package de.zalando.spring.cloud.config.aws.kms;

import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.EncryptRequest;
import java.nio.ByteBuffer;
import java.util.Base64;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.util.Assert;

/* loaded from: input_file:de/zalando/spring/cloud/config/aws/kms/KmsTextEncryptor.class */
public class KmsTextEncryptor implements TextEncryptor {
    private static final String EMPTY_STRING = "";
    private final AWSKMS kms;
    private final String kmsKeyId;

    public KmsTextEncryptor(AWSKMS awskms, String str) {
        Assert.notNull(awskms, "KMS client must not be null");
        this.kms = awskms;
        this.kmsKeyId = str;
    }

    public String encrypt(String str) {
        Assert.hasText(this.kmsKeyId, "kmsKeyId must not be blank");
        if (str == null || str.isEmpty()) {
            return EMPTY_STRING;
        }
        return extractString(Base64.getEncoder().encode(this.kms.encrypt(new EncryptRequest().withKeyId(this.kmsKeyId).withPlaintext(ByteBuffer.wrap(str.getBytes()))).getCiphertextBlob()));
    }

    public String decrypt(String str) {
        if (str == null || str.isEmpty()) {
            return EMPTY_STRING;
        }
        return extractString(this.kms.decrypt(new DecryptRequest().withCiphertextBlob(Base64.getDecoder().decode(ByteBuffer.wrap(str.getBytes())))).getPlaintext());
    }

    private static String extractString(ByteBuffer byteBuffer) {
        if (!byteBuffer.hasRemaining()) {
            return EMPTY_STRING;
        }
        byte[] bArr = new byte[byteBuffer.remaining()];
        byteBuffer.get(bArr, byteBuffer.arrayOffset(), byteBuffer.remaining());
        return new String(bArr);
    }
}
