package AwsKmsUtils_Compile;

import AwsArnParsing_Compile.AwsKmsIdentifier;
import UTF8.ValidUTF8Bytes;
import Wrappers_Compile.Option;
import Wrappers_Compile.Outcome;
import Wrappers_Compile.Result;
import dafny.DafnyMap;
import dafny.DafnySequence;
import dafny.Function0;
import dafny.Helpers;
import dafny.Tuple0;
import dafny.Tuple2;
import dafny.TypeDescriptor;
import java.math.BigInteger;
import java.util.HashMap;
import java.util.Objects;
import java.util.function.Function;
import software.amazon.cryptography.materialproviders.internaldafny.types.DiscoveryFilter;
import software.amazon.cryptography.materialproviders.internaldafny.types.Error;
import software.amazon.cryptography.services.kms.internaldafny.types.GetPublicKeyRequest;
import software.amazon.cryptography.services.kms.internaldafny.types.GetPublicKeyResponse;
import software.amazon.cryptography.services.kms.internaldafny.types.GrantTokenList;
import software.amazon.cryptography.services.kms.internaldafny.types.IKMSClient;
import software.amazon.cryptography.services.kms.internaldafny.types.KeyUsageType;
import software.amazon.cryptography.services.kms.internaldafny.types.PublicKeyType;

/* loaded from: input_file:AwsKmsUtils_Compile/__default.class */
public class __default {
    public static Outcome<Error> OkForDecrypt(AwsKmsIdentifier awsKmsIdentifier, DafnySequence<? extends Character> dafnySequence) {
        return !awsKmsIdentifier.is_AwsKmsArnIdentifier() ? Outcome.create_Fail(Error._typeDescriptor(), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.concatenate(DafnySequence.asString("KeyID cannot be used for Decrypt : "), dafnySequence))) : !awsKmsIdentifier.dtor_a().dtor_resource().dtor_resourceType().equals(DafnySequence.asString("key")) ? Outcome.create_Fail(Error._typeDescriptor(), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.concatenate(DafnySequence.asString("Alias cannot be used for Decrypt : "), dafnySequence))) : Outcome.create_Pass(Error._typeDescriptor());
    }

    public static Result<DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>>, Error> StringifyEncryptionContext(DafnyMap<? extends DafnySequence<? extends Byte>, ? extends DafnySequence<? extends Byte>> dafnyMap) {
        if (BigInteger.valueOf(dafnyMap.size()).signum() == 0) {
            return Result.create_Success(DafnyMap._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor(), DafnyMap.fromElements(new Tuple2[0]));
        }
        Function function = dafnyMap2 -> {
            Function0 function0 = () -> {
                HashMap hashMap = new HashMap();
                for (DafnySequence dafnySequence : dafnyMap2.keySet().Elements()) {
                    if (ValidUTF8Bytes._Is(dafnySequence) && dafnyMap2.keySet().contains(dafnySequence)) {
                        hashMap.put(dafnySequence, StringifyEncryptionContextPair(dafnySequence, (DafnySequence) dafnyMap2.get(dafnySequence)));
                    }
                }
                return new DafnyMap(hashMap);
            };
            return (DafnyMap) function0.apply();
        };
        DafnyMap dafnyMap3 = (DafnyMap) function.apply(dafnyMap);
        Function function2 = dafnyMap4 -> {
            return Boolean.valueOf(Helpers.Quantifier(dafnyMap4.valueSet().Elements(), false, result -> {
                Result result = result;
                return dafnyMap4.valueSet().contains(result) && result.is_Failure();
            }));
        };
        if (((Boolean) function2.apply(dafnyMap3)).booleanValue()) {
            return Result.create_Failure(DafnyMap._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor(), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Encryption context contains invalid UTF8")));
        }
        Function function3 = dafnyMap5 -> {
            return Boolean.valueOf(Helpers.Quantifier(dafnyMap5.keySet().Elements(), true, dafnySequence -> {
                DafnySequence dafnySequence = dafnySequence;
                return Helpers.Quantifier(dafnyMap5.keySet().Elements(), true, dafnySequence2 -> {
                    DafnySequence dafnySequence2 = dafnySequence2;
                    return (dafnyMap5.contains(dafnySequence) && dafnyMap5.contains(dafnySequence2) && !dafnySequence.equals(dafnySequence2) && ((DafnySequence) ((Tuple2) ((Result) dafnyMap5.get(dafnySequence)).dtor_value()).dtor__0()).equals(((Tuple2) ((Result) dafnyMap5.get(dafnySequence2)).dtor_value()).dtor__0())) ? false : true;
                });
            }));
        };
        if (!((Boolean) function3.apply(dafnyMap3)).booleanValue()) {
            return Result.create_Failure(DafnyMap._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor(), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Encryption context keys are not unique")));
        }
        TypeDescriptor _typeDescriptor = DafnyMap._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR));
        TypeDescriptor<Error> _typeDescriptor2 = Error._typeDescriptor();
        Function function4 = dafnyMap6 -> {
            Function0 function0 = () -> {
                HashMap hashMap = new HashMap();
                for (Result result : dafnyMap6.valueSet().Elements()) {
                    if (dafnyMap6.valueSet().contains(result)) {
                        hashMap.put(((Tuple2) result.dtor_value()).dtor__0(), ((Tuple2) result.dtor_value()).dtor__1());
                    }
                }
                return new DafnyMap(hashMap);
            };
            return (DafnyMap) function0.apply();
        };
        return Result.create_Success(_typeDescriptor, _typeDescriptor2, function4.apply(dafnyMap3));
    }

    public static Result<Tuple2<DafnySequence<? extends Character>, DafnySequence<? extends Character>>, Error> StringifyEncryptionContextPair(DafnySequence<? extends Byte> dafnySequence, DafnySequence<? extends Byte> dafnySequence2) {
        Result<DafnySequence<? extends Character>, __NewR> MapFailure = UTF8.__default.Decode(dafnySequence).MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), __default::WrapStringToError);
        if (MapFailure.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), Tuple2._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)));
        }
        DafnySequence<? extends Character> Extract = MapFailure.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor());
        Result<DafnySequence<? extends Character>, __NewR> MapFailure2 = UTF8.__default.Decode(dafnySequence2).MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), __default::WrapStringToError);
        if (MapFailure2.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
            return MapFailure2.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), Tuple2._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)));
        }
        return Result.create_Success(Tuple2._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor(), Tuple2.create(Extract, MapFailure2.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())));
    }

    public static Error WrapStringToError(DafnySequence<? extends Character> dafnySequence) {
        return Error.create_AwsCryptographicMaterialProvidersException(dafnySequence);
    }

    public static Result<Tuple0, Error> ValidateKmsKeyId(DafnySequence<? extends Character> dafnySequence) {
        Result<AwsKmsIdentifier, __NewR> MapFailure = AwsArnParsing_Compile.__default.ParseAwsKmsIdentifier(dafnySequence).MapFailure(AwsKmsIdentifier._typeDescriptor(), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), __default::WrapStringToError);
        if (MapFailure.IsFailure(AwsKmsIdentifier._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(AwsKmsIdentifier._typeDescriptor(), Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        MapFailure.Extract(AwsKmsIdentifier._typeDescriptor(), Error._typeDescriptor());
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), UTF8.__default.IsASCIIString(dafnySequence), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Key identifier is not ASCII")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) dafnySequence.length()).signum() == 1 && BigInteger.valueOf((long) dafnySequence.length()).compareTo(AwsArnParsing_Compile.__default.MAX__AWS__KMS__IDENTIFIER__LENGTH()) <= 0, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Key identifier is too long")));
        return Need2.IsFailure(Error._typeDescriptor()) ? Need2.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor()) : Result.create_Success(Tuple0._typeDescriptor(), Error._typeDescriptor(), Tuple0.create());
    }

    public static Result<DafnySequence<? extends DafnySequence<? extends Character>>, Error> GetValidGrantTokens(Option<DafnySequence<? extends DafnySequence<? extends Character>>> option) {
        DafnySequence<? extends DafnySequence<? extends Character>> UnwrapOr = option.UnwrapOr(DafnySequence._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), DafnySequence.empty(DafnySequence._typeDescriptor(TypeDescriptor.CHAR)));
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) UnwrapOr.length()).signum() != -1 && BigInteger.valueOf((long) UnwrapOr.length()).compareTo(BigInteger.valueOf(10L)) <= 0, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Grant token list can have no more than 10 tokens")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), DafnySequence._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR)));
        }
        TypeDescriptor<Error> _typeDescriptor = Error._typeDescriptor();
        Function function = dafnySequence -> {
            return Boolean.valueOf(Helpers.Quantifier(dafnySequence.UniqueElements(), true, dafnySequence -> {
                DafnySequence dafnySequence = dafnySequence;
                return !dafnySequence.contains(dafnySequence) || (BigInteger.ONE.compareTo(BigInteger.valueOf((long) dafnySequence.length())) <= 0 && BigInteger.valueOf((long) dafnySequence.length()).compareTo(BigInteger.valueOf(8192L)) <= 0);
            }));
        };
        Outcome Need2 = Wrappers_Compile.__default.Need(_typeDescriptor, ((Boolean) function.apply(UnwrapOr)).booleanValue(), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Grant token list contains a grant token with invalid length")));
        return Need2.IsFailure(Error._typeDescriptor()) ? Need2.PropagateFailure(Error._typeDescriptor(), DafnySequence._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR))) : Result.create_Success(DafnySequence._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor(), UnwrapOr);
    }

    public static Result<DafnySequence<? extends Byte>, Error> GetEcdhPublicKey(IKMSClient iKMSClient, DafnySequence<? extends Character> dafnySequence) {
        Result<GetPublicKeyResponse, software.amazon.cryptography.services.kms.internaldafny.types.Error> GetPublicKey = iKMSClient.GetPublicKey(GetPublicKeyRequest.create(dafnySequence, Option.create_None(GrantTokenList._typeDescriptor())));
        Result.Default(GetPublicKeyResponse._typeDescriptor(), Error._typeDescriptor(), GetPublicKeyResponse.Default());
        Result<GetPublicKeyResponse, __NewR> MapFailure = GetPublicKey.MapFailure(GetPublicKeyResponse._typeDescriptor(), software.amazon.cryptography.services.kms.internaldafny.types.Error._typeDescriptor(), Error._typeDescriptor(), error -> {
            return Error.create_ComAmazonawsKms(error);
        });
        if (MapFailure.IsFailure(GetPublicKeyResponse._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(GetPublicKeyResponse._typeDescriptor(), Error._typeDescriptor(), PublicKeyType._typeDescriptor());
        }
        GetPublicKeyResponse Extract = MapFailure.Extract(GetPublicKeyResponse._typeDescriptor(), Error._typeDescriptor());
        Outcome.Default(Error._typeDescriptor());
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Extract.dtor_KeyId().is_Some() && Extract.dtor_KeyId().dtor_value().equals(dafnySequence) && Extract.dtor_KeyUsage().is_Some() && Objects.equals(Extract.dtor_KeyUsage().dtor_value(), KeyUsageType.create_KEY__AGREEMENT()) && Extract.dtor_PublicKey().is_Some(), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Invalid response from KMS GetPublicKey")));
        return Need.IsFailure(Error._typeDescriptor()) ? Need.PropagateFailure(Error._typeDescriptor(), PublicKeyType._typeDescriptor()) : Result.create_Success(PublicKeyType._typeDescriptor(), Error._typeDescriptor(), Extract.dtor_PublicKey().dtor_value());
    }

    public static Result<Tuple2<DafnySequence<? extends Byte>, DafnySequence<? extends Byte>>, Error> ParseKeyNamespaceAndName(DafnySequence<? extends Character> dafnySequence, DafnySequence<? extends Character> dafnySequence2) {
        Result<DafnySequence<? extends Byte>, __NewR> MapFailure = UTF8.__default.Encode(dafnySequence).MapFailure(ValidUTF8Bytes._typeDescriptor(), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence3 -> {
            return Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.concatenate(DafnySequence.asString("Key namespace could not be UTF8-encoded"), dafnySequence3));
        });
        if (MapFailure.IsFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor(), Tuple2._typeDescriptor(ValidUTF8Bytes._typeDescriptor(), ValidUTF8Bytes._typeDescriptor()));
        }
        DafnySequence<? extends Byte> Extract = MapFailure.Extract(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor());
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) Extract.length()).compareTo(StandardLibrary_mUInt_Compile.__default.UINT16__LIMIT()) < 0, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Key namespace too long")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), Tuple2._typeDescriptor(ValidUTF8Bytes._typeDescriptor(), ValidUTF8Bytes._typeDescriptor()));
        }
        Result<DafnySequence<? extends Byte>, __NewR> MapFailure2 = UTF8.__default.Encode(dafnySequence2).MapFailure(ValidUTF8Bytes._typeDescriptor(), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence4 -> {
            return Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.concatenate(DafnySequence.asString("Key name could not be UTF8-encoded"), dafnySequence4));
        });
        if (MapFailure2.IsFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure2.PropagateFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor(), Tuple2._typeDescriptor(ValidUTF8Bytes._typeDescriptor(), ValidUTF8Bytes._typeDescriptor()));
        }
        DafnySequence<? extends Byte> Extract2 = MapFailure2.Extract(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor());
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) Extract2.length()).compareTo(StandardLibrary_mUInt_Compile.__default.UINT16__LIMIT()) < 0, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Key name too long")));
        return Need2.IsFailure(Error._typeDescriptor()) ? Need2.PropagateFailure(Error._typeDescriptor(), Tuple2._typeDescriptor(ValidUTF8Bytes._typeDescriptor(), ValidUTF8Bytes._typeDescriptor())) : Result.create_Success(Tuple2._typeDescriptor(ValidUTF8Bytes._typeDescriptor(), ValidUTF8Bytes._typeDescriptor()), Error._typeDescriptor(), Tuple2.create(Extract, Extract2));
    }

    public static Result<Tuple0, Error> ValidateDiscoveryFilter(DiscoveryFilter discoveryFilter) {
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) discoveryFilter.dtor_accountIds().length()).signum() == 1, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Discovery filter must have at least one account ID")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        TypeDescriptor<Error> _typeDescriptor = Error._typeDescriptor();
        Function function = discoveryFilter2 -> {
            return Boolean.valueOf(Helpers.Quantifier(discoveryFilter2.dtor_accountIds().UniqueElements(), true, dafnySequence -> {
                DafnySequence dafnySequence = dafnySequence;
                return !discoveryFilter2.dtor_accountIds().contains(dafnySequence) || BigInteger.valueOf((long) dafnySequence.length()).signum() == 1;
            }));
        };
        Outcome Need2 = Wrappers_Compile.__default.Need(_typeDescriptor, ((Boolean) function.apply(discoveryFilter)).booleanValue(), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Discovery filter account IDs cannot be blank")));
        if (Need2.IsFailure(Error._typeDescriptor())) {
            return Need2.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        Outcome Need3 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) discoveryFilter.dtor_partition().length()).signum() == 1, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Discovery filter partition cannot be blank")));
        return Need3.IsFailure(Error._typeDescriptor()) ? Need3.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor()) : Result.create_Success(Tuple0._typeDescriptor(), Error._typeDescriptor(), Tuple0.create());
    }

    public String toString() {
        return "AwsKmsUtils._default";
    }
}
