package org.web3j.service;

import java.nio.ByteBuffer;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.web3j.crypto.CryptoUtils;
import org.web3j.crypto.HSMPass;
import org.web3j.crypto.Sign;
import software.amazon.awssdk.core.SdkBytes;
import software.amazon.awssdk.services.kms.KmsClient;
import software.amazon.awssdk.services.kms.model.MessageType;
import software.amazon.awssdk.services.kms.model.SignRequest;
import software.amazon.awssdk.services.kms.model.SigningAlgorithmSpec;
import software.amazon.awssdk.services.kms.model.VerifyRequest;

/* loaded from: classes6.dex */
public class HSMAwsKMSRequestProcessor implements HSMRequestProcessor {
    private String keyID;
    private KmsClient kmsClient;

    public HSMAwsKMSRequestProcessor(KmsClient kmsClient, String str) {
        this.kmsClient = kmsClient;
        this.keyID = str;
    }

    @Override // org.web3j.service.HSMRequestProcessor
    public Sign.SignatureData callHSM(byte[] bArr, HSMPass hSMPass) {
        try {
            byte[] digest = MessageDigest.getInstance("SHA-256").digest(bArr);
            ByteBuffer asByteBuffer = this.kmsClient.sign((SignRequest) SignRequest.builder().keyId(this.keyID).message(SdkBytes.fromByteArray(digest)).messageType(MessageType.DIGEST).signingAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256).build()).signature().asByteBuffer();
            byte[] bArr2 = new byte[asByteBuffer.remaining()];
            asByteBuffer.get(bArr2);
            if (this.kmsClient.verify((VerifyRequest) VerifyRequest.builder().keyId(this.keyID).message(SdkBytes.fromByteArray(digest)).messageType(MessageType.DIGEST).signingAlgorithm(SigningAlgorithmSpec.ECDSA_SHA_256).signature(SdkBytes.fromByteArray(bArr2)).build()).signatureValid().booleanValue()) {
                return Sign.createSignatureData(CryptoUtils.fromDerFormat(bArr2), hSMPass.getPublicKey(), digest);
            }
            throw new RuntimeException("KMS signature is not valid!");
        } catch (NoSuchAlgorithmException unused) {
            throw new IllegalArgumentException("Algorithm SHA-256 is not available for the given data!");
        }
    }
}
