package org.elasticsearch.repositories.encrypted;

import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.elasticsearch.core.internal.io.IOUtils;

/* loaded from: input_file:org/elasticsearch/repositories/encrypted/EncryptionPacketsInputStream.class */
public final class EncryptionPacketsInputStream extends ChainingInputStream {
    private final SecretKey secretKey;
    private final int packetLength;
    private final ByteBuffer packetIv;
    private final int encryptedPacketLength;
    final InputStream source;
    long counter;
    Long markCounter;
    int markSourceOnNextPacket;

    public static long getEncryptionLength(long j, int i) {
        return j + (((j / i) + 1) * 28);
    }

    public EncryptionPacketsInputStream(InputStream inputStream, SecretKey secretKey, int i, int i2) {
        this.source = (InputStream) Objects.requireNonNull(inputStream);
        this.secretKey = (SecretKey) Objects.requireNonNull(secretKey);
        if (i2 <= 0 || i2 >= 8388608) {
            throw new IllegalArgumentException("Invalid packet length [" + i2 + "]");
        }
        this.packetLength = i2;
        this.packetIv = ByteBuffer.allocate(12).order(ByteOrder.LITTLE_ENDIAN);
        this.packetIv.putInt(0, i);
        this.encryptedPacketLength = i2 + 12 + 16;
        this.counter = Long.MIN_VALUE;
        this.markCounter = null;
        this.markSourceOnNextPacket = -1;
    }

    @Override // org.elasticsearch.repositories.encrypted.ChainingInputStream
    InputStream nextComponent(InputStream inputStream) throws IOException {
        if (inputStream != null && ((CountingInputStream) inputStream).getCount() < this.encryptedPacketLength) {
            return null;
        }
        if (this.markSourceOnNextPacket != -1) {
            this.source.mark(this.markSourceOnNextPacket);
            this.markSourceOnNextPacket = -1;
        }
        PrefixInputStream prefixInputStream = new PrefixInputStream(this.source, this.packetLength, false);
        ByteBuffer byteBuffer = this.packetIv;
        long j = this.counter;
        this.counter = j + 1;
        byteBuffer.putLong(4, j);
        if (this.counter == Long.MIN_VALUE) {
            throw new IOException("Maximum packet count limit exceeded");
        }
        return new CountingInputStream(new BufferOnMarkInputStream(new SequenceInputStream(new ByteArrayInputStream(this.packetIv.array()), new CipherInputStream(prefixInputStream, getPacketEncryptionCipher(this.secretKey, this.packetIv.array()))), this.encryptedPacketLength), false);
    }

    @Override // org.elasticsearch.repositories.encrypted.ChainingInputStream, java.io.InputStream
    public boolean markSupported() {
        return this.source.markSupported();
    }

    @Override // org.elasticsearch.repositories.encrypted.ChainingInputStream, java.io.InputStream
    public void mark(int i) {
        if (markSupported()) {
            if (i <= 0) {
                throw new IllegalArgumentException("Mark readlimit must be a positive integer");
            }
            super.mark(this.encryptedPacketLength);
            this.markCounter = Long.valueOf(this.counter);
            this.markSourceOnNextPacket = i;
        }
    }

    @Override // org.elasticsearch.repositories.encrypted.ChainingInputStream, java.io.InputStream
    public void reset() throws IOException {
        if (false == markSupported()) {
            throw new IOException("Mark/reset not supported");
        }
        if (this.markCounter == null) {
            throw new IOException("Mark no set");
        }
        super.reset();
        this.counter = this.markCounter.longValue();
        if (this.markSourceOnNextPacket == -1) {
            this.source.reset();
        }
    }

    @Override // org.elasticsearch.repositories.encrypted.ChainingInputStream, java.io.InputStream, java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        IOUtils.close(new Closeable[]{() -> {
            super.close();
        }, this.source});
    }

    private static Cipher getPacketEncryptionCipher(SecretKey secretKey, byte[] bArr) throws IOException {
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, bArr);
        try {
            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
            cipher.init(1, secretKey, gCMParameterSpec);
            return cipher;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new IOException(e);
        }
    }
}
