package org.bouncycastle.openpgp.operator;

import java.security.SecureRandom;
import org.bouncycastle.bcpg.AEADUtils;
import org.bouncycastle.bcpg.ContainedPacket;
import org.bouncycastle.bcpg.S2K;
import org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket;
import org.bouncycastle.bcpg.SymmetricKeyUtils;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
import org.bouncycastle.crypto.modes.AEADBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.HKDFParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.operator.bc.BcAEADUtil;
import org.bouncycastle.util.Arrays;

/* loaded from: input_file:org/bouncycastle/openpgp/operator/PBEKeyEncryptionMethodGenerator.class */
public abstract class PBEKeyEncryptionMethodGenerator extends PGPKeyEncryptionMethodGenerator {
    private char[] passPhrase;
    private PGPDigestCalculator s2kDigestCalculator;
    private S2K s2k;
    private SecureRandom random;
    private int s2kCount;
    private int wrapAlg;

    /* JADX INFO: Access modifiers changed from: protected */
    public PBEKeyEncryptionMethodGenerator(char[] cArr, PGPDigestCalculator pGPDigestCalculator) {
        this(cArr, pGPDigestCalculator, 96);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PBEKeyEncryptionMethodGenerator(char[] cArr, S2K.Argon2Params argon2Params) {
        this.wrapAlg = -1;
        this.passPhrase = cArr;
        this.s2k = new S2K(argon2Params);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PBEKeyEncryptionMethodGenerator(char[] cArr, PGPDigestCalculator pGPDigestCalculator, int i) {
        this.wrapAlg = -1;
        this.passPhrase = cArr;
        this.s2kDigestCalculator = pGPDigestCalculator;
        if (i < 0 || i > 255) {
            throw new IllegalArgumentException("s2kCount value outside of range 0 to 255.");
        }
        this.s2kCount = i;
    }

    public PBEKeyEncryptionMethodGenerator setSecureRandom(SecureRandom secureRandom) {
        this.random = secureRandom;
        return this;
    }

    public PBEKeyEncryptionMethodGenerator setSessionKeyWrapperAlgorithm(int i) {
        this.wrapAlg = i;
        return this;
    }

    public int getSessionKeyWrapperAlgorithm(int i) {
        return this.wrapAlg < 0 ? i : this.wrapAlg;
    }

    public byte[] getKey(int i) throws PGPException {
        if (this.s2k == null) {
            byte[] bArr = new byte[8];
            if (this.random == null) {
                this.random = new SecureRandom();
            }
            this.random.nextBytes(bArr);
            this.s2k = new S2K(this.s2kDigestCalculator.getAlgorithm(), bArr, this.s2kCount);
        }
        return PGPUtil.makeKeyFromPassPhrase(this.s2kDigestCalculator, i, this.s2k, this.passPhrase);
    }

    @Override // org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator
    public ContainedPacket generateV5(int i, int i2, byte[] bArr) throws PGPException {
        return generate(i, bArr);
    }

    @Override // org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator
    public ContainedPacket generateV6(int i, int i2, byte[] bArr) throws PGPException {
        return generateV6ESK(i, i2, bArr);
    }

    private ContainedPacket generateV5ESK(int i, int i2, byte[] bArr) throws PGPException {
        byte[] key = getKey(i);
        byte[] bArr2 = new byte[bArr.length - 3];
        System.arraycopy(bArr, 1, bArr2, 0, bArr2.length);
        byte[] bArr3 = new byte[AEADUtils.getIVLength(i2)];
        this.random.nextBytes(bArr3);
        AEADBlockCipher createAEADCipher = BcAEADUtil.createAEADCipher(i, i2);
        createAEADCipher.init(true, new AEADParameters(new KeyParameter(key), 128, bArr3, new byte[]{-61, 5, (byte) i, (byte) i2}));
        int authTagLength = AEADUtils.getAuthTagLength(i2);
        byte[] bArr4 = new byte[createAEADCipher.getOutputSize(bArr2.length)];
        int processBytes = createAEADCipher.processBytes(bArr2, 0, bArr2.length, bArr4, 0);
        try {
            int doFinal = processBytes + createAEADCipher.doFinal(bArr4, processBytes);
            byte[] copyOfRange = Arrays.copyOfRange(bArr4, 0, bArr4.length - authTagLength);
            return SymmetricKeyEncSessionPacket.createV5Packet(i, i2, bArr3, this.s2k, copyOfRange, Arrays.copyOfRange(bArr4, copyOfRange.length, bArr4.length));
        } catch (InvalidCipherTextException e) {
            throw new PGPException("cannot encrypt session info", e);
        }
    }

    private ContainedPacket generateV6ESK(int i, int i2, byte[] bArr) throws PGPException {
        byte[] key = getKey(i);
        byte[] bArr2 = {-61, 6, (byte) i, (byte) i2};
        HKDFBytesGenerator hKDFBytesGenerator = new HKDFBytesGenerator(new SHA256Digest());
        hKDFBytesGenerator.init(new HKDFParameters(key, null, bArr2));
        byte[] bArr3 = new byte[SymmetricKeyUtils.getKeyLengthInOctets(i)];
        hKDFBytesGenerator.generateBytes(bArr3, 0, bArr3.length);
        byte[] bArr4 = new byte[bArr.length - 3];
        System.arraycopy(bArr, 1, bArr4, 0, bArr4.length);
        byte[] bArr5 = new byte[AEADUtils.getIVLength(i2)];
        this.random.nextBytes(bArr5);
        AEADBlockCipher createAEADCipher = BcAEADUtil.createAEADCipher(i, i2);
        createAEADCipher.init(true, new AEADParameters(new KeyParameter(bArr3), 128, bArr5, bArr2));
        int authTagLength = AEADUtils.getAuthTagLength(i2);
        byte[] bArr6 = new byte[createAEADCipher.getOutputSize(bArr4.length)];
        int processBytes = createAEADCipher.processBytes(bArr4, 0, bArr4.length, bArr6, 0);
        try {
            int doFinal = processBytes + createAEADCipher.doFinal(bArr6, processBytes);
            byte[] copyOfRange = Arrays.copyOfRange(bArr6, 0, bArr6.length - authTagLength);
            return SymmetricKeyEncSessionPacket.createV6Packet(i, i2, bArr5, this.s2k, copyOfRange, Arrays.copyOfRange(bArr6, copyOfRange.length, bArr6.length));
        } catch (InvalidCipherTextException e) {
            throw new PGPException("cannot encrypt session info", e);
        }
    }

    @Override // org.bouncycastle.openpgp.operator.PGPKeyEncryptionMethodGenerator
    public ContainedPacket generate(int i, byte[] bArr) throws PGPException {
        if (bArr == null) {
            return SymmetricKeyEncSessionPacket.createV4Packet(i, this.s2k, null);
        }
        byte[] key = getKey(i);
        byte[] bArr2 = new byte[bArr.length - 2];
        System.arraycopy(bArr, 0, bArr2, 0, bArr2.length);
        return SymmetricKeyEncSessionPacket.createV4Packet(i, this.s2k, encryptSessionInfo(i, key, bArr2));
    }

    protected abstract byte[] encryptSessionInfo(int i, byte[] bArr, byte[] bArr2) throws PGPException;
}
