package com.azure.security.keyvault.keys.cryptography.implementation;

import com.azure.core.exception.HttpResponseException;
import com.azure.core.util.Context;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.implementation.models.JsonWebKeyEncryptionAlgorithm;
import com.azure.security.keyvault.keys.implementation.models.JsonWebKeySignatureAlgorithm;
import com.azure.security.keyvault.keys.implementation.models.SecretKey;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import com.azure.security.keyvault.keys.models.KeyOperation;
import com.azure.security.keyvault.keys.models.KeyType;
import com.azure.security.keyvault.keys.models.KeyVaultKey;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/azure/security/keyvault/keys/cryptography/implementation/CryptographyUtils.class */
public final class CryptographyUtils {
    public static final String SECRETS_COLLECTION = "secrets";

    private CryptographyUtils() {
    }

    public static List<String> unpackAndValidateId(String str, ClientLogger clientLogger) {
        if (CoreUtils.isNullOrEmpty(str)) {
            throw clientLogger.logExceptionAsError(new IllegalArgumentException("'keyId' cannot be null or empty."));
        }
        try {
            URL url = new URL(str);
            String[] split = url.getPath().split("/");
            String str2 = url.getProtocol() + "://" + url.getHost();
            if (url.getPort() != -1) {
                str2 = str2 + ":" + url.getPort();
            }
            String str3 = split.length >= 2 ? split[1] : null;
            String str4 = split.length >= 3 ? split[2] : null;
            String str5 = split.length >= 4 ? split[3] : null;
            if (CoreUtils.isNullOrEmpty(str2)) {
                throw clientLogger.logExceptionAsError(new IllegalArgumentException("Key endpoint in key identifier is invalid."));
            }
            if (CoreUtils.isNullOrEmpty(str4)) {
                throw clientLogger.logExceptionAsError(new IllegalArgumentException("Key name in key identifier is invalid."));
            }
            return Arrays.asList(str2, str3, str4, str5);
        } catch (MalformedURLException e) {
            throw clientLogger.logExceptionAsError(new IllegalArgumentException("The key identifier is malformed.", e));
        }
    }

    public static LocalKeyCryptographyClient retrieveJwkAndCreateLocalClient(CryptographyClientImpl cryptographyClientImpl) {
        if (CoreUtils.isNullOrEmpty(cryptographyClientImpl.getKeyCollection())) {
            throw new IllegalStateException("Could not create a local cryptography client.");
        }
        JsonWebKey secretKey = SECRETS_COLLECTION.equals(cryptographyClientImpl.getKeyCollection()) ? cryptographyClientImpl.getSecretKey() : ((KeyVaultKey) cryptographyClientImpl.getKey(Context.NONE).getValue()).getKey();
        if (secretKey == null) {
            throw new IllegalStateException("Could not retrieve JSON Web Key to perform local cryptographic operations.");
        }
        if (secretKey.isValid()) {
            return createLocalClient(secretKey, cryptographyClientImpl);
        }
        throw new IllegalStateException("The retrieved JSON Web Key is not valid.");
    }

    public static Mono<LocalKeyCryptographyClient> retrieveJwkAndCreateLocalAsyncClient(CryptographyClientImpl cryptographyClientImpl) {
        if (CoreUtils.isNullOrEmpty(cryptographyClientImpl.getKeyCollection())) {
            return Mono.error(new IllegalStateException("Could not create a local cryptography client. Key collection is null or empty."));
        }
        return (SECRETS_COLLECTION.equals(cryptographyClientImpl.getKeyCollection()) ? cryptographyClientImpl.getSecretKeyAsync() : cryptographyClientImpl.getKeyAsync().map(response -> {
            return ((KeyVaultKey) response.getValue()).getKey();
        })).handle((jsonWebKey, synchronousSink) -> {
            if (jsonWebKey.isValid()) {
                synchronousSink.next(createLocalClient(jsonWebKey, cryptographyClientImpl));
            } else {
                synchronousSink.error(new IllegalStateException("The retrieved JSON Web Key is not valid."));
            }
        });
    }

    public static LocalKeyCryptographyClient createLocalClient(JsonWebKey jsonWebKey, CryptographyClientImpl cryptographyClientImpl) {
        if (!KeyType.values().contains(jsonWebKey.getKeyType())) {
            throw new IllegalArgumentException(String.format("The JSON Web Key type: %s is not supported.", jsonWebKey.getKeyType().toString()));
        }
        if (jsonWebKey.getKeyType().equals(KeyType.RSA) || jsonWebKey.getKeyType().equals(KeyType.RSA_HSM)) {
            return new RsaKeyCryptographyClient(jsonWebKey, cryptographyClientImpl);
        }
        if (jsonWebKey.getKeyType().equals(KeyType.EC) || jsonWebKey.getKeyType().equals(KeyType.EC_HSM)) {
            return new EcKeyCryptographyClient(jsonWebKey, cryptographyClientImpl);
        }
        if (jsonWebKey.getKeyType().equals(KeyType.OCT) || jsonWebKey.getKeyType().equals(KeyType.OCT_HSM)) {
            return new AesKeyCryptographyClient(jsonWebKey, cryptographyClientImpl);
        }
        throw new IllegalStateException("Could not create local cryptography client.");
    }

    public static void verifyKeyPermissions(JsonWebKey jsonWebKey, KeyOperation keyOperation) {
        if (!jsonWebKey.getKeyOps().contains(keyOperation)) {
            throw new UnsupportedOperationException(String.format("The %s operation is not allowed for key with id: %s", keyOperation.toString().toLowerCase(Locale.ROOT), jsonWebKey.getId()));
        }
    }

    public static boolean isThrowableRetryable(Throwable th) {
        int statusCode;
        return (th instanceof HttpResponseException) && (statusCode = ((HttpResponseException) th).getResponse().getStatusCode()) != 501 && statusCode != 505 && (statusCode >= 500 || statusCode == 408 || statusCode == 429);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void validate(byte[] bArr, int i) {
        if (bArr == null) {
            throw new IllegalArgumentException("key must not be null");
        }
        if (bArr.length < i) {
            throw new IllegalArgumentException(String.format("key must be at least %d bits long", Integer.valueOf(i << 3)));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean sequenceEqualConstantTime(byte[] bArr, byte[] bArr2) {
        if (bArr == null) {
            throw new IllegalArgumentException("self");
        }
        if (bArr2 == null) {
            throw new IllegalArgumentException("other");
        }
        long length = (bArr.length & 4294967295L) ^ (bArr2.length & 4294967295L);
        for (int i = 0; i < bArr.length && i < bArr2.length; i++) {
            length |= (bArr[i] ^ bArr2[i]) & 4294967295L;
        }
        return length == 0;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JsonWebKey transformSecretKey(SecretKey secretKey) {
        return new JsonWebKey().setId(secretKey.getId()).setK(Base64.getUrlDecoder().decode(secretKey.getValue())).setKeyType(KeyType.OCT).setKeyOps(Arrays.asList(KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY, KeyOperation.ENCRYPT, KeyOperation.DECRYPT));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JsonWebKeyEncryptionAlgorithm mapKeyEncryptionAlgorithm(EncryptionAlgorithm encryptionAlgorithm) {
        return JsonWebKeyEncryptionAlgorithm.fromString(Objects.toString(encryptionAlgorithm, null));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JsonWebKeySignatureAlgorithm mapKeySignatureAlgorithm(SignatureAlgorithm signatureAlgorithm) {
        return JsonWebKeySignatureAlgorithm.fromString(Objects.toString(signatureAlgorithm, null));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JsonWebKeyEncryptionAlgorithm mapWrapAlgorithm(KeyWrapAlgorithm keyWrapAlgorithm) {
        return JsonWebKeyEncryptionAlgorithm.fromString(Objects.toString(keyWrapAlgorithm, null));
    }
}
