package io.confluent.dekregistry.client;

import io.confluent.dekregistry.client.rest.entities.Dek;
import io.confluent.dekregistry.client.rest.entities.Kek;
import io.confluent.kafka.schemaregistry.client.rest.exceptions.RestClientException;
import io.confluent.kafka.schemaregistry.encryption.tink.Cryptor;
import io.confluent.kafka.schemaregistry.encryption.tink.DekFormat;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;

/* loaded from: input_file:io/confluent/dekregistry/client/MockDekRegistryClient.class */
public class MockDekRegistryClient implements DekRegistryClient {
    public static final byte[] EMPTY_AAD = new byte[0];
    private final Map<String, ?> configs;
    private final Map<KekId, Kek> keks = new ConcurrentHashMap();
    private final Map<DekId, Dek> deks = new ConcurrentHashMap();
    private final Map<DekFormat, Cryptor> cryptors = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/confluent/dekregistry/client/MockDekRegistryClient$DekId.class */
    public static class DekId {
        private final String kekName;
        private final String subject;
        private final Integer version;
        private final DekFormat dekFormat;

        public DekId(String str, String str2, Integer num, DekFormat dekFormat) {
            this.kekName = str;
            this.subject = str2;
            this.version = num;
            this.dekFormat = dekFormat;
        }

        public String getKekName() {
            return this.kekName;
        }

        public String getSubject() {
            return this.subject;
        }

        public Integer getVersion() {
            return this.version;
        }

        public DekFormat getDekFormat() {
            return this.dekFormat;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            DekId dekId = (DekId) obj;
            return Objects.equals(this.kekName, dekId.kekName) && Objects.equals(this.subject, dekId.subject) && Objects.equals(this.version, dekId.version) && this.dekFormat == dekId.dekFormat;
        }

        public int hashCode() {
            return Objects.hash(this.kekName, this.subject, this.version, this.dekFormat);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:io/confluent/dekregistry/client/MockDekRegistryClient$KekId.class */
    public static class KekId {
        private final String name;

        public KekId(String str) {
            this.name = str;
        }

        public String getName() {
            return this.name;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            return Objects.equals(this.name, ((KekId) obj).name);
        }

        public int hashCode() {
            return Objects.hash(this.name);
        }
    }

    public MockDekRegistryClient(Map<String, ?> map) {
        this.configs = map;
    }

    protected Cryptor getCryptor(DekFormat dekFormat) {
        return this.cryptors.computeIfAbsent(dekFormat, dekFormat2 -> {
            try {
                return new Cryptor(dekFormat);
            } catch (GeneralSecurityException e) {
                throw new IllegalArgumentException("Invalid format " + dekFormat, e);
            }
        });
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public List<String> listKeks(boolean z) throws IOException, RestClientException {
        return (List) this.keks.entrySet().stream().filter(entry -> {
            return !((Kek) entry.getValue()).isDeleted() || z;
        }).map(entry2 -> {
            return ((KekId) entry2.getKey()).getName();
        }).collect(Collectors.toList());
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public List<Integer> listDekVersions(String str, String str2, DekFormat dekFormat, boolean z) throws IOException, RestClientException {
        if (dekFormat == null) {
            dekFormat = DekFormat.AES256_GCM;
        }
        DekFormat dekFormat2 = dekFormat;
        return (List) this.deks.entrySet().stream().filter(entry -> {
            return ((DekId) entry.getKey()).getKekName().equals(str) && ((DekId) entry.getKey()).getSubject().equals(str2) && ((Dek) entry.getValue()).getAlgorithm().equals(dekFormat2) && (!((Dek) entry.getValue()).isDeleted() || z);
        }).map(entry2 -> {
            return ((DekId) entry2.getKey()).getVersion();
        }).collect(Collectors.toList());
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Kek getKek(String str, boolean z) throws IOException, RestClientException {
        Kek kek = this.keks.get(new KekId(str));
        if (kek == null || (kek.isDeleted() && !z)) {
            throw new RestClientException("Key not found", 404, 40470);
        }
        return kek;
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public List<String> listDeks(String str, boolean z) throws IOException, RestClientException {
        return (List) this.deks.entrySet().stream().filter(entry -> {
            return !((Dek) entry.getValue()).isDeleted() || z;
        }).map(entry2 -> {
            return ((DekId) entry2.getKey()).getSubject();
        }).collect(Collectors.toList());
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Dek getDek(String str, String str2, DekFormat dekFormat, boolean z) throws IOException, RestClientException {
        return getDekVersion(str, str2, 1, dekFormat, z);
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Dek getDekVersion(String str, String str2, int i, DekFormat dekFormat, boolean z) throws IOException, RestClientException {
        if (i == -1) {
            return getDekLatestVersion(str, str2, dekFormat, z);
        }
        if (dekFormat == null) {
            dekFormat = DekFormat.AES256_GCM;
        }
        Dek dek = this.deks.get(new DekId(str, str2, Integer.valueOf(i), dekFormat));
        if (dek == null || (dek.isDeleted() && !z)) {
            throw new RestClientException("Key not found", 404, 40470);
        }
        return maybeGenerateRawDek(dek);
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Dek getDekLatestVersion(String str, String str2, DekFormat dekFormat, boolean z) throws IOException, RestClientException {
        if (dekFormat == null) {
            dekFormat = DekFormat.AES256_GCM;
        }
        DekFormat dekFormat2 = dekFormat;
        List list = (List) this.deks.entrySet().stream().filter(entry -> {
            return ((DekId) entry.getKey()).getKekName().equals(str) && ((DekId) entry.getKey()).getSubject().equals(str2) && ((Dek) entry.getValue()).getAlgorithm().equals(dekFormat2) && (!((Dek) entry.getValue()).isDeleted() || z);
        }).map(entry2 -> {
            return ((DekId) entry2.getKey()).getVersion();
        }).sorted().collect(Collectors.toList());
        if (list.isEmpty()) {
            return null;
        }
        return getDekVersion(str, str2, ((Integer) list.get(list.size() - 1)).intValue(), dekFormat, z);
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Kek createKek(String str, String str2, String str3, Map<String, String> map, String str4, boolean z) throws IOException, RestClientException {
        return createKek(str, str2, str3, map, str4, z, false);
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Kek createKek(String str, String str2, String str3, Map<String, String> map, String str4, boolean z, boolean z2) throws IOException, RestClientException {
        KekId kekId = new KekId(str);
        Kek kek = this.keks.get(kekId);
        Kek kek2 = new Kek(str, str2, str3, map, str4, z, Long.valueOf(System.currentTimeMillis()), Boolean.valueOf(z2));
        if (kek != null && (z2 == kek.isDeleted() || !kek.equals(kek2))) {
            throw new RestClientException("Key " + str + " already exists", 409, 40972);
        }
        this.keks.put(kekId, kek2);
        return kek2;
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Dek createDek(String str, String str2, DekFormat dekFormat, String str3) throws IOException, RestClientException {
        return createDek(str, str2, 1, dekFormat, str3, false);
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Dek createDek(String str, String str2, int i, DekFormat dekFormat, String str3) throws IOException, RestClientException {
        return createDek(str, str2, i, dekFormat, str3, false);
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Dek createDek(String str, String str2, int i, DekFormat dekFormat, String str3, boolean z) throws IOException, RestClientException {
        DekId dekId = new DekId(str, str2, Integer.valueOf(i), dekFormat);
        Dek dek = this.deks.get(dekId);
        Dek maybeGenerateEncryptedDek = maybeGenerateEncryptedDek(new Dek(str, str2, i, dekFormat, str3, null, Long.valueOf(System.currentTimeMillis()), Boolean.valueOf(z)));
        if (maybeGenerateEncryptedDek.getEncryptedKeyMaterial() == null) {
            throw new RestClientException("Could not generate dek for " + str2, 500, 50070);
        }
        if (dek != null && (z == dek.isDeleted() || !dek.equals(maybeGenerateEncryptedDek))) {
            throw new RestClientException("Key " + str2 + " already exists", 409, 40972);
        }
        this.deks.put(dekId, maybeGenerateEncryptedDek);
        return maybeGenerateRawDek(maybeGenerateEncryptedDek);
    }

    protected Dek maybeGenerateEncryptedDek(Dek dek) throws IOException, RestClientException {
        try {
            if (dek.getEncryptedKeyMaterial() == null) {
                dek = new Dek(dek.getKekName(), dek.getSubject(), dek.getVersion(), dek.getAlgorithm(), new String(Base64.getEncoder().encode(getKek(dek.getKekName(), true).toAead(this.configs).encrypt(getCryptor(dek.getAlgorithm()).generateKey(), EMPTY_AAD)), StandardCharsets.UTF_8), null, dek.getTimestamp(), Boolean.valueOf(dek.isDeleted()));
            }
            return dek;
        } catch (GeneralSecurityException e) {
            return dek;
        }
    }

    protected Dek maybeGenerateRawDek(Dek dek) throws IOException, RestClientException {
        try {
            Kek kek = getKek(dek.getKekName(), true);
            if (kek.isShared()) {
                dek = new Dek(dek.getKekName(), dek.getSubject(), dek.getVersion(), dek.getAlgorithm(), dek.getEncryptedKeyMaterial(), new String(Base64.getEncoder().encode(kek.toAead(this.configs).decrypt(Base64.getDecoder().decode(dek.getEncryptedKeyMaterial().getBytes(StandardCharsets.UTF_8)), EMPTY_AAD)), StandardCharsets.UTF_8), dek.getTimestamp(), Boolean.valueOf(dek.isDeleted()));
            }
            return dek;
        } catch (GeneralSecurityException e) {
            return dek;
        }
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public Kek updateKek(String str, Map<String, String> map, String str2, Boolean bool) throws IOException, RestClientException {
        KekId kekId = new KekId(str);
        Kek kek = this.keks.get(kekId);
        if (kek == null) {
            throw new RestClientException("Key not found", 404, 40470);
        }
        if (map == null) {
            map = kek.getKmsProps();
        }
        if (str2 == null) {
            str2 = kek.getDoc();
        }
        if (bool == null) {
            bool = Boolean.valueOf(kek.isShared());
        }
        this.keks.put(kekId, new Kek(str, kek.getKmsType(), kek.getKmsKeyId(), map, str2, bool.booleanValue(), Long.valueOf(System.currentTimeMillis()), false));
        return kek;
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public void deleteKek(String str, boolean z) throws IOException, RestClientException {
        KekId kekId = new KekId(str);
        Kek kek = this.keks.get(kekId);
        if (kek == null) {
            return;
        }
        if (z) {
            if (!kek.isDeleted()) {
                throw new RestClientException("Key " + str + " was not deleted first before being permanently deleted", 404, 40471);
            }
            this.keks.remove(kekId);
        } else {
            if (kek.isDeleted()) {
                return;
            }
            this.keks.put(kekId, new Kek(str, kek.getKmsType(), kek.getKmsKeyId(), kek.getKmsProps(), kek.getDoc(), kek.isShared(), Long.valueOf(System.currentTimeMillis()), true));
        }
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public void deleteDek(String str, String str2, DekFormat dekFormat, boolean z) throws IOException, RestClientException {
        if (dekFormat == null) {
            dekFormat = DekFormat.AES256_GCM;
        }
        if (!z) {
            for (Map.Entry<DekId, Dek> entry : this.deks.entrySet()) {
                DekId key = entry.getKey();
                Dek value = entry.getValue();
                if (key.getKekName().equals(str) && key.getSubject().equals(str2) && value.getAlgorithm().equals(dekFormat) && !value.isDeleted()) {
                    entry.setValue(new Dek(str, value.getSubject(), value.getVersion(), value.getAlgorithm(), value.getEncryptedKeyMaterial(), value.getKeyMaterial(), value.getTimestamp(), true));
                }
            }
            return;
        }
        for (Map.Entry<DekId, Dek> entry2 : this.deks.entrySet()) {
            DekId key2 = entry2.getKey();
            Dek value2 = entry2.getValue();
            if (key2.getKekName().equals(str) && key2.getSubject().equals(str2) && value2.getAlgorithm().equals(dekFormat) && !value2.isDeleted()) {
                throw new RestClientException("Key " + key2.getKekName() + " was not deleted first before being permanently deleted", 404, 40471);
            }
        }
        Iterator<Map.Entry<DekId, Dek>> it = this.deks.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<DekId, Dek> next = it.next();
            DekId key3 = next.getKey();
            Dek value3 = next.getValue();
            if (key3.getKekName().equals(str) && key3.getSubject().equals(str2) && value3.getAlgorithm().equals(dekFormat)) {
                it.remove();
            }
        }
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public void deleteDekVersion(String str, String str2, int i, DekFormat dekFormat, boolean z) throws IOException, RestClientException {
        if (dekFormat == null) {
            dekFormat = DekFormat.AES256_GCM;
        }
        DekId dekId = new DekId(str, str2, Integer.valueOf(i), dekFormat);
        Dek dek = this.deks.get(dekId);
        if (dek == null) {
            return;
        }
        if (z) {
            if (!dek.isDeleted()) {
                throw new RestClientException("Key " + dek.getKekName() + " was not deleted first before being permanently deleted", 404, 40471);
            }
            this.deks.remove(dekId);
        } else {
            if (dek.isDeleted()) {
                return;
            }
            this.deks.put(dekId, new Dek(str, dek.getSubject(), dek.getVersion(), dek.getAlgorithm(), dek.getEncryptedKeyMaterial(), dek.getKeyMaterial(), Long.valueOf(System.currentTimeMillis()), true));
        }
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public void undeleteKek(String str) throws IOException, RestClientException {
        KekId kekId = new KekId(str);
        Kek kek = this.keks.get(kekId);
        if (kek != null && kek.isDeleted()) {
            this.keks.put(kekId, new Kek(str, kek.getKmsType(), kek.getKmsKeyId(), kek.getKmsProps(), kek.getDoc(), kek.isShared(), Long.valueOf(System.currentTimeMillis()), false));
        }
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public void undeleteDek(String str, String str2, DekFormat dekFormat) throws IOException, RestClientException {
        if (dekFormat == null) {
            dekFormat = DekFormat.AES256_GCM;
        }
        Kek kek = this.keks.get(new KekId(str));
        if (kek == null) {
            return;
        }
        if (kek.isDeleted()) {
            throw new RestClientException("Key " + str + " must be undeleted first", 404, 40472);
        }
        for (Map.Entry<DekId, Dek> entry : this.deks.entrySet()) {
            DekId key = entry.getKey();
            Dek value = entry.getValue();
            if (key.getKekName().equals(str) && key.getSubject().equals(str2) && value.getAlgorithm().equals(dekFormat) && !value.isDeleted()) {
                entry.setValue(new Dek(str, value.getSubject(), value.getVersion(), value.getAlgorithm(), value.getEncryptedKeyMaterial(), value.getKeyMaterial(), value.getTimestamp(), false));
            }
        }
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public void undeleteDekVersion(String str, String str2, int i, DekFormat dekFormat) throws IOException, RestClientException {
        if (dekFormat == null) {
            dekFormat = DekFormat.AES256_GCM;
        }
        Kek kek = this.keks.get(new KekId(str));
        if (kek == null) {
            return;
        }
        if (kek.isDeleted()) {
            throw new RestClientException("Key " + str + " must be undeleted first", 404, 40472);
        }
        DekId dekId = new DekId(str, str2, Integer.valueOf(i), dekFormat);
        Dek dek = this.deks.get(dekId);
        if (dek != null && dek.isDeleted()) {
            this.deks.put(dekId, new Dek(str, dek.getSubject(), dek.getVersion(), dek.getAlgorithm(), dek.getEncryptedKeyMaterial(), dek.getKeyMaterial(), Long.valueOf(System.currentTimeMillis()), false));
        }
    }

    @Override // io.confluent.dekregistry.client.DekRegistryClient
    public void reset() {
        this.keks.clear();
        this.deks.clear();
        this.cryptors.clear();
    }
}
