package com.fortanix.sdkms.jce.provider.agreement;

import com.fortanix.sdkms.jce.provider.constants.ECKeySizeSpec;
import com.fortanix.sdkms.jce.provider.keys.SdkmsKey;
import com.fortanix.sdkms.jce.provider.service.SDKMSLogger;
import com.fortanix.sdkms.jce.provider.service.SdkmsKeyService;
import com.fortanix.sdkms.v1.model.AgreeKeyMechanism;
import com.fortanix.sdkms.v1.model.AgreeKeyRequest;
import com.fortanix.sdkms.v1.model.KeyObject;
import com.fortanix.sdkms.v1.model.ObjectType;
import com.fortanix.sdkms.v1.model.SobjectDescriptor;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.util.UUID;
import javax.crypto.KeyAgreementSpi;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/agreement/ECDHKeyAgreement.class */
public class ECDHKeyAgreement extends KeyAgreementSpi {
    private String privateKeyId;
    private String publicKeyId;
    private String sharedKeyId;
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(ECDHKeyAgreement.class));

    @Override // javax.crypto.KeyAgreementSpi
    protected Key engineDoPhase(Key key, boolean z) throws InvalidKeyException, IllegalStateException {
        LOGGER.debug("ECDHKeyAgreement: perform key agreement");
        if (this.privateKeyId == null) {
            throw new IllegalStateException("Not initialized");
        }
        if (this.publicKeyId != null) {
            throw new IllegalStateException("Phase already executed");
        }
        if (!z) {
            throw new IllegalStateException("Only two party agreement supported, lastPhase must be true");
        }
        if (!(key instanceof ECPublicKey)) {
            throw new InvalidKeyException("Key must be a PublicKey with algorithm EC");
        }
        KeyObject keyObject = SdkmsKeyService.toKeyObject(key);
        this.publicKeyId = keyObject.getKid();
        String uuid = UUID.randomUUID().toString();
        AgreeKeyRequest agreeKeyRequest = new AgreeKeyRequest();
        agreeKeyRequest.setPrivateKey(new SobjectDescriptor().kid(this.privateKeyId));
        agreeKeyRequest.setPublicKey(new SobjectDescriptor().kid(this.publicKeyId));
        agreeKeyRequest.mechanism(AgreeKeyMechanism.HELLMAN).keyType(ObjectType.SECRET).enabled(true).keySize(Integer.valueOf(ECKeySizeSpec.getByKey(keyObject.getEllipticCurve().toString()).getValue())).name(uuid);
        this.sharedKeyId = SdkmsKeyService.agreeKey(agreeKeyRequest).getKid();
        return null;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected byte[] engineGenerateSecret() throws IllegalStateException {
        LOGGER.debug("ECDHKeyAgreement: generate shared secret");
        if (this.privateKeyId == null || this.publicKeyId == null) {
            throw new IllegalStateException("Not initialized correctly");
        }
        byte[] keyValue = SdkmsKeyService.getKeyValue(this.sharedKeyId);
        if (keyValue == null) {
            LOGGER.logAndRaiseProviderException("Failed to fetch secret value of the shared key: " + this.sharedKeyId, null);
        }
        return keyValue;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected SecretKey engineGenerateSecret(String str) throws IllegalStateException, NoSuchAlgorithmException, InvalidKeyException {
        LOGGER.debug("ECDHKeyAgreement: generate shared secret");
        if (str == null) {
            throw new NoSuchAlgorithmException("Algorithm must not be null");
        }
        return new SecretKeySpec(engineGenerateSecret(), str);
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected int engineGenerateSecret(byte[] bArr, int i) throws IllegalStateException, ShortBufferException {
        LOGGER.debug("ECDHKeyAgreement: generate shared secret");
        byte[] engineGenerateSecret = engineGenerateSecret();
        System.arraycopy(engineGenerateSecret, 0, bArr, 0, engineGenerateSecret.length);
        return engineGenerateSecret.length;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, SecureRandom secureRandom) throws InvalidKeyException {
        LOGGER.debug("ECDHKeyAgreement: init with given key");
        if (!(key instanceof PrivateKey)) {
            throw new InvalidKeyException("Key must be instance of PrivateKey");
        }
        this.privateKeyId = ((SdkmsKey) key).getKeyDescriptor().getKid();
        this.publicKeyId = null;
    }

    @Override // javax.crypto.KeyAgreementSpi
    protected void engineInit(Key key, AlgorithmParameterSpec algorithmParameterSpec, SecureRandom secureRandom) throws InvalidKeyException, InvalidAlgorithmParameterException {
        LOGGER.debug("ECDHKeyAgreement: init with given key and params");
        if (algorithmParameterSpec != null) {
            throw new InvalidAlgorithmParameterException("Parameters not supported");
        }
        engineInit(key, secureRandom);
    }
}
