package com.amazonaws.services.dynamodbv2.datamodeling;

import com.amazonaws.services.dynamodbv2.datamodeling.AttributeTransformer;
import com.amazonaws.services.dynamodbv2.datamodeling.DynamoDBMappingsRegistry;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DoNotEncrypt;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DoNotTouch;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionContext;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionFlags;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.HandleUnknownAttributes;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.TableAadOverride;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.EncryptionMaterialsProvider;
import com.amazonaws.services.dynamodbv2.model.AttributeValue;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/amazonaws/services/dynamodbv2/datamodeling/AttributeEncryptor.class */
public class AttributeEncryptor implements AttributeTransformer {
    private static final Log LOG = LogFactory.getLog(AttributeEncryptor.class);
    private final DynamoDBEncryptor encryptor;
    private final Map<Class<?>, ModelClassMetadata> metadataCache = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/amazonaws/services/dynamodbv2/datamodeling/AttributeEncryptor$ModelClassMetadata.class */
    public static class ModelClassMetadata {
        private final Map<String, Set<EncryptionFlags>> encryptionFlags;
        private final boolean doNotTouch;
        private final Set<EncryptionFlags> unknownAttributeBehavior;

        public ModelClassMetadata(Map<String, Set<EncryptionFlags>> map, boolean z, Set<EncryptionFlags> set) {
            this.encryptionFlags = map;
            this.doNotTouch = z;
            this.unknownAttributeBehavior = set;
        }

        public Map<String, Set<EncryptionFlags>> getEncryptionFlags() {
            return this.encryptionFlags;
        }

        public boolean getDoNotTouch() {
            return this.doNotTouch;
        }

        public Set<EncryptionFlags> getUnknownAttributeBehavior() {
            return this.unknownAttributeBehavior;
        }
    }

    public AttributeEncryptor(DynamoDBEncryptor dynamoDBEncryptor) {
        this.encryptor = dynamoDBEncryptor;
    }

    public AttributeEncryptor(EncryptionMaterialsProvider encryptionMaterialsProvider) {
        this.encryptor = DynamoDBEncryptor.getInstance(encryptionMaterialsProvider);
    }

    public DynamoDBEncryptor getEncryptor() {
        return this.encryptor;
    }

    public Map<String, AttributeValue> transform(AttributeTransformer.Parameters<?> parameters) {
        ModelClassMetadata modelClassMetadata = getModelClassMetadata(parameters);
        Map<String, AttributeValue> attributeValues = parameters.getAttributeValues();
        if (modelClassMetadata.doNotTouch) {
            return attributeValues;
        }
        if (parameters.isPartialUpdate()) {
            LOG.error("Use of AttributeEncryptor without SaveBehavior.CLOBBER is an error and can result in data-corruption. This occured while trying to save " + parameters.getModelClass());
        }
        try {
            return this.encryptor.encryptRecord(attributeValues, modelClassMetadata.getEncryptionFlags(), paramsToContext(parameters));
        } catch (Exception e) {
            throw new DynamoDBMappingException(e);
        }
    }

    public Map<String, AttributeValue> untransform(AttributeTransformer.Parameters<?> parameters) {
        try {
            return this.encryptor.decryptRecord(parameters.getAttributeValues(), getEncryptionFlags(parameters), paramsToContext(parameters));
        } catch (Exception e) {
            throw new DynamoDBMappingException(e);
        }
    }

    private Map<String, Set<EncryptionFlags>> getEncryptionFlags(AttributeTransformer.Parameters<?> parameters) {
        ModelClassMetadata modelClassMetadata = getModelClassMetadata(parameters);
        if (modelClassMetadata.getDoNotTouch()) {
            return modelClassMetadata.getEncryptionFlags();
        }
        Set<EncryptionFlags> unknownAttributeBehavior = modelClassMetadata.getUnknownAttributeBehavior();
        HashMap hashMap = new HashMap();
        hashMap.putAll(modelClassMetadata.getEncryptionFlags());
        for (String str : parameters.getAttributeValues().keySet()) {
            if (!hashMap.containsKey(str) && !this.encryptor.getSignatureFieldName().equals(str) && !this.encryptor.getMaterialDescriptionFieldName().equals(str)) {
                hashMap.put(str, unknownAttributeBehavior);
            }
        }
        return hashMap;
    }

    private <T> ModelClassMetadata getModelClassMetadata(AttributeTransformer.Parameters<T> parameters) {
        Class<?> modelClass = parameters.getModelClass();
        ModelClassMetadata modelClassMetadata = this.metadataCache.get(modelClass);
        if (modelClassMetadata == null) {
            HashMap hashMap = new HashMap();
            boolean handleUnknownAttributes = handleUnknownAttributes(modelClass);
            EnumSet noneOf = EnumSet.noneOf(EncryptionFlags.class);
            if (shouldTouch(modelClass)) {
                for (DynamoDBMappingsRegistry.Mapping mapping : DynamoDBMappingsRegistry.instance().mappingsOf(modelClass).getMappings()) {
                    EnumSet noneOf2 = EnumSet.noneOf(EncryptionFlags.class);
                    if (shouldTouch(mapping)) {
                        if (shouldEncryptAttribute(modelClass, mapping)) {
                            noneOf2.add(EncryptionFlags.ENCRYPT);
                        }
                        noneOf2.add(EncryptionFlags.SIGN);
                    }
                    hashMap.put(mapping.getAttributeName(), Collections.unmodifiableSet(noneOf2));
                }
                if (handleUnknownAttributes) {
                    noneOf.add(EncryptionFlags.SIGN);
                    if (shouldEncrypt(modelClass)) {
                        noneOf.add(EncryptionFlags.ENCRYPT);
                    }
                }
            }
            modelClassMetadata = new ModelClassMetadata(Collections.unmodifiableMap(hashMap), doNotTouch(modelClass), Collections.unmodifiableSet(noneOf));
            this.metadataCache.put(modelClass, modelClassMetadata);
        }
        return modelClassMetadata;
    }

    private boolean shouldTouch(Class<?> cls) {
        return !doNotTouch(cls);
    }

    private boolean shouldTouch(DynamoDBMappingsRegistry.Mapping mapping) {
        return !doNotTouch(mapping);
    }

    private boolean doNotTouch(Class<?> cls) {
        return cls.isAnnotationPresent(DoNotTouch.class);
    }

    private boolean doNotTouch(DynamoDBMappingsRegistry.Mapping mapping) {
        return mapping.getter().isAnnotationPresent(DoNotTouch.class);
    }

    private boolean shouldEncrypt(Class<?> cls) {
        return !doNotEncrypt(cls);
    }

    private boolean doNotEncrypt(Class<?> cls) {
        return cls.isAnnotationPresent(DoNotEncrypt.class);
    }

    private boolean doNotEncrypt(DynamoDBMappingsRegistry.Mapping mapping) {
        return mapping.getter().isAnnotationPresent(DoNotEncrypt.class);
    }

    private boolean shouldEncryptAttribute(Class<?> cls, DynamoDBMappingsRegistry.Mapping mapping) {
        return (doNotEncrypt(cls) || doNotEncrypt(mapping) || mapping.isPrimaryKey() || mapping.isVersion()) ? false : true;
    }

    private static EncryptionContext paramsToContext(AttributeTransformer.Parameters<?> parameters) {
        TableAadOverride tableAadOverride = (TableAadOverride) parameters.getModelClass().getAnnotation(TableAadOverride.class);
        return new EncryptionContext.Builder().withHashKeyName(parameters.getHashKeyName()).withRangeKeyName(parameters.getRangeKeyName()).withTableName(tableAadOverride == null ? parameters.getTableName() : tableAadOverride.tableName()).withModeledClass(parameters.getModelClass()).withAttributeValues(parameters.getAttributeValues()).build();
    }

    private boolean handleUnknownAttributes(Class<?> cls) {
        return cls.getAnnotation(HandleUnknownAttributes.class) != null;
    }
}
