package com.azure.security.keyvault.keys.cryptography;

import com.azure.core.annotation.ReturnType;
import com.azure.core.annotation.ServiceClient;
import com.azure.core.annotation.ServiceMethod;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.rest.Response;
import com.azure.core.util.Context;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.keys.cryptography.implementation.CryptographyService;
import com.azure.security.keyvault.keys.cryptography.models.DecryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignResult;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import com.azure.security.keyvault.keys.models.KeyOperation;
import com.azure.security.keyvault.keys.models.KeyVaultKey;
import java.util.Objects;

@ServiceClient(builder = CryptographyClientBuilder.class, serviceInterfaces = {CryptographyService.class})
/* loaded from: input_file:com/azure/security/keyvault/keys/cryptography/CryptographyClient.class */
public class CryptographyClient {
    private static final ClientLogger LOGGER = new ClientLogger(CryptographyClient.class);
    private final String keyCollection;
    private volatile boolean localOperationNotSupported;
    private LocalKeyCryptographyClient localKeyCryptographyClient;
    final CryptographyClientImpl implClient;
    final String keyId;
    volatile JsonWebKey key;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptographyClient(String str, HttpPipeline httpPipeline, CryptographyServiceVersion cryptographyServiceVersion) {
        this.localOperationNotSupported = false;
        this.keyCollection = CryptographyClientImpl.unpackAndValidateId(str);
        this.keyId = str;
        this.implClient = new CryptographyClientImpl(str, httpPipeline, cryptographyServiceVersion);
        this.key = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptographyClient(JsonWebKey jsonWebKey) {
        this.localOperationNotSupported = false;
        Objects.requireNonNull(jsonWebKey, "The JSON Web Key is required.");
        if (!jsonWebKey.isValid()) {
            throw new IllegalArgumentException("The JSON Web Key is not valid.");
        }
        if (jsonWebKey.getKeyOps() == null) {
            throw new IllegalArgumentException("The JSON Web Key's key operations property is not configured.");
        }
        if (jsonWebKey.getKeyType() == null) {
            throw new IllegalArgumentException("The JSON Web Key's key type property is not configured.");
        }
        this.keyCollection = null;
        this.key = jsonWebKey;
        this.keyId = jsonWebKey.getId();
        this.implClient = null;
        this.localKeyCryptographyClient = CryptographyClientImpl.initializeCryptoClient(this.key, null);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public KeyVaultKey getKey() {
        return (KeyVaultKey) getKeyWithResponse(Context.NONE).getValue();
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Response<KeyVaultKey> getKeyWithResponse(Context context) {
        if (this.implClient != null) {
            return this.implClient.getKey(context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException("Operation not supported when in operating local-only mode"));
    }

    JsonWebKey getSecretKey() {
        try {
            return (JsonWebKey) this.implClient.getSecretKey(Context.NONE).getValue();
        } catch (RuntimeException e) {
            throw LOGGER.logExceptionAsError(e);
        }
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public EncryptResult encrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) {
        return encrypt(encryptionAlgorithm, bArr, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public EncryptResult encrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.encrypt(encryptionAlgorithm, bArr, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.ENCRYPT)) {
            return this.localKeyCryptographyClient.encrypt(encryptionAlgorithm, bArr, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Encrypt operation is missing permission/not supported for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public EncryptResult encrypt(EncryptParameters encryptParameters, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.encrypt(encryptParameters, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.ENCRYPT)) {
            return this.localKeyCryptographyClient.encrypt(encryptParameters, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Encrypt operation is missing permission/not supported for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public DecryptResult decrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) {
        return decrypt(encryptionAlgorithm, bArr, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public DecryptResult decrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.decrypt(encryptionAlgorithm, bArr, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.DECRYPT)) {
            return this.localKeyCryptographyClient.decrypt(encryptionAlgorithm, bArr, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Decrypt operation is not allowed for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public DecryptResult decrypt(DecryptParameters decryptParameters, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.decrypt(decryptParameters, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.DECRYPT)) {
            return this.localKeyCryptographyClient.decrypt(decryptParameters, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Decrypt operation is not allowed for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public SignResult sign(SignatureAlgorithm signatureAlgorithm, byte[] bArr) {
        return sign(signatureAlgorithm, bArr, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public SignResult sign(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.sign(signatureAlgorithm, bArr, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.SIGN)) {
            return this.localKeyCryptographyClient.sign(signatureAlgorithm, bArr, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Sign operation is not allowed for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public VerifyResult verify(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2) {
        return verify(signatureAlgorithm, bArr, bArr2, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public VerifyResult verify(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.verify(signatureAlgorithm, bArr, bArr2, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.VERIFY)) {
            return this.localKeyCryptographyClient.verify(signatureAlgorithm, bArr, bArr2, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Verify operation is not allowed for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public WrapResult wrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr) {
        return wrapKey(keyWrapAlgorithm, bArr, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public WrapResult wrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.wrapKey(keyWrapAlgorithm, bArr, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.WRAP_KEY)) {
            return this.localKeyCryptographyClient.wrapKey(keyWrapAlgorithm, bArr, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Wrap key operation is not allowed for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public UnwrapResult unwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr) {
        return unwrapKey(keyWrapAlgorithm, bArr, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public UnwrapResult unwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.unwrapKey(keyWrapAlgorithm, bArr, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.UNWRAP_KEY)) {
            return this.localKeyCryptographyClient.unwrapKey(keyWrapAlgorithm, bArr, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Unwrap key operation is not allowed for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public SignResult signData(SignatureAlgorithm signatureAlgorithm, byte[] bArr) {
        return signData(signatureAlgorithm, bArr, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public SignResult signData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.signData(signatureAlgorithm, bArr, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.SIGN)) {
            return this.localKeyCryptographyClient.signData(signatureAlgorithm, bArr, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Sign operation is not allowed for key with id: %s", this.key.getId())));
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public VerifyResult verifyData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2) {
        return verifyData(signatureAlgorithm, bArr, bArr2, Context.NONE);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public VerifyResult verifyData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        if (!isValidKeyLocallyAvailable()) {
            return this.implClient.verifyData(signatureAlgorithm, bArr, bArr2, context);
        }
        if (CryptographyClientImpl.checkKeyPermissions(this.key.getKeyOps(), KeyOperation.VERIFY)) {
            return this.localKeyCryptographyClient.verifyData(signatureAlgorithm, bArr, bArr2, this.key, context);
        }
        throw LOGGER.logExceptionAsError(new UnsupportedOperationException(String.format("Verify operation is not allowed for key with id: %s", this.key.getId())));
    }

    private boolean isValidKeyLocallyAvailable() {
        if (this.localOperationNotSupported) {
            return false;
        }
        if (this.key == null && this.keyCollection != null) {
            if (Objects.equals(this.keyCollection, "secrets")) {
                this.key = getSecretKey();
            } else {
                this.key = getKey().getKey();
            }
        }
        if (this.key == null || !this.key.isValid()) {
            return false;
        }
        if (this.localKeyCryptographyClient != null) {
            return true;
        }
        try {
            this.localKeyCryptographyClient = CryptographyClientImpl.initializeCryptoClient(this.key, this.implClient);
            return true;
        } catch (RuntimeException e) {
            this.localOperationNotSupported = true;
            LOGGER.warning("Defaulting to service use for cryptographic operations.", new Object[]{e});
            return false;
        }
    }

    CryptographyClientImpl getImplClient() {
        return this.implClient;
    }
}
