package com.azure.security.keyvault.keys.cryptography;

import com.azure.core.util.Context;
import com.azure.core.util.FluxUtil;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.keys.cryptography.models.DecryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignResult;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/azure/security/keyvault/keys/cryptography/RsaKeyCryptographyClient.class */
public class RsaKeyCryptographyClient extends LocalKeyCryptographyClient {
    private static final ClientLogger LOGGER = new ClientLogger(RsaKeyCryptographyClient.class);
    private KeyPair keyPair;

    RsaKeyCryptographyClient(CryptographyServiceClient cryptographyServiceClient) {
        super(cryptographyServiceClient);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RsaKeyCryptographyClient(JsonWebKey jsonWebKey, CryptographyServiceClient cryptographyServiceClient) {
        super(cryptographyServiceClient);
        this.keyPair = jsonWebKey.toRsa(jsonWebKey.hasPrivateKey());
    }

    private KeyPair getKeyPair(JsonWebKey jsonWebKey) {
        if (this.keyPair == null) {
            this.keyPair = jsonWebKey.toRsa(jsonWebKey.hasPrivateKey());
        }
        return this.keyPair;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        Objects.requireNonNull(encryptionAlgorithm, "'algorithm' cannot be null.");
        Objects.requireNonNull(bArr, "'plaintext' cannot be null.");
        return encryptInternal(encryptionAlgorithm, bArr, context, jsonWebKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptParameters encryptParameters, Context context, JsonWebKey jsonWebKey) {
        Objects.requireNonNull(encryptParameters, "'encryptParameters' cannot be null.");
        Objects.requireNonNull(encryptParameters.getAlgorithm(), "encryptParameters.getAlgorithm() cannot be null.");
        Objects.requireNonNull(encryptParameters.getPlainText(), "encryptParameters.getPlainText() cannot be null.");
        return encryptInternal(encryptParameters.getAlgorithm(), encryptParameters.getPlainText(), context, jsonWebKey);
    }

    private Mono<EncryptResult> encryptInternal(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        this.keyPair = getKeyPair(jsonWebKey);
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (algorithm == null) {
            return serviceCryptoAvailable() ? this.serviceClient.encrypt(encryptionAlgorithm, bArr, context) : Mono.error(new NoSuchAlgorithmException(encryptionAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricEncryptionAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(encryptionAlgorithm.toString()));
        }
        if (this.keyPair.getPublic() == null) {
            return serviceCryptoAvailable() ? this.serviceClient.encrypt(encryptionAlgorithm, bArr, context) : Mono.error(new IllegalArgumentException("Public portion of the key not available to perform encrypt operation"));
        }
        try {
            return Mono.just(new EncryptResult(((AsymmetricEncryptionAlgorithm) algorithm).createEncryptor(this.keyPair).doFinal(bArr), encryptionAlgorithm, jsonWebKey.getId()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            return Mono.error(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        Objects.requireNonNull(encryptionAlgorithm, "'algorithm' cannot be null.");
        Objects.requireNonNull(bArr, "'ciphertext' cannot be null.");
        return decryptInternal(encryptionAlgorithm, bArr, context, jsonWebKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(DecryptParameters decryptParameters, Context context, JsonWebKey jsonWebKey) {
        Objects.requireNonNull(decryptParameters, "'decryptOptions' cannot be null.");
        Objects.requireNonNull(decryptParameters.getAlgorithm(), "decryptParameters.getAlgorithm() cannot be null.");
        Objects.requireNonNull(decryptParameters.getCipherText(), "decryptParameters.getCipherText() cannot be null.");
        return decryptInternal(decryptParameters.getAlgorithm(), decryptParameters.getCipherText(), context, jsonWebKey);
    }

    Mono<DecryptResult> decryptInternal(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        this.keyPair = getKeyPair(jsonWebKey);
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (algorithm == null) {
            return serviceCryptoAvailable() ? this.serviceClient.decrypt(encryptionAlgorithm, bArr, context) : Mono.error(new NoSuchAlgorithmException(encryptionAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricEncryptionAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(encryptionAlgorithm.toString()));
        }
        if (this.keyPair.getPrivate() == null) {
            return serviceCryptoAvailable() ? this.serviceClient.decrypt(encryptionAlgorithm, bArr, context) : Mono.error(new IllegalArgumentException("Private portion of the key not available to perform decrypt operation"));
        }
        try {
            return Mono.just(new DecryptResult(((AsymmetricEncryptionAlgorithm) algorithm).createDecryptor(this.keyPair).doFinal(bArr), encryptionAlgorithm, jsonWebKey.getId()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            return Mono.error(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<SignResult> signAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        return serviceCryptoAvailable() ? this.serviceClient.sign(signatureAlgorithm, bArr, context) : FluxUtil.monoError(LOGGER, new UnsupportedOperationException("Sign operation on Local RSA key is not supported currently."));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context, JsonWebKey jsonWebKey) {
        return serviceCryptoAvailable() ? this.serviceClient.verify(signatureAlgorithm, bArr, bArr2, context) : FluxUtil.monoError(LOGGER, new UnsupportedOperationException("Verify operation on Local RSA key is not supported currently."));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        this.keyPair = getKeyPair(jsonWebKey);
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (algorithm == null) {
            return serviceCryptoAvailable() ? this.serviceClient.wrapKey(keyWrapAlgorithm, bArr, context) : Mono.error(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricEncryptionAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        if (this.keyPair.getPublic() == null) {
            return serviceCryptoAvailable() ? this.serviceClient.wrapKey(keyWrapAlgorithm, bArr, context) : Mono.error(new IllegalArgumentException("Public portion of the key not available to perform wrap key operation"));
        }
        try {
            return Mono.just(new WrapResult(((AsymmetricEncryptionAlgorithm) algorithm).createEncryptor(this.keyPair).doFinal(bArr), keyWrapAlgorithm, jsonWebKey.getId()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            return Mono.error(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        this.keyPair = getKeyPair(jsonWebKey);
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (algorithm == null) {
            return serviceCryptoAvailable() ? this.serviceClient.unwrapKey(keyWrapAlgorithm, bArr, context) : Mono.error(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        if (!(algorithm instanceof AsymmetricEncryptionAlgorithm)) {
            return Mono.error(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        if (this.keyPair.getPrivate() == null) {
            return serviceCryptoAvailable() ? this.serviceClient.unwrapKey(keyWrapAlgorithm, bArr, context) : Mono.error(new IllegalArgumentException("Private portion of the key not available to perform unwrap operation"));
        }
        try {
            return Mono.just(new UnwrapResult(((AsymmetricEncryptionAlgorithm) algorithm).createDecryptor(this.keyPair).doFinal(bArr), keyWrapAlgorithm, jsonWebKey.getId()));
        } catch (InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            return Mono.error(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<SignResult> signDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context, JsonWebKey jsonWebKey) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SignatureHashResolver.DEFAULT.get(signatureAlgorithm).toString());
            messageDigest.update(bArr);
            return signAsync(signatureAlgorithm, messageDigest.digest(), context, jsonWebKey);
        } catch (NoSuchAlgorithmException e) {
            return Mono.error(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // com.azure.security.keyvault.keys.cryptography.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context, JsonWebKey jsonWebKey) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SignatureHashResolver.DEFAULT.get(signatureAlgorithm).toString());
            messageDigest.update(bArr);
            return verifyAsync(signatureAlgorithm, messageDigest.digest(), bArr2, context, jsonWebKey);
        } catch (NoSuchAlgorithmException e) {
            return Mono.error(e);
        }
    }

    private boolean serviceCryptoAvailable() {
        return this.serviceClient != null;
    }
}
