package io.kroxylicious.kms.service;

import edu.umd.cs.findbugs.annotations.NonNull;
import java.util.Arrays;
import java.util.Locale;
import java.util.Objects;
import javax.annotation.concurrent.NotThreadSafe;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NotThreadSafe
/* loaded from: input_file:io/kroxylicious/kms/service/DestroyableRawSecretKey.class */
public final class DestroyableRawSecretKey implements SecretKey {
    private static final Logger LOGGER = LoggerFactory.getLogger(DestroyableRawSecretKey.class);
    private final String algorithm;
    private boolean destroyed = false;
    private final byte[] key;

    private DestroyableRawSecretKey(byte[] bArr, String str) {
        this.algorithm = ((String) Objects.requireNonNull(str)).toLowerCase(Locale.ROOT);
        this.key = (byte[]) Objects.requireNonNull(bArr);
    }

    @NonNull
    public static DestroyableRawSecretKey takeOwnershipOf(@NonNull byte[] bArr, @NonNull String str) {
        return new DestroyableRawSecretKey(bArr, str);
    }

    @NonNull
    public static DestroyableRawSecretKey takeCopyOf(@NonNull byte[] bArr, @NonNull String str) {
        return new DestroyableRawSecretKey((byte[]) ((byte[]) Objects.requireNonNull(bArr)).clone(), str);
    }

    @NonNull
    public static DestroyableRawSecretKey toDestroyableKey(@NonNull SecretKey secretKey) {
        checkNotDestroyed((SecretKey) Objects.requireNonNull(secretKey));
        if (secretKey instanceof DestroyableRawSecretKey) {
            return (DestroyableRawSecretKey) secretKey;
        }
        if (!"RAW".equalsIgnoreCase(secretKey.getFormat())) {
            throw new IllegalArgumentException("RAW-format key required");
        }
        DestroyableRawSecretKey takeOwnershipOf = takeOwnershipOf(secretKey.getEncoded(), secretKey.getAlgorithm());
        try {
            secretKey.destroy();
        } catch (DestroyFailedException e) {
            LOGGER.warn("Failed to destroy key of {}: {}", secretKey.getClass(), e);
        }
        return takeOwnershipOf;
    }

    @Override // java.security.Key
    @NonNull
    public String getAlgorithm() {
        return this.algorithm;
    }

    @Override // java.security.Key
    @NonNull
    public String getFormat() {
        return "RAW";
    }

    @Override // java.security.Key
    @NonNull
    public byte[] getEncoded() {
        checkNotDestroyed(this);
        return (byte[]) this.key.clone();
    }

    static void checkNotDestroyed(SecretKey secretKey) {
        if (secretKey.isDestroyed()) {
            throw new IllegalStateException("Key has been destroyed");
        }
    }

    @Override // javax.security.auth.Destroyable
    public void destroy() {
        Arrays.fill(this.key, (byte) 0);
        this.destroyed = true;
    }

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }
}
