package com.fortanix.sdkms.jce.provider;

import com.fortanix.sdkms.jce.provider.service.SDKMSLogger;
import com.fortanix.sdkms.jce.provider.service.SdKmsRsa;
import com.fortanix.sdkms.jce.provider.util.ProviderConstants;
import com.fortanix.sdkms.v1.model.KeyOperations;
import com.fortanix.sdkms.v1.model.RsaEncryptionPolicy;
import com.fortanix.sdkms.v1.model.RsaSignaturePolicy;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyFactorySpi;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.List;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/RSAKeyFactory.class */
public class RSAKeyFactory extends KeyFactorySpi {
    private List<KeyOperations> allowedKeyOperations;
    private RsaEncryptionPolicy rsaEncryptionPolicy;
    private RsaSignaturePolicy rsaSignaturePolicy;
    private String groupId;
    private String alias;
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(RSAKeyFactory.class));

    @Override // java.security.KeyFactorySpi
    protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
        LOGGER.debug("RSAKeyFactory: import public key using keyspec");
        if (!(keySpec instanceof X509EncodedKeySpec) && !(keySpec instanceof SecurityObjectKeySpec)) {
            LOGGER.logAndRaiseProviderException("Invalid Spec for generating Public Key. Only X509EncodedKeySpec and SecurityObjectKeySpec are supported", null);
        }
        if (keySpec instanceof SecurityObjectKeySpec) {
            this.allowedKeyOperations = ((SecurityObjectKeySpec) keySpec).getAllowedKeyOperations();
            this.rsaEncryptionPolicy = ((SecurityObjectKeySpec) keySpec).getEncryptionPolicy();
            this.rsaSignaturePolicy = ((SecurityObjectKeySpec) keySpec).getSignaturePolicy();
            this.groupId = ((SecurityObjectKeySpec) keySpec).getGroupId();
            this.alias = ((SecurityObjectKeySpec) keySpec).getAlias();
            keySpec = ((SecurityObjectKeySpec) keySpec).getKeySpec();
        }
        try {
            return new RSAPublicKeyImpl(SdKmsRsa.importKeyForRsaOperation(Integer.valueOf(((RSAPublicKey) KeyFactory.getInstance(AlgorithmParameters.RSA, "SunJSSE").generatePublic(keySpec)).getModulus().bitLength()), this.allowedKeyOperations, ((X509EncodedKeySpec) keySpec).getEncoded(), this.rsaEncryptionPolicy, this.rsaSignaturePolicy, this.groupId, this.alias, Configuration.getInstance().getTransientPubkeyImportOnlyFlag()));
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            LOGGER.logAndRaiseProviderException(e.getMessage(), e);
            return null;
        }
    }

    @Override // java.security.KeyFactorySpi
    protected PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
        LOGGER.debug("RSAKeyFactory: import private key using keyspec");
        if (!(keySpec instanceof PKCS8EncodedKeySpec) && !(keySpec instanceof SecurityObjectKeySpec)) {
            LOGGER.logAndRaiseProviderException("Invalid Spec for generating Public Key. Only PKCS8EncodedKeySpec and SecurityObjectKeySpec are supported", null);
        }
        if (keySpec instanceof SecurityObjectKeySpec) {
            this.allowedKeyOperations = ((SecurityObjectKeySpec) keySpec).getAllowedKeyOperations();
            this.rsaEncryptionPolicy = ((SecurityObjectKeySpec) keySpec).getEncryptionPolicy();
            this.rsaSignaturePolicy = ((SecurityObjectKeySpec) keySpec).getSignaturePolicy();
            this.groupId = ((SecurityObjectKeySpec) keySpec).getGroupId();
            this.alias = ((SecurityObjectKeySpec) keySpec).getAlias();
            keySpec = ((SecurityObjectKeySpec) keySpec).getKeySpec();
        }
        try {
            return new RSAPrivateKeyImpl(SdKmsRsa.importKeyForRsaOperation(Integer.valueOf(((RSAPrivateKey) KeyFactory.getInstance(AlgorithmParameters.RSA, "SunJSSE").generatePrivate(keySpec)).getModulus().bitLength()), this.allowedKeyOperations, ((PKCS8EncodedKeySpec) keySpec).getEncoded(), this.rsaEncryptionPolicy, this.rsaSignaturePolicy, this.groupId, this.alias, false));
        } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
            LOGGER.logAndRaiseProviderException(e.getMessage(), e);
            return null;
        }
    }

    @Override // java.security.KeyFactorySpi
    protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> cls) throws InvalidKeySpecException {
        LOGGER.debug("RSAKeyFactory: get keyspec");
        if (key instanceof RSAPublicKey) {
            if (X509EncodedKeySpec.class.isAssignableFrom(cls)) {
                return cls.cast(new X509EncodedKeySpec(key.getEncoded()));
            }
            throw new InvalidKeySpecException("KeySpec must be X509EncodedKeySpec for RSA public keys");
        }
        if (!(key instanceof RSAPrivateKey)) {
            throw new InvalidKeySpecException("Neither public nor private key");
        }
        if (PKCS8EncodedKeySpec.class.isAssignableFrom(cls)) {
            return cls.cast(new PKCS8EncodedKeySpec(key.getEncoded()));
        }
        throw new InvalidKeySpecException("KeySpec must be PKCS8EncodedKeySpec for RSA private keys");
    }

    @Override // java.security.KeyFactorySpi
    protected Key engineTranslateKey(Key key) throws InvalidKeyException {
        LOGGER.debug("RSAKeyFactory: translate key");
        if (key == null) {
            throw new InvalidKeyException("Key must not be null");
        }
        if (!key.getAlgorithm().equals(AlgorithmParameters.RSA)) {
            throw new InvalidKeyException("Not an RSA key: " + key.getAlgorithm());
        }
        if (key instanceof PublicKey) {
            return translatePublicKey((PublicKey) key);
        }
        if (key instanceof PrivateKey) {
            return translatePrivateKey((PrivateKey) key);
        }
        throw new InvalidKeyException("Neither a public nor a private key");
    }

    private PublicKey translatePublicKey(PublicKey publicKey) throws InvalidKeyException {
        if (!ProviderConstants.X509_KEY_FORMAT.equals(publicKey.getFormat())) {
            throw new InvalidKeyException("Public keys must have X.509 encoding");
        }
        try {
            return engineGeneratePublic(engineGetKeySpec(publicKey, X509EncodedKeySpec.class));
        } catch (InvalidKeySpecException e) {
            LOGGER.logAndRaiseProviderException("Failed to translate public key", e);
            return null;
        }
    }

    private PrivateKey translatePrivateKey(PrivateKey privateKey) throws InvalidKeyException {
        if (!ProviderConstants.PKCS8_KEY_FORMAT.equals(privateKey.getFormat())) {
            throw new InvalidKeyException("Private keys must have PKCS#8 encoding");
        }
        try {
            return engineGeneratePrivate(engineGetKeySpec(privateKey, PKCS8EncodedKeySpec.class));
        } catch (InvalidKeySpecException e) {
            LOGGER.logAndRaiseProviderException("Failed to translate private key", e);
            return null;
        }
    }
}
