package com.amazonaws.encryptionsdk.kms;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.DataKey;
import com.amazonaws.encryptionsdk.EncryptedDataKey;
import com.amazonaws.encryptionsdk.MasterKeyProvider;
import com.amazonaws.encryptionsdk.MasterKeyRequest;
import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
import com.amazonaws.encryptionsdk.exception.NoSuchMasterKeyException;
import com.amazonaws.encryptionsdk.exception.UnsupportedProviderException;
import com.amazonaws.internal.StaticCredentialsProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.kms.AWSKMSClient;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/amazonaws/encryptionsdk/kms/KmsMasterKeyProvider.class */
public class KmsMasterKeyProvider extends MasterKeyProvider<KmsMasterKey> implements KmsMethods {
    private static final String PROVIDER_NAME = "aws-kms";
    private final AWSKMSClient kms_;
    private final List<String> keyIds_;
    private final List<String> grantTokens_;
    private Region region_;
    private String regionName_;

    public KmsMasterKeyProvider() {
        this(new AWSKMSClient(), Region.getRegion(Regions.DEFAULT_REGION), Collections.emptyList());
    }

    public KmsMasterKeyProvider(String str) {
        this(new AWSKMSClient(), getStartingRegion(str), Collections.singletonList(str));
    }

    public KmsMasterKeyProvider(AWSCredentials aWSCredentials, String str) {
        this((AWSCredentialsProvider) new StaticCredentialsProvider(aWSCredentials), getStartingRegion(str), new ClientConfiguration(), str);
    }

    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider, String str) {
        this(aWSCredentialsProvider, getStartingRegion(str), new ClientConfiguration(), str);
    }

    public KmsMasterKeyProvider(AWSCredentials aWSCredentials) {
        this((AWSCredentialsProvider) new StaticCredentialsProvider(aWSCredentials), Region.getRegion(Regions.DEFAULT_REGION), new ClientConfiguration(), (List<String>) Collections.emptyList());
    }

    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider) {
        this(aWSCredentialsProvider, Region.getRegion(Regions.DEFAULT_REGION), new ClientConfiguration(), (List<String>) Collections.emptyList());
    }

    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider, Region region, ClientConfiguration clientConfiguration, String str) {
        this(new AWSKMSClient(aWSCredentialsProvider, clientConfiguration), region, Collections.singletonList(str));
    }

    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider, Region region, ClientConfiguration clientConfiguration, List<String> list) {
        this(new AWSKMSClient(aWSCredentialsProvider, clientConfiguration), region, list);
    }

    protected KmsMasterKeyProvider(AWSKMSClient aWSKMSClient, Region region, List<String> list) {
        this.grantTokens_ = new ArrayList();
        this.kms_ = aWSKMSClient;
        this.region_ = region;
        this.regionName_ = region.getName();
        this.kms_.setRegion(region);
        this.keyIds_ = new ArrayList(list);
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public String getDefaultProviderId() {
        return PROVIDER_NAME;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public KmsMasterKey getMasterKey(String str, String str2) throws UnsupportedProviderException, NoSuchMasterKeyException {
        if (!canProvide(str)) {
            throw new UnsupportedProviderException();
        }
        KmsMasterKey kmsMasterKey = KmsMasterKey.getInstance(this.kms_, str2, this);
        kmsMasterKey.setGrantTokens(this.grantTokens_);
        return kmsMasterKey;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest masterKeyRequest) {
        if (this.keyIds_ == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(this.keyIds_.size());
        Iterator<String> it = this.keyIds_.iterator();
        while (it.hasNext()) {
            arrayList.add(getMasterKey(it.next()));
        }
        return arrayList;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm cryptoAlgorithm, Collection<? extends EncryptedDataKey> collection, Map<String, String> map) throws UnsupportedProviderException, AwsCryptoException {
        DataKey<KmsMasterKey> decryptDataKey;
        ArrayList arrayList = new ArrayList();
        for (EncryptedDataKey encryptedDataKey : collection) {
            if (canProvide(encryptedDataKey.getProviderId())) {
                try {
                    String str = new String(encryptedDataKey.getProviderInformation(), StandardCharsets.UTF_8);
                    if (this.regionName_.equals(parseRegionfromKeyArn(str)) && (decryptDataKey = getMasterKey(str).decryptDataKey(cryptoAlgorithm, Collections.singletonList(encryptedDataKey), map)) != null) {
                        return decryptDataKey;
                    }
                } catch (Exception e) {
                    arrayList.add(e);
                }
            }
        }
        throw buildCannotDecryptDksException(arrayList);
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    public void setGrantTokens(List<String> list) {
        this.grantTokens_.clear();
        this.grantTokens_.addAll(list);
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    public List<String> getGrantTokens() {
        return this.grantTokens_;
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    public void addGrantToken(String str) {
        this.grantTokens_.add(str);
    }

    public void setCustomEndpoint(String str, String str2) {
        this.kms_.setEndpoint(str2);
        this.kms_.setSignerRegionOverride(str);
        this.region_ = null;
        this.regionName_ = str;
    }

    public void setRegion(Region region) {
        this.kms_.setRegion(region);
        this.region_ = region;
        this.regionName_ = region.getName();
    }

    public Region getRegion() {
        return this.region_;
    }

    private static Region getStartingRegion(String str) {
        String parseRegionfromKeyArn = parseRegionfromKeyArn(str);
        if (parseRegionfromKeyArn != null) {
            return Region.getRegion(Regions.fromName(parseRegionfromKeyArn));
        }
        Region currentRegion = Regions.getCurrentRegion();
        return currentRegion != null ? currentRegion : Region.getRegion(Regions.DEFAULT_REGION);
    }

    private static String parseRegionfromKeyArn(String str) {
        String[] split = str.split(":", 5);
        if (split[0].equals("arn") && split[2].equals("kms")) {
            return split[3];
        }
        return null;
    }
}
