package com.amazonaws.c3r.encryption;

import com.amazonaws.c3r.encryption.keys.DerivedEncryptionKey;
import com.amazonaws.c3r.encryption.keys.DerivedRootEncryptionKey;
import com.amazonaws.c3r.encryption.providers.EncryptionMaterialsProvider;
import com.amazonaws.c3r.exception.C3rIllegalArgumentException;
import com.amazonaws.c3r.exception.C3rRuntimeException;
import com.amazonaws.c3r.internal.AdditionalAuthenticatedData;
import com.amazonaws.c3r.internal.InitializationVector;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;

/* loaded from: input_file:com/amazonaws/c3r/encryption/Encryptor.class */
public final class Encryptor {
    private static final String SYMMETRIC_ENCRYPTION_MODE = "AES/GCM/NoPadding";
    private static final int AUTHENTICATION_TAG_LENGTH = 128;
    private final EncryptionMaterialsProvider encryptionMaterialsProvider;

    private Encryptor(EncryptionMaterialsProvider encryptionMaterialsProvider) {
        this.encryptionMaterialsProvider = encryptionMaterialsProvider;
    }

    public static Encryptor getInstance(EncryptionMaterialsProvider encryptionMaterialsProvider) {
        return new Encryptor(encryptionMaterialsProvider);
    }

    public byte[] encrypt(byte[] bArr, InitializationVector initializationVector, AdditionalAuthenticatedData additionalAuthenticatedData, EncryptionContext encryptionContext) {
        return transform(bArr, initializationVector, additionalAuthenticatedData, encryptionContext, this.encryptionMaterialsProvider.getEncryptionMaterials(encryptionContext).getRootEncryptionKey(), 1);
    }

    public byte[] decrypt(byte[] bArr, InitializationVector initializationVector, AdditionalAuthenticatedData additionalAuthenticatedData, EncryptionContext encryptionContext) {
        return transform(bArr, initializationVector, additionalAuthenticatedData, encryptionContext, this.encryptionMaterialsProvider.getDecryptionMaterials(encryptionContext).getRootDecryptionKey(), 2);
    }

    private byte[] transform(byte[] bArr, InitializationVector initializationVector, AdditionalAuthenticatedData additionalAuthenticatedData, EncryptionContext encryptionContext, DerivedRootEncryptionKey derivedRootEncryptionKey, int i) {
        if (bArr == null) {
            throw new C3rIllegalArgumentException("Expected a message to transform but was given null.");
        }
        if (encryptionContext == null) {
            throw new C3rIllegalArgumentException("An EncryptionContext must always be provided when encrypting/decrypting, but was null.");
        }
        DerivedEncryptionKey derivedEncryptionKey = new DerivedEncryptionKey(derivedRootEncryptionKey, encryptionContext.getNonce());
        GCMParameterSpec gCMParameterSpec = new GCMParameterSpec(128, initializationVector.getBytes());
        try {
            Cipher cipher = Cipher.getInstance(SYMMETRIC_ENCRYPTION_MODE);
            cipher.init(i, derivedEncryptionKey, gCMParameterSpec);
            if (additionalAuthenticatedData != null) {
                cipher.updateAAD(additionalAuthenticatedData.getBytes());
            }
            try {
                return cipher.doFinal(bArr);
            } catch (BadPaddingException | IllegalBlockSizeException e) {
                throw new C3rRuntimeException(i == 1 ? "Failed to encrypt data for target column `" + encryptionContext.getColumnLabel() + "`." : "Failed to decrypt.", e);
            }
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e2) {
            throw new C3rRuntimeException("Initialization for cipher `AES/GCM/NoPadding` failed.", e2);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e3) {
            throw new C3rRuntimeException("Requested cipher `AES/GCM/NoPadding` is not available.", e3);
        }
    }
}
