package com.amazonaws.encryptionsdk.kms;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.DataKey;
import com.amazonaws.encryptionsdk.EncryptedDataKey;
import com.amazonaws.encryptionsdk.MasterKey;
import com.amazonaws.encryptionsdk.MasterKeyProvider;
import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
import com.amazonaws.encryptionsdk.exception.UnsupportedProviderException;
import com.amazonaws.encryptionsdk.internal.VersionInfo;
import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.DecryptResult;
import com.amazonaws.services.kms.model.EncryptRequest;
import com.amazonaws.services.kms.model.EncryptResult;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/amazonaws/encryptionsdk/kms/KmsMasterKey.class */
public final class KmsMasterKey extends MasterKey<KmsMasterKey> implements KmsMethods {
    private final AWSKMS kms_;
    private final MasterKeyProvider<KmsMasterKey> sourceProvider_;
    private final String id_;
    private final List<String> grantTokens_ = new ArrayList();

    private <T extends AmazonWebServiceRequest> T updateUserAgent(T t) {
        t.getRequestClientOptions().appendUserAgent(VersionInfo.USER_AGENT);
        return t;
    }

    @Deprecated
    public static KmsMasterKey getInstance(AWSCredentials aWSCredentials, String str) {
        return new KmsMasterKeyProvider(aWSCredentials, str).getMasterKey(str);
    }

    @Deprecated
    public static KmsMasterKey getInstance(AWSCredentialsProvider aWSCredentialsProvider, String str) {
        return new KmsMasterKeyProvider(aWSCredentialsProvider, str).getMasterKey(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KmsMasterKey getInstance(AWSKMS awskms, String str, MasterKeyProvider<KmsMasterKey> masterKeyProvider) {
        return new KmsMasterKey(awskms, str, masterKeyProvider);
    }

    private KmsMasterKey(AWSKMS awskms, String str, MasterKeyProvider<KmsMasterKey> masterKeyProvider) {
        this.kms_ = awskms;
        this.id_ = str;
        this.sourceProvider_ = masterKeyProvider;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public String getProviderId() {
        return this.sourceProvider_.getDefaultProviderId();
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public String getKeyId() {
        return this.id_;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public DataKey<KmsMasterKey> generateDataKey(CryptoAlgorithm cryptoAlgorithm, Map<String, String> map) {
        GenerateDataKeyResult generateDataKey = this.kms_.generateDataKey(updateUserAgent(new GenerateDataKeyRequest().withKeyId(getKeyId()).withNumberOfBytes(Integer.valueOf(cryptoAlgorithm.getDataKeyLength())).withEncryptionContext(map).withGrantTokens(this.grantTokens_)));
        byte[] bArr = new byte[cryptoAlgorithm.getDataKeyLength()];
        generateDataKey.getPlaintext().get(bArr);
        if (generateDataKey.getPlaintext().remaining() > 0) {
            throw new IllegalStateException("Recieved an unexpected number of bytes from KMS");
        }
        byte[] bArr2 = new byte[generateDataKey.getCiphertextBlob().remaining()];
        generateDataKey.getCiphertextBlob().get(bArr2);
        return new DataKey<>(new SecretKeySpec(bArr, cryptoAlgorithm.getDataKeyAlgo()), bArr2, generateDataKey.getKeyId().getBytes(StandardCharsets.UTF_8), this);
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    public void setGrantTokens(List<String> list) {
        this.grantTokens_.clear();
        this.grantTokens_.addAll(list);
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    public List<String> getGrantTokens() {
        return this.grantTokens_;
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    public void addGrantToken(String str) {
        this.grantTokens_.add(str);
    }

    @Override // com.amazonaws.encryptionsdk.MasterKey
    public DataKey<KmsMasterKey> encryptDataKey(CryptoAlgorithm cryptoAlgorithm, Map<String, String> map, DataKey<?> dataKey) {
        SecretKey key = dataKey.getKey();
        if (!key.getFormat().equals("RAW")) {
            throw new IllegalArgumentException("Only RAW encoded keys are supported");
        }
        try {
            EncryptResult encrypt = this.kms_.encrypt(updateUserAgent(new EncryptRequest().withKeyId(this.id_).withPlaintext(ByteBuffer.wrap(key.getEncoded())).withEncryptionContext(map).withGrantTokens(this.grantTokens_)));
            byte[] bArr = new byte[encrypt.getCiphertextBlob().remaining()];
            encrypt.getCiphertextBlob().get(bArr);
            return new DataKey<>(dataKey.getKey(), bArr, encrypt.getKeyId().getBytes(StandardCharsets.UTF_8), this);
        } catch (AmazonServiceException e) {
            throw new AwsCryptoException((Throwable) e);
        }
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm cryptoAlgorithm, Collection<? extends EncryptedDataKey> collection, Map<String, String> map) throws UnsupportedProviderException, AwsCryptoException {
        DecryptResult decrypt;
        ArrayList arrayList = new ArrayList();
        for (EncryptedDataKey encryptedDataKey : collection) {
            try {
                decrypt = this.kms_.decrypt(updateUserAgent(new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(encryptedDataKey.getEncryptedDataKey())).withEncryptionContext(map).withGrantTokens(this.grantTokens_)));
            } catch (AmazonServiceException e) {
                arrayList.add(e);
            }
            if (decrypt.getKeyId().equals(this.id_)) {
                byte[] bArr = new byte[cryptoAlgorithm.getDataKeyLength()];
                decrypt.getPlaintext().get(bArr);
                if (decrypt.getPlaintext().remaining() > 0) {
                    throw new IllegalStateException("Received an unexpected number of bytes from KMS");
                }
                return new DataKey<>(new SecretKeySpec(bArr, cryptoAlgorithm.getDataKeyAlgo()), encryptedDataKey.getEncryptedDataKey(), encryptedDataKey.getProviderInformation(), this);
            }
        }
        throw buildCannotDecryptDksException(arrayList);
    }
}
