package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.CloudHsmCipher;
import com.amazonaws.cloudhsm.jce.jni.CoreKey;
import com.amazonaws.cloudhsm.jce.jni.Session;
import com.amazonaws.cloudhsm.jce.jni.UnwrapKeyBuilder;
import com.amazonaws.cloudhsm.jce.jni.exception.AddAttributeException;
import com.amazonaws.cloudhsm.jce.jni.exception.DataException;
import com.amazonaws.cloudhsm.jce.jni.exception.DataExceptionCause;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalException;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalExceptionCause;
import com.amazonaws.cloudhsm.jce.jni.exception.KeyUnwrapKeyNotSupportedException;
import com.amazonaws.cloudhsm.jce.provider.attributes.CoreAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributePermissiveProfile;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyType;
import com.amazonaws.cloudhsm.jce.provider.attributes.ObjectClassType;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.NoSuchElementException;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.BadPaddingException;
import javax.crypto.CipherSpi;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/amazonaws/cloudhsm/jce/provider/CloudHsmCipherBase.class */
public abstract class CloudHsmCipherBase extends CipherSpi {
    final CloudHsmLogger logger;
    private final CloudHsmProvider provider;
    String mode;
    String padding;
    int opMode;
    private Optional<CloudHsmKey> key = Optional.empty();
    private Optional<Session> session = Optional.empty();
    private Optional<CloudHsmCipher> cloudHsmCipher = Optional.empty();
    private Optional<byte[]> iv = Optional.empty();
    private KeyAttributesMap unwrapKeyAttributes = new KeyAttributesMap();

    abstract HashSet<String> getSupportedModes();

    abstract HashSet<String> getSupportedPaddings();

    abstract HashSet<Integer> getSupportedOpModes();

    protected abstract void initAlgorithmParamSpecOrCreateDefault(Optional<AlgorithmParameterSpec> optional) throws InvalidAlgorithmParameterException;

    abstract Optional<CloudHsmCipher> initCipherInstance() throws InvalidAlgorithmParameterException;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CloudHsmCipherBase(Mode mode, Padding padding, CloudHsmProvider cloudHsmProvider) throws IllegalStateException {
        if (cloudHsmProvider == null) {
            throw new IllegalStateException(ErrorMessages.PROVIDER_NOT_INITIALIZED.getMessage());
        }
        this.provider = cloudHsmProvider;
        this.logger = new CloudHsmLogger(getClass(), this.provider.getId(), this.provider.getClusterName());
        this.mode = mode.toString();
        this.padding = padding.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public synchronized void engineInit(int i, Key key, SecureRandom secureRandom) throws InvalidKeyException {
        try {
            engineInit(i, key, (AlgorithmParameterSpec) null, secureRandom);
        } catch (InvalidAlgorithmParameterException e) {
            throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public synchronized void engineInit(int i, Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (this.cloudHsmCipher.isPresent()) {
            this.cloudHsmCipher.get().delete();
            this.cloudHsmCipher = Optional.empty();
        }
        setOpMode(i);
        initAlgorithmParamSpecOrCreateDefault(Optional.ofNullable(algorithmParameterSpec));
        setKey(key);
    }

    @Override // javax.crypto.CipherSpi
    protected void engineInit(int i, Key key, AlgorithmParameters algorithmParameters, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        throw new UnsupportedOperationException(ErrorMessages.CIPHER_ALGORITHM_PARAMETERS_NOT_SUPPORTED.getMessage());
    }

    @Override // javax.crypto.CipherSpi
    protected AlgorithmParameters engineGetParameters() {
        throw new UnsupportedOperationException(ErrorMessages.CIPHER_ALGORITHM_PARAMETERS_NOT_SUPPORTED.getMessage());
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetMode(String str) throws NoSuchAlgorithmException {
        this.logger.trace("Calling engineSetMode");
        Stream stream = getSupportedModes().stream();
        str.getClass();
        if (!stream.anyMatch(str::equalsIgnoreCase)) {
            throw new NoSuchAlgorithmException(MessageFormat.format(ErrorMessages.CIPHER_OPERATION_MODE_NOT_SUPPORTED.getMessage(), str));
        }
        this.logger.trace("Setting mode: " + str);
        this.mode = str;
    }

    @Override // javax.crypto.CipherSpi
    protected void engineSetPadding(String str) throws NoSuchPaddingException {
        this.logger.trace("Calling engineSetPadding");
        Stream stream = getSupportedPaddings().stream();
        str.getClass();
        if (!stream.anyMatch(str::equalsIgnoreCase)) {
            throw new NoSuchPaddingException(MessageFormat.format(ErrorMessages.CIPHER_NO_SUCH_PADDING_SUPPORTED.getMessage(), str));
        }
        this.logger.trace("Setting padding: " + str);
        this.padding = str;
    }

    @Override // javax.crypto.CipherSpi
    protected synchronized int engineGetBlockSize() {
        this.logger.trace("Calling engineGetBlockSize");
        initializeCoreCipherInstanceWhenEngineInitWasAlreadyCalled();
        return getCipherInstance().getBlockSize();
    }

    @Override // javax.crypto.CipherSpi
    protected synchronized int engineGetOutputSize(int i) {
        this.logger.trace("Calling engineGetOutputSize for " + this.mode + "/" + this.padding);
        if (this.opMode == 3 || this.opMode == 4) {
            throw new UnsupportedOperationException(MessageFormat.format(ErrorMessages.CIPHER_OPERATION_UNSUPPORTED.getMessage(), Integer.valueOf(this.opMode)));
        }
        return getOutputSize(i, true);
    }

    protected int getOutputSize(int i, boolean z) {
        initializeCoreCipherInstanceWhenEngineInitWasAlreadyCalled();
        try {
            return getCipherInstance().getOutputSize(i, z);
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // javax.crypto.CipherSpi
    protected byte[] engineGetIV() {
        this.logger.trace("Calling engineGetIV");
        return this.cloudHsmCipher.isPresent() ? this.cloudHsmCipher.get().cloneIv().orElse(null) : (byte[]) this.iv.map(obj -> {
            return (byte[]) ((byte[]) obj).clone();
        }).orElse(null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public synchronized byte[] engineUpdate(byte[] bArr, int i, int i2) {
        this.logger.trace("Calling engineUpdate");
        Validations.validateInputBufferForRead(bArr, i, i2);
        initializeCoreCipherInstanceWhenEngineInitWasAlreadyCalled();
        CloudHsmCipher cipherInstance = getCipherInstance();
        Optional.empty();
        try {
            return cipherInstance.update(Arrays.copyOfRange(bArr, i, Math.addExact(i, i2))).orElse(null);
        } catch (ArithmeticException e) {
            throw new DataException(DataExceptionCause.DATA_LEN_RANGE, ErrorMessages.BUFFER_INPUT_OFFSET_OR_LENGTH_INVALID.getMessage(), e);
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public synchronized int engineUpdate(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException {
        this.logger.trace("Calling engineUpdate with output buffer");
        validateOutputBuffer(bArr2, i3, i2, false);
        byte[] engineUpdate = engineUpdate(bArr, i, i2);
        if (engineUpdate == null) {
            return 0;
        }
        System.arraycopy(engineUpdate, 0, bArr2, i3, engineUpdate.length);
        return engineUpdate.length;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public synchronized byte[] engineDoFinal(byte[] bArr, int i, int i2) throws IllegalBlockSizeException, BadPaddingException {
        this.logger.trace("Calling engineDoFinal");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        initializeCoreCipherInstanceWhenEngineInitWasAlreadyCalled();
        byte[] validateAndGetUpdateData = (bArr == null && i == 0 && i2 == 0) ? new byte[0] : validateAndGetUpdateData(bArr, i, i2);
        try {
            CloudHsmCipher cipherInstance = getCipherInstance();
            Optional.empty();
            try {
                try {
                    writeToBuffer(byteArrayOutputStream, cipherInstance.doFinal(validateAndGetUpdateData).get());
                } catch (NoSuchElementException e) {
                    this.logger.info("No data returned for final call");
                }
                return byteArrayOutputStream.toByteArray();
            } catch (Exception e2) {
                throw ErrorHandling.asCloudhsmException(e2);
            }
        } finally {
            finalizeCoreCipherInstance();
        }
    }

    protected byte[] validateAndGetUpdateData(byte[] bArr, int i, int i2) {
        Validations.validateInputBufferForRead(bArr, i, i2);
        return Arrays.copyOfRange(bArr, i, Math.addExact(i, i2));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public synchronized int engineDoFinal(byte[] bArr, int i, int i2, byte[] bArr2, int i3) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException {
        this.logger.trace("Calling engineDoFinal with output buffer");
        byte[] engineDoFinal = engineDoFinal(bArr, i, i2);
        if (engineDoFinal == null) {
            return 0;
        }
        int addExact = Math.addExact(engineDoFinal.length, i3);
        if (addExact > bArr2.length) {
            throw new ShortBufferException(MessageFormat.format(ErrorMessages.BUFFER_TOO_SMALL.getMessage(), Integer.valueOf(addExact)));
        }
        System.arraycopy(engineDoFinal, 0, bArr2, i3, engineDoFinal.length);
        return engineDoFinal.length;
    }

    @Override // javax.crypto.CipherSpi
    protected int engineGetKeySize(Key key) throws InvalidKeyException {
        throw new UnsupportedOperationException(ErrorMessages.CIPHER_GET_KEY_SIZE_NOT_SUPPORTED.getMessage());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.crypto.CipherSpi
    public byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException {
        if (key == null) {
            throw new InvalidKeyException(ErrorMessages.KEY_REQUIRED_FOR_THIS_OPERATION.getMessage());
        }
        if (!(key instanceof CloudHsmKey)) {
            throw new InvalidKeyException(ErrorMessages.CIPHER_NON_CLOUDHSM_KEY_NOT_SUPPORTED.getMessage());
        }
        KeyUtil.validateKeyProvider((CloudHsmKey) key, getProvider());
        initializeCoreCipherInstanceWhenEngineInitWasAlreadyCalled();
        try {
            try {
                byte[] wrap = getCipherInstance().wrap(getCloudHsmKey().getCoreKey(), ((CloudHsmKey) key).getCoreKey());
                finalizeCoreCipherInstance();
                return wrap;
            } catch (InvalidAlgorithmParameterException e) {
                throw new IllegalArgumentException(e);
            } catch (Exception e2) {
                throw ErrorHandling.asCloudhsmException(e2);
            }
        } catch (Throwable th) {
            finalizeCoreCipherInstance();
            throw th;
        }
    }

    @Override // javax.crypto.CipherSpi
    protected Key engineUnwrap(byte[] bArr, String str, int i) throws InvalidKeyException, NoSuchAlgorithmException {
        if (bArr == null) {
            throw new InvalidKeyException(ErrorMessages.KEY_TO_UNWRAP_IS_NULL.getMessage());
        }
        try {
            KeyType keyType = KeyUtil.getKeyType(str);
            try {
                ObjectClassType objectClass = KeyUtil.getObjectClass(i);
                initializeCoreCipherInstanceWhenEngineInitWasAlreadyCalled();
                try {
                    try {
                        try {
                            UnwrapKeyBuilder unwrapKeyBuilder = getUnwrapKeyBuilder(keyType, objectClass);
                            KeyAttributesMap createKeyAttributesMap = getCreateKeyAttributesMap(objectClass);
                            createKeyAttributesMap.putAll(this.unwrapKeyAttributes);
                            Iterator<CoreAttribute> it = AttributesUtils.convertKeyAttributesMapToCoreAttributes(createKeyAttributesMap).iterator();
                            while (it.hasNext()) {
                                unwrapKeyBuilder.addAttribute(it.next());
                            }
                            CoreKey unwrap = unwrapKeyBuilder.unwrap(getCloudHsmKey().getCoreKey(), bArr);
                            finalizeCoreCipherInstance();
                            return KeyUtil.getCloudHsmKey(unwrap, keyType, objectClass, getProvider());
                        } catch (Throwable th) {
                            finalizeCoreCipherInstance();
                            throw th;
                        }
                    } catch (Exception e) {
                        throw ErrorHandling.asCloudhsmException(e);
                    }
                } catch (KeyUnwrapKeyNotSupportedException | RuntimeException e2) {
                    throw e2;
                } catch (InvalidAlgorithmParameterException e3) {
                    throw new IllegalArgumentException(e3);
                }
            } catch (IllegalArgumentException e4) {
                throw new NoSuchAlgorithmException(MessageFormat.format(ErrorMessages.KEY_ALGORITHM_VALUE_INVALID.getMessage(), String.format("[%d, %d, %d]", 1, 2, 3), bArr));
            }
        } catch (IllegalArgumentException e5) {
            throw new NoSuchAlgorithmException(MessageFormat.format(ErrorMessages.KEY_ALGORITHM_VALUE_INVALID.getMessage(), Arrays.stream(KeyType.values()).map((v0) -> {
                return v0.name();
            }).collect(Collectors.joining(",")), str));
        }
    }

    private KeyAttributesMap getCreateKeyAttributesMap(ObjectClassType objectClassType) {
        return objectClassType == ObjectClassType.PRIVATE_KEY ? KeyAttributePermissiveProfile.KEY_PAIR_CREATION.getKeyPairDefaultsMap().getPrivate() : KeyAttributePermissiveProfile.KEY_CREATION.getKeyDefaultsMap();
    }

    protected UnwrapKeyBuilder getUnwrapKeyBuilder(KeyType keyType, ObjectClassType objectClassType) throws Exception {
        throw new UnsupportedOperationException();
    }

    private void setOpMode(int i) {
        if (!getSupportedOpModes().contains(Integer.valueOf(i))) {
            throw new UnsupportedOperationException(MessageFormat.format(ErrorMessages.CIPHER_OP_MODE_NOT_SUPPORTED.getMessage(), Integer.valueOf(i)));
        }
        this.logger.trace("Setting op mode " + i);
        this.opMode = i;
    }

    private void setKey(Key key) throws InvalidKeyException, InvalidAlgorithmParameterException {
        if (key == null) {
            throw new InvalidKeyException(ErrorMessages.KEY_REQUIRED_FOR_THIS_OPERATION.getMessage());
        }
        if (!(key instanceof CloudHsmKey)) {
            throw new InvalidKeyException(ErrorMessages.CIPHER_NON_CLOUDHSM_KEY_NOT_SUPPORTED.getMessage());
        }
        KeyUtil.validateKeyProvider((CloudHsmKey) key, getProvider());
        this.key = Optional.of((CloudHsmKey) key);
        validateKey((CloudHsmKey) key);
    }

    protected void validateKey(CloudHsmKey cloudHsmKey) throws InvalidAlgorithmParameterException {
        initializeCoreCipherInstance();
    }

    private void initializeCoreCipherInstance() throws InvalidAlgorithmParameterException {
        if (this.cloudHsmCipher.isPresent()) {
            return;
        }
        this.session = Optional.of(getProvider().getSession());
        this.cloudHsmCipher = initCipherInstance();
    }

    private void finalizeCoreCipherInstance() {
        endSession();
        CloudHsmCipher orElseThrow = this.cloudHsmCipher.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.CIPHER_OPERATION_ALREADY_FINALIZED.getMessage());
        });
        this.iv = orElseThrow.cloneIv();
        orElseThrow.delete();
        this.cloudHsmCipher = Optional.empty();
        this.logger.debug("CloudHsmCipher Instance reset");
    }

    private CloudHsmCipher getCipherInstance() {
        return this.cloudHsmCipher.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.CIPHER_OPERATION_NOT_INITIALIZED.getMessage());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudHsmKey getCloudHsmKey() {
        return this.key.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.CIPHER_OPERATION_NOT_INITIALIZED.getMessage());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getSession() {
        return this.session.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.CIPHER_OPERATION_NOT_INITIALIZED.getMessage());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloudHsmProvider getProvider() {
        return this.provider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> T require(Optional<T> optional) {
        if (optional == null || !optional.isPresent()) {
            throw new IllegalStateException(ErrorMessages.CIPHER_OPERATION_NOT_INITIALIZED.getMessage());
        }
        return optional.get();
    }

    private void endSession() {
        this.session.orElseThrow(() -> {
            return new IllegalStateException(ErrorMessages.CIPHER_OPERATION_ALREADY_FINALIZED.getMessage());
        });
        this.logger.debug("Session reference released");
        this.session = Optional.empty();
    }

    private void validateOutputBuffer(byte[] bArr, int i, int i2, boolean z) throws ShortBufferException {
        if (bArr == null) {
            throw new IllegalArgumentException(ErrorMessages.OUTPUT_BUFFER_CANNOT_BE_NULL.getMessage());
        }
        this.logger.trace("destination buffer is not null");
        int outputSize = getOutputSize(i2, z);
        this.logger.trace(MessageFormat.format("Expected output size is {0} with inputLength {1} and isFinal {2}", Integer.valueOf(outputSize), Integer.valueOf(i2), Boolean.valueOf(z)));
        int addExact = Math.addExact(outputSize, i);
        if (addExact > bArr.length) {
            throw new ShortBufferException(MessageFormat.format(ErrorMessages.BUFFER_TOO_SMALL.getMessage(), Integer.valueOf(addExact)));
        }
    }

    private static void writeToBuffer(ByteArrayOutputStream byteArrayOutputStream, byte[] bArr) {
        try {
            byteArrayOutputStream.write(bArr);
        } catch (IOException e) {
            throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, ErrorMessages.ERROR_WRITING_TO_INTERNAL_BUFFER.getMessage());
        }
    }

    private void initializeCoreCipherInstanceWhenEngineInitWasAlreadyCalled() {
        try {
            initializeCoreCipherInstance();
        } catch (InvalidAlgorithmParameterException e) {
            throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, ErrorMessages.UNEXPECTED_ERROR.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void setIv(byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            this.iv = Optional.empty();
        } else {
            this.iv = Optional.of(bArr);
        }
    }

    protected synchronized void setIvFromCipherInstance() {
        setIv(getCipherInstance().cloneIv().orElse(null));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized Optional<byte[]> getIv() {
        return Optional.ofNullable(engineGetIV());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setKeyAttributes(KeyAttributesMap keyAttributesMap) throws InvalidAlgorithmParameterException {
        try {
            this.unwrapKeyAttributes.putAll(keyAttributesMap);
        } catch (AddAttributeException | InvalidParameterException e) {
            throw new InvalidAlgorithmParameterException(e);
        }
    }
}
