package com.google.crypto.tink.subtle;

import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.InsecureSecretKeyAccess;
import com.google.crypto.tink.aead.AesGcmKey;
import com.google.crypto.tink.aead.internal.InsecureNonceAesGcmJce;
import com.google.crypto.tink.config.internal.TinkFipsUtil;
import com.google.crypto.tink.internal.Util;
import com.google.errorprone.annotations.Immutable;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

@Immutable
/* loaded from: input_file:com/google/crypto/tink/subtle/AesGcmJce.class */
public final class AesGcmJce implements Aead {
    public static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS = TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;
    private static final int IV_SIZE_IN_BYTES = 12;
    private static final int TAG_SIZE_IN_BYTES = 16;
    private final SecretKey keySpec;
    private final byte[] outputPrefix;

    private AesGcmJce(byte[] bArr, com.google.crypto.tink.util.Bytes bytes) throws GeneralSecurityException {
        if (!FIPS.isCompatible()) {
            throw new GeneralSecurityException("Can not use AES-GCM in FIPS-mode, as BoringCrypto module is not available.");
        }
        Validators.validateAesKeySize(bArr.length);
        this.keySpec = new SecretKeySpec(bArr, "AES");
        this.outputPrefix = bytes.toByteArray();
    }

    public AesGcmJce(byte[] bArr) throws GeneralSecurityException {
        this(bArr, com.google.crypto.tink.util.Bytes.copyFrom(new byte[0]));
    }

    @AccessesPartialKey
    public static Aead create(AesGcmKey aesGcmKey) throws GeneralSecurityException {
        if (aesGcmKey.getParameters().getIvSizeBytes() != 12) {
            throw new GeneralSecurityException("Expected IV Size 12, got " + aesGcmKey.getParameters().getIvSizeBytes());
        }
        if (aesGcmKey.getParameters().getTagSizeBytes() != 16) {
            throw new GeneralSecurityException("Expected tag Size 16, got " + aesGcmKey.getParameters().getTagSizeBytes());
        }
        return new AesGcmJce(aesGcmKey.getKeyBytes().toByteArray(InsecureSecretKeyAccess.get()), aesGcmKey.getOutputPrefix());
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] encrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (bArr == null) {
            throw new NullPointerException("plaintext is null");
        }
        byte[] randBytes = Random.randBytes(12);
        AlgorithmParameterSpec params = InsecureNonceAesGcmJce.getParams(randBytes);
        Cipher threadLocalCipher = InsecureNonceAesGcmJce.getThreadLocalCipher();
        threadLocalCipher.init(1, this.keySpec, params);
        if (bArr2 != null && bArr2.length != 0) {
            threadLocalCipher.updateAAD(bArr2);
        }
        int outputSize = threadLocalCipher.getOutputSize(bArr.length);
        if (outputSize > (Integer.MAX_VALUE - this.outputPrefix.length) - 12) {
            throw new GeneralSecurityException("plaintext too long");
        }
        byte[] copyOf = Arrays.copyOf(this.outputPrefix, this.outputPrefix.length + 12 + outputSize);
        System.arraycopy(randBytes, 0, copyOf, this.outputPrefix.length, 12);
        if (threadLocalCipher.doFinal(bArr, 0, bArr.length, copyOf, this.outputPrefix.length + 12) != outputSize) {
            throw new GeneralSecurityException("not enough data written");
        }
        return copyOf;
    }

    @Override // com.google.crypto.tink.Aead
    public byte[] decrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (bArr == null) {
            throw new NullPointerException("ciphertext is null");
        }
        if (bArr.length < this.outputPrefix.length + 12 + 16) {
            throw new GeneralSecurityException("ciphertext too short");
        }
        if (!Util.isPrefix(this.outputPrefix, bArr)) {
            throw new GeneralSecurityException("Decryption failed (OutputPrefix mismatch).");
        }
        byte[] bArr3 = new byte[12];
        System.arraycopy(bArr, this.outputPrefix.length, bArr3, 0, 12);
        AlgorithmParameterSpec params = InsecureNonceAesGcmJce.getParams(bArr3);
        Cipher threadLocalCipher = InsecureNonceAesGcmJce.getThreadLocalCipher();
        threadLocalCipher.init(2, this.keySpec, params);
        if (bArr2 != null && bArr2.length != 0) {
            threadLocalCipher.updateAAD(bArr2);
        }
        return threadLocalCipher.doFinal(bArr, this.outputPrefix.length + 12, (bArr.length - this.outputPrefix.length) - 12);
    }
}
