package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.CloudHsmCipher;
import com.amazonaws.cloudhsm.jce.jni.HashAlgorithm;
import com.amazonaws.cloudhsm.jce.jni.UnwrapKeyBuilder;
import com.amazonaws.cloudhsm.jce.jni.exception.RsaAesInvalidParametersException;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyType;
import com.amazonaws.cloudhsm.jce.provider.attributes.ObjectClassType;
import com.amazonaws.cloudhsm.jce.provider.spec.OAEPUnwrapKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.text.MessageFormat;
import java.util.HashSet;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.spec.OAEPParameterSpec;

/* loaded from: input_file:com/amazonaws/cloudhsm/jce/provider/RsaAesCipher.class */
abstract class RsaAesCipher extends CloudHsmCipherBase {
    private static final String ALGORITHM_STRING = "RSA AES WRAP";
    private static final long DEFAULT_AES_KEY_SIZE_BITS = 256;
    static final HashSet<String> supportedModes = (HashSet) Stream.of(Mode.ECB.toString()).collect(Collectors.toCollection(HashSet::new));
    static final HashSet<String> supportedPaddings = (HashSet) Stream.of((Object[]) new String[]{Padding.OAEP_PADDING.toString(), Padding.OAEP_PADDING_SHA1.toString(), Padding.OAEP_PADDING_SHA224.toString(), Padding.OAEP_PADDING_SHA256.toString(), Padding.OAEP_PADDING_SHA384.toString(), Padding.OAEP_PADDING_SHA512.toString()}).collect(Collectors.toCollection(HashSet::new));
    static final HashSet<Integer> supportedOpModes = (HashSet) Stream.of((Object[]) new Integer[]{3, 4}).collect(Collectors.toCollection(HashSet::new));
    private Optional<HashAlgorithm> digestAlgorithm;
    private Optional<HashAlgorithm> mgfAlgorithm;

    /* JADX INFO: Access modifiers changed from: protected */
    public RsaAesCipher(Padding padding, CloudHsmProvider cloudHsmProvider) {
        super(Mode.ECB, padding, cloudHsmProvider);
        this.digestAlgorithm = Optional.empty();
        this.mgfAlgorithm = Optional.empty();
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    HashSet<String> getSupportedModes() {
        return supportedModes;
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    HashSet<String> getSupportedPaddings() {
        return supportedPaddings;
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    HashSet<Integer> getSupportedOpModes() {
        return supportedOpModes;
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    protected void initAlgorithmParamSpecOrCreateDefault(Optional<AlgorithmParameterSpec> optional) throws InvalidAlgorithmParameterException {
        AlgorithmParameterSpec orElse = optional.orElse(OaepUtils.getOaepParameterSpecForPadding(this.padding));
        if (orElse instanceof OAEPParameterSpec) {
            setOaepParameters(orElse);
            return;
        }
        if ((orElse instanceof OAEPUnwrapKeySpec) && this.opMode == 4) {
            OAEPUnwrapKeySpec oAEPUnwrapKeySpec = (OAEPUnwrapKeySpec) orElse;
            setOaepParameters(oAEPUnwrapKeySpec.getOaepSpec());
            setKeyAttributes(oAEPUnwrapKeySpec.getKeySpec());
        } else {
            if (!(orElse instanceof KeyAttributesMap) || this.opMode != 4) {
                throw new InvalidAlgorithmParameterException(MessageFormat.format(ErrorMessages.CIPHER_UNSUPPORTED_PARAM_SPEC.getMessage(), ALGORITHM_STRING));
            }
            setOaepParameters(OaepUtils.getOaepParameterSpecForPadding(this.padding));
            setKeyAttributes((KeyAttributesMap) orElse);
        }
    }

    private void setOaepParameters(AlgorithmParameterSpec algorithmParameterSpec) throws InvalidAlgorithmParameterException {
        OAEPParameterSpec validateOAEPParameterSpec = OaepUtils.validateOAEPParameterSpec(algorithmParameterSpec, ALGORITHM_STRING);
        this.digestAlgorithm = Optional.ofNullable(OaepUtils.getDigestAlgorithm(validateOAEPParameterSpec));
        this.mgfAlgorithm = Optional.ofNullable(OaepUtils.getDigestAlgorithm((MGF1ParameterSpec) validateOAEPParameterSpec.getMGFParameters()));
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    Optional<CloudHsmCipher> initCipherInstance() throws InvalidAlgorithmParameterException {
        switch (this.opMode) {
            case 3:
                return getWrapInstance();
            case 4:
                return getUnwrapInstance();
            default:
                throw new UnsupportedOperationException(MessageFormat.format(ErrorMessages.CIPHER_OPERATION_MODE_NOT_SUPPORTED.getMessage(), Integer.valueOf(this.opMode)));
        }
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.CloudHsmCipherBase
    protected UnwrapKeyBuilder getUnwrapKeyBuilder(KeyType keyType, ObjectClassType objectClassType) throws Exception {
        return getSession().rsaAesUnwrapBuilder((HashAlgorithm) require(this.digestAlgorithm), (HashAlgorithm) require(this.mgfAlgorithm), DEFAULT_AES_KEY_SIZE_BITS, keyType, objectClassType);
    }

    private Optional<CloudHsmCipher> getWrapInstance() throws InvalidAlgorithmParameterException {
        try {
            return Optional.of(getSession().rsaAesWrap((HashAlgorithm) require(this.digestAlgorithm), (HashAlgorithm) require(this.mgfAlgorithm), DEFAULT_AES_KEY_SIZE_BITS));
        } catch (RsaAesInvalidParametersException e) {
            throw e;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    private Optional<CloudHsmCipher> getUnwrapInstance() {
        return Optional.of(getSession().rsaAesUnwrapInit());
    }
}
