package com.microsoft.azure.sdk.iot.provisioning.security;

import com.microsoft.azure.sdk.iot.provisioning.security.exceptions.SecurityProviderException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.util.Base64;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:com/microsoft/azure/sdk/iot/provisioning/security/SecurityProviderSymmetricKey.class */
public class SecurityProviderSymmetricKey extends SecurityProvider {
    private static final String HMAC_SHA_256 = "HmacSHA256";
    private final byte[] primaryKey;
    private byte[] secondaryKey;
    private final String registrationId;
    private static final String HMAC_SHA256 = "HmacSHA256";

    public SecurityProviderSymmetricKey(byte[] bArr, String str) {
        if (bArr == null) {
            throw new IllegalArgumentException("Symmetric key cannot be null");
        }
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("Registration ID cannot be null");
        }
        this.primaryKey = bArr;
        this.registrationId = str;
    }

    public SecurityProviderSymmetricKey(String str, String str2, String str3) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            throw new IllegalArgumentException("Symmetric key cannot be null");
        }
        if (str3 == null || str3.isEmpty()) {
            throw new IllegalArgumentException("Registration ID cannot be null");
        }
        this.primaryKey = str.getBytes();
        this.secondaryKey = str2.getBytes();
        this.registrationId = str3;
    }

    public byte[] getSymmetricKey() {
        return this.primaryKey;
    }

    public byte[] getSecondaryKey() {
        return this.secondaryKey;
    }

    @Override // com.microsoft.azure.sdk.iot.provisioning.security.SecurityProvider
    public String getRegistrationId() throws SecurityProviderException {
        if (this.registrationId == null || this.registrationId.isEmpty()) {
            throw new SecurityProviderException("Registration is null or empty");
        }
        return this.registrationId;
    }

    @Override // com.microsoft.azure.sdk.iot.provisioning.security.SecurityProvider
    public SSLContext getSSLContext() throws SecurityProviderException {
        try {
            return generateSSLContext();
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new SecurityProviderException(e);
        }
    }

    private SSLContext generateSSLContext() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, KeyManagementException {
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        KeyStore keyStoreWithTrustedCerts = getKeyStoreWithTrustedCerts();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStoreWithTrustedCerts);
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext;
    }

    public byte[] HMACSignData(byte[] bArr, byte[] bArr2) throws SecurityProviderException {
        if (bArr == null || bArr.length == 0 || bArr2 == null || bArr2.length == 0) {
            throw new SecurityProviderException("Signature or Key cannot be null or empty");
        }
        try {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr2, "HmacSHA256");
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(secretKeySpec);
            return mac.doFinal(bArr);
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new SecurityProviderException(e);
        }
    }

    public static byte[] ComputeDerivedSymmetricKey(byte[] bArr, String str) throws InvalidKeyException, NoSuchAlgorithmException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(Base64.getDecoder().decode(bArr), "HmacSHA256");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKeySpec);
        return Base64.getEncoder().encode(mac.doFinal(str.getBytes()));
    }
}
