package com.amazon.corretto.crypto.provider;

import java.io.IOException;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactorySpi;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;

/* loaded from: input_file:com/amazon/corretto/crypto/provider/EvpKeyFactory.class */
abstract class EvpKeyFactory extends KeyFactorySpi {
    private final EvpKeyType type;
    private final AmazonCorrettoCryptoProvider provider;

    /* loaded from: input_file:com/amazon/corretto/crypto/provider/EvpKeyFactory$EC.class */
    static class EC extends EvpKeyFactory {
        EC(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider) {
            super(EvpKeyType.EC, amazonCorrettoCryptoProvider);
        }

        @Override // com.amazon.corretto.crypto.provider.EvpKeyFactory, java.security.KeyFactorySpi
        protected PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
            if (!(keySpec instanceof ECPrivateKeySpec)) {
                return super.engineGeneratePrivate(keySpec);
            }
            ECPrivateKeySpec eCPrivateKeySpec = (ECPrivateKeySpec) keySpec;
            return new EvpEcPrivateKey(EvpKeyFactory.ec2Evp(eCPrivateKeySpec.getS().toByteArray(), null, null, paramsToDer(eCPrivateKeySpec.getParams()), shouldCheckPrivateKey()));
        }

        @Override // com.amazon.corretto.crypto.provider.EvpKeyFactory, java.security.KeyFactorySpi
        protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
            if (!(keySpec instanceof ECPublicKeySpec)) {
                return super.engineGeneratePublic(keySpec);
            }
            ECPublicKeySpec eCPublicKeySpec = (ECPublicKeySpec) keySpec;
            return new EvpEcPublicKey(EvpKeyFactory.ec2Evp(null, eCPublicKeySpec.getW().getAffineX().toByteArray(), eCPublicKeySpec.getW().getAffineY().toByteArray(), paramsToDer(eCPublicKeySpec.getParams()), false));
        }

        @Override // com.amazon.corretto.crypto.provider.EvpKeyFactory, java.security.KeyFactorySpi
        protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> cls) throws InvalidKeySpecException {
            if (ECPublicKeySpec.class.isAssignableFrom(cls) && (key instanceof ECPublicKey)) {
                ECPublicKey eCPublicKey = (ECPublicKey) key;
                return cls.cast(new ECPublicKeySpec(eCPublicKey.getW(), eCPublicKey.getParams()));
            }
            if (!ECPrivateKeySpec.class.isAssignableFrom(cls) || !(key instanceof ECPrivateKey)) {
                return (T) super.engineGetKeySpec(key, cls);
            }
            ECPrivateKey eCPrivateKey = (ECPrivateKey) key;
            return cls.cast(new ECPrivateKeySpec(eCPrivateKey.getS(), eCPrivateKey.getParams()));
        }
    }

    /* loaded from: input_file:com/amazon/corretto/crypto/provider/EvpKeyFactory$RSA.class */
    static class RSA extends EvpKeyFactory {
        RSA(AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider) {
            super(EvpKeyType.RSA, amazonCorrettoCryptoProvider);
        }

        @Override // com.amazon.corretto.crypto.provider.EvpKeyFactory, java.security.KeyFactorySpi
        protected PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
            if (keySpec instanceof RSAPrivateCrtKeySpec) {
                RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = (RSAPrivateCrtKeySpec) keySpec;
                return new EvpRsaPrivateCrtKey(EvpKeyFactory.rsa2Evp(rSAPrivateCrtKeySpec.getModulus().toByteArray(), rSAPrivateCrtKeySpec.getPublicExponent().toByteArray(), rSAPrivateCrtKeySpec.getPrivateExponent().toByteArray(), rSAPrivateCrtKeySpec.getCrtCoefficient().toByteArray(), rSAPrivateCrtKeySpec.getPrimeExponentP().toByteArray(), rSAPrivateCrtKeySpec.getPrimeExponentQ().toByteArray(), rSAPrivateCrtKeySpec.getPrimeP().toByteArray(), rSAPrivateCrtKeySpec.getPrimeQ().toByteArray(), shouldCheckPrivateKey()));
            }
            if (!(keySpec instanceof RSAPrivateKeySpec)) {
                return super.engineGeneratePrivate(keySpec);
            }
            RSAPrivateKeySpec rSAPrivateKeySpec = (RSAPrivateKeySpec) keySpec;
            return new EvpRsaPrivateKey(EvpKeyFactory.rsa2Evp(rSAPrivateKeySpec.getModulus().toByteArray(), null, rSAPrivateKeySpec.getPrivateExponent().toByteArray(), null, null, null, null, null, shouldCheckPrivateKey()));
        }

        @Override // com.amazon.corretto.crypto.provider.EvpKeyFactory, java.security.KeyFactorySpi
        protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
            if (!(keySpec instanceof RSAPublicKeySpec)) {
                return super.engineGeneratePublic(keySpec);
            }
            RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) keySpec;
            return new EvpRsaPublicKey(EvpKeyFactory.rsa2Evp(rSAPublicKeySpec.getModulus().toByteArray(), rSAPublicKeySpec.getPublicExponent().toByteArray(), null, null, null, null, null, null, false));
        }

        @Override // com.amazon.corretto.crypto.provider.EvpKeyFactory, java.security.KeyFactorySpi
        protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> cls) throws InvalidKeySpecException {
            if (cls.isAssignableFrom(RSAPrivateCrtKeySpec.class) && (key instanceof RSAPrivateCrtKey)) {
                RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) key;
                return cls.cast(new RSAPrivateCrtKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent(), rSAPrivateCrtKey.getPrivateExponent(), rSAPrivateCrtKey.getPrimeP(), rSAPrivateCrtKey.getPrimeQ(), rSAPrivateCrtKey.getPrimeExponentP(), rSAPrivateCrtKey.getPrimeExponentQ(), rSAPrivateCrtKey.getCrtCoefficient()));
            }
            if (cls.isAssignableFrom(RSAPrivateKeySpec.class) && (key instanceof RSAPrivateKey)) {
                RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) key;
                return cls.cast(new RSAPrivateKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPrivateExponent()));
            }
            if (!cls.isAssignableFrom(RSAPublicKeySpec.class) || !(key instanceof RSAPublicKey)) {
                return (T) super.engineGetKeySpec(key, cls);
            }
            RSAPublicKey rSAPublicKey = (RSAPublicKey) key;
            return cls.cast(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
        }
    }

    private static native long pkcs82Evp(byte[] bArr, int i, boolean z) throws InvalidKeySpecException;

    private static native long x5092Evp(byte[] bArr, int i) throws InvalidKeySpecException;

    /* JADX INFO: Access modifiers changed from: private */
    public static native long rsa2Evp(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6, byte[] bArr7, byte[] bArr8, boolean z);

    /* JADX INFO: Access modifiers changed from: private */
    public static native long ec2Evp(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, boolean z) throws InvalidKeySpecException;

    protected EvpKeyFactory(EvpKeyType evpKeyType, AmazonCorrettoCryptoProvider amazonCorrettoCryptoProvider) {
        Loader.checkNativeLibraryAvailability();
        this.type = evpKeyType;
        this.provider = amazonCorrettoCryptoProvider;
        if (this.type == null) {
            throw new NullPointerException("Null type?!");
        }
    }

    protected boolean shouldCheckPrivateKey() {
        return this.provider.hasExtraCheck(ExtraCheck.PRIVATE_KEY_CONSISTENCY);
    }

    protected long maybeCheckPkcs82Evp(byte[] bArr, int i) throws InvalidKeySpecException {
        return pkcs82Evp(bArr, i, shouldCheckPrivateKey());
    }

    @Override // java.security.KeyFactorySpi
    protected PrivateKey engineGeneratePrivate(KeySpec keySpec) throws InvalidKeySpecException {
        if (!(keySpec instanceof PKCS8EncodedKeySpec)) {
            throw new InvalidKeySpecException("Unsupported KeySpec");
        }
        return this.type.buildPrivateKey((v1, v2) -> {
            return maybeCheckPkcs82Evp(v1, v2);
        }, (PKCS8EncodedKeySpec) keySpec);
    }

    @Override // java.security.KeyFactorySpi
    protected PublicKey engineGeneratePublic(KeySpec keySpec) throws InvalidKeySpecException {
        if (!(keySpec instanceof X509EncodedKeySpec)) {
            throw new InvalidKeySpecException("Unsupported KeySpec " + keySpec.getClass());
        }
        return this.type.buildPublicKey((v0, v1) -> {
            return x5092Evp(v0, v1);
        }, (X509EncodedKeySpec) keySpec);
    }

    @Override // java.security.KeyFactorySpi
    protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> cls) throws InvalidKeySpecException {
        if (cls.isAssignableFrom(PKCS8EncodedKeySpec.class) && key.getFormat().equalsIgnoreCase("PKCS#8")) {
            return cls.cast(new PKCS8EncodedKeySpec(requireNonNullEncoding(key)));
        }
        if (cls.isAssignableFrom(X509EncodedKeySpec.class) && key.getFormat().equalsIgnoreCase("X.509")) {
            return cls.cast(new X509EncodedKeySpec(requireNonNullEncoding(key)));
        }
        throw new InvalidKeySpecException("Unsupported KeySpec for key format");
    }

    @Override // java.security.KeyFactorySpi
    protected Key engineTranslateKey(Key key) throws InvalidKeyException {
        EvpKey evpKey;
        if (!keyNeedsConversion(key)) {
            return key;
        }
        try {
            if (key.getFormat().equalsIgnoreCase("PKCS#8")) {
                evpKey = (EvpKey) engineGeneratePrivate(new PKCS8EncodedKeySpec(requireNonNullEncoding(key)));
            } else {
                if (!key.getFormat().equalsIgnoreCase("X.509")) {
                    throw new InvalidKeyException("Cannot convert key of format " + key.getFormat());
                }
                evpKey = (EvpKey) engineGeneratePublic(new X509EncodedKeySpec(requireNonNullEncoding(key)));
            }
            evpKey.setEphemeral(true);
            return evpKey;
        } catch (InvalidKeySpecException e) {
            throw new InvalidKeyException(e);
        }
    }

    protected boolean keyNeedsConversion(Key key) throws InvalidKeyException {
        if (this.type.jceName.equalsIgnoreCase(key.getAlgorithm())) {
            return !(key instanceof EvpKey);
        }
        throw new InvalidKeyException("Incorrect key algorithm: " + key.getAlgorithm());
    }

    protected static byte[] requireNonNullEncoding(Key key) throws InvalidKeySpecException {
        byte[] encoded = key.getEncoded();
        if (encoded == null) {
            throw new InvalidKeySpecException("Cannot convert key with NULL encoding");
        }
        return encoded;
    }

    protected byte[] paramsToDer(AlgorithmParameterSpec algorithmParameterSpec) {
        try {
            AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(this.type.jceName);
            algorithmParameters.init(algorithmParameterSpec);
            return algorithmParameters.getEncoded();
        } catch (IOException | GeneralSecurityException e) {
            throw new AssertionError(e);
        }
    }
}
