package com.onelogin.saml2.model.hsm;

import com.azure.core.http.netty.NettyAsyncHttpClientBuilder;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
import com.azure.security.keyvault.keys.cryptography.CryptographyClientBuilder;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.keys.cryptography.models.KeyWrapAlgorithm;
import com.onelogin.saml2.util.Constants;
import java.util.HashMap;

/* loaded from: input_file:com/onelogin/saml2/model/hsm/AzureKeyVault.class */
public class AzureKeyVault extends HSM {
    private String clientId;
    private String clientCredentials;
    private String tenantId;
    private String keyVaultId;
    private CryptographyClient akvClient;
    private HashMap<String, KeyWrapAlgorithm> algorithmMapping = createAlgorithmMapping();

    public AzureKeyVault(String str, String str2, String str3, String str4) {
        this.clientId = str;
        this.clientCredentials = str2;
        this.tenantId = str3;
        this.keyVaultId = str4;
    }

    private HashMap<String, KeyWrapAlgorithm> createAlgorithmMapping() {
        HashMap<String, KeyWrapAlgorithm> hashMap = new HashMap<>();
        hashMap.put(Constants.RSA_1_5, KeyWrapAlgorithm.RSA1_5);
        hashMap.put(Constants.RSA_OAEP_MGF1P, KeyWrapAlgorithm.RSA_OAEP);
        hashMap.put(Constants.A128KW, KeyWrapAlgorithm.A128KW);
        hashMap.put(Constants.A192KW, KeyWrapAlgorithm.A192KW);
        hashMap.put(Constants.A256KW, KeyWrapAlgorithm.A256KW);
        return hashMap;
    }

    private KeyWrapAlgorithm getAlgorithm(String str) {
        return this.algorithmMapping.get(str);
    }

    @Override // com.onelogin.saml2.model.hsm.HSM
    public void setClient() {
        this.akvClient = new CryptographyClientBuilder().httpClient(new NettyAsyncHttpClientBuilder().build()).credential(new ClientSecretCredentialBuilder().clientId(this.clientId).clientSecret(this.clientCredentials).tenantId(this.tenantId).build()).keyIdentifier(this.keyVaultId).buildClient();
    }

    @Override // com.onelogin.saml2.model.hsm.HSM
    public byte[] wrapKey(String str, byte[] bArr) {
        return this.akvClient.wrapKey(KeyWrapAlgorithm.fromString(str), bArr).getEncryptedKey();
    }

    @Override // com.onelogin.saml2.model.hsm.HSM
    public byte[] unwrapKey(String str, byte[] bArr) {
        return this.akvClient.unwrapKey(getAlgorithm(str), bArr).getKey();
    }

    @Override // com.onelogin.saml2.model.hsm.HSM
    public byte[] encrypt(String str, byte[] bArr) {
        return this.akvClient.encrypt(EncryptionAlgorithm.fromString(str), bArr).getCipherText();
    }

    @Override // com.onelogin.saml2.model.hsm.HSM
    public byte[] decrypt(String str, byte[] bArr) {
        return this.akvClient.decrypt(EncryptionAlgorithm.fromString(str), bArr).getPlainText();
    }
}
