package io.minio.admin;

import com.google.common.base.Preconditions;
import java.io.UnsupportedEncodingException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.modes.GCMBlockCipher;
import org.bouncycastle.crypto.modes.GCMModeCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.crypto.params.KeyParameter;

/* loaded from: input_file:io/minio/admin/Crypto.class */
public class Crypto {
    private static final byte ARGON2ID_AES_GCM = 0;
    private static final int NONCE_LENGTH = 8;
    private static final int SALT_LENGTH = 32;
    private static final int BUFFER_SIZE = 16384;
    private static final SecureRandom RANDOM = new SecureRandom();

    private static byte[] random(int i) {
        byte[] bArr = new byte[i];
        RANDOM.nextBytes(bArr);
        return bArr;
    }

    private static byte[] generateKey(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = new byte[SALT_LENGTH];
        Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
        argon2BytesGenerator.init(new Argon2Parameters.Builder(2).withVersion(19).withSalt(bArr2).withMemoryAsKB(65536).withParallelism(4).withIterations(1).build());
        argon2BytesGenerator.generateBytes(bArr, bArr3);
        return bArr3;
    }

    private static byte[] generateAdditionalData(byte[] bArr, byte[] bArr2) throws InvalidCipherTextException {
        GCMModeCipher newInstance = GCMBlockCipher.newInstance(AESEngine.newInstance());
        newInstance.init(true, new AEADParameters(new KeyParameter(bArr), 128, bArr2));
        int length = newInstance.getMac().length;
        byte[] bArr3 = new byte[length];
        newInstance.doFinal(bArr3, ARGON2ID_AES_GCM);
        byte[] bArr4 = new byte[length + 1];
        System.arraycopy(bArr3, ARGON2ID_AES_GCM, bArr4, 1, bArr3.length);
        bArr4[ARGON2ID_AES_GCM] = Byte.MIN_VALUE;
        return bArr4;
    }

    public static byte[] encrypt(String str, byte[] bArr) throws UnsupportedEncodingException, InvalidCipherTextException {
        Preconditions.checkArgument(bArr.length <= BUFFER_SIZE, "Cannot encrypt data of length %d that is greater than block size %d, currently only n = 1 blocks (chunks) are supported.", bArr.length, BUFFER_SIZE);
        byte[] random = random(NONCE_LENGTH);
        byte[] bArr2 = new byte[12];
        System.arraycopy(random, ARGON2ID_AES_GCM, bArr2, ARGON2ID_AES_GCM, random.length);
        byte[] random2 = random(SALT_LENGTH);
        byte[] generateKey = generateKey(str.getBytes("utf-8"), random2);
        byte[] generateAdditionalData = generateAdditionalData(generateKey, bArr2);
        bArr2[NONCE_LENGTH] = 1;
        GCMModeCipher newInstance = GCMBlockCipher.newInstance(AESEngine.newInstance());
        newInstance.init(true, new AEADParameters(new KeyParameter(generateKey), 128, bArr2, generateAdditionalData));
        int outputSize = newInstance.getOutputSize(bArr.length);
        byte[] bArr3 = new byte[outputSize];
        newInstance.doFinal(bArr3, newInstance.processBytes(bArr, ARGON2ID_AES_GCM, bArr.length, bArr3, ARGON2ID_AES_GCM));
        ByteBuffer allocate = ByteBuffer.allocate(1 + random2.length + random.length + outputSize);
        allocate.put(random2);
        allocate.put((byte) 0);
        allocate.put(random);
        allocate.put(bArr3);
        return allocate.array();
    }

    public static byte[] decrypt(String str, byte[] bArr) throws UnsupportedEncodingException, InvalidCipherTextException {
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte[] bArr2 = new byte[NONCE_LENGTH];
        byte[] bArr3 = new byte[SALT_LENGTH];
        wrap.get(bArr3);
        wrap.get();
        wrap.get(bArr2);
        byte[] bArr4 = new byte[wrap.remaining()];
        wrap.get(bArr4);
        byte[] generateKey = generateKey(str.getBytes("UTF-8"), bArr3);
        byte[] bArr5 = new byte[12];
        System.arraycopy(bArr2, ARGON2ID_AES_GCM, bArr5, ARGON2ID_AES_GCM, bArr2.length);
        byte[] generateAdditionalData = generateAdditionalData(generateKey, bArr5);
        bArr5[NONCE_LENGTH] = 1;
        GCMModeCipher newInstance = GCMBlockCipher.newInstance(AESEngine.newInstance());
        newInstance.init(false, new AEADParameters(new KeyParameter(generateKey), 128, bArr5, generateAdditionalData));
        byte[] bArr6 = new byte[newInstance.getOutputSize(bArr4.length)];
        newInstance.doFinal(bArr6, newInstance.processBytes(bArr4, ARGON2ID_AES_GCM, bArr4.length, bArr6, ARGON2ID_AES_GCM));
        return ByteBuffer.wrap(bArr6).array();
    }
}
