package com.google.crypto.tink.aead.subtle;

import com.facebook.common.dextricks.DalvikInternals;
import com.google.crypto.tink.AccessesPartialKey;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.SecretKeyAccess;
import com.google.crypto.tink.aead.AesGcmSivKey;
import com.google.crypto.tink.annotations.Alpha;
import com.google.crypto.tink.internal.Random;
import com.google.crypto.tink.internal.Util;
import com.google.crypto.tink.subtle.Bytes;
import com.google.crypto.tink.subtle.EngineFactory;
import com.google.crypto.tink.subtle.Hex;
import com.google.crypto.tink.subtle.Validators;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

@Alpha
/* loaded from: classes2.dex */
public final class AesGcmSiv implements Aead {
    private static final byte[] a = Hex.a("7a806c");
    private static final byte[] b = Hex.a("46bb91c3c5");
    private static final byte[] c = Hex.a("36864200e0eaf5284d884a0e77d31646");
    private static final byte[] d = Hex.a("bae8e37fc83441b16034566b");
    private static final byte[] e = Hex.a("af60eb711bd85bc1e4d3e0a462e074eea428a8");
    private static final ThreadLocal<Cipher> f = new ThreadLocal<Cipher>() { // from class: com.google.crypto.tink.aead.subtle.AesGcmSiv.1
        private static Cipher a() {
            try {
                Cipher a2 = EngineFactory.a.a("AES/GCM-SIV/NoPadding");
                if (AesGcmSiv.a(a2)) {
                    return a2;
                }
                return null;
            } catch (GeneralSecurityException e2) {
                throw new IllegalStateException(e2);
            }
        }

        @Override // java.lang.ThreadLocal
        protected /* synthetic */ Cipher initialValue() {
            return a();
        }
    };
    private final SecretKey g;
    private final byte[] h;

    private AesGcmSiv(byte[] bArr, byte[] bArr2) {
        this.h = bArr2;
        Validators.a(bArr.length);
        this.g = new SecretKeySpec(bArr, "AES");
    }

    @AccessesPartialKey
    public static Aead a(AesGcmSivKey aesGcmSivKey) {
        return new AesGcmSiv(aesGcmSivKey.b.a(SecretKeyAccess.a), aesGcmSivKey.c.a());
    }

    private static AlgorithmParameterSpec a(byte[] bArr, int i) {
        return new GCMParameterSpec(DalvikInternals.ART_HACK_DISABLE_MONITOR_VISITLOCKS, bArr, 0, i);
    }

    private static Cipher a() {
        Cipher cipher = f.get();
        if (cipher != null) {
            return cipher;
        }
        throw new GeneralSecurityException("AES GCM SIV cipher is not available or is invalid.");
    }

    static boolean a(Cipher cipher) {
        try {
            byte[] bArr = d;
            cipher.init(2, new SecretKeySpec(c, "AES"), a(bArr, bArr.length));
            cipher.updateAAD(b);
            byte[] bArr2 = e;
            return MessageDigest.isEqual(cipher.doFinal(bArr2, 0, bArr2.length), a);
        } catch (GeneralSecurityException unused) {
            return false;
        }
    }

    private byte[] c(byte[] bArr, byte[] bArr2) {
        Cipher a2 = a();
        if (bArr.length < 28) {
            throw new GeneralSecurityException("ciphertext too short");
        }
        a2.init(2, this.g, a(bArr, 12));
        if (bArr2 != null && bArr2.length != 0) {
            a2.updateAAD(bArr2);
        }
        return a2.doFinal(bArr, 12, bArr.length - 12);
    }

    @Override // com.google.crypto.tink.Aead
    public final byte[] a(byte[] bArr, byte[] bArr2) {
        Cipher a2 = a();
        if (bArr.length > 2147483619) {
            throw new GeneralSecurityException("plaintext too long");
        }
        byte[] bArr3 = new byte[bArr.length + 12 + 16];
        byte[] a3 = Random.a(12);
        System.arraycopy(a3, 0, bArr3, 0, 12);
        a2.init(1, this.g, a(a3, a3.length));
        if (bArr2 != null && bArr2.length != 0) {
            a2.updateAAD(bArr2);
        }
        int doFinal = a2.doFinal(bArr, 0, bArr.length, bArr3, 12);
        if (doFinal != bArr.length + 16) {
            throw new GeneralSecurityException(String.format("encryption failed; GCM tag must be %s bytes, but got only %s bytes", 16, Integer.valueOf(doFinal - bArr.length)));
        }
        byte[] bArr4 = this.h;
        return bArr4.length == 0 ? bArr3 : Bytes.a(bArr4, bArr3);
    }

    @Override // com.google.crypto.tink.Aead
    public final byte[] b(byte[] bArr, byte[] bArr2) {
        byte[] bArr3 = this.h;
        if (bArr3.length == 0) {
            return c(bArr, bArr2);
        }
        if (Util.a(bArr3, bArr)) {
            return c(Arrays.copyOfRange(bArr, this.h.length, bArr.length), bArr2);
        }
        throw new GeneralSecurityException("Decryption failed (OutputPrefix mismatch).");
    }
}
