package software.amazon.encryption.s3.materials;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.spec.MGF1ParameterSpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import javax.crypto.spec.SecretKeySpec;
import software.amazon.encryption.s3.S3EncryptionClientException;
import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
import software.amazon.encryption.s3.internal.CryptoFactory;
import software.amazon.encryption.s3.materials.S3Keyring;

/* loaded from: input_file:software/amazon/encryption/s3/materials/RsaKeyring.class */
public class RsaKeyring extends S3Keyring {
    private final PartialRsaKeyPair _partialRsaKeyPair;
    private final DecryptDataKeyStrategy _rsaStrategy;
    private final DecryptDataKeyStrategy _rsaEcbStrategy;
    private final DataKeyStrategy _rsaOaepStrategy;
    private final Map<String, DecryptDataKeyStrategy> decryptDataKeyStrategies;

    /* loaded from: input_file:software/amazon/encryption/s3/materials/RsaKeyring$Builder.class */
    public static class Builder extends S3Keyring.Builder<S3Keyring, Builder> {
        private PartialRsaKeyPair _partialRsaKeyPair;

        private Builder() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // software.amazon.encryption.s3.materials.S3Keyring.Builder
        public Builder builder() {
            return this;
        }

        public Builder wrappingKeyPair(PartialRsaKeyPair partialRsaKeyPair) {
            this._partialRsaKeyPair = partialRsaKeyPair;
            return builder();
        }

        @Override // software.amazon.encryption.s3.materials.S3Keyring.Builder
        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public S3Keyring build2() {
            return new RsaKeyring(this);
        }
    }

    private RsaKeyring(Builder builder) {
        super(builder);
        this._rsaStrategy = new DecryptDataKeyStrategy() { // from class: software.amazon.encryption.s3.materials.RsaKeyring.1
            private static final String KEY_PROVIDER_INFO = "RSA";
            private static final String CIPHER_ALGORITHM = "RSA";

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public boolean isLegacy() {
                return true;
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public String keyProviderInfo() {
                return "RSA";
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public byte[] decryptDataKey(DecryptionMaterials decryptionMaterials, byte[] bArr) throws GeneralSecurityException {
                Cipher createCipher = CryptoFactory.createCipher("RSA", decryptionMaterials.cryptoProvider());
                createCipher.init(2, RsaKeyring.this._partialRsaKeyPair.getPrivateKey());
                return createCipher.doFinal(bArr);
            }
        };
        this._rsaEcbStrategy = new DecryptDataKeyStrategy() { // from class: software.amazon.encryption.s3.materials.RsaKeyring.2
            private static final String KEY_PROVIDER_INFO = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
            private static final String CIPHER_ALGORITHM = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public boolean isLegacy() {
                return true;
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public String keyProviderInfo() {
                return "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public byte[] decryptDataKey(DecryptionMaterials decryptionMaterials, byte[] bArr) throws GeneralSecurityException {
                Cipher createCipher = CryptoFactory.createCipher("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", decryptionMaterials.cryptoProvider());
                createCipher.init(4, RsaKeyring.this._partialRsaKeyPair.getPrivateKey());
                return createCipher.unwrap(bArr, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", 3).getEncoded();
            }
        };
        this._rsaOaepStrategy = new DataKeyStrategy() { // from class: software.amazon.encryption.s3.materials.RsaKeyring.3
            private static final String KEY_PROVIDER_INFO = "RSA-OAEP-SHA1";
            private static final String CIPHER_ALGORITHM = "RSA/ECB/OAEPPadding";
            private static final String DIGEST_NAME = "SHA-1";
            private static final String MGF_NAME = "MGF1";
            private final MGF1ParameterSpec MGF_PARAMETER_SPEC = new MGF1ParameterSpec(DIGEST_NAME);
            private final OAEPParameterSpec OAEP_PARAMETER_SPEC = new OAEPParameterSpec(DIGEST_NAME, MGF_NAME, this.MGF_PARAMETER_SPEC, PSource.PSpecified.DEFAULT);

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public boolean isLegacy() {
                return false;
            }

            @Override // software.amazon.encryption.s3.materials.GenerateDataKeyStrategy, software.amazon.encryption.s3.materials.EncryptDataKeyStrategy, software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public String keyProviderInfo() {
                return KEY_PROVIDER_INFO;
            }

            @Override // software.amazon.encryption.s3.materials.GenerateDataKeyStrategy
            public EncryptionMaterials generateDataKey(EncryptionMaterials encryptionMaterials) {
                return RsaKeyring.this.defaultGenerateDataKey(encryptionMaterials);
            }

            @Override // software.amazon.encryption.s3.materials.EncryptDataKeyStrategy
            public EncryptionMaterials modifyMaterials(EncryptionMaterials encryptionMaterials) {
                RsaKeyring.this.warnIfEncryptionContextIsPresent(encryptionMaterials);
                return encryptionMaterials;
            }

            @Override // software.amazon.encryption.s3.materials.EncryptDataKeyStrategy
            public byte[] encryptDataKey(SecureRandom secureRandom, EncryptionMaterials encryptionMaterials) throws GeneralSecurityException {
                Cipher createCipher = CryptoFactory.createCipher(CIPHER_ALGORITHM, encryptionMaterials.cryptoProvider());
                createCipher.init(3, RsaKeyring.this._partialRsaKeyPair.getPublicKey(), this.OAEP_PARAMETER_SPEC, secureRandom);
                byte[] plaintextDataKey = encryptionMaterials.plaintextDataKey();
                byte[] bytes = AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8);
                byte[] bArr = new byte[1 + plaintextDataKey.length + bytes.length];
                bArr[0] = (byte) plaintextDataKey.length;
                System.arraycopy(plaintextDataKey, 0, bArr, 1, plaintextDataKey.length);
                System.arraycopy(bytes, 0, bArr, 1 + plaintextDataKey.length, bytes.length);
                return createCipher.wrap(new SecretKeySpec(bArr, encryptionMaterials.algorithmSuite().dataKeyAlgorithm()));
            }

            @Override // software.amazon.encryption.s3.materials.DecryptDataKeyStrategy
            public byte[] decryptDataKey(DecryptionMaterials decryptionMaterials, byte[] bArr) throws GeneralSecurityException {
                Cipher createCipher = CryptoFactory.createCipher(CIPHER_ALGORITHM, decryptionMaterials.cryptoProvider());
                createCipher.init(4, RsaKeyring.this._partialRsaKeyPair.getPrivateKey(), this.OAEP_PARAMETER_SPEC);
                return parsePseudoDataKey(decryptionMaterials, createCipher.unwrap(bArr, decryptionMaterials.algorithmSuite().dataKeyAlgorithm(), 3).getEncoded());
            }

            private byte[] parsePseudoDataKey(DecryptionMaterials decryptionMaterials, byte[] bArr) {
                int i = bArr[0];
                if (i != 16 && i != 24 && i != 32) {
                    throw new S3EncryptionClientException("Invalid key length (" + i + ") in encrypted data key");
                }
                int length = AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8).length;
                if (length <= 0) {
                    throw new S3EncryptionClientException("Invalid data cipher name length (" + length + ") in encrypted data key");
                }
                byte[] bArr2 = new byte[i];
                byte[] bArr3 = new byte[length];
                System.arraycopy(bArr, 1, bArr2, 0, i);
                System.arraycopy(bArr, 1 + i, bArr3, 0, length);
                if (Arrays.equals(AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName().getBytes(StandardCharsets.UTF_8), bArr3)) {
                    return bArr2;
                }
                throw new S3EncryptionClientException("The data cipher does not match the data cipher used for encryption. The object may be altered or corrupted");
            }
        };
        this.decryptDataKeyStrategies = new HashMap();
        this._partialRsaKeyPair = builder._partialRsaKeyPair;
        this.decryptDataKeyStrategies.put(this._rsaStrategy.keyProviderInfo(), this._rsaStrategy);
        this.decryptDataKeyStrategies.put(this._rsaEcbStrategy.keyProviderInfo(), this._rsaEcbStrategy);
        this.decryptDataKeyStrategies.put(this._rsaOaepStrategy.keyProviderInfo(), this._rsaOaepStrategy);
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // software.amazon.encryption.s3.materials.S3Keyring
    protected GenerateDataKeyStrategy generateDataKeyStrategy() {
        return this._rsaOaepStrategy;
    }

    @Override // software.amazon.encryption.s3.materials.S3Keyring
    protected EncryptDataKeyStrategy encryptDataKeyStrategy() {
        return this._rsaOaepStrategy;
    }

    @Override // software.amazon.encryption.s3.materials.S3Keyring
    protected Map<String, DecryptDataKeyStrategy> decryptDataKeyStrategies() {
        return this.decryptDataKeyStrategies;
    }
}
