package com.amazonaws.encryptionsdk.jce;

import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.DataKey;
import com.amazonaws.encryptionsdk.EncryptedDataKey;
import com.amazonaws.encryptionsdk.MasterKey;
import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
import com.amazonaws.encryptionsdk.exception.UnsupportedProviderException;
import com.amazonaws.encryptionsdk.internal.JceKeyCipher;
import com.amazonaws.encryptionsdk.internal.Utils;
import java.nio.charset.StandardCharsets;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/amazonaws/encryptionsdk/jce/JceMasterKey.class */
public class JceMasterKey extends MasterKey<JceMasterKey> {
    private final String providerName_;
    private final String keyId_;
    private final byte[] keyIdBytes_;
    private final JceKeyCipher jceKeyCipher_;

    public static JceMasterKey getInstance(SecretKey secretKey, String str, String str2, String str3) {
        String upperCase = str3.toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -478497774:
                if (upperCase.equals("AES/GCM/NOPADDING")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new JceMasterKey(str, str2, JceKeyCipher.aesGcm(secretKey));
            default:
                throw new IllegalArgumentException("Right now only AES/GCM/NoPadding is supported");
        }
    }

    public static JceMasterKey getInstance(PublicKey publicKey, PrivateKey privateKey, String str, String str2, String str3) {
        if (str3.toUpperCase().startsWith("RSA/ECB/")) {
            return new JceMasterKey(str, str2, JceKeyCipher.rsa(publicKey, privateKey, str3));
        }
        throw new UnsupportedOperationException("Currently only RSA asymmetric algorithms are supported");
    }

    protected JceMasterKey(String str, String str2, JceKeyCipher jceKeyCipher) {
        this.providerName_ = str;
        this.keyId_ = str2;
        this.keyIdBytes_ = this.keyId_.getBytes(StandardCharsets.UTF_8);
        this.jceKeyCipher_ = jceKeyCipher;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public String getProviderId() {
        return this.providerName_;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public String getKeyId() {
        return this.keyId_;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public DataKey<JceMasterKey> generateDataKey(CryptoAlgorithm cryptoAlgorithm, Map<String, String> map) {
        byte[] bArr = new byte[cryptoAlgorithm.getDataKeyLength()];
        Utils.getSecureRandom().nextBytes(bArr);
        EncryptedDataKey encryptKey = this.jceKeyCipher_.encryptKey(bArr, this.keyId_, this.providerName_, map);
        return new DataKey<>(new SecretKeySpec(bArr, cryptoAlgorithm.getDataKeyAlgo()), encryptKey.getEncryptedDataKey(), encryptKey.getProviderInformation(), this);
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public DataKey<JceMasterKey> encryptDataKey(CryptoAlgorithm cryptoAlgorithm, Map<String, String> map, DataKey<?> dataKey) {
        SecretKey key = dataKey.getKey();
        if (!key.getFormat().equals("RAW")) {
            throw new IllegalArgumentException("Can only re-encrypt data keys which are in RAW format, not " + dataKey.getKey().getFormat());
        }
        if (!key.getAlgorithm().equalsIgnoreCase(cryptoAlgorithm.getDataKeyAlgo())) {
            throw new IllegalArgumentException("Incorrect key algorithm. Expected " + key.getAlgorithm() + " but got " + cryptoAlgorithm.getKeyAlgo());
        }
        EncryptedDataKey encryptKey = this.jceKeyCipher_.encryptKey(key.getEncoded(), this.keyId_, this.providerName_, map);
        return new DataKey<>(key, encryptKey.getEncryptedDataKey(), encryptKey.getProviderInformation(), this);
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public DataKey<JceMasterKey> decryptDataKey(CryptoAlgorithm cryptoAlgorithm, Collection<? extends EncryptedDataKey> collection, Map<String, String> map) throws UnsupportedProviderException, AwsCryptoException {
        ArrayList arrayList = new ArrayList();
        for (EncryptedDataKey encryptedDataKey : collection) {
            try {
                if (encryptedDataKey.getProviderId().equals(getProviderId()) && Utils.arrayPrefixEquals(encryptedDataKey.getProviderInformation(), this.keyIdBytes_, this.keyIdBytes_.length)) {
                    byte[] decryptKey = this.jceKeyCipher_.decryptKey(encryptedDataKey, this.keyId_, map);
                    if (decryptKey.length == cryptoAlgorithm.getDataKeyLength()) {
                        return new DataKey<>(new SecretKeySpec(decryptKey, cryptoAlgorithm.getDataKeyAlgo()), encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);
                    }
                    continue;
                }
            } catch (Exception e) {
                arrayList.add(e);
            }
        }
        throw buildCannotDecryptDksException(arrayList);
    }
}
