package com.aliyun.encryptionsdk.model;

import com.aliyun.encryptionsdk.exception.AliyunException;
import com.aliyun.encryptionsdk.handler.AlgorithmHandler;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.TreeSet;

/* loaded from: input_file:com/aliyun/encryptionsdk/model/CipherHeader.class */
public class CipherHeader {
    private int version;
    private CryptoAlgorithm algorithm;
    private Map<String, String> encryptionContext;
    private byte[] encryptionContextBytes;
    private List<EncryptedDataKey> encryptedDataKeys;
    private byte[] headerIv;
    private byte[] headerAuthTag;
    public static int HEADER_IV_LEN = 12;

    public CipherHeader(List<EncryptedDataKey> list, Map<String, String> map, CryptoAlgorithm cryptoAlgorithm) {
        this.version = 1;
        this.encryptedDataKeys = list;
        this.encryptionContext = map;
        serializeContext();
        this.algorithm = cryptoAlgorithm;
    }

    public CipherHeader(List<EncryptedDataKey> list, Map<String, String> map, CryptoAlgorithm cryptoAlgorithm, byte[] bArr, byte[] bArr2) {
        this.version = 1;
        this.encryptedDataKeys = list;
        this.encryptionContext = map;
        serializeContext();
        this.algorithm = cryptoAlgorithm;
        this.headerIv = bArr;
        this.headerAuthTag = bArr2;
    }

    public CipherHeader(int i, List<EncryptedDataKey> list, Map<String, String> map, CryptoAlgorithm cryptoAlgorithm) {
        this.version = i;
        this.encryptedDataKeys = list;
        this.encryptionContext = map;
        serializeContext();
        this.algorithm = cryptoAlgorithm;
    }

    public CipherHeader(int i, List<EncryptedDataKey> list, Map<String, String> map, CryptoAlgorithm cryptoAlgorithm, byte[] bArr, byte[] bArr2) {
        this.version = i;
        this.encryptedDataKeys = list;
        this.encryptionContext = map;
        serializeContext();
        this.algorithm = cryptoAlgorithm;
        this.headerIv = bArr;
        this.headerAuthTag = bArr2;
    }

    public CipherHeader() {
    }

    public void setVersion(int i) {
        this.version = i;
    }

    public int getVersion() {
        return this.version;
    }

    public void setHeaderIv(byte[] bArr) {
        this.headerIv = bArr;
    }

    public void setAlgorithm(CryptoAlgorithm cryptoAlgorithm) {
        this.algorithm = cryptoAlgorithm;
    }

    public List<EncryptedDataKey> getEncryptedDataKeys() {
        return this.encryptedDataKeys;
    }

    public Map<String, String> getEncryptionContext() {
        return this.encryptionContext;
    }

    public byte[] getEncryptionContextBytes() {
        return this.encryptionContextBytes;
    }

    public CryptoAlgorithm getAlgorithm() {
        return this.algorithm;
    }

    public byte[] getHeaderIv() {
        return this.headerIv;
    }

    public byte[] getHeaderAuthTag() {
        return this.headerAuthTag;
    }

    public void calculateHeaderAuthTag(AlgorithmHandler algorithmHandler) {
        byte[] serializeAuthenticatedFields = serializeAuthenticatedFields();
        byte[] bArr = new byte[HEADER_IV_LEN];
        new SecureRandom().nextBytes(bArr);
        byte[] headerGcmEncrypt = algorithmHandler.headerGcmEncrypt(bArr, serializeAuthenticatedFields, new byte[0], 0, 0);
        this.headerIv = bArr;
        this.headerAuthTag = headerGcmEncrypt;
    }

    public boolean verifyHeaderAuthTag(AlgorithmHandler algorithmHandler) {
        try {
            byte[] headerGcmEncrypt = algorithmHandler.headerGcmEncrypt(this.headerIv, serializeAuthenticatedFields(), new byte[0], 0, 0);
            if (headerGcmEncrypt == null) {
                return false;
            }
            return Arrays.equals(this.headerAuthTag, headerGcmEncrypt);
        } catch (Exception e) {
            return false;
        }
    }

    public byte[] serializeAuthenticatedFields() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.writeInt(this.version);
            dataOutputStream.writeInt(this.algorithm.getValue());
            dataOutputStream.writeInt(this.encryptionContext.size());
            dataOutputStream.write(this.encryptionContextBytes);
            dataOutputStream.writeInt(this.encryptedDataKeys.size());
            Iterator it = new TreeSet(this.encryptedDataKeys).iterator();
            while (it.hasNext()) {
                dataOutputStream.write(((EncryptedDataKey) it.next()).toByteArray());
            }
            dataOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new AliyunException("Failed to serialize cipher text headers", e);
        }
    }

    public byte[] serialize() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
            dataOutputStream.writeInt(this.version);
            dataOutputStream.writeInt(this.algorithm.getValue());
            dataOutputStream.writeInt(this.encryptionContextBytes.length);
            dataOutputStream.write(this.encryptionContextBytes);
            dataOutputStream.writeInt(this.encryptedDataKeys.size());
            Iterator it = new TreeSet(this.encryptedDataKeys).iterator();
            while (it.hasNext()) {
                dataOutputStream.write(((EncryptedDataKey) it.next()).toByteArray());
            }
            dataOutputStream.writeInt(this.headerIv.length);
            dataOutputStream.write(this.headerIv);
            dataOutputStream.writeInt(this.headerAuthTag.length);
            dataOutputStream.write(this.headerAuthTag);
            dataOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new AliyunException("Failed to serialize cipher text headers", e);
        }
    }

    public void deserialize(InputStream inputStream) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(inputStream);
        this.version = dataInputStream.readInt();
        this.algorithm = CryptoAlgorithm.getAlgorithm(dataInputStream.readInt());
        this.encryptionContextBytes = new byte[dataInputStream.readInt()];
        dataInputStream.read(this.encryptionContextBytes);
        deserializeContext();
        int readInt = dataInputStream.readInt();
        this.encryptedDataKeys = new ArrayList();
        for (int i = 0; i < readInt; i++) {
            byte[] bArr = new byte[dataInputStream.readInt()];
            dataInputStream.read(bArr);
            byte[] bArr2 = new byte[dataInputStream.readInt()];
            dataInputStream.read(bArr2);
            this.encryptedDataKeys.add(new EncryptedDataKey(bArr, bArr2));
        }
        this.headerIv = new byte[dataInputStream.readInt()];
        dataInputStream.read(this.headerIv);
        this.headerAuthTag = new byte[dataInputStream.readInt()];
        dataInputStream.read(this.headerAuthTag);
    }

    private void serializeContext() {
        if (this.encryptionContext.size() == 0) {
            this.encryptionContextBytes = new byte[0];
            return;
        }
        TreeMap treeMap = new TreeMap((str, str2) -> {
            byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
            byte[] bytes2 = str2.getBytes(StandardCharsets.UTF_8);
            int min = Math.min(bytes.length, bytes2.length);
            for (int i = 0; i < min; i++) {
                int i2 = bytes[i] & 255;
                int i3 = bytes2[i] & 255;
                if (i2 != i3) {
                    return i2 - i3;
                }
            }
            return bytes.length - bytes2.length;
        });
        treeMap.putAll(this.encryptionContext);
        ByteBuffer allocate = ByteBuffer.allocate(32767);
        allocate.order(ByteOrder.BIG_ENDIAN);
        allocate.putInt(this.encryptionContext.size());
        try {
            for (Map.Entry entry : treeMap.entrySet()) {
                byte[] bytes = ((String) entry.getKey()).getBytes(StandardCharsets.UTF_8);
                allocate.putInt(bytes.length);
                allocate.put(bytes);
                byte[] bytes2 = ((String) entry.getValue()).getBytes(StandardCharsets.UTF_8);
                allocate.putInt(bytes2.length);
                allocate.put(bytes2);
            }
            allocate.flip();
            this.encryptionContextBytes = new byte[allocate.limit()];
            allocate.get(this.encryptionContextBytes);
        } catch (BufferUnderflowException e) {
            throw new AliyunException("encryptionContext must be shorter than 32767", e);
        }
    }

    private void deserializeContext() {
        if (this.encryptionContextBytes.length == 0) {
            this.encryptionContext = Collections.emptyMap();
            return;
        }
        ByteBuffer wrap = ByteBuffer.wrap(this.encryptionContextBytes);
        wrap.order(ByteOrder.BIG_ENDIAN);
        int i = wrap.getInt();
        this.encryptionContext = new HashMap();
        for (int i2 = 0; i2 < i; i2++) {
            byte[] bArr = new byte[wrap.getInt()];
            wrap.get(bArr);
            byte[] bArr2 = new byte[wrap.getInt()];
            wrap.get(bArr2);
            this.encryptionContext.put(new String(bArr, StandardCharsets.UTF_8), new String(bArr2, StandardCharsets.UTF_8));
        }
    }
}
