package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.Session;
import com.amazonaws.cloudhsm.jce.jni.exception.AddAttributeException;
import com.amazonaws.cloudhsm.jce.jni.exception.AttributeException;
import com.amazonaws.cloudhsm.jce.jni.exception.AuthenticationException;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalException;
import com.amazonaws.cloudhsm.jce.jni.exception.ProviderException;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.text.MessageFormat;
import java.util.Set;
import java.util.stream.Stream;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:BOOT-INF/lib/cloudhsm-jce-0.0.1-SNAPSHOT.jar:com/amazonaws/cloudhsm/jce/provider/SecretKeyFactory.class */
abstract class SecretKeyFactory extends SecretKeyFactorySpi {
    private final CloudHsmLogger logger;
    private final CloudHsmProvider provider;

    /* JADX INFO: Access modifiers changed from: protected */
    public SecretKeyFactory(CloudHsmProvider cloudHsmProvider) throws IllegalStateException {
        if (cloudHsmProvider == null) {
            throw new IllegalStateException(ErrorMessages.PROVIDER_NOT_INITIALIZED.getMessage());
        }
        this.logger = new CloudHsmLogger(getClass(), cloudHsmProvider.getId(), cloudHsmProvider.getClusterName());
        this.provider = cloudHsmProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudHsmProvider getProvider() {
        return this.provider;
    }

    abstract Set<String> getSupportedAlgorithms();

    abstract SecretKey getSecretKeyUsingKeySpec(Session session, KeySpec keySpec) throws AttributeException, AuthenticationException, InternalException, ProviderException, InvalidAlgorithmParameterException;

    @Override // javax.crypto.SecretKeyFactorySpi
    protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
        this.logger.debug("Entering engineGenerateSecret.");
        if (keySpec == null) {
            throw new InvalidKeySpecException(ErrorMessages.SPEC_VALUE_PROVIDED_IS_NULL.getMessage());
        }
        if (keySpec instanceof SecretKeySpec) {
            SecretKeySpec secretKeySpec = (SecretKeySpec) keySpec;
            Stream<String> stream = getSupportedAlgorithms().stream();
            String algorithm = secretKeySpec.getAlgorithm();
            algorithm.getClass();
            if (!stream.anyMatch(algorithm::equalsIgnoreCase)) {
                throw new InvalidKeySpecException(MessageFormat.format(ErrorMessages.SPEC_ALGORITHM_PROVIDED_DOES_MATCH_EXPECTED.getMessage(), getSupportedAlgorithms().toString(), secretKeySpec.getAlgorithm()));
            }
            try {
                KeyAttributesMap keyAttributesMap = new KeyAttributesMap();
                keyAttributesMap.put(KeyAttribute.VALUE, secretKeySpec.getEncoded());
                keySpec = keyAttributesMap;
            } catch (AddAttributeException e) {
                throw new InvalidKeySpecException(e.getCause());
            }
        } else if (!(keySpec instanceof AesCmacKdfParameterSpec) && !(keySpec instanceof KeyAttributesMap)) {
            throw new InvalidKeySpecException(MessageFormat.format(ErrorMessages.SPEC_PROVIDED_IS_NOT_AN_INSTANCE_OF_EXPECTED_TYPE.getMessage(), SecretKeySpec.class.getSimpleName() + " or  " + AesCmacKdfParameterSpec.class.getSimpleName()));
        }
        this.logger.trace("Successfully created a KeyAttributesMap for the given KeySpec");
        try {
            SecretKey secretKeyUsingKeySpec = getSecretKeyUsingKeySpec(getProvider().getSession(), keySpec);
            this.logger.debug("Successfully imported key. Returning key object.");
            return secretKeyUsingKeySpec;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    @Override // javax.crypto.SecretKeyFactorySpi
    protected KeySpec engineGetKeySpec(SecretKey secretKey, Class<?> cls) throws InvalidKeySpecException {
        throw new UnsupportedOperationException(ErrorMessages.KEY_GET_SPEC_IS_NOT_SUPPORTED.getMessage());
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // javax.crypto.SecretKeyFactorySpi
    protected SecretKey engineTranslateKey(SecretKey secretKey) throws InvalidKeyException {
        this.logger.debug("Entering engineTranslateKey.");
        if (secretKey == 0) {
            throw new InvalidKeyException(ErrorMessages.KEY_TO_TRANSLATE_IS_NULL.getMessage());
        }
        if (secretKey instanceof CloudHsmKey) {
            KeyUtil.validateKeyProvider((CloudHsmKey) secretKey, getProvider());
            return secretKey;
        }
        Stream<String> stream = getSupportedAlgorithms().stream();
        String algorithm = secretKey.getAlgorithm();
        algorithm.getClass();
        if (!stream.anyMatch(algorithm::equalsIgnoreCase)) {
            throw new InvalidKeyException(MessageFormat.format(ErrorMessages.KEY_ALGORITHM_VALUE_INVALID.getMessage(), getSupportedAlgorithms().toString(), secretKey.getAlgorithm()));
        }
        KeyAttributesMap keyAttributesMap = new KeyAttributesMap();
        Session session = getProvider().getSession();
        try {
            keyAttributesMap.put(KeyAttribute.VALUE, secretKey.getEncoded());
            SecretKey secretKeyUsingKeySpec = getSecretKeyUsingKeySpec(session, keyAttributesMap);
            this.logger.debug("Successfully translated key. Returning key object.");
            return secretKeyUsingKeySpec;
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }
}
