package com.incountry.residence.sdk.tools.crypto;

import com.incountry.residence.sdk.tools.exceptions.StorageClientException;
import com.incountry.residence.sdk.tools.exceptions.StorageCryptoException;
import com.incountry.residence.sdk.tools.exceptions.StorageException;
import com.incountry.residence.sdk.tools.keyaccessor.SecretKeyAccessor;
import com.incountry.residence.sdk.tools.keyaccessor.key.SecretKey;
import com.incountry.residence.sdk.tools.keyaccessor.key.SecretsData;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.AbstractMap;
import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/incountry/residence/sdk/tools/crypto/CryptoManager.class */
public class CryptoManager {
    private static final String MSG_ERR_NO_SECRET = "No secret provided. Cannot decrypt record: ";
    private static final String MSG_ERR_VERSION = "Secret not found for 'version'=%d with 'isForCustomEncryption'=%b";
    private static final String MSG_ERR_DECRYPTION_FORMAT = "Unknown cipher format";
    private static final String MSG_ERR_DECRYPTION = "Unknown custom encryption version: %s";
    private static final String MSG_ERR_DECRYPTION_BASE64 = "Unexpected exception during custom decryption - failed to parse custom encryption version: %s";
    private static final String MSG_ERR_UNEXPECTED = "Unexpected exception";
    private static final String MSG_NULL_SECRET = "SecretKeyAccessor returns null secret";
    public static final String PREFIX_PLAIN_TEXT_VERSION = "pt";
    public static final String PREFIX_CUSTOM_ENCRYPTION = "c";
    private SecretKeyAccessor keyAccessor;
    private Map<String, Crypto> customEncryptionMap;
    private Crypto currentCrypto;
    private String currentCryptoVersion;
    private final DefaultCrypto defaultCrypto = new DefaultCrypto(CHARSET);
    private String envId;
    private boolean usePTEncryption;
    private final boolean normalizeKeys;
    private final boolean hashSearchKeys;
    private static final Logger LOG = LogManager.getLogger(CryptoManager.class);
    private static final Charset CHARSET = StandardCharsets.UTF_8;

    public CryptoManager(SecretKeyAccessor secretKeyAccessor, String str, List<Crypto> list, boolean z, boolean z2) throws StorageClientException {
        this.normalizeKeys = z;
        this.hashSearchKeys = z2;
        initFields(secretKeyAccessor, str);
        initCustomEncryptionMap(list);
        if (this.usePTEncryption) {
            return;
        }
        getSecret(null, this.currentCrypto != null);
    }

    private void initFields(SecretKeyAccessor secretKeyAccessor, String str) {
        this.usePTEncryption = secretKeyAccessor == null;
        this.keyAccessor = secretKeyAccessor;
        this.envId = str;
    }

    private void initCustomEncryptionMap(List<Crypto> list) throws StorageClientException {
        HashMap hashMap = new HashMap();
        if (list != null && !list.isEmpty()) {
            SecretsData secretsData = this.keyAccessor.getSecretsData();
            for (Crypto crypto : list) {
                CryptoUtils.validateCrypto(crypto, secretsData, hashMap, CHARSET, this.currentCrypto);
                hashMap.put(CryptoUtils.getHashedEncVersion(crypto.getVersion(), CHARSET), crypto);
                if (crypto.isCurrent()) {
                    this.currentCrypto = crypto;
                    this.currentCryptoVersion = CryptoUtils.getHashedEncVersion(crypto.getVersion(), CHARSET);
                }
            }
        }
        this.customEncryptionMap = hashMap;
    }

    public Map.Entry<String, Integer> encrypt(String str) throws StorageClientException, StorageCryptoException {
        return this.usePTEncryption ? encryptBase64(str) : this.currentCrypto != null ? encryptCustom(str) : encryptDefault(str);
    }

    private Map.Entry<String, Integer> encryptBase64(String str) {
        return new AbstractMap.SimpleEntry("pt:" + new String(Base64.getEncoder().encode(str.getBytes(CHARSET)), CHARSET), null);
    }

    private Map.Entry<String, Integer> encryptCustom(String str) throws StorageClientException, StorageCryptoException {
        SecretKey secret = getSecret(null, true);
        try {
            return new AbstractMap.SimpleEntry(this.currentCryptoVersion + ":" + new String(Base64.getEncoder().encode(this.currentCrypto.encrypt(str, secret).getBytes(CHARSET)), CHARSET), Integer.valueOf(secret.getVersion()));
        } catch (StorageCryptoException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(MSG_ERR_UNEXPECTED, e2);
            throw new StorageClientException(MSG_ERR_UNEXPECTED, e2);
        }
    }

    private Map.Entry<String, Integer> encryptDefault(String str) throws StorageClientException, StorageCryptoException {
        SecretKey secret = getSecret(null, false);
        return new AbstractMap.SimpleEntry(this.defaultCrypto.getVersion() + ":" + this.defaultCrypto.encrypt(str, secret), Integer.valueOf(secret.getVersion()));
    }

    private SecretKey getSecret(Integer num, boolean z) throws StorageClientException {
        SecretsData secretsDataOrException = getSecretsDataOrException();
        if (num == null) {
            num = Integer.valueOf(secretsDataOrException.getCurrentVersion());
        }
        int intValue = num.intValue();
        Optional<SecretKey> findFirst = secretsDataOrException.getSecrets().stream().filter(secretKey -> {
            return secretKey.getVersion() == intValue && z == secretKey.isForCustomEncryption();
        }).findFirst();
        if (findFirst.isPresent()) {
            return findFirst.get();
        }
        String format = String.format(MSG_ERR_VERSION, num, Boolean.valueOf(z));
        LOG.error(format);
        throw new StorageClientException(format);
    }

    public Integer getCurrentSecretVersion() throws StorageClientException {
        if (this.keyAccessor != null) {
            return Integer.valueOf(getSecretsDataOrException().getCurrentVersion());
        }
        return null;
    }

    private SecretsData getSecretsDataOrException() throws StorageClientException {
        try {
            SecretsData secretsData = this.keyAccessor.getSecretsData();
            if (secretsData == null) {
                throw new StorageClientException(MSG_NULL_SECRET);
            }
            return secretsData;
        } catch (StorageClientException e) {
            throw e;
        } catch (Exception e2) {
            throw new StorageClientException(MSG_ERR_UNEXPECTED, e2);
        }
    }

    public String createSearchKeyHash(String str) {
        return this.hashSearchKeys ? createKeyHash(str) : str;
    }

    public String createKeyHash(String str) {
        if (str == null) {
            return null;
        }
        String str2 = str + ":" + this.envId;
        return DigestUtils.sha256Hex(this.normalizeKeys ? str2.toLowerCase() : str2);
    }

    public String decrypt(String str, Integer num) throws StorageClientException, StorageCryptoException {
        if (str == null || str.isEmpty()) {
            return null;
        }
        String[] split = str.split(":", 2);
        if (split[0].equals(PREFIX_PLAIN_TEXT_VERSION)) {
            return decryptBase64(split[1]);
        }
        if (this.usePTEncryption) {
            throw new StorageCryptoException(MSG_ERR_NO_SECRET + str);
        }
        try {
            String str2 = split[0];
            boolean z = -1;
            switch (str2.hashCode()) {
                case 49:
                    if (str2.equals("1")) {
                        z = false;
                        break;
                    }
                    break;
                case 50:
                    if (str2.equals("2")) {
                        z = true;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return decryptV1(split[1], num);
                case true:
                    return decryptV2(split[1], num);
                default:
                    return decryptCustom(split[0], split[1], num);
            }
        } catch (StorageException e) {
            throw e;
        } catch (Exception e2) {
            LOG.error(MSG_ERR_UNEXPECTED, e2);
            throw new StorageClientException(MSG_ERR_UNEXPECTED, e2);
        }
    }

    private String decryptV1(String str, Integer num) throws StorageClientException, StorageCryptoException {
        return this.defaultCrypto.decryptV1(str, getSecret(num, false));
    }

    private String decryptV2(String str, Integer num) throws StorageClientException, StorageCryptoException {
        return this.defaultCrypto.decrypt(str, getSecret(num, false));
    }

    private String decryptCustom(String str, String str2, Integer num) throws StorageCryptoException, StorageClientException {
        if (!str.startsWith(PREFIX_CUSTOM_ENCRYPTION)) {
            throw new StorageCryptoException(MSG_ERR_DECRYPTION_FORMAT);
        }
        Crypto crypto = this.customEncryptionMap.get(str);
        if (crypto == null) {
            try {
                throw new StorageCryptoException(String.format(MSG_ERR_DECRYPTION, new String(Base64.getDecoder().decode(str.substring(1).getBytes(CHARSET)), CHARSET)));
            } catch (IllegalArgumentException e) {
                throw new StorageCryptoException(String.format(MSG_ERR_DECRYPTION_BASE64, str.substring(1)), e);
            }
        }
        try {
            return crypto.decrypt(decryptBase64(str2), getSecret(num, true));
        } catch (StorageCryptoException e2) {
            throw e2;
        } catch (Exception e3) {
            LOG.error(MSG_ERR_UNEXPECTED, e3);
            throw new StorageClientException(MSG_ERR_UNEXPECTED, e3);
        }
    }

    private String decryptBase64(String str) {
        return new String(Base64.getDecoder().decode(str), CHARSET);
    }

    public boolean isUsePTEncryption() {
        return this.usePTEncryption;
    }
}
