package de.schlichtherle.truezip.crypto.raes;

import de.schlichtherle.truezip.crypto.SICSeekableBlockCipher;
import de.schlichtherle.truezip.crypto.SeekableBlockCipher;
import de.schlichtherle.truezip.crypto.SuspensionPenalty;
import de.schlichtherle.truezip.crypto.raes.Type0RaesParameters;
import de.schlichtherle.truezip.rof.ReadOnlyFile;
import de.schlichtherle.truezip.util.ArrayHelper;
import java.io.EOFException;
import java.io.IOException;
import libtruezip.lcrypto.crypto.PBEParametersGenerator;
import libtruezip.lcrypto.crypto.digests.SHA256Digest;
import libtruezip.lcrypto.crypto.engines.AESFastEngine;
import libtruezip.lcrypto.crypto.generators.PKCS12ParametersGenerator;
import libtruezip.lcrypto.crypto.macs.HMac;
import libtruezip.lcrypto.crypto.params.KeyParameter;
import libtruezip.lcrypto.crypto.params.ParametersWithIV;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public final class Type0RaesReadOnlyFile extends RaesReadOnlyFile {

    /* renamed from: -assertionsDisabled, reason: not valid java name */
    static final /* synthetic */ boolean f10assertionsDisabled;
    private final byte[] footer;
    private final Type0RaesParameters.KeyStrength keyStrength;
    private final KeyParameter sha256MacParam;
    private final Type0RaesParameters type0Params;

    static {
        f10assertionsDisabled = !Type0RaesReadOnlyFile.class.desiredAssertionStatus();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Type0RaesReadOnlyFile(ReadOnlyFile readOnlyFile, Type0RaesParameters type0RaesParameters) throws IOException {
        super(readOnlyFile);
        if (!f10assertionsDisabled) {
            if (!(type0RaesParameters != null)) {
                throw new AssertionError();
            }
        }
        this.type0Params = type0RaesParameters;
        readOnlyFile.seek(0L);
        long length = readOnlyFile.length();
        byte[] bArr = new byte[8];
        readOnlyFile.readFully(bArr);
        short readUByte = readUByte(bArr, 5);
        try {
            Type0RaesParameters.KeyStrength keyStrength = Type0RaesParameters.KeyStrength.valuesCustom()[readUByte];
            if (!f10assertionsDisabled) {
                if (!(keyStrength.ordinal() == readUByte)) {
                    throw new AssertionError();
                }
            }
            int bytes = keyStrength.getBytes();
            int bits = keyStrength.getBits();
            this.keyStrength = keyStrength;
            int readUShort = readUShort(bArr, 6);
            if (1024 > readUShort) {
                throw new RaesException("Iteration count must be 1024 or greater, but is " + readUShort + "!");
            }
            byte[] bArr2 = new byte[bytes];
            readOnlyFile.readFully(bArr2);
            HMac hMac = new HMac(new SHA256Digest());
            this.footer = new byte[hMac.getMacSize()];
            long length2 = bArr.length + bArr2.length;
            long length3 = length - this.footer.length;
            long j = length3 - length2;
            if (j < 0) {
                throw new RaesException("False positive Type 0 RAES file is too short!", new EOFException());
            }
            readOnlyFile.seek(length3);
            readOnlyFile.readFully(this.footer);
            if (-1 != readOnlyFile.read()) {
                throw new RaesException("Expected end of file after data envelope trailer!");
            }
            PKCS12ParametersGenerator pKCS12ParametersGenerator = new PKCS12ParametersGenerator(new SHA256Digest());
            char[] readPassword = type0RaesParameters.getReadPassword(false);
            if (!f10assertionsDisabled) {
                if (!(readPassword != null)) {
                    throw new AssertionError();
                }
            }
            byte[] PKCS12PasswordToBytes = PBEParametersGenerator.PKCS12PasswordToBytes(readPassword);
            int length4 = readPassword.length;
            while (true) {
                length4--;
                if (length4 < 0) {
                    break;
                } else {
                    readPassword[length4] = 0;
                }
            }
            pKCS12ParametersGenerator.init(PKCS12PasswordToBytes, bArr2, readUShort);
            ParametersWithIV parametersWithIV = (ParametersWithIV) pKCS12ParametersGenerator.generateDerivedParameters(bits, 128);
            KeyParameter keyParameter = (KeyParameter) pKCS12ParametersGenerator.generateDerivedMacParameters(bits);
            paranoidWipe(PKCS12PasswordToBytes);
            hMac.init(keyParameter);
            byte[] key = ((KeyParameter) parametersWithIV.getParameters()).getKey();
            hMac.update(key, 0, key.length);
            byte[] bArr3 = new byte[hMac.getMacSize()];
            RaesOutputStream.klac(hMac, j, bArr3);
            if (!ArrayHelper.equals(this.footer, 0, bArr3, 0, bArr3.length / 2)) {
                type0RaesParameters.invalidate();
                SuspensionPenalty.apply();
                throw new RaesAuthenticationException();
            }
            this.sha256MacParam = keyParameter;
            SeekableBlockCipher sICSeekableBlockCipher = new SICSeekableBlockCipher(new AESFastEngine());
            sICSeekableBlockCipher.init(false, parametersWithIV);
            init(sICSeekableBlockCipher, length2, j);
            type0RaesParameters.setKeyStrength(keyStrength);
        } catch (ArrayIndexOutOfBoundsException e) {
            throw new RaesException("Unknown index for cipher key strength: " + ((int) readUByte));
        }
    }

    private void paranoidWipe(byte[] bArr) {
        int length = bArr.length;
        while (true) {
            length--;
            if (length < 0) {
                return;
            } else {
                bArr[length] = 0;
            }
        }
    }

    @Override // de.schlichtherle.truezip.crypto.raes.RaesReadOnlyFile
    public void authenticate() throws IOException {
        HMac hMac = new HMac(new SHA256Digest());
        hMac.init(this.sha256MacParam);
        byte[] computeMac = computeMac(hMac);
        if (!f10assertionsDisabled) {
            if (!(computeMac.length == hMac.getMacSize())) {
                throw new AssertionError();
            }
        }
        if (ArrayHelper.equals(computeMac, 0, this.footer, this.footer.length / 2, this.footer.length / 2)) {
            return;
        }
        this.type0Params.invalidate();
        SuspensionPenalty.apply();
        throw new RaesAuthenticationException();
    }

    @Override // de.schlichtherle.truezip.crypto.raes.RaesReadOnlyFile
    public Type0RaesParameters.KeyStrength getKeyStrength() {
        return this.keyStrength;
    }
}
