package com.google.crypto.tink.aead;

import com.google.crypto.tink.Aead;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.Key;
import com.google.crypto.tink.Parameters;
import com.google.crypto.tink.TinkProtoParametersFormat;
import com.google.crypto.tink.internal.MutableKeyCreationRegistry;
import com.google.crypto.tink.internal.MutablePrimitiveRegistry;
import com.google.crypto.tink.internal.MutableSerializationRegistry;
import com.google.crypto.tink.internal.ProtoKeySerialization;
import com.google.crypto.tink.proto.KeyData;
import com.google.crypto.tink.proto.KeyTemplate;
import com.google.crypto.tink.proto.OutputPrefixType;
import com.google.crypto.tink.shaded.protobuf.ByteString;
import com.google.crypto.tink.shaded.protobuf.ExtensionRegistryLite;
import com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

/* loaded from: classes.dex */
public final class KmsEnvelopeAead implements Aead {
    private static final byte[] EMPTY_AAD = new byte[0];
    private static final Set supportedDekKeyTypes = listSupportedDekKeyTypes();
    private final Parameters parametersForNewKeys;
    private final Aead remote;
    private final String typeUrlForParsing;

    @Deprecated
    public KmsEnvelopeAead(KeyTemplate keyTemplate, Aead aead) {
        if (isSupportedDekKeyType(keyTemplate.getTypeUrl())) {
            this.typeUrlForParsing = keyTemplate.getTypeUrl();
            this.parametersForNewKeys = getRawParameters(keyTemplate);
            this.remote = aead;
        } else {
            throw new IllegalArgumentException("Unsupported DEK key type: " + keyTemplate.getTypeUrl() + ". Only Tink AEAD key types are supported.");
        }
    }

    private byte[] buildCiphertext(byte[] bArr, byte[] bArr2) {
        return ByteBuffer.allocate(bArr.length + 4 + bArr2.length).putInt(bArr.length).put(bArr).put(bArr2).array();
    }

    public static Aead create(AeadParameters aeadParameters, Aead aead) {
        try {
            return new KmsEnvelopeAead(KeyTemplate.parseFrom(TinkProtoParametersFormat.serialize(aeadParameters), ExtensionRegistryLite.getEmptyRegistry()), aead);
        } catch (InvalidProtocolBufferException e) {
            throw new GeneralSecurityException(e);
        }
    }

    private Parameters getRawParameters(KeyTemplate keyTemplate) {
        return TinkProtoParametersFormat.parse(KeyTemplate.newBuilder(keyTemplate).setOutputPrefixType(OutputPrefixType.RAW).build().toByteArray());
    }

    public static boolean isSupportedDekKeyType(String str) {
        return supportedDekKeyTypes.contains(str);
    }

    private static Set listSupportedDekKeyTypes() {
        HashSet hashSet = new HashSet();
        hashSet.add("type.googleapis.com/google.crypto.tink.AesGcmKey");
        hashSet.add("type.googleapis.com/google.crypto.tink.ChaCha20Poly1305Key");
        hashSet.add("type.googleapis.com/google.crypto.tink.XChaCha20Poly1305Key");
        hashSet.add("type.googleapis.com/google.crypto.tink.AesCtrHmacAeadKey");
        hashSet.add("type.googleapis.com/google.crypto.tink.AesGcmSivKey");
        hashSet.add("type.googleapis.com/google.crypto.tink.AesEaxKey");
        return Collections.unmodifiableSet(hashSet);
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] decrypt(byte[] bArr, byte[] bArr2) {
        try {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            int i = wrap.getInt();
            if (i <= 0 || i > 4096 || i > bArr.length - 4) {
                throw new GeneralSecurityException("length of encrypted DEK too large");
            }
            byte[] bArr3 = new byte[i];
            wrap.get(bArr3, 0, i);
            byte[] bArr4 = new byte[wrap.remaining()];
            wrap.get(bArr4, 0, wrap.remaining());
            return ((Aead) MutablePrimitiveRegistry.globalInstance().getPrimitive(MutableSerializationRegistry.globalInstance().parseKey(ProtoKeySerialization.create(this.typeUrlForParsing, ByteString.copyFrom(this.remote.decrypt(bArr3, EMPTY_AAD)), KeyData.KeyMaterialType.SYMMETRIC, OutputPrefixType.RAW, null), InsecureSecretKeyAccess.get()), Aead.class)).decrypt(bArr4, bArr2);
        } catch (IndexOutOfBoundsException e) {
            e = e;
            throw new GeneralSecurityException("invalid ciphertext", e);
        } catch (NegativeArraySizeException e2) {
            e = e2;
            throw new GeneralSecurityException("invalid ciphertext", e);
        } catch (BufferUnderflowException e3) {
            e = e3;
            throw new GeneralSecurityException("invalid ciphertext", e);
        }
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] encrypt(byte[] bArr, byte[] bArr2) {
        Key createKey = MutableKeyCreationRegistry.globalInstance().createKey(this.parametersForNewKeys, null);
        byte[] encrypt = this.remote.encrypt(((ProtoKeySerialization) MutableSerializationRegistry.globalInstance().serializeKey(createKey, ProtoKeySerialization.class, InsecureSecretKeyAccess.get())).getValue().toByteArray(), EMPTY_AAD);
        if (encrypt.length <= 4096) {
            return buildCiphertext(encrypt, ((Aead) MutablePrimitiveRegistry.globalInstance().getPrimitive(createKey, Aead.class)).encrypt(bArr, bArr2));
        }
        throw new GeneralSecurityException("length of encrypted DEK too large");
    }
}
