package com.azure.security.keyvault.keys.cryptography.implementation;

import com.azure.core.util.Context;
import com.azure.security.keyvault.keys.cryptography.models.DecryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignResult;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import com.azure.security.keyvault.keys.models.KeyOperation;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import reactor.core.publisher.Mono;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/azure/security/keyvault/keys/cryptography/implementation/AesKeyCryptographyClient.class */
public class AesKeyCryptographyClient extends LocalKeyCryptographyClient {
    private final byte[] aesKey;
    static final int AES_BLOCK_SIZE = 16;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AesKeyCryptographyClient(JsonWebKey jsonWebKey, CryptographyClientImpl cryptographyClientImpl) {
        super(jsonWebKey, cryptographyClientImpl);
        this.aesKey = jsonWebKey.toAes().getEncoded();
        if (this.aesKey == null || this.aesKey.length == 0) {
            throw new IllegalArgumentException("The provided JSON Web Key cannot be null or empty.");
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(encryptionAlgorithm, "Encryption algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Plaintext cannot be null.");
        try {
            return encryptInternalAsync(encryptionAlgorithm, bArr, null, null, context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public EncryptResult encrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(encryptionAlgorithm, "Encryption algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Plaintext cannot be null.");
        try {
            return encryptInternal(encryptionAlgorithm, bArr, null, null, context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<EncryptResult> encryptAsync(EncryptParameters encryptParameters, Context context) {
        Objects.requireNonNull(encryptParameters, "Encrypt parameters cannot be null.");
        try {
            return encryptInternalAsync(encryptParameters.getAlgorithm(), encryptParameters.getPlainText(), encryptParameters.getIv(), encryptParameters.getAdditionalAuthenticatedData(), context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public EncryptResult encrypt(EncryptParameters encryptParameters, Context context) {
        Objects.requireNonNull(encryptParameters, "Encrypt parameters cannot be null.");
        try {
            return encryptInternal(encryptParameters.getAlgorithm(), encryptParameters.getPlainText(), encryptParameters.getIv(), encryptParameters.getAdditionalAuthenticatedData(), context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Mono<EncryptResult> encryptInternalAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, Context context) throws NoSuchAlgorithmException {
        byte[] bArr4;
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (!(algorithm instanceof SymmetricEncryptionAlgorithm)) {
            if (this.implClient != null) {
                return this.implClient.encryptAsync(encryptionAlgorithm, bArr, context);
            }
            throw new NoSuchAlgorithmException(encryptionAlgorithm.toString());
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.ENCRYPT);
        validateEncryptionAlgorithm(encryptionAlgorithm);
        SymmetricEncryptionAlgorithm symmetricEncryptionAlgorithm = (SymmetricEncryptionAlgorithm) algorithm;
        if (bArr2 != null) {
            bArr4 = bArr2;
        } else {
            if (!isAes(encryptionAlgorithm)) {
                throw new IllegalArgumentException("Encryption algorithm provided is not supported: " + encryptionAlgorithm);
            }
            try {
                bArr4 = generateIv(AES_BLOCK_SIZE);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Could not generate iv for this local operation.", e);
            }
        }
        byte[] bArr5 = bArr4;
        return Mono.fromCallable(() -> {
            return new EncryptResult(symmetricEncryptionAlgorithm.createEncryptor(this.aesKey, bArr5, bArr3, null).doFinal(bArr), encryptionAlgorithm, this.jsonWebKey.getId(), bArr5, null, bArr3);
        });
    }

    private EncryptResult encryptInternal(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, Context context) throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (!(algorithm instanceof SymmetricEncryptionAlgorithm)) {
            if (this.implClient != null) {
                return this.implClient.encrypt(encryptionAlgorithm, bArr, context);
            }
            throw new NoSuchAlgorithmException(encryptionAlgorithm.toString());
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.ENCRYPT);
        validateEncryptionAlgorithm(encryptionAlgorithm);
        SymmetricEncryptionAlgorithm symmetricEncryptionAlgorithm = (SymmetricEncryptionAlgorithm) algorithm;
        if (bArr2 == null) {
            if (!isAes(encryptionAlgorithm)) {
                throw new IllegalArgumentException("Encryption algorithm provided is not supported: " + encryptionAlgorithm);
            }
            try {
                bArr2 = generateIv(AES_BLOCK_SIZE);
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("Could not generate iv for this local operation.", e);
            }
        }
        return new EncryptResult(symmetricEncryptionAlgorithm.createEncryptor(this.aesKey, bArr2, bArr3, null).doFinal(bArr), encryptionAlgorithm, this.jsonWebKey.getId(), bArr2, null, bArr3);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(encryptionAlgorithm, "Encryption algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Ciphertext cannot be null.");
        try {
            return decryptInternalAsync(encryptionAlgorithm, bArr, null, null, null, context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public DecryptResult decrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(encryptionAlgorithm, "Encryption algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Ciphertext cannot be null.");
        try {
            return decryptInternal(encryptionAlgorithm, bArr, null, null, null, context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<DecryptResult> decryptAsync(DecryptParameters decryptParameters, Context context) {
        Objects.requireNonNull(decryptParameters, "Decrypt parameters cannot be null.");
        try {
            return decryptInternalAsync(decryptParameters.getAlgorithm(), decryptParameters.getCipherText(), decryptParameters.getIv(), decryptParameters.getAdditionalAuthenticatedData(), decryptParameters.getAuthenticationTag(), context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public DecryptResult decrypt(DecryptParameters decryptParameters, Context context) {
        Objects.requireNonNull(decryptParameters, "Decrypt parameters cannot be null.");
        try {
            return decryptInternal(decryptParameters.getAlgorithm(), decryptParameters.getCipherText(), decryptParameters.getIv(), decryptParameters.getAdditionalAuthenticatedData(), decryptParameters.getAuthenticationTag(), context);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Mono<DecryptResult> decryptInternalAsync(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Context context) throws NoSuchAlgorithmException {
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (!(algorithm instanceof SymmetricEncryptionAlgorithm)) {
            if (this.implClient != null) {
                return this.implClient.decryptAsync(encryptionAlgorithm, bArr, context);
            }
            throw new NoSuchAlgorithmException(encryptionAlgorithm.toString());
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.DECRYPT);
        validateEncryptionAlgorithm(encryptionAlgorithm);
        SymmetricEncryptionAlgorithm symmetricEncryptionAlgorithm = (SymmetricEncryptionAlgorithm) algorithm;
        Objects.requireNonNull(bArr2, "'iv' cannot be null in local decryption operations.");
        return Mono.fromCallable(() -> {
            return new DecryptResult(symmetricEncryptionAlgorithm.createDecryptor(this.aesKey, bArr2, bArr3, bArr4).doFinal(bArr), encryptionAlgorithm, this.jsonWebKey.getId());
        });
    }

    private DecryptResult decryptInternal(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, Context context) throws BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(encryptionAlgorithm.toString());
        if (!(algorithm instanceof SymmetricEncryptionAlgorithm)) {
            if (this.implClient != null) {
                return this.implClient.decrypt(encryptionAlgorithm, bArr, context);
            }
            throw new NoSuchAlgorithmException(encryptionAlgorithm.toString());
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.DECRYPT);
        validateEncryptionAlgorithm(encryptionAlgorithm);
        Objects.requireNonNull(bArr2, "'iv' cannot be null in local decryption operations.");
        return new DecryptResult(((SymmetricEncryptionAlgorithm) algorithm).createDecryptor(this.aesKey, bArr2, bArr3, bArr4).doFinal(bArr), encryptionAlgorithm, this.jsonWebKey.getId());
    }

    private static void validateEncryptionAlgorithm(EncryptionAlgorithm encryptionAlgorithm) {
        if (isGcm(encryptionAlgorithm)) {
            throw new UnsupportedOperationException("AES-GCM is not supported for local cryptography operations.");
        }
        if (!isAes(encryptionAlgorithm)) {
            throw new IllegalArgumentException("Encryption algorithm provided is not supported: " + encryptionAlgorithm);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<SignResult> signAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The sign operation not supported for OCT/symmetric keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public SignResult sign(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        throw new UnsupportedOperationException("The sign operation not supported for OCT/symmetric keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        throw new UnsupportedOperationException("The verify operation is not supported for OCT/symmetric keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public VerifyResult verify(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        throw new UnsupportedOperationException("The verify operation is not supported for OCT/symmetric keys.");
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<WrapResult> wrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(keyWrapAlgorithm, "Key wrap algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Key content to be wrapped cannot be null.");
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (algorithm instanceof LocalKeyWrapAlgorithm) {
            CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.WRAP_KEY);
            LocalKeyWrapAlgorithm localKeyWrapAlgorithm = (LocalKeyWrapAlgorithm) algorithm;
            return Mono.fromCallable(() -> {
                return new WrapResult(localKeyWrapAlgorithm.createEncryptor(this.aesKey, null, null).doFinal(bArr), keyWrapAlgorithm, this.jsonWebKey.getId());
            });
        }
        if (this.implClient != null) {
            return this.implClient.wrapKeyAsync(keyWrapAlgorithm, bArr, context);
        }
        throw new RuntimeException(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public WrapResult wrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(keyWrapAlgorithm, "Key wrap algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Key content to be wrapped cannot be null.");
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (!(algorithm instanceof LocalKeyWrapAlgorithm)) {
            if (this.implClient != null) {
                return this.implClient.wrapKey(keyWrapAlgorithm, bArr, context);
            }
            throw new RuntimeException(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.WRAP_KEY);
        try {
            try {
                return new WrapResult(((LocalKeyWrapAlgorithm) algorithm).createEncryptor(this.aesKey, null, null).doFinal(bArr), keyWrapAlgorithm, this.jsonWebKey.getId());
            } catch (Exception e) {
                if (e instanceof RuntimeException) {
                    throw ((RuntimeException) e);
                }
                throw new RuntimeException(e);
            }
        } catch (GeneralSecurityException e2) {
            throw new RuntimeException(e2);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<UnwrapResult> unwrapKeyAsync(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(keyWrapAlgorithm, "Key wrap algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Encrypted key content to be unwrapped cannot be null.");
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (algorithm instanceof LocalKeyWrapAlgorithm) {
            CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.UNWRAP_KEY);
            LocalKeyWrapAlgorithm localKeyWrapAlgorithm = (LocalKeyWrapAlgorithm) algorithm;
            return Mono.fromCallable(() -> {
                return new UnwrapResult(localKeyWrapAlgorithm.createDecryptor(this.aesKey, null, null).doFinal(bArr), keyWrapAlgorithm, this.jsonWebKey.getId());
            });
        }
        if (this.implClient != null) {
            return this.implClient.unwrapKeyAsync(keyWrapAlgorithm, bArr, context);
        }
        throw new RuntimeException(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public UnwrapResult unwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(keyWrapAlgorithm, "Key wrap algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Encrypted key content to be unwrapped cannot be null.");
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.UNWRAP_KEY);
        Algorithm algorithm = AlgorithmResolver.DEFAULT.get(keyWrapAlgorithm.toString());
        if (!(algorithm instanceof LocalKeyWrapAlgorithm)) {
            if (this.implClient != null) {
                return this.implClient.unwrapKey(keyWrapAlgorithm, bArr, context);
            }
            throw new RuntimeException(new NoSuchAlgorithmException(keyWrapAlgorithm.toString()));
        }
        CryptographyUtils.verifyKeyPermissions(this.jsonWebKey, KeyOperation.UNWRAP_KEY);
        try {
            return new UnwrapResult(((LocalKeyWrapAlgorithm) algorithm).createDecryptor(this.aesKey, null, null).doFinal(bArr), keyWrapAlgorithm, this.jsonWebKey.getId());
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<SignResult> signDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        return signAsync(signatureAlgorithm, bArr, context);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public SignResult signData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        return sign(signatureAlgorithm, bArr, context);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public Mono<VerifyResult> verifyDataAsync(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        return verifyAsync(signatureAlgorithm, bArr, bArr2, context);
    }

    @Override // com.azure.security.keyvault.keys.cryptography.implementation.LocalKeyCryptographyClient
    public VerifyResult verifyData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        return verify(signatureAlgorithm, bArr, bArr2, context);
    }

    private static byte[] generateIv(int i) throws NoSuchAlgorithmException {
        byte[] bArr = new byte[i];
        SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
        return bArr;
    }

    private static boolean isAes(EncryptionAlgorithm encryptionAlgorithm) {
        return encryptionAlgorithm == EncryptionAlgorithm.A128CBC || encryptionAlgorithm == EncryptionAlgorithm.A192CBC || encryptionAlgorithm == EncryptionAlgorithm.A256CBC || encryptionAlgorithm == EncryptionAlgorithm.A128CBCPAD || encryptionAlgorithm == EncryptionAlgorithm.A192CBCPAD || encryptionAlgorithm == EncryptionAlgorithm.A256CBCPAD;
    }

    private static boolean isGcm(EncryptionAlgorithm encryptionAlgorithm) {
        return encryptionAlgorithm == EncryptionAlgorithm.A128GCM || encryptionAlgorithm == EncryptionAlgorithm.A192GCM || encryptionAlgorithm == EncryptionAlgorithm.A256GCM;
    }
}
