package com.azure.security.keyvault.keys.cryptography;

import com.azure.core.http.rest.Response;
import com.azure.core.http.rest.SimpleResponse;
import com.azure.core.util.Context;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignResult;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import com.azure.security.keyvault.keys.models.KeyOperation;
import com.azure.security.keyvault.keys.models.KeyType;
import com.azure.security.keyvault.keys.models.KeyVaultKey;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Objects;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/azure/security/keyvault/keys/cryptography/CryptographyServiceClient.class */
public class CryptographyServiceClient {
    final String apiVersion;
    static final String ACCEPT_LANGUAGE = "en-US";
    static final String CONTENT_TYPE_HEADER_VALUE = "application/json";
    private final ClientLogger logger = new ClientLogger(CryptographyServiceClient.class);
    private final CryptographyService service;
    private String vaultUrl;
    private String version;
    private String keyName;
    private final String keyId;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptographyServiceClient(String str, CryptographyService cryptographyService, CryptographyServiceVersion cryptographyServiceVersion) {
        Objects.requireNonNull(str);
        unpackId(str);
        this.keyId = str;
        this.service = cryptographyService;
        this.apiVersion = cryptographyServiceVersion.getVersion();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<Response<KeyVaultKey>> getKey(Context context) {
        if (this.version == null) {
            this.version = "";
        }
        return getKey(this.keyName, this.version, context);
    }

    private Mono<Response<KeyVaultKey>> getKey(String str, String str2, Context context) {
        return this.service.getKey(this.vaultUrl, str, str2, this.apiVersion, ACCEPT_LANGUAGE, CONTENT_TYPE_HEADER_VALUE, (context == null ? Context.NONE : context).addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Retrieving key - {}", new Object[]{str});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved key - {}", new Object[]{((KeyVaultKey) response.getValue()).getName()});
        }).doOnError(th -> {
            this.logger.warning("Failed to get key - {}", new Object[]{str, th});
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<Response<JsonWebKey>> getSecretKey(Context context) {
        return this.service.getSecret(this.vaultUrl, this.keyName, this.version, this.apiVersion, ACCEPT_LANGUAGE, CONTENT_TYPE_HEADER_VALUE, context.addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Retrieving key - {}", new Object[]{this.keyName});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved key - {}", new Object[]{((SecretKey) response.getValue()).getName()});
        }).doOnError(th -> {
            this.logger.warning("Failed to get key - {}", new Object[]{this.keyName, th});
        }).flatMap(response2 -> {
            try {
                return Mono.just(new SimpleResponse(response2.getRequest(), response2.getStatusCode(), response2.getHeaders(), transformSecretKey((SecretKey) response2.getValue())));
            } catch (JsonProcessingException e) {
                return Mono.error(e);
            }
        });
    }

    Mono<Response<SecretKey>> setSecretKey(SecretKey secretKey, Context context) {
        Context context2 = context == null ? Context.NONE : context;
        Objects.requireNonNull(secretKey, "The Secret input parameter cannot be null.");
        return this.service.setSecret(this.vaultUrl, secretKey.getName(), this.apiVersion, ACCEPT_LANGUAGE, new SecretRequestParameters().setValue(secretKey.getValue()).setTags(secretKey.getProperties().getTags()).setContentType(secretKey.getProperties().getContentType()).setSecretAttributes(new SecretRequestAttributes(secretKey.getProperties())), CONTENT_TYPE_HEADER_VALUE, context2.addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Setting secret - {}", new Object[]{secretKey.getName()});
        }).doOnSuccess(response -> {
            this.logger.verbose("Set secret - {}", new Object[]{((SecretKey) response.getValue()).getName()});
        }).doOnError(th -> {
            this.logger.warning("Failed to set secret - {}", new Object[]{secretKey.getName(), th});
        });
    }

    JsonWebKey transformSecretKey(SecretKey secretKey) throws JsonProcessingException {
        ObjectMapper objectMapper = new ObjectMapper();
        ObjectNode createObjectNode = objectMapper.createObjectNode();
        ArrayNode createArrayNode = objectMapper.createArrayNode();
        createArrayNode.add(KeyOperation.WRAP_KEY.toString());
        createArrayNode.add(KeyOperation.UNWRAP_KEY.toString());
        createArrayNode.add(KeyOperation.ENCRYPT.toString());
        createArrayNode.add(KeyOperation.DECRYPT.toString());
        createObjectNode.put("k", Base64.getUrlDecoder().decode(secretKey.getValue()));
        createObjectNode.put("kid", this.keyId);
        createObjectNode.put("kty", KeyType.OCT.toString());
        createObjectNode.put("key_ops", createArrayNode);
        return (JsonWebKey) objectMapper.readValue(objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(createObjectNode), JsonWebKey.class);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<EncryptResult> encrypt(EncryptOptions encryptOptions, Context context) {
        Objects.requireNonNull(encryptOptions, "'encryptOptions' cannot be null.");
        EncryptionAlgorithm algorithm = encryptOptions.getAlgorithm();
        return this.service.encrypt(this.vaultUrl, this.keyName, this.version, this.apiVersion, ACCEPT_LANGUAGE, new KeyOperationParameters().setAlgorithm(algorithm).setValue(encryptOptions.getPlainText()).setIv(encryptOptions.getIv()).setAdditionalAuthenticatedData(encryptOptions.getAdditionalAuthenticatedData()), CONTENT_TYPE_HEADER_VALUE, (context == null ? Context.NONE : context).addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Encrypting content with algorithm - {}", new Object[]{algorithm});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved encrypted content with algorithm - {}", new Object[]{algorithm});
        }).doOnError(th -> {
            this.logger.warning("Failed to encrypt content with algorithm - {}", new Object[]{algorithm, th});
        }).map(response2 -> {
            KeyOperationResult keyOperationResult = (KeyOperationResult) response2.getValue();
            return new EncryptResult(keyOperationResult.getResult(), algorithm, this.keyId, keyOperationResult.getIv(), keyOperationResult.getAdditionalAuthenticatedData(), keyOperationResult.getAuthenticationTag());
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<DecryptResult> decrypt(DecryptOptions decryptOptions, Context context) {
        Objects.requireNonNull(decryptOptions, "'decryptOptions' cannot be null.");
        EncryptionAlgorithm algorithm = decryptOptions.getAlgorithm();
        return this.service.decrypt(this.vaultUrl, this.keyName, this.version, this.apiVersion, ACCEPT_LANGUAGE, new KeyOperationParameters().setAlgorithm(algorithm).setValue(decryptOptions.getCipherText()).setIv(decryptOptions.getIv()).setAdditionalAuthenticatedData(decryptOptions.getAdditionalAuthenticatedData()).setAuthenticationTag(decryptOptions.getAuthenticationTag()), CONTENT_TYPE_HEADER_VALUE, (context == null ? Context.NONE : context).addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Decrypting content with algorithm - {}", new Object[]{algorithm});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved decrypted content with algorithm - {}", new Object[]{algorithm});
        }).doOnError(th -> {
            this.logger.warning("Failed to decrypt content with algorithm - {}", new Object[]{algorithm, th});
        }).flatMap(response2 -> {
            return Mono.just(new DecryptResult(((KeyOperationResult) response2.getValue()).getResult(), algorithm, this.keyId));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<SignResult> sign(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        return this.service.sign(this.vaultUrl, this.keyName, this.version, this.apiVersion, ACCEPT_LANGUAGE, new KeySignRequest().setAlgorithm(signatureAlgorithm).setValue(bArr), CONTENT_TYPE_HEADER_VALUE, (context == null ? Context.NONE : context).addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Signing content with algorithm - {}", new Object[]{signatureAlgorithm});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved signed content with algorithm - {}", new Object[]{signatureAlgorithm});
        }).doOnError(th -> {
            this.logger.warning("Failed to sign content with algorithm - {}", new Object[]{signatureAlgorithm, th});
        }).flatMap(response2 -> {
            return Mono.just(new SignResult(((KeyOperationResult) response2.getValue()).getResult(), signatureAlgorithm, this.keyId));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<VerifyResult> verify(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        return this.service.verify(this.vaultUrl, this.keyName, this.version, this.apiVersion, ACCEPT_LANGUAGE, new KeyVerifyRequest().setAlgorithm(signatureAlgorithm).setDigest(bArr).setSignature(bArr2), CONTENT_TYPE_HEADER_VALUE, (context == null ? Context.NONE : context).addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Verifying content with algorithm - {}", new Object[]{signatureAlgorithm});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved verified content with algorithm - {}", new Object[]{signatureAlgorithm});
        }).doOnError(th -> {
            this.logger.warning("Failed to verify content with algorithm - {}", new Object[]{signatureAlgorithm, th});
        }).flatMap(response2 -> {
            return Mono.just(new VerifyResult(((KeyVerifyResponse) response2.getValue()).getValue(), signatureAlgorithm, this.keyId));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<WrapResult> wrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        return this.service.wrapKey(this.vaultUrl, this.keyName, this.version, this.apiVersion, ACCEPT_LANGUAGE, new KeyWrapUnwrapRequest().setAlgorithm(keyWrapAlgorithm).setValue(bArr), CONTENT_TYPE_HEADER_VALUE, (context == null ? Context.NONE : context).addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Wrapping key content with algorithm - {}", new Object[]{keyWrapAlgorithm});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved wrapped key content with algorithm - {}", new Object[]{keyWrapAlgorithm});
        }).doOnError(th -> {
            this.logger.warning("Failed to verify content with algorithm - {}", new Object[]{keyWrapAlgorithm, th});
        }).flatMap(response2 -> {
            return Mono.just(new WrapResult(((KeyOperationResult) response2.getValue()).getResult(), keyWrapAlgorithm, this.keyId));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        return this.service.unwrapKey(this.vaultUrl, this.keyName, this.version, this.apiVersion, ACCEPT_LANGUAGE, new KeyWrapUnwrapRequest().setAlgorithm(keyWrapAlgorithm).setValue(bArr), CONTENT_TYPE_HEADER_VALUE, (context == null ? Context.NONE : context).addData("az.namespace", "Microsoft.KeyVault")).doOnRequest(j -> {
            this.logger.verbose("Unwrapping key content with algorithm - {}", new Object[]{keyWrapAlgorithm});
        }).doOnSuccess(response -> {
            this.logger.verbose("Retrieved unwrapped key content with algorithm - {}", new Object[]{keyWrapAlgorithm});
        }).doOnError(th -> {
            this.logger.warning("Failed to unwrap key content with algorithm - {}", new Object[]{keyWrapAlgorithm, th});
        }).flatMap(response2 -> {
            return Mono.just(new UnwrapResult(((KeyOperationResult) response2.getValue()).getResult(), keyWrapAlgorithm, this.keyId));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<SignResult> signData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SignatureHashResolver.DEFAULT.get(signatureAlgorithm).toString());
            messageDigest.update(bArr);
            return sign(signatureAlgorithm, messageDigest.digest(), context);
        } catch (NoSuchAlgorithmException e) {
            return Mono.error(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<VerifyResult> verifyData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SignatureHashResolver.DEFAULT.get(signatureAlgorithm).toString());
            messageDigest.update(bArr);
            return verify(signatureAlgorithm, messageDigest.digest(), bArr2, context);
        } catch (NoSuchAlgorithmException e) {
            return Mono.error(e);
        }
    }

    private void unpackId(String str) {
        if (str == null || str.length() <= 0) {
            return;
        }
        try {
            URL url = new URL(str);
            String[] split = url.getPath().split("/");
            this.vaultUrl = url.getProtocol() + "://" + url.getHost();
            this.keyName = split.length >= 3 ? split[2] : null;
            this.version = split.length >= 4 ? split[3] : null;
        } catch (MalformedURLException e) {
            e.printStackTrace();
        }
    }
}
