package com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials;

import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DelegatedKey;
import com.amazonaws.services.dynamodbv2.datamodeling.internal.Utils;
import com.amazonaws.util.Base64;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/amazonaws/services/dynamodbv2/datamodeling/encryption/materials/WrappedRawMaterials.class */
public class WrappedRawMaterials extends AbstractRawMaterials {
    public static final String KEY_WRAPPING_ALGORITHM = "amzn-ddb-wrap-alg";
    public static final String CONTENT_KEY_ALGORITHM = "amzn-ddb-env-alg";
    public static final String ENVELOPE_KEY = "amzn-ddb-env-key";
    private static final String DEFAULT_ALGORITHM = "AES/256";
    protected final Key wrappingKey;
    protected final Key unwrappingKey;
    private final SecretKey envelopeKey;

    public WrappedRawMaterials(Key key, Key key2, KeyPair keyPair) throws GeneralSecurityException {
        this(key, key2, keyPair, (Map<String, String>) Collections.emptyMap());
    }

    public WrappedRawMaterials(Key key, Key key2, KeyPair keyPair, Map<String, String> map) throws GeneralSecurityException {
        super(keyPair, map);
        this.wrappingKey = key;
        this.unwrappingKey = key2;
        this.envelopeKey = initEnvelopeKey();
    }

    public WrappedRawMaterials(Key key, Key key2, SecretKey secretKey) throws GeneralSecurityException {
        this(key, key2, secretKey, (Map<String, String>) Collections.emptyMap());
    }

    public WrappedRawMaterials(Key key, Key key2, SecretKey secretKey, Map<String, String> map) throws GeneralSecurityException {
        super(secretKey, map);
        this.wrappingKey = key;
        this.unwrappingKey = key2;
        this.envelopeKey = initEnvelopeKey();
    }

    @Override // com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.DecryptionMaterials
    public SecretKey getDecryptionKey() {
        return this.envelopeKey;
    }

    @Override // com.amazonaws.services.dynamodbv2.datamodeling.encryption.materials.EncryptionMaterials
    public SecretKey getEncryptionKey() {
        return this.envelopeKey;
    }

    protected SecretKey initEnvelopeKey() throws GeneralSecurityException {
        Map<String, String> materialDescription = getMaterialDescription();
        if (materialDescription.containsKey(ENVELOPE_KEY)) {
            if (this.unwrappingKey == null) {
                throw new IllegalStateException("No private decryption key provided.");
            }
            byte[] decode = Base64.decode(materialDescription.get(ENVELOPE_KEY));
            String algorithm = this.unwrappingKey.getAlgorithm();
            if (materialDescription.containsKey(KEY_WRAPPING_ALGORITHM)) {
                algorithm = materialDescription.get(KEY_WRAPPING_ALGORITHM);
            }
            return unwrapKey(materialDescription, decode, algorithm);
        }
        SecretKey generateContentKey = materialDescription.containsKey(CONTENT_KEY_ALGORITHM) ? generateContentKey(materialDescription.get(CONTENT_KEY_ALGORITHM)) : generateContentKey(DEFAULT_ALGORITHM);
        String transformation = materialDescription.containsKey(KEY_WRAPPING_ALGORITHM) ? materialDescription.get(KEY_WRAPPING_ALGORITHM) : getTransformation(this.wrappingKey.getAlgorithm());
        materialDescription.put(ENVELOPE_KEY, Base64.encodeAsString(wrapKey(generateContentKey, transformation)));
        materialDescription.put(CONTENT_KEY_ALGORITHM, generateContentKey.getAlgorithm());
        materialDescription.put(KEY_WRAPPING_ALGORITHM, transformation);
        setMaterialDescription(materialDescription);
        return generateContentKey;
    }

    public byte[] wrapKey(SecretKey secretKey, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException {
        if (this.wrappingKey instanceof DelegatedKey) {
            return ((DelegatedKey) this.wrappingKey).wrap(secretKey, null, str);
        }
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(3, this.wrappingKey, Utils.getRng());
        return cipher.wrap(secretKey);
    }

    protected SecretKey unwrapKey(Map<String, String> map, byte[] bArr, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException {
        if (this.unwrappingKey instanceof DelegatedKey) {
            return (SecretKey) ((DelegatedKey) this.unwrappingKey).unwrap(bArr, map.get(CONTENT_KEY_ALGORITHM), 3, null, str);
        }
        Cipher cipher = Cipher.getInstance(str);
        cipher.init(4, this.unwrappingKey, Utils.getRng());
        return (SecretKey) cipher.unwrap(bArr, map.get(CONTENT_KEY_ALGORITHM), 3);
    }

    protected SecretKey generateContentKey(String str) throws NoSuchAlgorithmException {
        String[] split = str.split("/", 2);
        KeyGenerator keyGenerator = KeyGenerator.getInstance(split[0]);
        int i = 0;
        if (split.length == 2) {
            try {
                i = Integer.parseInt(split[1]);
            } catch (NumberFormatException e) {
                i = 0;
            }
        }
        if (i > 0) {
            keyGenerator.init(i, Utils.getRng());
        } else {
            keyGenerator.init(Utils.getRng());
        }
        return keyGenerator.generateKey();
    }

    private static String getTransformation(String str) {
        return str.equalsIgnoreCase("RSA") ? "RSA/ECB/OAEPWithSHA-256AndMGF1Padding" : str.equalsIgnoreCase("AES") ? "AESWrap" : str;
    }
}
