package com.emc.vipr.transform.encryption;

import com.emc.vipr.transform.InputTransform;
import com.emc.vipr.transform.OutputTransform;
import com.emc.vipr.transform.TransformConstants;
import com.emc.vipr.transform.TransformException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.crypto.NoSuchPaddingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/emc/vipr/transform/encryption/BasicEncryptionTransformFactory.class */
public class BasicEncryptionTransformFactory extends EncryptionTransformFactory<BasicEncryptionOutputTransform, BasicEncryptionInputTransform> {
    Logger logger;
    public KeyPair masterEncryptionKey;
    private String masterEncryptionKeyFingerprint;
    private Map<String, KeyPair> masterDecryptionKeys;

    public BasicEncryptionTransformFactory() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        this.logger = LoggerFactory.getLogger(BasicEncryptionTransformFactory.class);
        this.masterDecryptionKeys = new HashMap();
    }

    public BasicEncryptionTransformFactory(KeyPair keyPair, Set<KeyPair> set) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        this.logger = LoggerFactory.getLogger(BasicEncryptionTransformFactory.class);
        this.masterDecryptionKeys = new HashMap();
        setMasterEncryptionKey(keyPair);
        if (set != null) {
            Iterator<KeyPair> it = set.iterator();
            while (it.hasNext()) {
                addMasterDecryptionKey(it.next());
            }
        }
    }

    public BasicEncryptionTransformFactory(KeyPair keyPair, Set<KeyPair> set, Provider provider) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        super(TransformConstants.DEFAULT_ENCRYPTION_TRANSFORM, TransformConstants.DEFAULT_ENCRYPTION_KEY_SIZE, provider);
        this.logger = LoggerFactory.getLogger(BasicEncryptionTransformFactory.class);
        this.masterDecryptionKeys = new HashMap();
        setMasterEncryptionKey(keyPair);
        if (set != null) {
            Iterator<KeyPair> it = set.iterator();
            while (it.hasNext()) {
                addMasterDecryptionKey(it.next());
            }
        }
    }

    public void setMasterEncryptionKey(KeyPair keyPair) {
        if (!(keyPair.getPublic() instanceof RSAPublicKey)) {
            throw new IllegalArgumentException("Only RSA KeyPairs are allowed, not " + keyPair.getPublic().getAlgorithm());
        }
        checkKeyLength(keyPair);
        this.masterEncryptionKey = keyPair;
        try {
            this.masterEncryptionKeyFingerprint = KeyUtils.getRsaPublicKeyFingerprint((RSAPublicKey) keyPair.getPublic(), this.provider);
            addMasterDecryptionKey(keyPair);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Error adding master key", e);
        }
    }

    public void addMasterDecryptionKey(KeyPair keyPair) {
        try {
            this.masterDecryptionKeys.put(KeyUtils.getRsaPublicKeyFingerprint((RSAPublicKey) keyPair.getPublic(), this.provider), keyPair);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("Error adding master key", e);
        }
    }

    @Override // com.emc.vipr.transform.encryption.EncryptionTransformFactory
    public Map<String, String> rekey(Map<String, String> map) throws TransformException {
        String str = map.get(TransformConstants.META_ENCRYPTION_KEY_ID);
        if (str == null) {
            throw new TransformException("Metadata does not contain a master key ID");
        }
        if (str.equals(this.masterEncryptionKeyFingerprint)) {
            this.logger.info("Object is already using the current master key");
            throw new DoesNotNeedRekeyException("Object is already using the current master key");
        }
        if (!this.masterDecryptionKeys.containsKey(str)) {
            throw new TransformException("Master key with fingerprint " + str + " not found");
        }
        KeyPair keyPair = this.masterDecryptionKeys.get(str);
        String str2 = map.get(TransformConstants.META_ENCRYPTION_OBJECT_KEY);
        if (str2 == null) {
            throw new TransformException("Encrypted object key not found");
        }
        try {
            String encryptKey = KeyUtils.encryptKey(KeyUtils.decryptKey(str2, getEncryptionAlgorithm(), this.provider, keyPair.getPrivate()), this.provider, this.masterEncryptionKey.getPublic());
            HashMap hashMap = new HashMap();
            hashMap.putAll(map);
            hashMap.remove(TransformConstants.META_ENCRYPTION_META_SIG);
            hashMap.put(TransformConstants.META_ENCRYPTION_OBJECT_KEY, encryptKey);
            hashMap.put(TransformConstants.META_ENCRYPTION_KEY_ID, this.masterEncryptionKeyFingerprint);
            hashMap.put(TransformConstants.META_ENCRYPTION_META_SIG, KeyUtils.signMetadata(hashMap, (RSAPrivateKey) this.masterEncryptionKey.getPrivate(), this.provider));
            return hashMap;
        } catch (GeneralSecurityException e) {
            throw new TransformException("Could not re-encrypt key: " + e, e);
        }
    }

    @Override // com.emc.vipr.transform.TransformFactory
    public BasicEncryptionOutputTransform getOutputTransform(OutputStream outputStream, Map<String, String> map) throws IOException {
        return new BasicEncryptionOutputTransform(outputStream, map, this.masterEncryptionKeyFingerprint, this.masterEncryptionKey, this.encryptionTransform, this.keySize, this.provider);
    }

    @Override // com.emc.vipr.transform.TransformFactory
    public BasicEncryptionOutputTransform getOutputTransform(InputStream inputStream, Map<String, String> map) throws IOException, TransformException {
        return new BasicEncryptionOutputTransform(inputStream, map, this.masterEncryptionKeyFingerprint, this.masterEncryptionKey, this.encryptionTransform, this.keySize, this.provider);
    }

    @Override // com.emc.vipr.transform.TransformFactory
    public BasicEncryptionInputTransform getInputTransform(String str, InputStream inputStream, Map<String, String> map) throws IOException, TransformException {
        String[] splitTransformConfig = splitTransformConfig(str);
        if (splitTransformConfig.length != 2) {
            throw new TransformException("Invalid transform configuration: " + str);
        }
        if (!TransformConstants.ENCRYPTION_CLASS.equals(splitTransformConfig[0])) {
            throw new TransformException("Unsupported transform class: " + splitTransformConfig[0]);
        }
        String str2 = map.get(TransformConstants.META_ENCRYPTION_KEY_ID);
        if (str2 == null) {
            throw new TransformException("Could not decrypt object. No master key ID set on object.");
        }
        KeyPair keyPair = this.masterDecryptionKeys.get(str2);
        if (keyPair == null) {
            throw new TransformException("Could not decrypt object. No master key with ID " + str2 + " found");
        }
        return new BasicEncryptionInputTransform(splitTransformConfig[1], inputStream, map, keyPair, this.provider);
    }

    private void checkKeyLength(KeyPair keyPair) {
        int bitLength = ((RSAPublicKey) keyPair.getPublic()).getModulus().bitLength();
        if (bitLength < 1024) {
            throw new IllegalArgumentException("The minimum RSA key size supported is 1024 bits. Your key is " + bitLength + " bits");
        }
        if (bitLength == 1024) {
            this.logger.info("1024-bit RSA key detected. Support for 1024-bit RSA keys may soon be removed from the JDK. Please upgrade to a stronger key (e.g. 2048-bit).");
        }
    }

    @Override // com.emc.vipr.transform.TransformFactory
    public /* bridge */ /* synthetic */ InputTransform getInputTransform(String str, InputStream inputStream, Map map) throws IOException, TransformException {
        return getInputTransform(str, inputStream, (Map<String, String>) map);
    }

    @Override // com.emc.vipr.transform.TransformFactory
    public /* bridge */ /* synthetic */ OutputTransform getOutputTransform(InputStream inputStream, Map map) throws IOException, TransformException {
        return getOutputTransform(inputStream, (Map<String, String>) map);
    }

    @Override // com.emc.vipr.transform.TransformFactory
    public /* bridge */ /* synthetic */ OutputTransform getOutputTransform(OutputStream outputStream, Map map) throws IOException, TransformException {
        return getOutputTransform(outputStream, (Map<String, String>) map);
    }
}
