package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.CloudHsmObjectFinder;
import com.amazonaws.cloudhsm.jce.jni.CoreKey;
import com.amazonaws.cloudhsm.jce.jni.GetAttributesBuilder;
import com.amazonaws.cloudhsm.jce.jni.JniUtility;
import com.amazonaws.cloudhsm.jce.jni.Session;
import com.amazonaws.cloudhsm.jce.jni.exception.AddAttributeException;
import com.amazonaws.cloudhsm.jce.jni.exception.AuthenticationException;
import com.amazonaws.cloudhsm.jce.jni.exception.CloudHsmKeyStoreException;
import com.amazonaws.cloudhsm.jce.jni.exception.CloudHsmKeyStoreExceptionCause;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalException;
import com.amazonaws.cloudhsm.jce.jni.exception.InternalExceptionCause;
import com.amazonaws.cloudhsm.jce.jni.exception.KeyUsageException;
import com.amazonaws.cloudhsm.jce.jni.exception.ProviderException;
import com.amazonaws.cloudhsm.jce.provider.attributes.CoreAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyReferenceSpec;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyType;
import com.amazonaws.cloudhsm.jce.provider.attributes.ObjectClassType;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/amazonaws/cloudhsm/jce/provider/CloudHsmKeyStore.class */
public class CloudHsmKeyStore extends KeyStoreWithAttributesSpi {
    private final CloudHsmLogger logger;
    private final KeyStore internalKeystore;
    private final List<CloudHsmKey> keysToBeStored;
    private static final char[] HEX_ARRAY = "0123456789abcdef".toCharArray();

    /* loaded from: input_file:com/amazonaws/cloudhsm/jce/provider/CloudHsmKeyStore$CheckValuePrivateKey.class */
    private class CheckValuePrivateKey implements PrivateKey {
        private static final long serialVersionUID = 5909471981438223718L;
        private final byte[] keyCheckValue;
        private final String keyType;

        public CheckValuePrivateKey(byte[] bArr, String str) {
            this.keyCheckValue = bArr;
            this.keyType = str;
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            return this.keyType;
        }

        @Override // java.security.Key
        public String getFormat() {
            return "PKCS8";
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            try {
                return JniUtility.dummyRsaPrivateKeyPkcs8EncodingForKeyStore(this.keyCheckValue);
            } catch (Exception e) {
                throw ErrorHandling.asCloudhsmException(e);
            }
        }
    }

    public CloudHsmKeyStore(CloudHsmProvider cloudHsmProvider) throws KeyStoreException, IllegalStateException {
        super(cloudHsmProvider);
        this.keysToBeStored = Collections.synchronizedList(new ArrayList());
        this.logger = new CloudHsmLogger(getClass(), cloudHsmProvider.getId(), cloudHsmProvider.getClusterName());
        this.internalKeystore = KeyStore.getInstance("pkcs12");
        this.logger.trace("CloudHsmKeyStore constructor called.");
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        this.logger.trace("engineAliases called.");
        return Collections.enumeration(mergedAliases());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        this.logger.trace("engineContainsAlias called.");
        try {
            if (getCoreKeyUsingObjectFinder(getProvider().getSession(), str) == null) {
                return this.internalKeystore.containsAlias(getEncodedAlias(str));
            }
            this.logger.debug("Key found on the hsm with alias " + str);
            return true;
        } catch (UnrecoverableKeyException e) {
            this.logger.warn("Multiple keys found during containsAlias call with alias " + str);
            return true;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        this.logger.trace("engineDeleteEntry called");
        if (str == null) {
            throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_ALIAS, ErrorMessages.KEYSTORE_ALIAS_CANNOT_BE_NULL.getMessage());
        }
        if (!this.internalKeystore.isCertificateEntry(getEncodedAlias(str))) {
            throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_ALIAS, ErrorMessages.KEYSTORE_ALIAS_INVALID_FOR_DELETION.getMessage());
        }
        this.internalKeystore.deleteEntry(getEncodedAlias(str));
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        this.logger.trace("engineGetCertificate called");
        if (str == null) {
            return null;
        }
        try {
            return this.internalKeystore.getCertificate(getEncodedAlias(str));
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        this.logger.trace("engineGetCertificateAlias called");
        try {
            return this.internalKeystore.getCertificateAlias(certificate);
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        this.logger.trace("engineGetCertificateChain called");
        if (str == null) {
            return null;
        }
        try {
            return this.internalKeystore.getCertificateChain(getEncodedAlias(str));
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        this.logger.debug("engineGetCreationDate called");
        if (str == null) {
            return null;
        }
        try {
            return this.internalKeystore.getCreationDate(getEncodedAlias(str));
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        this.logger.debug("engineGetKey called");
        if (str == null) {
            return null;
        }
        Session session = getProvider().getSession();
        try {
            CoreKey coreKeyUsingObjectFinder = getCoreKeyUsingObjectFinder(session, str);
            if (coreKeyUsingObjectFinder != null) {
                return getCloudHsmKey(session, coreKeyUsingObjectFinder, getCoreAttributeValues(session, coreKeyUsingObjectFinder, getRequiredKeyAttributeMap()));
            }
            this.logger.debug("No key found with alias " + str);
            return null;
        } catch (UnrecoverableKeyException e) {
            throw e;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        this.logger.trace("engineIsCertificateEntry called");
        if (str == null) {
            return false;
        }
        try {
            return this.internalKeystore.isCertificateEntry(getEncodedAlias(str));
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        boolean z;
        this.logger.debug("engineIsKeyEntry called");
        if (str == null) {
            return false;
        }
        try {
            if (this.internalKeystore.isKeyEntry(getEncodedAlias(str))) {
                if (engineGetKey(str, null) != null) {
                    z = true;
                    return z;
                }
            }
            z = false;
            return z;
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        this.logger.trace("engineLoad called");
        this.internalKeystore.load(inputStream, cArr);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        this.logger.debug("engineSetCertificateEntry called");
        if (str == null) {
            throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_ALIAS, ErrorMessages.KEYSTORE_ALIAS_CANNOT_BE_NULL.getMessage());
        }
        if (engineContainsAlias(str)) {
            throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_ALIAS, MessageFormat.format(ErrorMessages.KEYSTORE_ALIAS_ALREADY_EXISTS.getMessage(), str));
        }
        this.internalKeystore.setCertificateEntry(getEncodedAlias(str), certificate);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        throw new UnsupportedOperationException(ErrorMessages.KEYSTORE_METHOD_IS_NOT_SUPPORTED.getMessage());
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        this.logger.trace("engineSetKeyEntry called");
        if (str == null) {
            throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_ALIAS, ErrorMessages.KEYSTORE_ALIAS_CANNOT_BE_NULL.getMessage());
        }
        if (key == null) {
            throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_KEY, ErrorMessages.KEYSTORE_NULL_KEY.getMessage());
        }
        if (key.getAlgorithm() == null) {
            throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_KEY, ErrorMessages.KEYSTORE_NULL_KEY_ALGORITHM.getMessage());
        }
        Session session = getProvider().getSession();
        try {
            if (key instanceof SecretKey) {
                this.logger.debug("Key is a secret key");
                if (certificateArr != null) {
                    throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_CHAIN, ErrorMessages.KEYSTORE_CHAIN_MUST_BE_NULL_FOR_SECRET_KEY.getMessage());
                }
                this.logger.trace("Importing key on HSM");
                CloudHsmKey importKeyOnHsm = importKeyOnHsm(session, str, key);
                this.logger.debug("Key with alias " + str + " is imported on HSM");
                this.internalKeystore.setKeyEntry(getEncodedAlias(str), new SecretKeySpec(new byte[16], "AES"), cArr, certificateArr);
                this.logger.trace("KeyEntry is set in internal KeyStore");
                this.keysToBeStored.add(importKeyOnHsm);
            } else {
                if (!(key instanceof PrivateKey)) {
                    throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_KEY, MessageFormat.format(ErrorMessages.KEYSTORE_SET_ENTRY_UNSUPPORTED.getMessage(), key.getClass().getSimpleName()));
                }
                this.logger.debug("Key is a private key");
                if (certificateArr == null) {
                    throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_CHAIN, ErrorMessages.KEYSTORE_CHAIN_MUST_NOT_BE_NULL_FOR_PRIVATE_KEY.getMessage());
                }
                this.logger.trace("Importing key on HSM");
                CloudHsmKey importKeyOnHsm2 = importKeyOnHsm(session, str, key);
                this.logger.debug("Key with alias " + str + " is imported on HSM");
                HashMap<KeyAttribute, Object> hashMap = new HashMap<>();
                hashMap.put(KeyAttribute.KCV, new byte[0]);
                byte[] bArr = (byte[]) getCoreAttributeValues(session, importKeyOnHsm2.getCoreKey(), hashMap).get(KeyAttribute.KCV);
                this.logger.trace("Retrieved KCV of the key on HSM");
                this.internalKeystore.setKeyEntry(getEncodedAlias(str), new CheckValuePrivateKey(bArr, importKeyOnHsm2.getAlgorithm()), cArr, certificateArr);
                this.logger.trace("KeyEntry is set in internal KeyStore");
                this.keysToBeStored.add(importKeyOnHsm2);
            }
        } catch (KeyStoreException e) {
            throw e;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        this.logger.trace("engineSize called");
        return mergedAliases().size();
    }

    @Override // java.security.KeyStoreSpi
    public synchronized void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        this.logger.trace("engineStore called");
        if (outputStream == null) {
            throw new IllegalArgumentException(ErrorMessages.OUTPUT_BUFFER_CANNOT_BE_NULL.getMessage());
        }
        if (cArr == null) {
            throw new IllegalArgumentException(ErrorMessages.KEYSTORE_NULL_PASSWORD.getMessage());
        }
        Session session = getProvider().getSession();
        try {
            Iterator<CloudHsmKey> it = this.keysToBeStored.iterator();
            while (it.hasNext()) {
                session.persistKey(it.next().getCoreKey());
            }
            this.keysToBeStored.clear();
            this.internalKeystore.store(outputStream, cArr);
        } catch (AuthenticationException | InternalException | KeyUsageException | ProviderException e) {
            throw e;
        } catch (Exception e2) {
            throw new InternalException(InternalExceptionCause.INTERNAL_ERROR, e2);
        }
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.KeyStoreWithAttributesSpi
    public Key engineGetKey(KeySpec keySpec) throws InvalidKeySpecException {
        if (keySpec == null) {
            throw new InvalidKeySpecException(ErrorMessages.KEYSTORE_KEY_SPEC_NULL.getMessage());
        }
        if (keySpec instanceof KeyReferenceSpec) {
            return getKeyByReference(getProvider(), (KeyReferenceSpec) keySpec);
        }
        if (keySpec instanceof KeyAttributesMap) {
            return getKeyByKeyAttributes((KeyAttributesMap) keySpec);
        }
        throw new InvalidKeySpecException(ErrorMessages.KEYSTORE_KEY_SPEC_WRONG_TYPE.getMessage());
    }

    private Key getKeyByKeyAttributes(KeyAttributesMap keyAttributesMap) throws InvalidKeySpecException {
        Session session = getProvider().getSession();
        try {
            try {
                CloudHsmObjectFinder createFindObjectsBuilder = session.createFindObjectsBuilder();
                for (Map.Entry<KeyAttribute, Object> entry : keyAttributesMap.entrySet()) {
                    createFindObjectsBuilder.addAttribute(new CoreAttribute(entry.getKey(), entry.getValue()));
                }
                CoreKey[] find = createFindObjectsBuilder.find();
                if (find.length == 0) {
                    this.logger.warn("No keys matching the given KeySpec were found.");
                    return null;
                }
                if (find.length > 1) {
                    throw new InvalidKeySpecException("Multiple keys that match the given KeySpec were found.");
                }
                CoreKey coreKey = find[0];
                return getCloudHsmKey(session, coreKey, getCoreAttributeValues(session, coreKey, getRequiredKeyAttributeMap()));
            } catch (Exception e) {
                throw ErrorHandling.asCloudhsmException(e);
            }
        } catch (AuthenticationException | InternalException | KeyUsageException | ProviderException | InvalidKeySpecException e2) {
            throw e2;
        }
    }

    private static HashMap<KeyAttribute, Object> getRequiredKeyAttributeMap() {
        HashMap<KeyAttribute, Object> hashMap = new HashMap<>();
        hashMap.put(KeyAttribute.KEY_TYPE, KeyType.AES);
        hashMap.put(KeyAttribute.OBJECT_CLASS, ObjectClassType.PUBLIC_KEY);
        return hashMap;
    }

    private Key getKeyByReference(CloudHsmProvider cloudHsmProvider, KeyReferenceSpec keyReferenceSpec) throws InvalidKeySpecException {
        if (keyReferenceSpec == null) {
            throw new InvalidKeySpecException(ErrorMessages.KEYSTORE_KEY_SPEC_NULL.getMessage());
        }
        try {
            try {
                Session session = cloudHsmProvider.getSession();
                Optional<CoreKey> findKeyByReference = session.findKeyByReference(Long.valueOf(keyReferenceSpec.getKeyReferenceValue()).longValue());
                if (!findKeyByReference.isPresent()) {
                    this.logger.info("No matching keys found matching given key reference");
                    return null;
                }
                return getCloudHsmKey(session, findKeyByReference.get(), getCoreAttributeValues(session, findKeyByReference.get(), getRequiredKeyAttributeMap()));
            } catch (AuthenticationException | InternalException | ProviderException e) {
                throw e;
            }
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    @Override // com.amazonaws.cloudhsm.jce.provider.KeyStoreWithAttributesSpi
    public List<Key> engineGetKeys(KeySpec keySpec) throws InvalidKeySpecException {
        if (keySpec instanceof KeyAttributesMap) {
            try {
                return findAll(getProvider(), (KeyAttributesMap) keySpec);
            } catch (Exception e) {
                throw ErrorHandling.asCloudhsmException(e);
            }
        }
        if (!(keySpec instanceof KeyReferenceSpec)) {
            if (keySpec == null) {
                throw new InvalidKeySpecException(ErrorMessages.KEYSTORE_KEY_SPEC_NULL.getMessage());
            }
            throw new InvalidKeySpecException(ErrorMessages.KEYSTORE_KEY_SPEC_WRONG_TYPE.getMessage());
        }
        try {
            ArrayList arrayList = new ArrayList();
            Key engineGetKey = engineGetKey(keySpec);
            if (engineGetKey != null) {
                arrayList.add(engineGetKey);
            }
            return arrayList;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    private Set<String> mergedAliases() {
        HashSet hashSet = new HashSet();
        Session session = getProvider().getSession();
        try {
            this.logger.trace("Operation Context created for engineAliases.");
            String[] findAllLabels = session.findAllLabels();
            this.logger.trace("Found " + findAllLabels.length + " keys in HSM.");
            hashSet.addAll(Arrays.asList(findAllLabels));
            this.logger.trace("Fetched " + hashSet.size() + " unique aliases from HSM.");
            Enumeration<String> aliases = this.internalKeystore.aliases();
            while (aliases.hasMoreElements()) {
                hashSet.add(getDecodedAlias(aliases.nextElement()));
            }
            this.logger.trace("Merged aliases with local store. Total aliases: " + hashSet.size());
            return hashSet;
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    private String getEncodedAlias(String str) {
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        char[] cArr = new char[bytes.length * 2];
        for (int i = 0; i < bytes.length; i++) {
            int i2 = bytes[i] & 255;
            cArr[i * 2] = HEX_ARRAY[i2 >>> 4];
            cArr[(i * 2) + 1] = HEX_ARRAY[i2 & 15];
        }
        return new String(cArr);
    }

    private String getDecodedAlias(String str) {
        if (str == null || str.length() % 2 == 1) {
            throw new InternalException(InternalExceptionCause.INTERNAL_ERROR, ErrorMessages.KEYSTORE_INVALID_ENCODED_ALIAS.getMessage());
        }
        char[] charArray = str.toCharArray();
        int length = charArray.length;
        byte[] bArr = new byte[length / 2];
        for (int i = 0; i < length; i += 2) {
            int digit = Character.digit(charArray[i], 16);
            int digit2 = Character.digit(charArray[i + 1], 16);
            if (digit == -1 || digit2 == -1) {
                throw new RuntimeException("Error decoding alias from PKCS12 file");
            }
            bArr[i / 2] = (byte) ((digit << 4) + digit2);
        }
        return new String(bArr, StandardCharsets.UTF_8);
    }

    private CoreKey getCoreKeyUsingObjectFinder(Session session, String str) throws UnrecoverableKeyException {
        try {
            CloudHsmObjectFinder createFindObjectsBuilder = session.createFindObjectsBuilder();
            createFindObjectsBuilder.addAttribute(new CoreAttribute(KeyAttribute.LABEL, str));
            CoreKey[] find = createFindObjectsBuilder.find();
            if (find.length == 0) {
                return null;
            }
            if (find.length > 1) {
                throw new UnrecoverableKeyException(MessageFormat.format(ErrorMessages.KEYSTORE_GET_KEY_RETURNED_MORE_THAN_ONE_KEY.getMessage(), str));
            }
            return find[0];
        } catch (UnrecoverableKeyException e) {
            throw e;
        } catch (Exception e2) {
            throw ErrorHandling.asCloudhsmException(e2);
        }
    }

    private HashMap<KeyAttribute, Object> getCoreAttributeValues(Session session, CoreKey coreKey, HashMap<KeyAttribute, Object> hashMap) {
        try {
            HashMap<KeyAttribute, Object> hashMap2 = new HashMap<>();
            GetAttributesBuilder createGetAttributesBuilder = session.createGetAttributesBuilder(coreKey);
            for (Map.Entry<KeyAttribute, Object> entry : hashMap.entrySet()) {
                createGetAttributesBuilder.addAttribute(new CoreAttribute(entry.getKey(), entry.getValue()));
            }
            CoreAttribute[] fetch = createGetAttributesBuilder.fetch();
            if (fetch.length != hashMap.size()) {
                throw new InternalException(InternalExceptionCause.INTERNAL_ERROR, MessageFormat.format(ErrorMessages.GET_ATTRIBUTES_INCORRECT_LENGTH.getMessage(), Integer.valueOf(hashMap.size()), Integer.valueOf(fetch.length)));
            }
            for (int i = 0; i < fetch.length; i++) {
                hashMap2.put(fetch[i].getAttributeType(), fetch[i].getAttributeValue());
            }
            return hashMap2;
        } catch (Exception e) {
            throw new InternalException(InternalExceptionCause.INTERNAL_ERROR, e);
        }
    }

    private Key getCloudHsmKey(Session session, CoreKey coreKey, HashMap<KeyAttribute, Object> hashMap) {
        try {
            return KeyUtil.getCloudHsmKey(coreKey, (KeyType) hashMap.get(KeyAttribute.KEY_TYPE), (ObjectClassType) hashMap.get(KeyAttribute.OBJECT_CLASS), getProvider());
        } catch (NoSuchAlgorithmException e) {
            throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, e.getMessage());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v50, types: [com.amazonaws.cloudhsm.jce.provider.CloudHsmKey] */
    /* JADX WARN: Type inference failed for: r0v52, types: [com.amazonaws.cloudhsm.jce.provider.CloudHsmKey] */
    /* JADX WARN: Type inference failed for: r0v69, types: [com.amazonaws.cloudhsm.jce.provider.CloudHsmKey] */
    private synchronized CloudHsmKey importKeyOnHsm(Session session, String str, Key key) throws CloudHsmKeyStoreException, Exception {
        CloudHsmSecretKey importGenericSecretKey;
        if (key instanceof CloudHsmKey) {
            this.logger.debug("key is already a CloudHsmKey, not importing onto HSM");
            KeyUtil.validateKeyProvider((CloudHsmKey) key, getProvider());
            importGenericSecretKey = (CloudHsmKey) key;
            HashMap<KeyAttribute, Object> hashMap = new HashMap<>();
            hashMap.put(KeyAttribute.LABEL, "");
            String str2 = (String) getCoreAttributeValues(session, importGenericSecretKey.getCoreKey(), hashMap).get(KeyAttribute.LABEL);
            this.logger.trace("Retrieved keyLabel of the key on HSM");
            if (!str2.equals(str)) {
                throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_ALIAS, MessageFormat.format(ErrorMessages.KEYSTORE_ALIAS_NOT_MATCH_KEY_LABEL.getMessage(), str, str2));
            }
        } else {
            this.logger.debug("key is not a CloudHsmKey, importing onto HSM");
            if (engineContainsAlias(str)) {
                throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_ALIAS, MessageFormat.format(ErrorMessages.KEYSTORE_ALIAS_ALREADY_EXISTS.getMessage(), str));
            }
            this.logger.debug("Key algorithm is " + key.getAlgorithm());
            try {
                KeyAttributesMap keyAttributesMap = new KeyAttributesMap();
                keyAttributesMap.put(KeyAttribute.LABEL, str);
                if (key.getAlgorithm().equalsIgnoreCase(Algorithm.AES.toString())) {
                    keyAttributesMap.put(KeyAttribute.VALUE, key.getEncoded());
                    importGenericSecretKey = ImportKey.importAesKey(session, keyAttributesMap, getProvider());
                } else if (key.getAlgorithm().equalsIgnoreCase(Algorithm.DES_EDE.toString())) {
                    keyAttributesMap.put(KeyAttribute.VALUE, key.getEncoded());
                    importGenericSecretKey = ImportKey.importTripleDesKey(session, keyAttributesMap, getProvider());
                } else if (key.getAlgorithm().equalsIgnoreCase(Algorithm.GENERIC_SECRET.toString()) || key.getAlgorithm().equalsIgnoreCase(Algorithm.HMAC_SHA1.toString()) || key.getAlgorithm().equalsIgnoreCase(Algorithm.HMAC_SHA224.toString()) || key.getAlgorithm().equalsIgnoreCase(Algorithm.HMAC_SHA256.toString()) || key.getAlgorithm().equalsIgnoreCase(Algorithm.HMAC_SHA384.toString()) || key.getAlgorithm().equalsIgnoreCase(Algorithm.HMAC_SHA512.toString())) {
                    keyAttributesMap.put(KeyAttribute.VALUE, key.getEncoded());
                    importGenericSecretKey = ImportKey.importGenericSecretKey(session, keyAttributesMap, getProvider());
                } else if (key.getAlgorithm().equalsIgnoreCase(Algorithm.RSA.toString())) {
                    importGenericSecretKey = ImportKey.importRsaKey(session, key, keyAttributesMap, getProvider());
                } else {
                    if (!key.getAlgorithm().equalsIgnoreCase(Algorithm.EC.toString())) {
                        throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.UNSUPPORTED, MessageFormat.format(ErrorMessages.KEYSTORE_SET_ENTRY_UNSUPPORTED.getMessage(), key.getAlgorithm()));
                    }
                    importGenericSecretKey = ImportKey.importEcKey(session, key, keyAttributesMap, getProvider());
                }
            } catch (AddAttributeException e) {
                throw new InternalException(InternalExceptionCause.UNEXPECTED_ERROR, e);
            } catch (InvalidKeyException e2) {
                throw new CloudHsmKeyStoreException(CloudHsmKeyStoreExceptionCause.INVALID_KEY, MessageFormat.format(ErrorMessages.KEYSTORE_SET_ENTRY_UNSUPPORTED.getMessage(), key.getClass().getSimpleName()));
            }
        }
        return importGenericSecretKey;
    }

    private static boolean updateKeyAttributeValue(KeyAttributesMap keyAttributesMap, CloudHsmObjectFinder cloudHsmObjectFinder, KeyAttribute keyAttribute, Object obj) {
        Object obj2 = keyAttributesMap.get(keyAttribute);
        if (obj2 != null) {
            return obj2 == obj;
        }
        try {
            cloudHsmObjectFinder.addAttribute(new CoreAttribute(keyAttribute, obj));
            return true;
        } catch (Exception e) {
            throw ErrorHandling.asCloudhsmException(e);
        }
    }

    private static Stream<CoreKey> findAllKeysFor(CloudHsmProvider cloudHsmProvider, KeyType keyType, ObjectClassType objectClassType, KeyAttributesMap keyAttributesMap) {
        try {
            CloudHsmObjectFinder createFindObjectsBuilder = cloudHsmProvider.getSession().createFindObjectsBuilder();
            if (updateKeyAttributeValue(keyAttributesMap, createFindObjectsBuilder, KeyAttribute.KEY_TYPE, keyType) && updateKeyAttributeValue(keyAttributesMap, createFindObjectsBuilder, KeyAttribute.OBJECT_CLASS, objectClassType)) {
                for (Map.Entry<KeyAttribute, Object> entry : keyAttributesMap.entrySet()) {
                    try {
                        createFindObjectsBuilder.addAttribute(new CoreAttribute(entry.getKey(), entry.getValue()));
                    } catch (Exception e) {
                        throw ErrorHandling.asCloudhsmException(e);
                    }
                }
                try {
                    return Arrays.asList(createFindObjectsBuilder.find()).stream();
                } catch (Exception e2) {
                    throw ErrorHandling.asCloudhsmException(e2);
                }
            }
            return Stream.empty();
        } catch (Exception e3) {
            throw ErrorHandling.asCloudhsmException(e3);
        }
    }

    private static List<Key> findAll(CloudHsmProvider cloudHsmProvider, KeyAttributesMap keyAttributesMap) throws IllegalArgumentException {
        if (cloudHsmProvider == null) {
            throw new IllegalArgumentException("Provider supplied was null");
        }
        if (keyAttributesMap == null) {
            throw new IllegalArgumentException("Attributes supplied was null");
        }
        ArrayList arrayList = new ArrayList();
        List list = (List) findAllKeysFor(cloudHsmProvider, KeyType.GENERIC_SECRET, ObjectClassType.SECRET_KEY, keyAttributesMap).map(coreKey -> {
            return new GenericSecretKey(coreKey, cloudHsmProvider);
        }).collect(Collectors.toList());
        List list2 = (List) findAllKeysFor(cloudHsmProvider, KeyType.AES, ObjectClassType.SECRET_KEY, keyAttributesMap).map(coreKey2 -> {
            return new AesKey(coreKey2, cloudHsmProvider);
        }).collect(Collectors.toList());
        List list3 = (List) findAllKeysFor(cloudHsmProvider, KeyType.DESEDE, ObjectClassType.SECRET_KEY, keyAttributesMap).map(coreKey3 -> {
            return new TripleDesKey(coreKey3, cloudHsmProvider);
        }).collect(Collectors.toList());
        List list4 = (List) findAllKeysFor(cloudHsmProvider, KeyType.RSA, ObjectClassType.PUBLIC_KEY, keyAttributesMap).map(coreKey4 -> {
            return new CloudHsmRsaPublicKey(coreKey4, cloudHsmProvider);
        }).collect(Collectors.toList());
        List list5 = (List) findAllKeysFor(cloudHsmProvider, KeyType.RSA, ObjectClassType.PRIVATE_KEY, keyAttributesMap).map(coreKey5 -> {
            return new CloudHsmRsaPrivateCrtKey(coreKey5, cloudHsmProvider);
        }).collect(Collectors.toList());
        List list6 = (List) findAllKeysFor(cloudHsmProvider, KeyType.EC, ObjectClassType.PUBLIC_KEY, keyAttributesMap).map(coreKey6 -> {
            return new CloudHsmEcPublicKey(coreKey6, cloudHsmProvider);
        }).collect(Collectors.toList());
        List list7 = (List) findAllKeysFor(cloudHsmProvider, KeyType.EC, ObjectClassType.PRIVATE_KEY, keyAttributesMap).map(coreKey7 -> {
            return new CloudHsmEcPrivateKey(coreKey7, cloudHsmProvider);
        }).collect(Collectors.toList());
        arrayList.addAll(list);
        arrayList.addAll(list2);
        arrayList.addAll(list3);
        arrayList.addAll(list4);
        arrayList.addAll(list5);
        arrayList.addAll(list6);
        arrayList.addAll(list7);
        return arrayList;
    }
}
