package com.netflix.msl.entityauth;

import com.netflix.msl.MslCryptoException;
import com.netflix.msl.MslEncodingException;
import com.netflix.msl.MslEntityAuthException;
import com.netflix.msl.MslError;
import com.netflix.msl.MslInternalException;
import com.netflix.msl.crypto.ICryptoContext;
import com.netflix.msl.crypto.RsaCryptoContext;
import com.netflix.msl.io.MslObject;
import com.netflix.msl.util.AuthenticationUtils;
import com.netflix.msl.util.MslContext;
import java.security.PrivateKey;
import java.security.PublicKey;

/* loaded from: input_file:WEB-INF/lib/msl-core-1.2226.0.jar:com/netflix/msl/entityauth/RsaAuthenticationFactory.class */
public class RsaAuthenticationFactory extends EntityAuthenticationFactory {
    private final String keyPairId;
    private final RsaStore store;
    final AuthenticationUtils authutils;

    public RsaAuthenticationFactory(RsaStore rsaStore, AuthenticationUtils authenticationUtils) {
        this(null, rsaStore, authenticationUtils);
    }

    public RsaAuthenticationFactory(String str, RsaStore rsaStore, AuthenticationUtils authenticationUtils) {
        super(EntityAuthenticationScheme.RSA);
        this.keyPairId = str;
        this.store = rsaStore;
        this.authutils = authenticationUtils;
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationFactory
    public EntityAuthenticationData createData(MslContext mslContext, MslObject mslObject) throws MslEncodingException, MslCryptoException {
        return new RsaAuthenticationData(mslObject);
    }

    @Override // com.netflix.msl.entityauth.EntityAuthenticationFactory
    public ICryptoContext getCryptoContext(MslContext mslContext, EntityAuthenticationData entityAuthenticationData) throws MslEntityAuthException {
        if (!(entityAuthenticationData instanceof RsaAuthenticationData)) {
            throw new MslInternalException("Incorrect authentication data type " + entityAuthenticationData.getClass().getName() + ".");
        }
        RsaAuthenticationData rsaAuthenticationData = (RsaAuthenticationData) entityAuthenticationData;
        String identity = rsaAuthenticationData.getIdentity();
        if (this.authutils.isEntityRevoked(identity)) {
            throw new MslEntityAuthException(MslError.ENTITY_REVOKED, "rsa " + identity).setEntityAuthenticationData((EntityAuthenticationData) rsaAuthenticationData);
        }
        if (!this.authutils.isSchemePermitted(identity, getScheme())) {
            throw new MslEntityAuthException(MslError.INCORRECT_ENTITYAUTH_DATA, "Authentication Scheme for Device Type Not Supported " + identity + ":" + getScheme()).setEntityAuthenticationData((EntityAuthenticationData) rsaAuthenticationData);
        }
        String publicKeyId = rsaAuthenticationData.getPublicKeyId();
        PublicKey publicKey = this.store.getPublicKey(publicKeyId);
        PrivateKey privateKey = this.store.getPrivateKey(publicKeyId);
        if (publicKeyId.equals(this.keyPairId) && privateKey == null) {
            throw new MslEntityAuthException(MslError.RSA_PRIVATEKEY_NOT_FOUND, publicKeyId).setEntityAuthenticationData((EntityAuthenticationData) rsaAuthenticationData);
        }
        if (publicKeyId.equals(this.keyPairId) || publicKey != null) {
            return new RsaCryptoContext(mslContext, identity, privateKey, publicKey, RsaCryptoContext.Mode.SIGN_VERIFY);
        }
        throw new MslEntityAuthException(MslError.RSA_PUBLICKEY_NOT_FOUND, publicKeyId).setEntityAuthenticationData((EntityAuthenticationData) rsaAuthenticationData);
    }
}
