package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.EcdhKeyDerivationBuilder;
import com.amazonaws.cloudhsm.jce.jni.exception.AddAttributeException;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalException;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalExceptionCause;
import com.amazonaws.cloudhsm.jce.provider.attributes.CoreAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributePermissiveProfile;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyType;
import com.amazonaws.cloudhsm.jce.provider.attributes.ObjectClassType;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.text.MessageFormat;
import java.util.Iterator;
import java.util.Optional;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;

/* loaded from: input_file:com/amazonaws/cloudhsm/jce/provider/EcdhKeyAgreement.class */
public class EcdhKeyAgreement extends KeyAgreementSpi {
    private final CloudHsmLogger logger;
    private final CloudHsmProvider provider;
    private Optional<CloudHsmEcPrivateKey> privateKey = Optional.empty();
    private Optional<ECPublicKey> publicKey = Optional.empty();
    private KeyAttributesMap userSpec = new KeyAttributesMap();

    public EcdhKeyAgreement(CloudHsmProvider cloudHsmProvider) throws IllegalStateException {
        if (cloudHsmProvider == null) {
            throw new IllegalStateException(ErrorMessages.PROVIDER_NOT_INITIALIZED.getMessage());
        }
        this.logger = new CloudHsmLogger(getClass(), cloudHsmProvider.getId(), cloudHsmProvider.getClusterName());
        this.provider = cloudHsmProvider;
    }

    protected CloudHsmProvider getProvider() {
        return this.provider;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        this.logger.trace("Calling engineDoPhase");
        if (!this.privateKey.isPresent()) {
            throw new IllegalStateException(ErrorMessages.OPERATION_NOT_INITIALIZED.getMessage());
        }
        if (!z) {
            throw new IllegalStateException(ErrorMessages.ECDH_LAST_PHASE_INVALID.getMessage());
        }
        if (key == null) {
            throw new InvalidKeyException(ErrorMessages.KEY_REQUIRED_FOR_THIS_OPERATION.getMessage());
        }
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException(MessageFormat.format(ErrorMessages.KEY_IS_NOT_OF_EXPECTED_TYPE.getMessage(), key.getClass().getName(), ECPublicKey.class.getName()));
        }
        this.publicKey = Optional.of((ECPublicKey) key);
        return null;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        this.logger.trace("Calling engineGenerateSecret");
        try {
            return getProvider().getSession().ecdhWithoutDerivation(getCloudHsmEcPrivateKey().getCoreKey(), getEcPublicKey().getW().getAffineX().toByteArray(), getEcPublicKey().getW().getAffineY().toByteArray());
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        this.logger.trace("Calling engineGenerateSecret with output buffer");
        if (bArr == null) {
            throw new IllegalArgumentException(ErrorMessages.OUTPUT_BUFFER_CANNOT_BE_NULL.getMessage());
        }
        byte[] engineGenerateSecret = engineGenerateSecret();
        if (Math.subtractExact(bArr.length, i) < engineGenerateSecret.length) {
            throw new ShortBufferException(MessageFormat.format(ErrorMessages.BUFFER_TOO_SMALL.getMessage(), Integer.valueOf(engineGenerateSecret.length)));
        }
        System.arraycopy(engineGenerateSecret, 0, bArr, i, engineGenerateSecret.length);
        return engineGenerateSecret.length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        this.logger.trace("Calling engineGenerateSecret for " + str);
        KeyType keyType = KeyUtil.getKeyType(str);
        if (this.userSpec.containsKey(KeyAttribute.KEY_TYPE) && this.userSpec.get(KeyAttribute.KEY_TYPE) != keyType) {
            throw new InvalidKeyException(MessageFormat.format(ErrorMessages.KEY_ALGORITHM_VALUE_INVALID.getMessage(), this.userSpec.get(KeyAttribute.KEY_TYPE).toString(), keyType.toString()));
        }
        KeyAttributesMap keyAttributesMap = new KeyAttributesMap(KeyAttributePermissiveProfile.KEY_CREATION);
        try {
            keyAttributesMap.putAll(this.userSpec);
            try {
                EcdhKeyDerivationBuilder initEcdhDerivedKeyBuilder = getProvider().getSession().initEcdhDerivedKeyBuilder(keyType);
                Iterator<CoreAttribute> it = AttributesUtils.convertKeyAttributesMapToCoreAttributes(keyAttributesMap).iterator();
                while (it.hasNext()) {
                    initEcdhDerivedKeyBuilder.addAttribute(it.next());
                }
                return (SecretKey) KeyUtil.getCloudHsmKey(initEcdhDerivedKeyBuilder.ecdhDeriveKey(getCloudHsmEcPrivateKey().getCoreKey(), getEcPublicKey().getW().getAffineX().toByteArray(), getEcPublicKey().getW().getAffineY().toByteArray()), keyType, ObjectClassType.SECRET_KEY, getProvider());
            } catch (Exception e) {
                throw ErrorHandling.asCloudhsmException(e);
            }
        } catch (AddAttributeException e2) {
            throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, ErrorMessages.UNABLE_TO_ADD_ATTRIBUTE_TO_MAP.getMessage());
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        try {
            engineInit(key, (AlgorithmParameterSpec) null, secureRandom);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, e);
        }
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (key == null) {
            throw new InvalidKeyException(ErrorMessages.KEY_REQUIRED_FOR_THIS_OPERATION.getMessage());
        }
        if (!(key instanceof CloudHsmEcPrivateKey)) {
            throw new InvalidKeyException(MessageFormat.format(ErrorMessages.KEY_IS_NOT_OF_EXPECTED_TYPE.getMessage(), key.getClass().getName(), CloudHsmEcPrivateKey.class.getName()));
        }
        KeyUtil.validateKeyProvider((CloudHsmKey) key, getProvider());
        this.privateKey = Optional.of((CloudHsmEcPrivateKey) key);
        if (algorithmParameterSpec != null) {
            if (!(algorithmParameterSpec instanceof KeyAttributesMap)) {
                throw new InvalidAlgorithmParameterException(MessageFormat.format(ErrorMessages.SPEC_PROVIDED_IS_NOT_AN_INSTANCE_OF_EXPECTED_TYPE.getMessage(), KeyAttributesMap.class.getSimpleName()));
            }
            setKeyAttributes((KeyAttributesMap) algorithmParameterSpec);
        }
    }

    protected void setKeyAttributes(KeyAttributesMap keyAttributesMap) throws InvalidAlgorithmParameterException {
        try {
            this.userSpec.putAll(keyAttributesMap);
        } catch (AddAttributeException | InvalidParameterException e) {
            throw new InvalidAlgorithmParameterException(e);
        }
    }

    protected CloudHsmEcPrivateKey getCloudHsmEcPrivateKey() {
        return this.privateKey.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.OPERATION_NOT_INITIALIZED.getMessage());
        });
    }

    protected ECPublicKey getEcPublicKey() {
        return this.publicKey.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.ECDH_PUBLIC_KEY_TO_DO_PHASE_IS_NULL.getMessage());
        });
    }
}
