package com.fortanix.sdkms.jce.provider.service;

import com.fortanix.sdkms.jce.provider.AlgorithmParameters;
import com.fortanix.sdkms.jce.provider.ECPrivateKeyImpl;
import com.fortanix.sdkms.jce.provider.ECPublicKeyImpl;
import com.fortanix.sdkms.jce.provider.RSAPrivateKeyImpl;
import com.fortanix.sdkms.jce.provider.RSAPublicKeyImpl;
import com.fortanix.sdkms.jce.provider.SdkmsAESKey;
import com.fortanix.sdkms.jce.provider.SdkmsDESKey;
import com.fortanix.sdkms.jce.provider.SdkmsDESedeKey;
import com.fortanix.sdkms.jce.provider.SdkmsHmacKey;
import com.fortanix.sdkms.jce.provider.SdkmsKey;
import com.fortanix.sdkms.v1.ApiException;
import com.fortanix.sdkms.v1.api.SecurityObjectsApi;
import com.fortanix.sdkms.v1.model.AgreeKeyRequest;
import com.fortanix.sdkms.v1.model.EllipticCurve;
import com.fortanix.sdkms.v1.model.KeyObject;
import com.fortanix.sdkms.v1.model.ObjectType;
import com.fortanix.sdkms.v1.model.PersistTransientKeyRequest;
import com.fortanix.sdkms.v1.model.SobjectDescriptor;
import com.fortanix.sdkms.v1.model.SobjectRequest;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/service/SdkmsKeyService.class */
public final class SdkmsKeyService {
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(SdkmsKeyService.class));
    private static final int GET_SOBJECTS_LIMIT = 1000;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/service/SdkmsKeyService$GetSobjectsCommand.class */
    public static class GetSobjectsCommand implements ISdkmsCommand {
        String name;
        String groupId;
        String creator;
        String sort;
        Boolean compliantWithPolicies;
        String start;
        Integer limit;
        Integer offset;

        public GetSobjectsCommand(String str, String str2, String str3, String str4, Boolean bool, String str5, Integer num, Integer num2) {
            this.name = str;
            this.groupId = str2;
            this.creator = str3;
            this.sort = str4;
            this.compliantWithPolicies = bool;
            this.start = str5;
            this.limit = num;
            this.offset = num2;
        }

        @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
        public Object execute() throws ApiException {
            return new SecurityObjectsApi(ApiClientSetup.getInstance().getApiClient()).getSecurityObjects(this.name, this.groupId, this.creator, this.sort, this.compliantWithPolicies, this.start, this.limit, this.offset, false, false);
        }

        @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
        public String getDescription() {
            return "GetSecurityObjects";
        }
    }

    public static KeyObject toKeyObject(Key key) throws InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException("No Key given");
        }
        if (key instanceof SdkmsKey) {
            return getKeyObject(((SdkmsKey) key).getKeyDescriptor());
        }
        throw new InvalidKeyException("Key is not a valid SDKMS Key");
    }

    public static KeyObject getKeyObject(final SobjectDescriptor sobjectDescriptor) {
        if (sobjectDescriptor.getKid() != null) {
            try {
                return (KeyObject) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsKeyService.1
                    @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                    public Object execute() throws ApiException {
                        return new SecurityObjectsApi(ApiClientSetup.getInstance().getApiClient()).getSecurityObject(sobjectDescriptor.getKid(), "json", false, false);
                    }

                    @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                    public String getDescription() {
                        return "GetSecurityObject";
                    }
                });
            } catch (ApiException e) {
                LOGGER.logAndRaiseProviderException("Failed to find Key in SDKMS", e);
            }
        } else if (sobjectDescriptor.getName() != null) {
            return getSecurityObjectByName(sobjectDescriptor.getName());
        }
        LOGGER.logAndRaiseProviderException("Key lookup failed: id or name missing", null);
        return null;
    }

    public static ObjectType toSDKMSAlgorithm(String str) {
        return (str.equalsIgnoreCase(AlgorithmParameters.DESede) || str.equalsIgnoreCase(AlgorithmParameters.TripleDES)) ? ObjectType.DES3 : ObjectType.fromValue(str.toUpperCase());
    }

    public static List<KeyObject> getKeys(String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        int i = 0;
        while (true) {
            try {
                List list = (List) ApiClientSetup.getInstance().ensureValidSession(new GetSobjectsCommand(str, str2, str3, null, null, null, Integer.valueOf(GET_SOBJECTS_LIMIT), Integer.valueOf(i)));
                if (list == null || list.size() == 0) {
                    break;
                }
                arrayList.addAll(list);
                if (list.size() != GET_SOBJECTS_LIMIT) {
                    break;
                }
                i += GET_SOBJECTS_LIMIT;
            } catch (ApiException e) {
                LOGGER.logAndRaiseProviderException("Error retrieving keys", e);
            }
        }
        filterKeys(arrayList, Arrays.asList(ObjectType.SECRET));
        return arrayList;
    }

    private static void filterKeys(List<KeyObject> list, List<ObjectType> list2) {
        new ArrayList();
        if (list2 == null || list2.size() == 0) {
            return;
        }
        Iterator<KeyObject> it = list.iterator();
        while (it.hasNext()) {
            KeyObject next = it.next();
            Iterator<ObjectType> it2 = list2.iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                } else if (it2.next().equals(next.getObjType())) {
                    it.remove();
                    break;
                }
            }
        }
    }

    public static void deleteKey(final String str) {
        try {
            ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsKeyService.2
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    new SecurityObjectsApi(ApiClientSetup.getInstance().getApiClient()).deleteSecurityObject(str);
                    return null;
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "DeleteSecurityObject";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error deleting key", e);
        }
    }

    public static KeyObject updateKey(SobjectDescriptor sobjectDescriptor, String str, Map<String, String> map) {
        KeyObject keyObject = null;
        String kid = sobjectDescriptor.getKid();
        if (sobjectDescriptor.getKid() == null && sobjectDescriptor.getName() != null) {
            kid = getSecurityObjectByName(sobjectDescriptor.getName()).getKid();
        }
        try {
            SobjectRequest sobjectRequest = new SobjectRequest();
            sobjectRequest.setName(str);
            if (map != null) {
                sobjectRequest.setCustomMetadata(map);
            }
            keyObject = new SecurityObjectRequest().makeUpdate(kid, sobjectRequest);
            return keyObject;
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during updating key", e);
            return keyObject;
        }
    }

    public static KeyObject persistKey(Key key, String str, Map<String, String> map) {
        KeyObject keyObject = null;
        try {
            PersistTransientKeyRequest persistTransientKeyRequest = new PersistTransientKeyRequest();
            persistTransientKeyRequest.setName(str);
            persistTransientKeyRequest.setTransientKey(((SdkmsKey) key).getKeyDescriptor().getTransientKey());
            if (map != null) {
                persistTransientKeyRequest.setCustomMetadata(map);
            }
            keyObject = new SecurityObjectRequest().persistTransient(persistTransientKeyRequest);
            return keyObject;
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Error during persisting key", e);
            return keyObject;
        }
    }

    public static KeyObject agreeKey(final AgreeKeyRequest agreeKeyRequest) throws InvalidKeyException {
        KeyObject keyObject = null;
        try {
            keyObject = (KeyObject) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsKeyService.3
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new SecurityObjectsApi(ApiClientSetup.getInstance().getApiClient()).agreeKey(agreeKeyRequest);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "AgreeKey";
                }
            });
        } catch (ApiException e) {
            LOGGER.logAndRaiseProviderException("Failed to perform key agreement", e);
        }
        return keyObject;
    }

    public static byte[] getKeyValue(String str) {
        return getKeyValue(new SobjectDescriptor().kid(str));
    }

    public static byte[] getKeyValue(final SobjectDescriptor sobjectDescriptor) {
        try {
            KeyObject keyObject = (KeyObject) ApiClientSetup.getInstance().ensureValidSession(new ISdkmsCommand() { // from class: com.fortanix.sdkms.jce.provider.service.SdkmsKeyService.4
                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public Object execute() throws ApiException {
                    return new SecurityObjectsApi(ApiClientSetup.getInstance().getApiClient()).getSecurityObjectValueEx(sobjectDescriptor);
                }

                @Override // com.fortanix.sdkms.jce.provider.service.ISdkmsCommand
                public String getDescription() {
                    return "GetSecurityObjectValue(exportKey)";
                }
            });
            if (keyObject != null) {
                return keyObject.getValue();
            }
            LOGGER.error("Key export failed as key doesn't exist: " + sobjectDescriptor, null);
            return null;
        } catch (ApiException e) {
            LOGGER.error("Key export failed for key " + sobjectDescriptor, e);
            return null;
        }
    }

    public static KeyObject getSecurityObjectByName(String str) {
        List<KeyObject> keys = getKeys(str, null, null);
        if (keys == null || keys.isEmpty()) {
            return null;
        }
        return keys.get(0);
    }

    public static Key getKeyFromKeyObject(KeyObject keyObject, boolean z) throws InvalidKeyException {
        ObjectType objType = keyObject.getObjType();
        if (ObjectType.RSA.equals(objType)) {
            return z ? new RSAPublicKeyImpl(keyObject) : new RSAPrivateKeyImpl(keyObject);
        }
        if (ObjectType.EC.equals(objType)) {
            return z ? new ECPublicKeyImpl(keyObject) : new ECPrivateKeyImpl(keyObject);
        }
        if (ObjectType.AES.equals(objType)) {
            return new SdkmsAESKey(keyObject);
        }
        if (ObjectType.DES.equals(objType)) {
            return new SdkmsDESKey(keyObject);
        }
        if (ObjectType.DES3.equals(objType)) {
            return new SdkmsDESedeKey(keyObject);
        }
        if (ObjectType.HMAC.equals(objType)) {
            switch (keyObject.getKeySize().intValue()) {
                case 160:
                    return new SdkmsHmacKey(keyObject, AlgorithmParameters.HmacSHA1);
                case 256:
                    return new SdkmsHmacKey(keyObject, AlgorithmParameters.HmacSHA256);
                case 384:
                    return new SdkmsHmacKey(keyObject, AlgorithmParameters.HmacSHA384);
                case 512:
                    return new SdkmsHmacKey(keyObject, AlgorithmParameters.HmacSHA512);
            }
        }
        throw new InvalidKeyException("Key of type: " + keyObject.getKeySize() + ", key size: " + keyObject.getKeySize() + " is not supported");
    }

    public static BigInteger getRSAPrivateKeyModulus(KeyObject keyObject) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return ((RSAPublicKey) KeyFactory.getInstance(AlgorithmParameters.RSA, "SunRsaSign").generatePublic(new X509EncodedKeySpec(keyObject.getPubKey()))).getModulus();
    }

    public static ECParameterSpec getECPrivateKeyParams(KeyObject keyObject) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        EllipticCurve ellipticCurve = keyObject.getEllipticCurve();
        if (ellipticCurve == EllipticCurve.GOST256A) {
            BigInteger bigInteger = new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD97", 16);
            BigInteger bigInteger2 = new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD94", 16);
            BigInteger bigInteger3 = new BigInteger("A6", 16);
            return new ECParameterSpec(new java.security.spec.EllipticCurve(new ECFieldFp(bigInteger), bigInteger2, bigInteger3), new ECPoint(new BigInteger("1", 16), new BigInteger("8D91E471E0989CDA27DF505A453F2B7635294F2DDF23E3B122ACC99C9E9F1E14", 16)), new BigInteger("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6C611070995AD10045841B09B761B893", 16), 1);
        }
        if (ellipticCurve != EllipticCurve.ED25519) {
            return ((ECPublicKey) KeyFactory.getInstance(AlgorithmParameters.EC, "SunEC").generatePublic(new X509EncodedKeySpec(keyObject.getPubKey()))).getParams();
        }
        BigInteger bigInteger4 = new BigInteger("7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED", 16);
        BigInteger bigInteger5 = new BigInteger("2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA984914A144", 16);
        BigInteger bigInteger6 = new BigInteger("7B425ED097B425ED097B425ED097B425ED097B425ED097B4260B5E9C7710C864", 16);
        return new ECParameterSpec(new java.security.spec.EllipticCurve(new ECFieldFp(bigInteger4), bigInteger5, bigInteger6), new ECPoint(new BigInteger("2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD245A", 16), new BigInteger("20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9", 16)), new BigInteger("1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED", 16), 8);
    }

    public static SobjectDescriptor getKeyDescriptor(KeyObject keyObject) {
        return new SobjectDescriptor().kid(keyObject.getKid()).transientKey(keyObject.getTransientKey());
    }
}
