package com.palantir.crypto2;

import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/palantir/crypto2/KeyMaterials.class */
public final class KeyMaterials {
    private static final Logger log = LoggerFactory.getLogger(KeyMaterials.class);
    private static final Map<Integer, ? extends KeySerializer> SERIALIZERS = KeySerializers.getSerializers();

    private KeyMaterials() {
    }

    public static SecretKey generateKey(String str, int i) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
            keyGenerator.init(getSafeKeyLength(str, i));
            return keyGenerator.generateKey();
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }

    public static byte[] generateIv(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public static KeyMaterial generateKeyMaterial(String str, int i, int i2) {
        return KeyMaterial.of(generateKey(str, i), generateIv(i2));
    }

    public static KeyMaterial from(String str, byte[] bArr, byte[] bArr2) {
        return KeyMaterial.of(new SecretKeySpec(bArr, str), bArr2);
    }

    public static byte[] wrap(KeyMaterial keyMaterial, PublicKey publicKey) {
        return KeySerializerV2.INSTANCE.wrap(keyMaterial, publicKey);
    }

    public static KeyMaterial unwrap(byte[] bArr, PrivateKey privateKey) {
        try {
            int read = new DataInputStream(new ByteArrayInputStream(bArr)).read();
            Preconditions.checkArgument(SERIALIZERS.containsKey(Integer.valueOf(read)), "Invalid serialization format version. Expected version in %s but found %s", new Object[]{SERIALIZERS.keySet(), Integer.valueOf(read)});
            return SERIALIZERS.get(Integer.valueOf(read)).unwrap(bArr, privateKey);
        } catch (IOException e) {
            throw Throwables.propagate(e);
        }
    }

    public static int getSafeKeyLength(String str, int i) throws InvalidKeyException {
        try {
            int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength(str);
            int min = Math.min(maxAllowedKeyLength, i);
            if (min < i) {
                if (!Boolean.valueOf(System.getenv("OVERRIDE_KEY_SAFETY_PROTECTIONS")).booleanValue()) {
                    throw new InvalidKeyException(String.format("Requested key length %d exceeds JVM allowable key length %d for %s", Integer.valueOf(i), Integer.valueOf(maxAllowedKeyLength), str));
                }
                log.warn("Requested key length {} exceeds JVM allowable key length for algorithm {}, using key size: {}", new Object[]{Integer.valueOf(i), str, Integer.valueOf(maxAllowedKeyLength)});
            }
            return min;
        } catch (NoSuchAlgorithmException e) {
            throw Throwables.propagate(e);
        }
    }
}
