package com.amazonaws.cloudhsm.jce.provider;

import com.amazonaws.cloudhsm.jce.jni.AesCmacKdfKeyDerivationBuilder;
import com.amazonaws.cloudhsm.jce.jni.Session;
import com.amazonaws.cloudhsm.jce.jni.exception.AddAttributeException;
import com.amazonaws.cloudhsm.jce.provider.attributes.CoreAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttribute;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributePermissiveProfile;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyAttributesMap;
import com.amazonaws.cloudhsm.jce.provider.attributes.KeyType;
import com.amazonaws.cloudhsm.jce.provider.attributes.ObjectClassType;
import java.security.InvalidAlgorithmParameterException;
import java.text.MessageFormat;
import java.util.Iterator;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/amazonaws/cloudhsm/jce/provider/AesCmacKdf.class */
final class AesCmacKdf {
    AesCmacKdf() {
    }

    private static void validateKeyAndAlgorithmParameters(AesCmacKdfParameterSpec aesCmacKdfParameterSpec, KeyType keyType) throws InvalidAlgorithmParameterException {
        if (aesCmacKdfParameterSpec == null || aesCmacKdfParameterSpec.getAesCmacFixedInputData() == null) {
            throw new InvalidAlgorithmParameterException(ErrorMessages.INVALID_KDF_INPUT_DATA_PARAMETER_SPEC.getMessage());
        }
        if (aesCmacKdfParameterSpec.getKeyAttributesMap().get(KeyAttribute.SIZE) == null || keyType == null) {
            throw new InvalidAlgorithmParameterException(ErrorMessages.INVALID_KEY_ATTRIBUTES_PARAMETER_SPEC.getMessage());
        }
        SecretKey baseAesKey = aesCmacKdfParameterSpec.getBaseAesKey();
        if (baseAesKey == null) {
            throw new InvalidAlgorithmParameterException(ErrorMessages.KEY_REQUIRED_FOR_THIS_OPERATION.getMessage());
        }
        if (!(baseAesKey instanceof AesKey)) {
            throw new InvalidAlgorithmParameterException(MessageFormat.format(ErrorMessages.KEY_IS_NOT_OF_EXPECTED_TYPE.getMessage(), baseAesKey.getClass().getName(), AesKey.class.getName()));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static SecretKey generateSecret(Session session, CloudHsmProvider cloudHsmProvider, AesCmacKdfParameterSpec aesCmacKdfParameterSpec, KeyType keyType) throws InvalidAlgorithmParameterException {
        validateKeyAndAlgorithmParameters(aesCmacKdfParameterSpec, keyType);
        KeyAttributesMap keyAttributesMap = aesCmacKdfParameterSpec.getKeyAttributesMap();
        KeyAttributesMap keyAttributesMap2 = new KeyAttributesMap(KeyAttributePermissiveProfile.KEY_CREATION);
        try {
            keyAttributesMap2.putAll(keyAttributesMap);
            try {
                AesCmacKdfKeyDerivationBuilder initAesCmacKdfDerivedKeyBuilder = session.initAesCmacKdfDerivedKeyBuilder(keyType);
                Iterator<CoreAttribute> it = AttributesUtils.convertKeyAttributesMapToCoreAttributes(keyAttributesMap2).iterator();
                while (it.hasNext()) {
                    initAesCmacKdfDerivedKeyBuilder.addAttribute(it.next());
                }
                return (SecretKey) KeyUtil.getCloudHsmKey(initAesCmacKdfDerivedKeyBuilder.aesCmacKdfDeriveKey(((AesKey) aesCmacKdfParameterSpec.getBaseAesKey()).getCoreKey(), aesCmacKdfParameterSpec.getAesCmacFixedInputData().getCounterWidthInBits(), aesCmacKdfParameterSpec.getAesCmacFixedInputData().getEncodedInputData(), aesCmacKdfParameterSpec.getAesCmacFixedInputData().getCounterOffset()), keyType, ObjectClassType.SECRET_KEY, cloudHsmProvider);
            } catch (Exception e) {
                throw ErrorHandling.asCloudhsmException(e);
            }
        } catch (AddAttributeException e2) {
            throw new InvalidAlgorithmParameterException(ErrorMessages.UNABLE_TO_ADD_ATTRIBUTE_TO_MAP.getMessage());
        }
    }
}
