package de.otto.kafka.messaging.e2ee;

import de.otto.kafka.messaging.e2ee.vault.VaultHelper;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.Objects;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:de/otto/kafka/messaging/e2ee/DecryptionService.class */
public final class DecryptionService {
    private final EncryptionKeyProvider encryptionKeyProvider;
    private final Cache<TopicKeyVersion, Key> aesKeyCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion.class */
    public static final class TopicKeyVersion extends Record {
        private final String topic;
        private final int keyVersionNumber;
        private final String encryptionKeyAttributeName;

        private TopicKeyVersion(String str, int i, String str2) {
            Objects.requireNonNull(str);
            this.topic = str;
            this.keyVersionNumber = i;
            this.encryptionKeyAttributeName = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, TopicKeyVersion.class), TopicKeyVersion.class, "topic;keyVersionNumber;encryptionKeyAttributeName", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->topic:Ljava/lang/String;", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->keyVersionNumber:I", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->encryptionKeyAttributeName:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, TopicKeyVersion.class), TopicKeyVersion.class, "topic;keyVersionNumber;encryptionKeyAttributeName", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->topic:Ljava/lang/String;", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->keyVersionNumber:I", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->encryptionKeyAttributeName:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, TopicKeyVersion.class, Object.class), TopicKeyVersion.class, "topic;keyVersionNumber;encryptionKeyAttributeName", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->topic:Ljava/lang/String;", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->keyVersionNumber:I", "FIELD:Lde/otto/kafka/messaging/e2ee/DecryptionService$TopicKeyVersion;->encryptionKeyAttributeName:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String topic() {
            return this.topic;
        }

        public int keyVersionNumber() {
            return this.keyVersionNumber;
        }

        public String encryptionKeyAttributeName() {
            return this.encryptionKeyAttributeName;
        }
    }

    public DecryptionService(EncryptionKeyProvider encryptionKeyProvider) {
        Objects.requireNonNull(encryptionKeyProvider, "encryptionKeyProvider");
        this.encryptionKeyProvider = encryptionKeyProvider;
        this.aesKeyCache = new Cache<>(DefaultAesEncryptionConfiguration.CACHING_DURATION);
    }

    public byte[] decryptToByteArray(String str, AesEncryptedPayload aesEncryptedPayload) {
        Objects.requireNonNull(str, "kafkaTopicName must not be null");
        Objects.requireNonNull(aesEncryptedPayload, "encryptedPayload must not be null");
        if (!aesEncryptedPayload.isEncrypted()) {
            return aesEncryptedPayload.encryptedPayload();
        }
        return DefaultAesEncryptionConfiguration.decrypt(aesEncryptedPayload.encryptedPayload(), this.aesKeyCache.getOrRetrieve(new TopicKeyVersion(str, aesEncryptedPayload.keyVersion(), aesEncryptedPayload.encryptionKeyAttributeName()), this::createAesKey), aesEncryptedPayload.initializationVector());
    }

    public String decryptToString(String str, AesEncryptedPayload aesEncryptedPayload) {
        return new String(decryptToByteArray(str, aesEncryptedPayload), StandardCharsets.UTF_8);
    }

    public boolean hasSameEncryptionFlag(String str, AesEncryptedPayload aesEncryptedPayload) {
        return this.encryptionKeyProvider.isEncryptedTopic(str) == aesEncryptedPayload.isEncrypted();
    }

    private Key createAesKey(TopicKeyVersion topicKeyVersion) {
        String str = topicKeyVersion.topic();
        int keyVersionNumber = topicKeyVersion.keyVersionNumber();
        return new SecretKeySpec(VaultHelper.decodeBase64Key(topicKeyVersion.encryptionKeyAttributeName() == null ? this.encryptionKeyProvider.retrieveKeyForDecryption(str, keyVersionNumber) : this.encryptionKeyProvider.retrieveKeyForDecryption(str, keyVersionNumber, topicKeyVersion.encryptionKeyAttributeName())), "AES");
    }
}
