package com.azure.security.keyvault.keys.cryptography;

import com.azure.core.annotation.ReturnType;
import com.azure.core.annotation.ServiceClient;
import com.azure.core.annotation.ServiceMethod;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.rest.Response;
import com.azure.core.http.rest.RestProxy;
import com.azure.core.util.Context;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.FluxUtil;
import com.azure.core.util.logging.ClientLogger;
import com.azure.security.keyvault.keys.cryptography.implementation.CryptographyService;
import com.azure.security.keyvault.keys.cryptography.models.DecryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptParameters;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.SignResult;
import com.azure.security.keyvault.keys.cryptography.models.SignatureAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.UnwrapResult;
import com.azure.security.keyvault.keys.cryptography.models.VerifyResult;
import com.azure.security.keyvault.keys.cryptography.models.WrapResult;
import com.azure.security.keyvault.keys.models.JsonWebKey;
import com.azure.security.keyvault.keys.models.KeyOperation;
import com.azure.security.keyvault.keys.models.KeyType;
import com.azure.security.keyvault.keys.models.KeyVaultKey;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import java.util.Objects;
import reactor.core.publisher.Mono;

@ServiceClient(builder = CryptographyClientBuilder.class, isAsync = true, serviceInterfaces = {CryptographyService.class})
/* loaded from: input_file:BOOT-INF/lib/azure-security-keyvault-keys-4.5.3.jar:com/azure/security/keyvault/keys/cryptography/CryptographyAsyncClient.class */
public class CryptographyAsyncClient {
    static final String KEYVAULT_TRACING_NAMESPACE_VALUE = "Microsoft.KeyVault";
    static final String SECRETS_COLLECTION = "secrets";
    JsonWebKey key;
    private final ClientLogger logger = new ClientLogger((Class<?>) CryptographyAsyncClient.class);
    private final CryptographyService service;
    private final HttpPipeline pipeline;
    private final String keyId;
    private CryptographyServiceClient cryptographyServiceClient;
    private LocalKeyCryptographyClient localKeyCryptographyClient;
    private String keyCollection;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptographyAsyncClient(String str, HttpPipeline httpPipeline, CryptographyServiceVersion cryptographyServiceVersion) {
        unpackAndValidateId(str);
        this.keyId = str;
        this.pipeline = httpPipeline;
        this.service = (CryptographyService) RestProxy.create(CryptographyService.class, httpPipeline);
        this.cryptographyServiceClient = new CryptographyServiceClient(str, this.service, cryptographyServiceVersion);
        this.key = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptographyAsyncClient(JsonWebKey jsonWebKey) {
        Objects.requireNonNull(jsonWebKey, "The JSON Web Key is required.");
        if (!jsonWebKey.isValid()) {
            throw new IllegalArgumentException("The JSON Web Key is not valid.");
        }
        if (jsonWebKey.getKeyOps() == null) {
            throw new IllegalArgumentException("The JSON Web Key's key operations property is not configured.");
        }
        if (jsonWebKey.getKeyType() == null) {
            throw new IllegalArgumentException("The JSON Web Key's key type property is not configured.");
        }
        this.key = jsonWebKey;
        this.keyId = jsonWebKey.getId();
        this.pipeline = null;
        this.service = null;
        this.cryptographyServiceClient = null;
        initializeCryptoClients();
    }

    private void initializeCryptoClients() {
        if (this.localKeyCryptographyClient != null) {
            return;
        }
        if (this.key.getKeyType().equals(KeyType.RSA) || this.key.getKeyType().equals(KeyType.RSA_HSM)) {
            this.localKeyCryptographyClient = new RsaKeyCryptographyClient(this.key, this.cryptographyServiceClient);
            return;
        }
        if (this.key.getKeyType().equals(KeyType.EC) || this.key.getKeyType().equals(KeyType.EC_HSM)) {
            this.localKeyCryptographyClient = new EcKeyCryptographyClient(this.key, this.cryptographyServiceClient);
        } else {
            if (!this.key.getKeyType().equals(KeyType.OCT) && !this.key.getKeyType().equals(KeyType.OCT_HSM)) {
                throw this.logger.logExceptionAsError(new IllegalArgumentException(String.format("The JSON Web Key type: %s is not supported.", this.key.getKeyType().toString())));
            }
            this.localKeyCryptographyClient = new AesKeyCryptographyClient(this.key, this.cryptographyServiceClient);
        }
    }

    HttpPipeline getHttpPipeline() {
        return this.pipeline;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<String> getKeyId() {
        return Mono.defer(() -> {
            return Mono.just(this.keyId);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<KeyVaultKey> getKey() {
        try {
            return getKeyWithResponse().flatMap(FluxUtil::toMono);
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<Response<KeyVaultKey>> getKeyWithResponse() {
        try {
            return FluxUtil.withContext(this::getKeyWithResponse);
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<Response<KeyVaultKey>> getKeyWithResponse(Context context) {
        if (this.cryptographyServiceClient != null) {
            return this.cryptographyServiceClient.getKey(context);
        }
        throw this.logger.logExceptionAsError(new UnsupportedOperationException("Operation not supported when in operating local-only mode"));
    }

    Mono<JsonWebKey> getSecretKey() {
        try {
            return FluxUtil.withContext(context -> {
                return this.cryptographyServiceClient.getSecretKey(context);
            }).flatMap(FluxUtil::toMono);
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<EncryptResult> encrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) {
        Objects.requireNonNull(encryptionAlgorithm, "'algorithm' cannot be null.");
        Objects.requireNonNull(bArr, "'plaintext' cannot be null.");
        return encrypt(encryptionAlgorithm, bArr, null);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<EncryptResult> encrypt(EncryptParameters encryptParameters) {
        Objects.requireNonNull(encryptParameters, "'encryptParameters' cannot be null.");
        try {
            return FluxUtil.withContext(context -> {
                return encrypt(encryptParameters, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<EncryptResult> encrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.encrypt(encryptionAlgorithm, bArr, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.ENCRYPT) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Encrypt operation is missing permission/not supported for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.encryptAsync(encryptionAlgorithm, bArr, context, this.key);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<EncryptResult> encrypt(EncryptParameters encryptParameters, Context context) {
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.encrypt(encryptParameters, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.ENCRYPT) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Encrypt operation is missing permission/not supported for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.encryptAsync(encryptParameters, context, this.key);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<DecryptResult> decrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr) {
        Objects.requireNonNull(encryptionAlgorithm, "'algorithm' cannot be null.");
        Objects.requireNonNull(encryptionAlgorithm, "'ciphertext' cannot be null.");
        return decrypt(encryptionAlgorithm, bArr, null);
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<DecryptResult> decrypt(DecryptParameters decryptParameters) {
        Objects.requireNonNull(decryptParameters, "'decryptParameters' cannot be null.");
        try {
            return FluxUtil.withContext(context -> {
                return decrypt(decryptParameters, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<DecryptResult> decrypt(EncryptionAlgorithm encryptionAlgorithm, byte[] bArr, Context context) {
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.decrypt(encryptionAlgorithm, bArr, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.DECRYPT) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Decrypt operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.decryptAsync(encryptionAlgorithm, bArr, context, this.key);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<DecryptResult> decrypt(DecryptParameters decryptParameters, Context context) {
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.decrypt(decryptParameters, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.DECRYPT) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Decrypt operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.decryptAsync(decryptParameters, context, this.key);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<SignResult> sign(SignatureAlgorithm signatureAlgorithm, byte[] bArr) {
        try {
            return FluxUtil.withContext(context -> {
                return sign(signatureAlgorithm, bArr, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<SignResult> sign(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Digest content to be signed cannot be null.");
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.sign(signatureAlgorithm, bArr, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.SIGN) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Sign operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.signAsync(signatureAlgorithm, bArr, context, this.key);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<VerifyResult> verify(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2) {
        try {
            return FluxUtil.withContext(context -> {
                return verify(signatureAlgorithm, bArr, bArr2, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<VerifyResult> verify(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Digest content cannot be null.");
        Objects.requireNonNull(bArr2, "Signature to be verified cannot be null.");
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.verify(signatureAlgorithm, bArr, bArr2, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.VERIFY) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Verify operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.verifyAsync(signatureAlgorithm, bArr, bArr2, context, this.key);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<WrapResult> wrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr) {
        try {
            return FluxUtil.withContext(context -> {
                return wrapKey(keyWrapAlgorithm, bArr, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<WrapResult> wrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(keyWrapAlgorithm, "Key wrap algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Key content to be wrapped cannot be null.");
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.wrapKey(keyWrapAlgorithm, bArr, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.WRAP_KEY) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Wrap Key operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.wrapKeyAsync(keyWrapAlgorithm, bArr, context, this.key);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr) {
        try {
            return FluxUtil.withContext(context -> {
                return unwrapKey(keyWrapAlgorithm, bArr, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<UnwrapResult> unwrapKey(KeyWrapAlgorithm keyWrapAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(keyWrapAlgorithm, "Key wrap algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Encrypted key content to be unwrapped cannot be null.");
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.unwrapKey(keyWrapAlgorithm, bArr, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.UNWRAP_KEY) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Unwrap Key operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.unwrapKeyAsync(keyWrapAlgorithm, bArr, context, this.key);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<SignResult> signData(SignatureAlgorithm signatureAlgorithm, byte[] bArr) {
        try {
            return FluxUtil.withContext(context -> {
                return signData(signatureAlgorithm, bArr, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<SignResult> signData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Data to be signed cannot be null.");
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.signData(signatureAlgorithm, bArr, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.SIGN) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Sign Operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.signDataAsync(signatureAlgorithm, bArr, context, this.key);
        });
    }

    @ServiceMethod(returns = ReturnType.SINGLE)
    public Mono<VerifyResult> verifyData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2) {
        try {
            return FluxUtil.withContext(context -> {
                return verifyData(signatureAlgorithm, bArr, bArr2, context);
            });
        } catch (RuntimeException e) {
            return FluxUtil.monoError(this.logger, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<VerifyResult> verifyData(SignatureAlgorithm signatureAlgorithm, byte[] bArr, byte[] bArr2, Context context) {
        Objects.requireNonNull(signatureAlgorithm, "Signature algorithm cannot be null.");
        Objects.requireNonNull(bArr, "Data cannot be null.");
        Objects.requireNonNull(bArr2, "Signature to be verified cannot be null.");
        return ensureValidKeyAvailable().flatMap(bool -> {
            return !bool.booleanValue() ? this.cryptographyServiceClient.verifyData(signatureAlgorithm, bArr, bArr2, context) : !checkKeyPermissions(this.key.getKeyOps(), KeyOperation.VERIFY) ? Mono.error(this.logger.logExceptionAsError(new UnsupportedOperationException(String.format("Verify operation is not allowed for key with id: %s", this.key.getId())))) : this.localKeyCryptographyClient.verifyDataAsync(signatureAlgorithm, bArr, bArr2, context, this.key);
        });
    }

    private void unpackAndValidateId(String str) {
        if (CoreUtils.isNullOrEmpty(str)) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("'keyId' cannot be null or empty."));
        }
        try {
            URL url = new URL(str);
            String[] split = url.getPath().split("/");
            String str2 = url.getProtocol() + "://" + url.getHost();
            if (url.getPort() != -1) {
                str2 = str2 + ":" + url.getPort();
            }
            String str3 = split.length >= 3 ? split[2] : null;
            this.keyCollection = split.length >= 2 ? split[1] : null;
            if (Strings.isNullOrEmpty(str2)) {
                throw this.logger.logExceptionAsError(new IllegalArgumentException("Key endpoint in key identifier is invalid."));
            }
            if (Strings.isNullOrEmpty(str3)) {
                throw this.logger.logExceptionAsError(new IllegalArgumentException("Key name in key identifier is invalid."));
            }
        } catch (MalformedURLException e) {
            throw this.logger.logExceptionAsError(new IllegalArgumentException("The key identifier is malformed.", e));
        }
    }

    private boolean checkKeyPermissions(List<KeyOperation> list, KeyOperation keyOperation) {
        return list.contains(keyOperation);
    }

    private Mono<Boolean> ensureValidKeyAvailable() {
        return ((this.key == null && this.keyCollection != null) || (this.key != null && !this.key.isValid())) ? this.keyCollection.equals("secrets") ? getSecretKey().map(jsonWebKey -> {
            this.key = jsonWebKey;
            if (!this.key.isValid()) {
                return false;
            }
            initializeCryptoClients();
            return true;
        }) : getKey().map(keyVaultKey -> {
            this.key = keyVaultKey.getKey();
            if (!this.key.isValid()) {
                return false;
            }
            initializeCryptoClients();
            return true;
        }) : Mono.defer(() -> {
            return Mono.just(true);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CryptographyServiceClient getCryptographyServiceClient() {
        return this.cryptographyServiceClient;
    }

    void setCryptographyServiceClient(CryptographyServiceClient cryptographyServiceClient) {
        this.cryptographyServiceClient = cryptographyServiceClient;
    }
}
