package io.grpc.s2a.internal.handshaker;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.protobuf.ByteString;
import io.grpc.netty.shaded.io.netty.handler.ssl.OpenSslPrivateKeyMethod;
import io.grpc.s2a.internal.handshaker.OffloadPrivateKeyOperationReq;
import io.grpc.s2a.internal.handshaker.SessionReq;
import java.io.IOException;
import java.util.Optional;
import javax.annotation.concurrent.NotThreadSafe;
import javax.net.ssl.SSLEngine;

/* JADX INFO: Access modifiers changed from: package-private */
@NotThreadSafe
/* loaded from: input_file:io/grpc/s2a/internal/handshaker/S2APrivateKeyMethod.class */
public final class S2APrivateKeyMethod implements OpenSslPrivateKeyMethod {
    private final S2AStub stub;
    private final Optional<S2AIdentity> localIdentity;
    private static final ImmutableMap<Integer, SignatureAlgorithm> OPENSSL_TO_S2A_SIGNATURE_ALGORITHM_MAP = ImmutableMap.of(Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA256), SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA256, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA384), SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA384, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PKCS1_SHA512), SignatureAlgorithm.S2A_SSL_SIGN_RSA_PKCS1_SHA512, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP256R1_SHA256), SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP256R1_SHA256, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP384R1_SHA384), SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP384R1_SHA384, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_ECDSA_SECP521R1_SHA512), SignatureAlgorithm.S2A_SSL_SIGN_ECDSA_SECP521R1_SHA512, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA256), SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA256, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA384), SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA384, Integer.valueOf(OpenSslPrivateKeyMethod.SSL_SIGN_RSA_PSS_RSAE_SHA512), SignatureAlgorithm.S2A_SSL_SIGN_RSA_PSS_RSAE_SHA512);

    public static S2APrivateKeyMethod create(S2AStub s2AStub, Optional<S2AIdentity> optional) {
        Preconditions.checkNotNull(s2AStub);
        return new S2APrivateKeyMethod(s2AStub, optional);
    }

    private S2APrivateKeyMethod(S2AStub s2AStub, Optional<S2AIdentity> optional) {
        this.stub = s2AStub;
        this.localIdentity = optional;
    }

    @VisibleForTesting
    static SignatureAlgorithm convertOpenSslSignAlgToS2ASignAlg(int i) {
        SignatureAlgorithm signatureAlgorithm = OPENSSL_TO_S2A_SIGNATURE_ALGORITHM_MAP.get(Integer.valueOf(i));
        if (signatureAlgorithm == null) {
            throw new UnsupportedOperationException(String.format("Signature Algorithm %d is not supported.", Integer.valueOf(i)));
        }
        return signatureAlgorithm;
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.OpenSslPrivateKeyMethod
    public byte[] sign(SSLEngine sSLEngine, int i, byte[] bArr) throws IOException, InterruptedException {
        Preconditions.checkArgument(bArr.length > 0, "No bytes to sign.");
        SessionReq.Builder offloadPrivateKeyOperationReq = SessionReq.newBuilder().setOffloadPrivateKeyOperationReq(OffloadPrivateKeyOperationReq.newBuilder().setOperation(OffloadPrivateKeyOperationReq.PrivateKeyOperation.SIGN).setSignatureAlgorithm(convertOpenSslSignAlgToS2ASignAlg(i)).setRawBytes(ByteString.copyFrom(bArr)));
        if (this.localIdentity.isPresent()) {
            offloadPrivateKeyOperationReq.setLocalIdentity(this.localIdentity.get().getIdentity());
        }
        SessionResp send = this.stub.send(offloadPrivateKeyOperationReq.build());
        if (send.hasStatus() && send.getStatus().getCode() != 0) {
            throw new S2AConnectionException(String.format("Error occurred in response from S2A, error code: %d, error message: \"%s\".", Integer.valueOf(send.getStatus().getCode()), send.getStatus().getDetails()));
        }
        if (send.hasOffloadPrivateKeyOperationResp()) {
            return send.getOffloadPrivateKeyOperationResp().getOutBytes().toByteArray();
        }
        throw new S2AConnectionException("No valid response received from S2A.");
    }

    @Override // io.grpc.netty.shaded.io.netty.handler.ssl.OpenSslPrivateKeyMethod
    public byte[] decrypt(SSLEngine sSLEngine, byte[] bArr) {
        throw new UnsupportedOperationException("decrypt is not supported.");
    }
}
