package com.microsoft.azure.keyvault.cryptography;

import com.google.common.collect.ImmutableMap;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.ListenableFuture;
import com.microsoft.azure.keyvault.core.IKey;
import com.microsoft.azure.keyvault.cryptography.algorithms.Ecdsa;
import com.microsoft.azure.keyvault.cryptography.algorithms.Es256;
import com.microsoft.azure.keyvault.cryptography.algorithms.Es256k;
import com.microsoft.azure.keyvault.cryptography.algorithms.Es384;
import com.microsoft.azure.keyvault.cryptography.algorithms.Es512;
import com.microsoft.azure.keyvault.webkey.JsonWebKey;
import com.microsoft.azure.keyvault.webkey.JsonWebKeyCurveName;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;

/* loaded from: input_file:WEB-INF/lib/azure-keyvault-cryptography-1.2.0.jar:com/microsoft/azure/keyvault/cryptography/EcKey.class */
public class EcKey implements IKey {
    private final String _kid;
    private final KeyPair _keyPair;
    private final Provider _provider;
    private final JsonWebKeyCurveName _curve;
    protected final String _signatureAlgorithm;
    protected String defaultEncryptionAlgorithm;
    public static final Map<JsonWebKeyCurveName, String> CURVE_TO_SIGNATURE = ImmutableMap.builder().put(JsonWebKeyCurveName.P_256, Es256.ALGORITHM_NAME).put(JsonWebKeyCurveName.P_384, Es384.ALGORITHM_NAME).put(JsonWebKeyCurveName.P_521, Es512.ALGORITHM_NAME).put(JsonWebKeyCurveName.P_256K, Es256k.ALGORITHM_NAME).build();
    public static final String P256 = "secp256r1";
    public static final String P384 = "secp384r1";
    public static final String P521 = "secp521r1";
    public static final String P256K = "secp256k1";
    public static final Map<JsonWebKeyCurveName, String> CURVE_TO_SPEC_NAME = ImmutableMap.builder().put(JsonWebKeyCurveName.P_256, P256).put(JsonWebKeyCurveName.P_384, P384).put(JsonWebKeyCurveName.P_521, P521).put(JsonWebKeyCurveName.P_256K, P256K).build();

    public static JsonWebKeyCurveName getDefaultCurve() {
        return JsonWebKeyCurveName.P_256;
    }

    public EcKey() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        this(UUID.randomUUID().toString());
    }

    public EcKey(String str) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        this(str, getDefaultCurve(), Security.getProvider("SunEC"));
    }

    public EcKey(String str, JsonWebKeyCurveName jsonWebKeyCurveName) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        this(str, jsonWebKeyCurveName, Security.getProvider("SunEC"));
    }

    public EcKey(String str, JsonWebKeyCurveName jsonWebKeyCurveName, Provider provider) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
        this._kid = str;
        this._provider = provider;
        this._curve = jsonWebKeyCurveName;
        this._signatureAlgorithm = CURVE_TO_SIGNATURE.get(jsonWebKeyCurveName);
        if (this._signatureAlgorithm == null) {
            throw new NoSuchAlgorithmException("Curve not supported.");
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", provider);
        keyPairGenerator.initialize(new ECGenParameterSpec(CURVE_TO_SPEC_NAME.get(jsonWebKeyCurveName)));
        this._keyPair = keyPairGenerator.generateKeyPair();
    }

    public EcKey(String str, KeyPair keyPair) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        this(str, keyPair, Security.getProvider("SunEC"));
    }

    public EcKey(String str, KeyPair keyPair, Provider provider) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        if (Strings.isNullOrWhiteSpace(str)) {
            throw new IllegalArgumentException("Please provide a kid");
        }
        if (keyPair == null) {
            throw new IllegalArgumentException("Please provide an ECKey");
        }
        if (keyPair.getPublic() == null || !(keyPair.getPublic() instanceof ECPublicKey)) {
            throw new IllegalArgumentException("The keyPair provided is not an ECKey");
        }
        this._kid = str;
        this._keyPair = keyPair;
        this._provider = provider;
        this._curve = getCurveFromKeyPair(keyPair);
        this._signatureAlgorithm = CURVE_TO_SIGNATURE.get(this._curve);
        if (this._signatureAlgorithm == null) {
            throw new IllegalArgumentException("Curve not supported.");
        }
    }

    public static EcKey fromJsonWebKey(JsonWebKey jsonWebKey) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeySpecException, NoSuchProviderException {
        return fromJsonWebKey(jsonWebKey, false, null);
    }

    public static EcKey fromJsonWebKey(JsonWebKey jsonWebKey, boolean z) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeySpecException, NoSuchProviderException {
        return fromJsonWebKey(jsonWebKey, z, null);
    }

    public static EcKey fromJsonWebKey(JsonWebKey jsonWebKey, boolean z, Provider provider) {
        try {
            if (jsonWebKey.kid() != null) {
                return new EcKey(jsonWebKey.kid(), jsonWebKey.toEC(z, provider));
            }
            throw new IllegalArgumentException("Json Web Key should have a kid");
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }

    public JsonWebKey toJsonWebKey() {
        return JsonWebKey.fromEC(this._keyPair, this._provider);
    }

    private JsonWebKeyCurveName getCurveFromKeyPair(KeyPair keyPair) {
        try {
            EllipticCurve curve = ((ECPublicKey) keyPair.getPublic()).getParams().getCurve();
            for (JsonWebKeyCurveName jsonWebKeyCurveName : Arrays.asList(JsonWebKeyCurveName.P_256, JsonWebKeyCurveName.P_384, JsonWebKeyCurveName.P_521, JsonWebKeyCurveName.P_256K)) {
                ECGenParameterSpec eCGenParameterSpec = new ECGenParameterSpec(CURVE_TO_SPEC_NAME.get(jsonWebKeyCurveName));
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", this._provider);
                keyPairGenerator.initialize(eCGenParameterSpec);
                if (((ECPublicKey) keyPairGenerator.generateKeyPair().getPublic()).getParams().getCurve().equals(curve)) {
                    return jsonWebKeyCurveName;
                }
            }
            throw new IllegalArgumentException("Curve not supported.");
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException(e);
        }
    }

    public JsonWebKeyCurveName getCurve() {
        return this._curve;
    }

    public KeyPair getKeyPair() {
        return this._keyPair;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public String getDefaultEncryptionAlgorithm() {
        return null;
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public String getDefaultKeyWrapAlgorithm() {
        return null;
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public String getDefaultSignatureAlgorithm() {
        return this._signatureAlgorithm;
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public String getKid() {
        return this._kid;
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public ListenableFuture<byte[]> decryptAsync(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, String str) throws NoSuchAlgorithmException {
        throw new UnsupportedOperationException("Decrypt Async is not supported");
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public ListenableFuture<Triple<byte[], byte[], String>> encryptAsync(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) throws NoSuchAlgorithmException {
        throw new UnsupportedOperationException("Encrypt Async is not supported");
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public ListenableFuture<Pair<byte[], String>> wrapKeyAsync(byte[] bArr, String str) throws NoSuchAlgorithmException {
        throw new UnsupportedOperationException("Wrap key is not supported");
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public ListenableFuture<byte[]> unwrapKeyAsync(byte[] bArr, String str) throws NoSuchAlgorithmException {
        throw new UnsupportedOperationException("Unwrap key is not supported");
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public ListenableFuture<Pair<byte[], String>> signAsync(byte[] bArr, String str) throws NoSuchAlgorithmException {
        if (this._keyPair.getPrivate() == null) {
            throw new UnsupportedOperationException("Sign is not supported without a private key.");
        }
        if (bArr == null) {
            throw new IllegalArgumentException("Please provide a digest to sign.");
        }
        if (Strings.isNullOrWhiteSpace(str)) {
            throw new IllegalArgumentException("Please provide a signature algorithm to use.");
        }
        Algorithm algorithm = AlgorithmResolver.Default.get(str);
        if (algorithm == null || !(algorithm instanceof AsymmetricSignatureAlgorithm)) {
            throw new NoSuchAlgorithmException(str);
        }
        try {
            return Futures.immediateFuture(Pair.of(((Ecdsa) algorithm).createSignatureTransform(this._keyPair, this._provider).sign(bArr), str));
        } catch (Exception e) {
            return Futures.immediateFailedFuture(e);
        }
    }

    @Override // com.microsoft.azure.keyvault.core.IKey
    public ListenableFuture<Boolean> verifyAsync(byte[] bArr, byte[] bArr2, String str) throws NoSuchAlgorithmException {
        if (bArr == null) {
            throw new IllegalArgumentException("Please provide a digest input.");
        }
        if (Strings.isNullOrWhiteSpace(str)) {
            throw new IllegalArgumentException("Please provide an algorithm");
        }
        Algorithm algorithm = AlgorithmResolver.Default.get(str);
        if (algorithm == null || !(algorithm instanceof AsymmetricSignatureAlgorithm)) {
            throw new NoSuchAlgorithmException(str);
        }
        try {
            return Futures.immediateFuture(Boolean.valueOf(((Ecdsa) algorithm).createSignatureTransform(this._keyPair, this._provider).verify(bArr, bArr2)));
        } catch (Exception e) {
            return Futures.immediateFailedFuture(e);
        }
    }
}
