RandomAccessBucket, freenet.support.api.Bucket
    public RandomAccessBucket createShadow() {
        return new EncryptedRandomAccessBucket(this.type, this.underlying.createShadow(), this.masterKey);
    }

    @Override // freenet.support.api.RandomAccessBucket
    public LockableRandomAccessBuffer toRandomAccessBuffer() throws IOException {
        if (this.underlying.size() < this.type.headerLen) {
            throw new IOException("Converting empty bucket");
        }
        this.underlying.setReadOnly();
        try {
            return new EncryptedRandomAccessBuffer(this.type, this.underlying.toRandomAccessBuffer(), this.masterKey, false);
        } catch (GeneralSecurityException e) {
            Logger.error(this, "Unable to convert encrypted bucket: " + e, e);
            throw new IOException(e);
        }
    }

    @Override // freenet.support.api.Bucket
    public OutputStream getOutputStream() throws IOException {
        return new BufferedOutputStream(getOutputStreamUnbuffered());
    }

    @Override // freenet.support.api.Bucket
    public InputStream getInputStream() throws IOException {
        return new BufferedInputStream(getInputStreamUnbuffered());
    }

    @Override // freenet.support.api.Bucket
    public void onResume(ClientContext clientContext) throws ResumeFailedException {
        this.underlying.onResume(clientContext);
        this.masterKey = clientContext.getPersistentMasterSecret();
        baseSetup(this.masterKey);
    }

    @Override // freenet.support.api.Bucket
    public void storeTo(DataOutputStream dataOutputStream) throws IOException {
        dataOutputStream.writeInt(MAGIC);
        dataOutputStream.writeInt(this.type.bitmask);
        this.underlying.storeTo(dataOutputStream);
    }

    public EncryptedRandomAccessBucket(DataInputStream dataInputStream, FilenameGenerator filenameGenerator, PersistentFileTracker persistentFileTracker, MasterSecret masterSecret) throws IOException, ResumeFailedException, StorageFormatException {
        this.type = EncryptedRandomAccessBufferType.getByBitmask(dataInputStream.readInt());
        if (this.type == null) {
            throw new ResumeFailedException("Unknown EncryptedRandomAccessBucket type");
        }
        this.underlying = (RandomAccessBucket) BucketTools.restoreFrom(dataInputStream, filenameGenerator, persistentFileTracker, masterSecret);
        baseSetup(masterSecret);
    }

    public int hashCode() {
        return (31 * ((31 * 1) + this.type.hashCode())) + this.underlying.hashCode();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        EncryptedRandomAccessBucket encryptedRandomAccessBucket = (EncryptedRandomAccessBucket) obj;
        if (this.type != encryptedRandomAccessBucket.type) {
            return false;
        }
        return this.underlying.equals(encryptedRandomAccessBucket.underlying);
    }

    public RandomAccessBucket getUnderlying() {
        return this.underlying;
    }
}
