package de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.encrypiton.impl.pathencryption;

import de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.encrypiton.api.pathencryption.encryption.SymmetricPathEncryptionService;
import de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.encrypiton.api.types.keystore.AuthPathEncryptionSecretKey;
import de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.encrypiton.impl.pathencryption.dto.PathSegmentWithSecretKeyWith;
import de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.types.api.context.annotations.RuntimeDelegate;
import de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.types.api.global.PathEncryptionId;
import de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.types.api.resource.Uri;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.util.Arrays;
import java.util.Base64;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.inject.Inject;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RuntimeDelegate
/* loaded from: input_file:de/adorsys/datasafe_1_0_3_1_0_3_1_0_3_1_0_3/encrypiton/impl/pathencryption/IntegrityPreservingUriEncryption.class */
public class IntegrityPreservingUriEncryption implements SymmetricPathEncryptionService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(IntegrityPreservingUriEncryption.class);
    private static final int DOT_SLASH_PREFIX_LENGTH = 2;
    private static final String DOT_SLASH_PREFIX = "./";
    private static final String PATH_SEPARATOR = "/";
    private final Function<PathSegmentWithSecretKeyWith, String> encryptAndEncode;
    private final Function<PathSegmentWithSecretKeyWith, String> decryptAndDecode;

    @Inject
    public IntegrityPreservingUriEncryption(PathEncryptorDecryptor pathEncryptorDecryptor) {
        this.encryptAndEncode = pathSegmentWithSecretKeyWith -> {
            return encryptorAndEncoder(pathSegmentWithSecretKeyWith, pathEncryptorDecryptor);
        };
        this.decryptAndDecode = pathSegmentWithSecretKeyWith2 -> {
            return decryptorAndDecoder(pathSegmentWithSecretKeyWith2, pathEncryptorDecryptor);
        };
    }

    @Override // de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.encrypiton.api.pathencryption.encryption.SymmetricPathEncryptionService
    public Uri encrypt(AuthPathEncryptionSecretKey authPathEncryptionSecretKey, Uri uri) {
        validateArgs(authPathEncryptionSecretKey, uri);
        validateUriIsRelative(uri);
        return PathEncryptionId.AES_SIV.asUriRoot().resolve(processURIparts(authPathEncryptionSecretKey, uri, this.encryptAndEncode));
    }

    @Override // de.adorsys.datasafe_1_0_3_1_0_3_1_0_3_1_0_3.encrypiton.api.pathencryption.encryption.SymmetricPathEncryptionService
    public Uri decrypt(AuthPathEncryptionSecretKey authPathEncryptionSecretKey, Uri uri) {
        validateArgs(authPathEncryptionSecretKey, uri);
        validateUriIsRelative(uri);
        return processURIparts(authPathEncryptionSecretKey, PathEncryptionId.AES_SIV.asUriRoot().relativize(uri), this.decryptAndDecode);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MessageDigest getDigest() {
        return MessageDigest.getInstance("SHA-256");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String decryptorAndDecoder(PathSegmentWithSecretKeyWith pathSegmentWithSecretKeyWith, PathEncryptorDecryptor pathEncryptorDecryptor) {
        pathSegmentWithSecretKeyWith.getDigest().update(pathSegmentWithSecretKeyWith.getPath().getBytes(StandardCharsets.UTF_8));
        return new String(pathEncryptorDecryptor.decrypt(pathSegmentWithSecretKeyWith.getPathEncryptionSecretKey(), decode(pathSegmentWithSecretKeyWith.getPath()), pathSegmentWithSecretKeyWith.getParentHash()), StandardCharsets.UTF_8);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String encryptorAndEncoder(PathSegmentWithSecretKeyWith pathSegmentWithSecretKeyWith, PathEncryptorDecryptor pathEncryptorDecryptor) {
        String encode = encode(pathEncryptorDecryptor.encrypt(pathSegmentWithSecretKeyWith.getPathEncryptionSecretKey(), pathSegmentWithSecretKeyWith.getPath().getBytes(StandardCharsets.UTF_8), pathSegmentWithSecretKeyWith.getParentHash()));
        pathSegmentWithSecretKeyWith.getDigest().update(encode.getBytes(StandardCharsets.UTF_8));
        return encode;
    }

    private byte[] decode(String str) {
        if (null == str) {
            return null;
        }
        if (str.isEmpty()) {
            return null;
        }
        return Base64.getUrlDecoder().decode(str);
    }

    private String encode(byte[] bArr) {
        if (null == bArr) {
            return null;
        }
        return Base64.getUrlEncoder().encodeToString(bArr);
    }

    private Uri processURIparts(AuthPathEncryptionSecretKey authPathEncryptionSecretKey, Uri uri, Function<PathSegmentWithSecretKeyWith, String> function) {
        StringBuilder sb = new StringBuilder();
        String rawPath = uri.getRawPath();
        if (uri.getRawPath().startsWith(DOT_SLASH_PREFIX)) {
            sb.append(DOT_SLASH_PREFIX);
            rawPath = uri.getRawPath().substring(DOT_SLASH_PREFIX_LENGTH);
        }
        return rawPath.isEmpty() ? new Uri(sb.toString()) : new Uri(URI.create(processSegments(authPathEncryptionSecretKey, function, rawPath.split(PATH_SEPARATOR))));
    }

    private String processSegments(AuthPathEncryptionSecretKey authPathEncryptionSecretKey, Function<PathSegmentWithSecretKeyWith, String> function, String[] strArr) {
        MessageDigest digest = getDigest();
        digest.update(PATH_SEPARATOR.getBytes(StandardCharsets.UTF_8));
        return (String) Arrays.stream(strArr).map(str -> {
            return processAndAuthenticateSegment(str, authPathEncryptionSecretKey, function, digest);
        }).collect(Collectors.joining(PATH_SEPARATOR));
    }

    private String processAndAuthenticateSegment(String str, AuthPathEncryptionSecretKey authPathEncryptionSecretKey, Function<PathSegmentWithSecretKeyWith, String> function, MessageDigest messageDigest) {
        return function.apply(new PathSegmentWithSecretKeyWith(messageDigest, ((MessageDigest) messageDigest.clone()).digest(), authPathEncryptionSecretKey, str));
    }

    private static void validateArgs(AuthPathEncryptionSecretKey authPathEncryptionSecretKey, Uri uri) {
        if (null == authPathEncryptionSecretKey) {
            throw new IllegalArgumentException("Secret key should not be null");
        }
        if (null == uri) {
            throw new IllegalArgumentException("Bucket path should not be null");
        }
    }

    private static void validateUriIsRelative(Uri uri) {
        if (uri.isAbsolute()) {
            throw new IllegalArgumentException("URI should be relative");
        }
    }
}
