package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.CloudHsmCipher;
import com.amazonaws.cloudhsm.jce.jni.HashAlgorithm;
import com.amazonaws.cloudhsm.jce.jni.UnwrapKeyBuilder;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalException;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalExceptionCause;
import com.amazonaws.cloudhsm.jce.jni.exception.RsaPkcsOaepInvalidParametersException;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyType;
import com.amazonaws.cloudhsm.jce.provider.attributes.ObjectClassType;
import com.amazonaws.cloudhsm.jce.provider.spec.OAEPUnwrapKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.text.MessageFormat;
import java.util.HashSet;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.spec.OAEPParameterSpec;

/* loaded from: input_file:BOOT-INF/lib/cloudhsm-jce-0.0.1-SNAPSHOT.jar:com/amazonaws/cloudhsm/jce/provider/RsaOaepCipher.class */
abstract class RsaOaepCipher extends CloudHsmCipherBase {
    static final String ALGORITHM_STRING = "RSA ECB OAEP Padding";
    static final String STR_OAEP_PADDING_SHA224 = "OAEPWithSHA-224ANDMGF1Padding";
    static final String STR_OAEP_PADDING_SHA256 = "OAEPWithSHA-256ANDMGF1Padding";
    static final String STR_OAEP_PADDING_SHA384 = "OAEPWithSHA-384ANDMGF1Padding";
    static final String STR_OAEP_PADDING_SHA512 = "OAEPWithSHA-512ANDMGF1Padding";
    static final String SUPPORTED_MGF_NAME = "MGF1";
    static final String SUPORTED_PSOURCE_ALGORITHM = "PSpecified";
    static final HashSet<String> supportedModes = (HashSet) Stream.of(Mode.ECB.toString()).collect(Collectors.toCollection(HashSet::new));
    static final HashSet<String> supportedPaddings = (HashSet) Stream.of((Object[]) new String[]{Padding.OAEP_PADDING.toString(), Padding.OAEP_PADDING_SHA1.toString(), Padding.OAEP_PADDING_SHA224.toString(), Padding.OAEP_PADDING_SHA256.toString(), Padding.OAEP_PADDING_SHA384.toString(), Padding.OAEP_PADDING_SHA512.toString()}).collect(Collectors.toCollection(HashSet::new));
    static final HashSet<Integer> supportedOpModes = (HashSet) Stream.of((Object[]) new Integer[]{1, 2, 3, 4}).collect(Collectors.toCollection(HashSet::new));
    Optional<HashAlgorithm> digestAlgorithm;
    Optional<HashAlgorithm> mgfAlgorithm;

    /* JADX INFO: Access modifiers changed from: protected */
    public RsaOaepCipher(Padding padding, CloudHsmProvider cloudHsmProvider) {
        super(Mode.ECB, padding, cloudHsmProvider);
        this.digestAlgorithm = Optional.empty();
        this.mgfAlgorithm = Optional.empty();
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    synchronized HashSet<String> getSupportedModes() {
        return (HashSet) supportedModes.clone();
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    synchronized HashSet<String> getSupportedPaddings() {
        return (HashSet) supportedPaddings.clone();
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    synchronized HashSet<Integer> getSupportedOpModes() {
        return (HashSet) supportedOpModes.clone();
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    Optional<CloudHsmCipher> initCipherInstance() throws InvalidAlgorithmParameterException {
        CloudHsmKey cloudHsmKey = getCloudHsmKey();
        switch (this.opMode) {
            case 1:
                return getEncryptInstance(cloudHsmKey);
            case 2:
                return getDecryptInstance(cloudHsmKey);
            case 3:
                return getWrapInstance();
            case 4:
                return getUnwrapInstance();
            default:
                throw new UnsupportedOperationException(MessageFormat.format(ErrorMessages.CIPHER_OPERATION_MODE_NOT_SUPPORTED.getMessage(), Integer.valueOf(this.opMode)));
        }
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    protected void initAlgorithmParamSpecOrCreateDefault(Optional<AlgorithmParameterSpec> optional) throws InvalidAlgorithmParameterException {
        AlgorithmParameterSpec orElse = optional.orElse(OaepUtils.getOaepParameterSpecForPadding(this.padding));
        if (orElse instanceof OAEPParameterSpec) {
            setOaepParameters(orElse);
            return;
        }
        if ((orElse instanceof OAEPUnwrapKeySpec) && this.opMode == 4) {
            setOaepParameters(((OAEPUnwrapKeySpec) orElse).getOaepSpec());
            setKeyAttributes(((OAEPUnwrapKeySpec) orElse).getKeySpec());
        } else {
            if (!(orElse instanceof KeyAttributesMap) || this.opMode != 4) {
                throw new InvalidAlgorithmParameterException(MessageFormat.format(ErrorMessages.CIPHER_UNSUPPORTED_PARAM_SPEC.getMessage(), ALGORITHM_STRING));
            }
            setOaepParameters(OaepUtils.getOaepParameterSpecForPadding(this.padding));
            setKeyAttributes((KeyAttributesMap) orElse);
        }
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    protected UnwrapKeyBuilder getUnwrapKeyBuilder(KeyType keyType, ObjectClassType objectClassType) throws Exception {
        return getSession().rsaPkcsOaepUnwrapBuilder((HashAlgorithm) getPropertyOrException(this.digestAlgorithm), (HashAlgorithm) getPropertyOrException(this.mgfAlgorithm), keyType, objectClassType);
    }

    protected void setOaepParameters(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        OAEPParameterSpec validateOAEPParameterSpec = OaepUtils.validateOAEPParameterSpec(algorithmParameterSpec, ALGORITHM_STRING);
        this.digestAlgorithm = Optional.ofNullable(OaepUtils.getDigestAlgorithm(validateOAEPParameterSpec));
        this.mgfAlgorithm = Optional.ofNullable(OaepUtils.getDigestAlgorithm((MGF1ParameterSpec) validateOAEPParameterSpec.getMGFParameters()));
    }

    protected <T> T getPropertyOrException(Optional<T> optional) {
        return optional.orElseThrow(() -> {
            return new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, MessageFormat.format(ErrorMessages.CIPHER_IMPLEMENTATION_ERROR_INIT_PARAM_SPEC_NOT_CALLED.getMessage(), ALGORITHM_STRING));
        });
    }

    private Optional<CloudHsmCipher> getEncryptInstance(CloudHsmKey cloudHsmKey) throws InvalidAlgorithmParameterException {
        try {
            return Optional.of(getSession().encryptRsaPkcsOaep(cloudHsmKey.getCoreKey(), (HashAlgorithm) getPropertyOrException(this.digestAlgorithm), (HashAlgorithm) getPropertyOrException(this.mgfAlgorithm)));
        } catch (RsaPkcsOaepInvalidParametersException e) {
            throw e;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    private Optional<CloudHsmCipher> getDecryptInstance(CloudHsmKey cloudHsmKey) throws InvalidAlgorithmParameterException {
        try {
            return Optional.of(getSession().decryptRsaPkcsOaep(cloudHsmKey.getCoreKey(), (HashAlgorithm) getPropertyOrException(this.digestAlgorithm), (HashAlgorithm) getPropertyOrException(this.mgfAlgorithm)));
        } catch (RsaPkcsOaepInvalidParametersException e) {
            throw e;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    private Optional<CloudHsmCipher> getWrapInstance() throws InvalidAlgorithmParameterException {
        try {
            return Optional.of(getSession().wrapRsaPkcsOaep((HashAlgorithm) getPropertyOrException(this.digestAlgorithm), (HashAlgorithm) getPropertyOrException(this.mgfAlgorithm)));
        } catch (RsaPkcsOaepInvalidParametersException e) {
            throw e;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    private Optional<CloudHsmCipher> getUnwrapInstance() {
        return Optional.of(getSession().rsaPkcsOaepUnwrapInit());
    }
}
