package com.google.android.gms.internal.p002firebaseauthapi;

import Z0.o;
import com.google.android.gms.internal.p002firebaseauthapi.zzij;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;

/* JADX INFO: loaded from: classes3.dex */
public final class zzyb implements zzbe {
    private static final zzij.zza zza = zzij.zza.zzb;
    private final SecretKey zzb;
    private final byte[] zzc;

    private zzyb(byte[] bArr, zzzn zzznVar) throws GeneralSecurityException {
        if (!zza.zza()) {
            throw new GeneralSecurityException("Can not use AES-GCM in FIPS-mode, as BoringCrypto module is not available.");
        }
        this.zzb = zzgl.zzb(bArr);
        this.zzc = zzznVar.zzb();
    }

    public static zzbe zza(zzdm zzdmVar) throws GeneralSecurityException {
        if (zzdmVar.zzc().zzb() != 12) {
            throw new GeneralSecurityException(o.l("Expected IV Size 12, got ", zzdmVar.zzc().zzb()));
        }
        if (zzdmVar.zzc().zzd() == 16) {
            return new zzyb(zzdmVar.zze().zza(zzbl.zza()), zzdmVar.zzd());
        }
        throw new GeneralSecurityException(o.l("Expected tag Size 16, got ", zzdmVar.zzc().zzd()));
    }

    @Override // com.google.android.gms.internal.p002firebaseauthapi.zzbe
    public final byte[] zzb(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (bArr == null) {
            throw new NullPointerException("plaintext is null");
        }
        byte[] bArrZza = zzpp.zza(12);
        AlgorithmParameterSpec algorithmParameterSpecZza = zzgl.zza(bArrZza);
        Cipher cipherZza = zzgl.zza();
        cipherZza.init(1, this.zzb, algorithmParameterSpecZza);
        if (bArr2 != null && bArr2.length != 0) {
            cipherZza.updateAAD(bArr2);
        }
        int outputSize = cipherZza.getOutputSize(bArr.length);
        byte[] bArr3 = this.zzc;
        if (outputSize > 2147483635 - bArr3.length) {
            throw new GeneralSecurityException("plaintext too long");
        }
        byte[] bArrCopyOf = Arrays.copyOf(bArr3, bArr3.length + 12 + outputSize);
        System.arraycopy(bArrZza, 0, bArrCopyOf, this.zzc.length, 12);
        if (cipherZza.doFinal(bArr, 0, bArr.length, bArrCopyOf, this.zzc.length + 12) == outputSize) {
            return bArrCopyOf;
        }
        throw new GeneralSecurityException("not enough data written");
    }

    @Override // com.google.android.gms.internal.p002firebaseauthapi.zzbe
    public final byte[] zza(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        if (bArr != null) {
            int length = bArr.length;
            byte[] bArr3 = this.zzc;
            if (length >= bArr3.length + 28) {
                if (zzpy.zza(bArr3, bArr)) {
                    AlgorithmParameterSpec algorithmParameterSpecZza = zzgl.zza(bArr, this.zzc.length, 12);
                    Cipher cipherZza = zzgl.zza();
                    cipherZza.init(2, this.zzb, algorithmParameterSpecZza);
                    if (bArr2 != null && bArr2.length != 0) {
                        cipherZza.updateAAD(bArr2);
                    }
                    byte[] bArr4 = this.zzc;
                    return cipherZza.doFinal(bArr, bArr4.length + 12, (bArr.length - bArr4.length) - 12);
                }
                throw new GeneralSecurityException("Decryption failed (OutputPrefix mismatch).");
            }
            throw new GeneralSecurityException("ciphertext too short");
        }
        throw new NullPointerException("ciphertext is null");
    }
}
