package com.amazonaws.encryptionsdk;

import com.amazonaws.encryptionsdk.exception.BadCiphertextException;
import com.amazonaws.encryptionsdk.internal.CommittedKey;
import com.amazonaws.encryptionsdk.internal.Constants;
import com.amazonaws.encryptionsdk.internal.HmacKeyDerivationFunction;
import com.amazonaws.encryptionsdk.model.CiphertextHeaders;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import software.amazon.cryptography.materialproviders.MaterialProviders;
import software.amazon.cryptography.materialproviders.model.AlgorithmSuiteId;
import software.amazon.cryptography.materialproviders.model.AlgorithmSuiteInfo;
import software.amazon.cryptography.materialproviders.model.HKDF;
import software.amazon.cryptography.materialproviders.model.MaterialProvidersConfig;

/* loaded from: input_file:com/amazonaws/encryptionsdk/CryptoAlgorithm.class */
public enum CryptoAlgorithm {
    ALG_AES_128_GCM_IV12_TAG16_NO_KDF(20),
    ALG_AES_192_GCM_IV12_TAG16_NO_KDF(70),
    ALG_AES_256_GCM_IV12_TAG16_NO_KDF(120),
    ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256(276),
    ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256(326),
    ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256(376),
    ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256(532),
    ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384(838),
    ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384(888),
    ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY(1144),
    ALG_AES_256_GCM_HKDF_SHA512_COMMIT_KEY_ECDSA_P384(1400);

    private final AlgorithmSuiteInfo info;
    final MaterialProvidersConfig config = MaterialProvidersConfig.builder().build();
    final MaterialProviders materialProviders = MaterialProviders.builder().MaterialProvidersConfig(this.config).build();
    private final short value;
    private static final String KEY_ALGORITHM = "AES";
    private static final String HKDF_SHA256 = "HkdfSHA256";
    private static final String HKDF_SHA384 = "HkdfSHA384";
    private static final String HKDF_SHA512 = "HkdfSHA512";
    private static final String ECDSA_P256 = "SHA256withECDSA";
    private static final String ECDSA_P384 = "SHA384withECDSA";
    private static final int BLOCK_SIZE_BYTES = 16;
    private static final int VERSION_1_MESSAGE_ID_LEN = 16;
    private static final int VERSION_2_MESSAGE_ID_LEN = 32;
    private static final Map<Integer, CryptoAlgorithm> ID_MAPPING = new HashMap();

    CryptoAlgorithm(int i) {
        if (i > 32767 || i < -32768) {
            throw new IllegalArgumentException("Invalid value " + i);
        }
        this.value = (short) i;
        this.info = this.materialProviders.GetAlgorithmSuiteInfo(ByteBuffer.allocate(2).putShort((short) i));
    }

    private static int fieldsToLookupKey(byte b, short s) {
        return (b << 16) | s;
    }

    public static CryptoAlgorithm deserialize(byte b, short s) {
        return ID_MAPPING.get(Integer.valueOf(fieldsToLookupKey(b, s)));
    }

    public AlgorithmSuiteId getAlgorithmSuiteId() {
        return this.info.id();
    }

    public int getMessageIdLength() {
        switch (this.info.messageVersion().intValue()) {
            case 1:
                return 16;
            case 2:
                return VERSION_2_MESSAGE_ID_LEN;
            default:
                throw new UnsupportedOperationException("Support for version " + this.info.messageVersion() + " not yet built.");
        }
    }

    public byte[] getHeaderNonce() {
        switch (this.info.messageVersion().intValue()) {
            case 1:
                return null;
            case 2:
                return new byte[this.info.encrypt().AES_GCM().ivLength()];
            default:
                throw new UnsupportedOperationException("Support for version " + this.info.messageVersion() + " not yet built.");
        }
    }

    public byte getMessageFormatVersion() {
        return (byte) (this.info.messageVersion().intValue() & Constants.MAX_NONCE_LENGTH);
    }

    public int getBlockSize() {
        return 16;
    }

    public byte getNonceLen() {
        return (byte) this.info.encrypt().AES_GCM().ivLength();
    }

    public int getTagLen() {
        return this.info.encrypt().AES_GCM().tagLength();
    }

    public long getMaxContentLen() {
        return Constants.GCM_MAX_CONTENT_LEN;
    }

    public String getKeyAlgo() {
        return KEY_ALGORITHM;
    }

    public int getKeyLength() {
        return this.info.encrypt().AES_GCM().keyLength();
    }

    public short getValue() {
        return this.value;
    }

    public String getDataKeyAlgo() {
        if (this.info.kdf().HKDF() == null) {
            return KEY_ALGORITHM;
        }
        String name = this.info.kdf().HKDF().hmac().name();
        boolean z = -1;
        switch (name.hashCode()) {
            case -1522398176:
                if (name.equals("SHA_256")) {
                    z = false;
                    break;
                }
                break;
            case -1522397124:
                if (name.equals("SHA_384")) {
                    z = true;
                    break;
                }
                break;
            case -1522395421:
                if (name.equals("SHA_512")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case CiphertextHeaders.NO_MAX_ENCRYPTED_DATA_KEYS /* 0 */:
                return HKDF_SHA256;
            case true:
                return HKDF_SHA384;
            case true:
                return HKDF_SHA512;
            default:
                throw new UnsupportedOperationException("Support for Data Key Algorithm:" + name + " not yet built");
        }
    }

    public int getDataKeyLength() {
        return getKeyLength();
    }

    public String getTrailingSignatureAlgo() {
        if (this.info.signature().ECDSA() == null) {
            return null;
        }
        String name = this.info.signature().ECDSA().curve().name();
        boolean z = -1;
        switch (name.hashCode()) {
            case -663452370:
                if (name.equals("ECDSA_P256")) {
                    z = false;
                    break;
                }
                break;
            case -663451318:
                if (name.equals("ECDSA_P384")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case CiphertextHeaders.NO_MAX_ENCRYPTED_DATA_KEYS /* 0 */:
                return ECDSA_P256;
            case true:
                return ECDSA_P384;
            default:
                throw new UnsupportedOperationException("Support for Data Key Algorithm:" + name + " not yet built");
        }
    }

    public boolean isSafeToCache() {
        return this.info.kdf().HKDF() != null;
    }

    public short getTrailingSignatureLength() {
        if (this.info.signature().ECDSA() == null) {
            return (short) 0;
        }
        String name = this.info.signature().ECDSA().curve().name();
        boolean z = -1;
        switch (name.hashCode()) {
            case -663452370:
                if (name.equals("ECDSA_P256")) {
                    z = false;
                    break;
                }
                break;
            case -663451318:
                if (name.equals("ECDSA_P384")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case CiphertextHeaders.NO_MAX_ENCRYPTED_DATA_KEYS /* 0 */:
                return (short) 71;
            case true:
                return (short) 103;
            default:
                throw new UnsupportedOperationException("Support for Data Key Algorithm:" + name + " not yet built");
        }
    }

    public String getKeyCommitmentAlgo_() {
        HKDF HKDF = this.info.commitment().HKDF();
        if (HKDF == null) {
            return null;
        }
        String name = HKDF.hmac().name();
        boolean z = -1;
        switch (name.hashCode()) {
            case -1522395421:
                if (name.equals("SHA_512")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case CiphertextHeaders.NO_MAX_ENCRYPTED_DATA_KEYS /* 0 */:
                return HKDF_SHA512;
            default:
                throw new UnsupportedOperationException("Support for Commitment Key Algorithm:" + this.info.commitment().HKDF() + " not yet built");
        }
    }

    public boolean isCommitting() {
        return this.info.commitment().HKDF() != null;
    }

    public int getCommitmentLength() {
        if (this.info.commitment().HKDF() == null) {
            return 0;
        }
        return this.info.commitment().HKDF().inputKeyLength();
    }

    public int getCommitmentNonceLength() {
        if (this.info.commitment().HKDF() == null) {
            return 0;
        }
        return this.info.commitment().HKDF().saltLength();
    }

    public int getSuiteDataLength() {
        if (this.info.commitment().HKDF() == null) {
            return 0;
        }
        return this.info.commitment().HKDF().outputKeyLength();
    }

    public SecretKey getEncryptionKeyFromDataKey(SecretKey secretKey, CiphertextHeaders ciphertextHeaders) throws InvalidKeyException {
        if (!secretKey.getAlgorithm().equalsIgnoreCase(getDataKeyAlgo())) {
            throw new InvalidKeyException("DataKey of incorrect algorithm. Expected " + getDataKeyAlgo() + " but was " + secretKey.getAlgorithm());
        }
        switch (this.info.messageVersion().intValue()) {
            case 1:
                return getNonCommittedEncryptionKey(secretKey, ciphertextHeaders);
            case 2:
                return getCommittedEncryptionKey(secretKey, ciphertextHeaders);
            default:
                throw new UnsupportedOperationException("Support for message format version " + this.info.messageVersion() + " not yet built.");
        }
    }

    private SecretKey getCommittedEncryptionKey(SecretKey secretKey, CiphertextHeaders ciphertextHeaders) throws InvalidKeyException {
        CommittedKey generate = CommittedKey.generate(this, secretKey, ciphertextHeaders.getMessageId());
        if (MessageDigest.isEqual(generate.getCommitment(), ciphertextHeaders.getSuiteData())) {
            return generate.getKey();
        }
        throw new BadCiphertextException("Key commitment validation failed. Key identity does not match the identity asserted in the message. Halting processing of this message.");
    }

    private SecretKey getNonCommittedEncryptionKey(SecretKey secretKey, CiphertextHeaders ciphertextHeaders) throws InvalidKeyException {
        String str;
        switch (this) {
            case ALG_AES_128_GCM_IV12_TAG16_NO_KDF:
            case ALG_AES_192_GCM_IV12_TAG16_NO_KDF:
            case ALG_AES_256_GCM_IV12_TAG16_NO_KDF:
                return secretKey;
            case ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256:
            case ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA256:
            case ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA256:
            case ALG_AES_128_GCM_IV12_TAG16_HKDF_SHA256_ECDSA_P256:
                str = "HmacSHA256";
                break;
            case ALG_AES_192_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384:
            case ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384:
                str = "HmacSHA384";
                break;
            default:
                throw new UnsupportedOperationException("Support for " + this + " not yet built.");
        }
        if (!secretKey.getFormat().equalsIgnoreCase("RAW")) {
            throw new InvalidKeyException("Currently only RAW format keys are supported for HKDF algorithms. Actual format was " + secretKey.getFormat());
        }
        byte[] messageId = ciphertextHeaders.getMessageId();
        ByteBuffer allocate = ByteBuffer.allocate(messageId.length + 2);
        allocate.order(ByteOrder.BIG_ENDIAN);
        allocate.putShort(getValue());
        allocate.put(messageId);
        byte[] encoded = secretKey.getEncoded();
        if (encoded.length != getDataKeyLength()) {
            throw new InvalidKeyException("DataKey of incorrect length. Expected " + getDataKeyLength() + " but was " + encoded.length);
        }
        try {
            HmacKeyDerivationFunction hmacKeyDerivationFunction = HmacKeyDerivationFunction.getInstance(str);
            hmacKeyDerivationFunction.init(encoded);
            return new SecretKeySpec(hmacKeyDerivationFunction.deriveKey(allocate.array(), getKeyLength()), getKeyAlgo());
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    static {
        Iterator it = EnumSet.allOf(CryptoAlgorithm.class).iterator();
        while (it.hasNext()) {
            CryptoAlgorithm cryptoAlgorithm = (CryptoAlgorithm) it.next();
            ID_MAPPING.put(Integer.valueOf(fieldsToLookupKey(cryptoAlgorithm.getMessageFormatVersion(), cryptoAlgorithm.getValue())), cryptoAlgorithm);
        }
    }
}
