package com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store;

import com.amazonaws.AmazonClientException;
import com.amazonaws.services.dynamodbv2.AmazonDynamoDB;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.DynamoDBEncryptor;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.EncryptionContext;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.EncryptionMaterialsProvider;
import com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.WrappedMaterialsProvider;
import com.amazonaws.services.dynamodbv2.datamodeling.internal.Utils;
import com.amazonaws.services.dynamodbv2.model.AttributeDefinition;
import com.amazonaws.services.dynamodbv2.model.AttributeValue;
import com.amazonaws.services.dynamodbv2.model.ComparisonOperator;
import com.amazonaws.services.dynamodbv2.model.Condition;
import com.amazonaws.services.dynamodbv2.model.ConditionalCheckFailedException;
import com.amazonaws.services.dynamodbv2.model.CreateTableResult;
import com.amazonaws.services.dynamodbv2.model.ExpectedAttributeValue;
import com.amazonaws.services.dynamodbv2.model.GetItemRequest;
import com.amazonaws.services.dynamodbv2.model.KeySchemaElement;
import com.amazonaws.services.dynamodbv2.model.KeyType;
import com.amazonaws.services.dynamodbv2.model.ProvisionedThroughput;
import com.amazonaws.services.dynamodbv2.model.PutItemRequest;
import com.amazonaws.services.dynamodbv2.model.QueryRequest;
import com.amazonaws.services.dynamodbv2.model.ScalarAttributeType;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:com/amazonaws/services/dynamodbv2/datamodeling/encryption/providers/store/MetaStore.class */
public class MetaStore extends ProviderStore {
    private static final String INTEGRITY_ALGORITHM_FIELD = "intAlg";
    private static final String INTEGRITY_KEY_FIELD = "int";
    private static final String ENCRYPTION_ALGORITHM_FIELD = "encAlg";
    private static final String ENCRYPTION_KEY_FIELD = "enc";
    private static final Pattern COMBINED_PATTERN = Pattern.compile("([^#]+)#(\\d*)");
    private static final String DEFAULT_INTEGRITY = "HmacSHA256";
    private static final String DEFAULT_ENCRYPTION = "AES";
    private static final String MATERIAL_TYPE_VERSION = "t";
    private static final String META_ID = "amzn-ddb-meta-id";
    private static final String DEFAULT_HASH_KEY = "N";
    private static final String DEFAULT_RANGE_KEY = "V";
    private final Map<String, ExpectedAttributeValue> doesNotExist;
    private final String tableName;
    private final AmazonDynamoDB ddb;
    private final DynamoDBEncryptor encryptor;
    private final EncryptionContext ddbCtx;

    public MetaStore(AmazonDynamoDB amazonDynamoDB, String str, DynamoDBEncryptor dynamoDBEncryptor) {
        this.ddb = (AmazonDynamoDB) checkNotNull(amazonDynamoDB, "ddb must not be null");
        this.tableName = (String) checkNotNull(str, "tableName must not be null");
        this.encryptor = (DynamoDBEncryptor) checkNotNull(dynamoDBEncryptor, "encryptor must not be null");
        this.ddbCtx = new EncryptionContext.Builder().withTableName(this.tableName).withHashKeyName(DEFAULT_HASH_KEY).withRangeKeyName(DEFAULT_RANGE_KEY).build();
        HashMap hashMap = new HashMap();
        hashMap.put(DEFAULT_HASH_KEY, new ExpectedAttributeValue().withExists(false));
        hashMap.put(DEFAULT_RANGE_KEY, new ExpectedAttributeValue().withExists(false));
        this.doesNotExist = Collections.unmodifiableMap(hashMap);
    }

    @Override // com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.ProviderStore
    public EncryptionMaterialsProvider getProvider(String str, long j) {
        HashMap hashMap = new HashMap();
        hashMap.put(DEFAULT_HASH_KEY, new AttributeValue().withS(str));
        hashMap.put(DEFAULT_RANGE_KEY, new AttributeValue().withN(Long.toString(j)));
        Map<String, AttributeValue> ddbGet = ddbGet(hashMap);
        if (ddbGet == null || ddbGet.isEmpty()) {
            throw new IndexOutOfBoundsException("No material found: " + str + "#" + j);
        }
        return decryptProvider(ddbGet);
    }

    @Override // com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.ProviderStore
    public EncryptionMaterialsProvider getOrCreate(String str, long j) {
        return decryptProvider(conditionalPut(encryptKeys(str, j, new SecretKeySpec(Utils.getRandom(32), DEFAULT_ENCRYPTION), new SecretKeySpec(Utils.getRandom(32), DEFAULT_INTEGRITY))));
    }

    @Override // com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.ProviderStore
    public long getMaxVersion(String str) {
        List items = this.ddb.query(new QueryRequest().withTableName(this.tableName).withConsistentRead(Boolean.TRUE).withKeyConditions(Collections.singletonMap(DEFAULT_HASH_KEY, new Condition().withComparisonOperator(ComparisonOperator.EQ).withAttributeValueList(new AttributeValue[]{new AttributeValue().withS(str)}))).withLimit(1).withScanIndexForward(false).withAttributesToGet(new String[]{DEFAULT_RANGE_KEY})).getItems();
        if (items.isEmpty()) {
            return -1L;
        }
        return Long.parseLong(((AttributeValue) ((Map) items.get(0)).get(DEFAULT_RANGE_KEY)).getN());
    }

    @Override // com.amazonaws.services.dynamodbv2.datamodeling.encryption.providers.store.ProviderStore
    public long getVersionFromMaterialDescription(Map<String, String> map) {
        Matcher matcher = COMBINED_PATTERN.matcher(map.get(META_ID));
        if (matcher.matches()) {
            return Long.parseLong(matcher.group(2));
        }
        throw new IllegalArgumentException("No meta id found");
    }

    public static CreateTableResult createTable(AmazonDynamoDB amazonDynamoDB, String str, ProvisionedThroughput provisionedThroughput) {
        return amazonDynamoDB.createTable(Arrays.asList(new AttributeDefinition(DEFAULT_HASH_KEY, ScalarAttributeType.S), new AttributeDefinition(DEFAULT_RANGE_KEY, ScalarAttributeType.N)), str, Arrays.asList(new KeySchemaElement(DEFAULT_HASH_KEY, KeyType.HASH), new KeySchemaElement(DEFAULT_RANGE_KEY, KeyType.RANGE)), provisionedThroughput);
    }

    private Map<String, AttributeValue> conditionalPut(Map<String, AttributeValue> map) {
        try {
            this.ddb.putItem(new PutItemRequest().withTableName(this.tableName).withItem(map).withExpected(this.doesNotExist));
            return map;
        } catch (ConditionalCheckFailedException e) {
            HashMap hashMap = new HashMap();
            hashMap.put(DEFAULT_HASH_KEY, map.get(DEFAULT_HASH_KEY));
            hashMap.put(DEFAULT_RANGE_KEY, map.get(DEFAULT_RANGE_KEY));
            return ddbGet(hashMap);
        }
    }

    private Map<String, AttributeValue> ddbGet(Map<String, AttributeValue> map) {
        return this.ddb.getItem(new GetItemRequest().withTableName(this.tableName).withConsistentRead(true).withKey(map)).getItem();
    }

    private Map<String, AttributeValue> encryptKeys(String str, long j, SecretKeySpec secretKeySpec, SecretKeySpec secretKeySpec2) {
        HashMap hashMap = new HashMap();
        hashMap.put(DEFAULT_HASH_KEY, new AttributeValue().withS(str));
        hashMap.put(DEFAULT_RANGE_KEY, new AttributeValue().withN(Long.toString(j)));
        hashMap.put(MATERIAL_TYPE_VERSION, new AttributeValue().withS("0"));
        hashMap.put(ENCRYPTION_KEY_FIELD, new AttributeValue().withB(ByteBuffer.wrap(secretKeySpec.getEncoded())));
        hashMap.put(ENCRYPTION_ALGORITHM_FIELD, new AttributeValue().withS(secretKeySpec.getAlgorithm()));
        hashMap.put(INTEGRITY_KEY_FIELD, new AttributeValue().withB(ByteBuffer.wrap(secretKeySpec2.getEncoded())));
        hashMap.put(INTEGRITY_ALGORITHM_FIELD, new AttributeValue().withS(secretKeySpec2.getAlgorithm()));
        try {
            return this.encryptor.encryptAllFieldsExcept(hashMap, this.ddbCtx, DEFAULT_HASH_KEY, DEFAULT_RANGE_KEY);
        } catch (GeneralSecurityException e) {
            throw new AmazonClientException(e);
        }
    }

    private EncryptionMaterialsProvider decryptProvider(Map<String, AttributeValue> map) {
        try {
            Map<String, AttributeValue> decryptAllFieldsExcept = this.encryptor.decryptAllFieldsExcept(map, this.ddbCtx, DEFAULT_HASH_KEY, DEFAULT_RANGE_KEY);
            String s = decryptAllFieldsExcept.get(MATERIAL_TYPE_VERSION).getS();
            boolean z = -1;
            switch (s.hashCode()) {
                case 48:
                    if (s.equals("0")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    SecretKeySpec secretKeySpec = new SecretKeySpec(decryptAllFieldsExcept.get(ENCRYPTION_KEY_FIELD).getB().array(), decryptAllFieldsExcept.get(ENCRYPTION_ALGORITHM_FIELD).getS());
                    return new WrappedMaterialsProvider(secretKeySpec, secretKeySpec, new SecretKeySpec(decryptAllFieldsExcept.get(INTEGRITY_KEY_FIELD).getB().array(), decryptAllFieldsExcept.get(INTEGRITY_ALGORITHM_FIELD).getS()), buildDescription(decryptAllFieldsExcept));
                default:
                    throw new IllegalStateException("Unsupported material type: " + s);
            }
        } catch (GeneralSecurityException e) {
            throw new AmazonClientException(e);
        }
    }

    private Map<String, String> buildDescription(Map<String, AttributeValue> map) {
        return Collections.singletonMap(META_ID, map.get(DEFAULT_HASH_KEY).getS() + "#" + map.get(DEFAULT_RANGE_KEY).getN());
    }

    private static <V> V checkNotNull(V v, String str) {
        if (v == null) {
            throw new NullPointerException(str);
        }
        return v;
    }
}
