package com.azure.security.keyvault.keys.cryptography;

import com.azure.core.util.Context;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.keys.cryptography.models.DecryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignResult;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Objects;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/azure/security/keyvault/keys/cryptography/AesKeyCryptographyClient.class */
public class AesKeyCryptographyClient extends LocalKeyCryptographyClient {
    static final int AES_BLOCK_SIZE = 16;
    private final ClientLogger logger;
    private byte[] key;

    AesKeyCryptographyClient(CryptographyServiceClient cryptographyServiceClient) {
        super(cryptographyServiceClient);
        this.logger = new ClientLogger(AesKeyCryptographyClient.class);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AesKeyCryptographyClient(JsonWebKey jsonWebKey, CryptographyServiceClient cryptographyServiceClient) {
        super(cryptographyServiceClient);
        this.logger = new ClientLogger(AesKeyCryptographyClient.class);
        this.key = jsonWebKey.toAes().getEncoded();
    }

    private byte[] getKey(JsonWebKey jsonWebKey) {
        if (this.key == null) {
            this.key = jsonWebKey.toAes().getEncoded();
        }
        return this.key;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        return encryptInternal(encryptionAlgorithm, bArr, null, null, context, jsonWebKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptParameters encryptParameters, Context context, JsonWebKey jsonWebKey) {
        return encryptInternal(encryptParameters.getAlgorithm(), encryptParameters.getPlainText(), encryptParameters.getIv(), encryptParameters.getAdditionalAuthenticatedData(), context, jsonWebKey);
    }

    private Mono<EncryptResult> encryptInternal(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, Context context, JsonWebKey jsonWebKey) {
        if (isGcm(encryptionAlgorithm)) {
            return Mono.error(new UnsupportedOperationException("AES-GCM is not supported for local cryptography operations."));
        }
        if (!isAes(encryptionAlgorithm)) {
            throw this.logger.logExceptionAsError(new IllegalStateException("Encryption algorithm provided is not supported: " + encryptionAlgorithm));
        }
        this.key = getKey(jsonWebKey);
        if (this.key == null || this.key.length == 0) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("Key is empty."));
        }
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (!(algorithm instanceof SymmetricEncryptionAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(encryptionAlgorithm.toString()));
        }
        SymmetricEncryptionAlgorithm symmetricEncryptionAlgorithm = (SymmetricEncryptionAlgorithm) algorithm;
        if (bArr2 == null) {
            if (!isAes(encryptionAlgorithm)) {
                throw this.logger.logExceptionAsError(new IllegalStateException("Encryption algorithm provided is not supported: " + encryptionAlgorithm));
            }
            bArr2 = generateRandomByteArray(AES_BLOCK_SIZE);
        }
        try {
            try {
                return Mono.just(new EncryptResult(symmetricEncryptionAlgorithm.createEncryptor(this.key, bArr2, bArr3, null).doFinal(bArr), encryptionAlgorithm, jsonWebKey.getId(), bArr2, null, bArr3));
            } catch (Exception e) {
                return Mono.error(e);
            }
        } catch (Exception e2) {
            return Mono.error(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        return decryptInternal(encryptionAlgorithm, bArr, null, null, null, context, jsonWebKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(DecryptParameters decryptParameters, Context context, JsonWebKey jsonWebKey) {
        return decryptInternal(decryptParameters.getAlgorithm(), decryptParameters.getCipherText(), decryptParameters.getIv(), decryptParameters.getAdditionalAuthenticatedData(), decryptParameters.getAuthenticationTag(), context, jsonWebKey);
    }

    private Mono<DecryptResult> decryptInternal(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Context context, JsonWebKey jsonWebKey) {
        if (isGcm(encryptionAlgorithm)) {
            return Mono.error(new UnsupportedOperationException("AES-GCM is not supported for local cryptography operations."));
        }
        if (!isAes(encryptionAlgorithm)) {
            throw this.logger.logExceptionAsError(new IllegalStateException("Encryption algorithm provided is not supported: " + encryptionAlgorithm));
        }
        this.key = getKey(jsonWebKey);
        if (this.key == null || this.key.length == 0) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("Key is empty."));
        }
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (!(algorithm instanceof SymmetricEncryptionAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(encryptionAlgorithm.toString()));
        }
        SymmetricEncryptionAlgorithm symmetricEncryptionAlgorithm = (SymmetricEncryptionAlgorithm) algorithm;
        Objects.requireNonNull(bArr2, "'iv' cannot be null in local decryption operations.");
        try {
            try {
                return Mono.just(new DecryptResult(symmetricEncryptionAlgorithm.createDecryptor(this.key, bArr2, bArr3, bArr4).doFinal(bArr), encryptionAlgorithm, jsonWebKey.getId()));
            } catch (Exception e) {
                return Mono.error(e);
            }
        } catch (Exception e2) {
            return Mono.error(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<SignResult> signAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        return Mono.error(new UnsupportedOperationException("Sign operation not supported for OCT/Symmetric key."));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context, JsonWebKey jsonWebKey) {
        return Mono.error(new UnsupportedOperationException("Verify operation not supported for OCT/Symmetric key."));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        this.key = getKey(jsonWebKey);
        if (bArr == null || bArr.length == 0) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("key"));
        }
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (!(algorithm instanceof LocalKeyWrapAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        try {
            try {
                return Mono.just(new WrapResult(((LocalKeyWrapAlgorithm) algorithm).createEncryptor(this.key, null, null).doFinal(bArr), keyWrapAlgorithm, jsonWebKey.getId()));
            } catch (Exception e) {
                return Mono.error(e);
            }
        } catch (Exception e2) {
            return Mono.error(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        this.key = getKey(jsonWebKey);
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (!(algorithm instanceof LocalKeyWrapAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        try {
            try {
                return Mono.just(new UnwrapResult(((LocalKeyWrapAlgorithm) algorithm).createDecryptor(this.key, null, null).doFinal(bArr), keyWrapAlgorithm, jsonWebKey.getId()));
            } catch (Exception e) {
                return Mono.error(e);
            }
        } catch (Exception e2) {
            return Mono.error(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<SignResult> signDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        return signAsync(signatureAlgorithm, bArr, context, jsonWebKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context, JsonWebKey jsonWebKey) {
        return verifyAsync(signatureAlgorithm, bArr, bArr2, context, jsonWebKey);
    }

    private byte[] generateRandomByteArray(int i) {
        byte[] bArr = new byte[0];
        try {
            bArr = new byte[i];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        } catch (NoSuchAlgorithmException e) {
            this.logger.logThrowableAsError(e);
        }
        return bArr;
    }

    private boolean isAes(EncryptionAlgorithm encryptionAlgorithm) {
        return encryptionAlgorithm == EncryptionAlgorithm.A128CBC || encryptionAlgorithm == EncryptionAlgorithm.A192CBC || encryptionAlgorithm == EncryptionAlgorithm.A256CBC || encryptionAlgorithm == EncryptionAlgorithm.A128CBCPAD || encryptionAlgorithm == EncryptionAlgorithm.A192CBCPAD || encryptionAlgorithm == EncryptionAlgorithm.A256CBCPAD;
    }

    private boolean isGcm(EncryptionAlgorithm encryptionAlgorithm) {
        return encryptionAlgorithm == EncryptionAlgorithm.A128GCM || encryptionAlgorithm == EncryptionAlgorithm.A192GCM || encryptionAlgorithm == EncryptionAlgorithm.A256GCM;
    }
}
