package RawECDHKeyring_Compile;

import Actions_Compile.Action;
import Actions_Compile.ActionWithResult;
import BoundedInts_Compile.uint8;
import EcdhEdkWrapping_Compile.EcdhUnwrap;
import EcdhEdkWrapping_Compile.EcdhUnwrapInfo;
import EdkWrapping_Compile.UnwrapEdkMaterialOutput;
import Materials_Compile.SealedDecryptionMaterials;
import Wrappers_Compile.Outcome;
import Wrappers_Compile.Result;
import dafny.DafnySequence;
import dafny.Helpers;
import dafny.TypeDescriptor;
import java.math.BigInteger;
import software.amazon.cryptography.materialproviders.internaldafny.types.AlgorithmSuiteInfo;
import software.amazon.cryptography.materialproviders.internaldafny.types.DecryptionMaterials;
import software.amazon.cryptography.materialproviders.internaldafny.types.EncryptedDataKey;
import software.amazon.cryptography.materialproviders.internaldafny.types.EphemeralPrivateKeyToStaticPublicKeyInput;
import software.amazon.cryptography.materialproviders.internaldafny.types.Error;
import software.amazon.cryptography.materialproviders.internaldafny.types.RawEcdhStaticConfigurations;
import software.amazon.cryptography.materialproviders.internaldafny.types.RawEcdhStaticConfigurations_EphemeralPrivateKeyToStaticPublicKey;
import software.amazon.cryptography.materialproviders.internaldafny.types.RawEcdhStaticConfigurations_PublicKeyDiscovery;
import software.amazon.cryptography.materialproviders.internaldafny.types.RawEcdhStaticConfigurations_RawPrivateKeyToStaticPublicKey;
import software.amazon.cryptography.materialproviders.internaldafny.types.RawPrivateKeyToStaticPublicKeyInput;
import software.amazon.cryptography.primitives.internaldafny.AtomicPrimitivesClient;
import software.amazon.cryptography.primitives.internaldafny.types.ECCPrivateKey;
import software.amazon.cryptography.primitives.internaldafny.types.ECCPublicKey;
import software.amazon.cryptography.primitives.internaldafny.types.ECDHCurveSpec;

/* loaded from: input_file:RawECDHKeyring_Compile/DecryptSingleEncryptedDataKey.class */
public class DecryptSingleEncryptedDataKey implements ActionWithResult<EncryptedDataKey, DecryptionMaterials, Error>, Action<EncryptedDataKey, Result<DecryptionMaterials, Error>> {
    public DecryptionMaterials _materials = (DecryptionMaterials) null;
    public AtomicPrimitivesClient _cryptoPrimitives = null;
    public DafnySequence<? extends Byte> _recipientPublicKey = DafnySequence.empty(uint8._typeDescriptor());
    public DafnySequence<? extends Byte> _senderPublicKey = DafnySequence.empty(uint8._typeDescriptor());
    public RawEcdhStaticConfigurations _keyAgreementScheme = RawEcdhStaticConfigurations.Default();
    public ECDHCurveSpec _curveSpec = ECDHCurveSpec.Default();
    private static final TypeDescriptor<DecryptSingleEncryptedDataKey> _TYPE = TypeDescriptor.referenceWithInitializer(DecryptSingleEncryptedDataKey.class, () -> {
        return (DecryptSingleEncryptedDataKey) null;
    });

    public void __ctor(DecryptionMaterials decryptionMaterials, AtomicPrimitivesClient atomicPrimitivesClient, DafnySequence<? extends Byte> dafnySequence, DafnySequence<? extends Byte> dafnySequence2, RawEcdhStaticConfigurations rawEcdhStaticConfigurations, ECDHCurveSpec eCDHCurveSpec) {
        this._materials = decryptionMaterials;
        this._cryptoPrimitives = atomicPrimitivesClient;
        this._recipientPublicKey = dafnySequence2;
        this._senderPublicKey = dafnySequence;
        this._keyAgreementScheme = rawEcdhStaticConfigurations;
        this._curveSpec = eCDHCurveSpec;
    }

    @Override // Actions_Compile.Action
    public Result<DecryptionMaterials, Error> Invoke(EncryptedDataKey encryptedDataKey) {
        DafnySequence<? extends Byte> dtor_senderStaticPrivateKey;
        DafnySequence<? extends Byte> dafnySequence;
        Outcome.Default(Error._typeDescriptor());
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), UTF8.__default.ValidUTF8Seq(encryptedDataKey.dtor_keyProviderId()), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Received invalid EDK provider id for AWS KMS ECDH Keyring")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        AlgorithmSuiteInfo dtor_algorithmSuite = materials().dtor_algorithmSuite();
        encryptedDataKey.dtor_keyProviderId();
        DafnySequence<? extends Byte> dtor_keyProviderInfo = encryptedDataKey.dtor_keyProviderInfo();
        DafnySequence<? extends Byte> dtor_ciphertext = encryptedDataKey.dtor_ciphertext();
        Result.Default(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> GetProviderWrappedMaterial = EdkWrapping_Compile.__default.GetProviderWrappedMaterial(dtor_ciphertext, dtor_algorithmSuite);
        if (GetProviderWrappedMaterial.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return GetProviderWrappedMaterial.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        GetProviderWrappedMaterial.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor());
        Outcome.Default(Error._typeDescriptor());
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), BigInteger.valueOf((long) dtor_keyProviderInfo.length()).compareTo(Helpers.unsignedToBigInteger(Constants_Compile.__default.ECDH__PROVIDER__INFO__521__LEN())) <= 0 && __default.ValidProviderInfoLength(dtor_keyProviderInfo), __default.E(DafnySequence.asString("EDK ProviderInfo longer than expected")));
        if (Need2.IsFailure(Error._typeDescriptor())) {
            return Need2.PropagateFailure(Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        byte byteValue = ((Byte) dtor_keyProviderInfo.select(Helpers.toInt(BigInteger.ZERO))).byteValue();
        Outcome.Default(Error._typeDescriptor());
        Outcome Need3 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), DafnySequence.of(new byte[]{byteValue}).equals(__default.RAW__ECDH__KEYRING__VERSION()), __default.E(DafnySequence.asString("Incorrect Keyring version found in provider info.")));
        if (Need3.IsFailure(Error._typeDescriptor())) {
            return Need3.PropagateFailure(Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        BigInteger bigInteger = BigInteger.ZERO;
        BigInteger unsignedToBigInteger = Helpers.unsignedToBigInteger(StandardLibrary_mUInt_Compile.__default.SeqToUInt32(dtor_keyProviderInfo.subsequence(Constants_Compile.__default.ECDH__PROVIDER__INFO__RPL__INDEX(), Constants_Compile.__default.ECDH__PROVIDER__INFO__RPK__INDEX())));
        BigInteger bigInteger2 = BigInteger.ZERO;
        BigInteger add = Helpers.unsignedToBigInteger(Constants_Compile.__default.ECDH__PROVIDER__INFO__RPK__INDEX()).add(unsignedToBigInteger);
        BigInteger bigInteger3 = BigInteger.ZERO;
        BigInteger add2 = add.add(Constants_Compile.__default.ECDH__PROVIDER__INFO__PUBLIC__KEY__LEN());
        Outcome.Default(Error._typeDescriptor());
        Outcome Need4 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), add.add(BigInteger.valueOf(4L)).compareTo(BigInteger.valueOf((long) dtor_keyProviderInfo.length())) < 0, __default.E(DafnySequence.asString("Key Provider Info Serialization Error. Serialized length less than expected.")));
        if (Need4.IsFailure(Error._typeDescriptor())) {
            return Need4.PropagateFailure(Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        DafnySequence<? extends Byte> subsequence = dtor_keyProviderInfo.subsequence(Constants_Compile.__default.ECDH__PROVIDER__INFO__RPK__INDEX(), Helpers.toInt(add));
        DafnySequence<? extends Byte> drop = dtor_keyProviderInfo.drop(add2);
        Result.Default(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> DecompressPublicKey = __default.DecompressPublicKey(drop, curveSpec(), cryptoPrimitives());
        if (DecompressPublicKey.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return DecompressPublicKey.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        DafnySequence<? extends Byte> Extract = DecompressPublicKey.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor());
        Result.Default(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> DecompressPublicKey2 = __default.DecompressPublicKey(subsequence, curveSpec(), cryptoPrimitives());
        if (DecompressPublicKey2.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return DecompressPublicKey2.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        DafnySequence<? extends Byte> Extract2 = DecompressPublicKey2.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor());
        Result.Default(TypeDescriptor.BOOLEAN, Error._typeDescriptor(), false);
        Result<Boolean, Error> ValidatePublicKey = __default.ValidatePublicKey(cryptoPrimitives(), curveSpec(), Extract);
        if (ValidatePublicKey.IsFailure(TypeDescriptor.BOOLEAN, Error._typeDescriptor())) {
            return ValidatePublicKey.PropagateFailure(TypeDescriptor.BOOLEAN, Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        ValidatePublicKey.Extract(TypeDescriptor.BOOLEAN, Error._typeDescriptor()).booleanValue();
        Result.Default(TypeDescriptor.BOOLEAN, Error._typeDescriptor(), false);
        Result<Boolean, Error> ValidatePublicKey2 = __default.ValidatePublicKey(cryptoPrimitives(), curveSpec(), Extract2);
        if (ValidatePublicKey2.IsFailure(TypeDescriptor.BOOLEAN, Error._typeDescriptor())) {
            return ValidatePublicKey2.PropagateFailure(TypeDescriptor.BOOLEAN, Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        ValidatePublicKey2.Extract(TypeDescriptor.BOOLEAN, Error._typeDescriptor()).booleanValue();
        DafnySequence.empty(uint8._typeDescriptor());
        DafnySequence.empty(uint8._typeDescriptor());
        RawEcdhStaticConfigurations keyAgreementScheme = keyAgreementScheme();
        if (keyAgreementScheme.is_PublicKeyDiscovery()) {
            dafnySequence = Extract;
            dtor_senderStaticPrivateKey = ((RawEcdhStaticConfigurations_PublicKeyDiscovery) keyAgreementScheme)._PublicKeyDiscovery.dtor_recipientStaticPrivateKey();
        } else {
            if (!keyAgreementScheme.is_RawPrivateKeyToStaticPublicKey()) {
                EphemeralPrivateKeyToStaticPublicKeyInput ephemeralPrivateKeyToStaticPublicKeyInput = ((RawEcdhStaticConfigurations_EphemeralPrivateKeyToStaticPublicKey) keyAgreementScheme)._EphemeralPrivateKeyToStaticPublicKey;
                return Result.create_Failure(SealedDecryptionMaterials._typeDescriptor(), Error._typeDescriptor(), __default.E(DafnySequence.asString("EphemeralPrivateKeyToStaticPublicKey Not allowed on decrypt")));
            }
            RawPrivateKeyToStaticPublicKeyInput rawPrivateKeyToStaticPublicKeyInput = ((RawEcdhStaticConfigurations_RawPrivateKeyToStaticPublicKey) keyAgreementScheme)._RawPrivateKeyToStaticPublicKey;
            dtor_senderStaticPrivateKey = rawPrivateKeyToStaticPublicKeyInput.dtor_senderStaticPrivateKey();
            dafnySequence = rawPrivateKeyToStaticPublicKeyInput.dtor_recipientPublicKey().equals(Extract2) ? Extract2 : Extract;
        }
        Result.Default(TypeDescriptor.BOOLEAN, Error._typeDescriptor(), false);
        Result<Boolean, Error> ValidatePublicKey3 = __default.ValidatePublicKey(cryptoPrimitives(), curveSpec(), dafnySequence);
        if (ValidatePublicKey3.IsFailure(TypeDescriptor.BOOLEAN, Error._typeDescriptor())) {
            return ValidatePublicKey3.PropagateFailure(TypeDescriptor.BOOLEAN, Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        ValidatePublicKey3.Extract(TypeDescriptor.BOOLEAN, Error._typeDescriptor()).booleanValue();
        Result.Default(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> LocalDeriveSharedSecret = __default.LocalDeriveSharedSecret(ECCPrivateKey.create(dtor_senderStaticPrivateKey), ECCPublicKey.create(dafnySequence), curveSpec(), cryptoPrimitives());
        if (LocalDeriveSharedSecret.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return LocalDeriveSharedSecret.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        DafnySequence<? extends Byte> Extract3 = LocalDeriveSharedSecret.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor());
        EcdhUnwrap ecdhUnwrap = new EcdhUnwrap();
        ecdhUnwrap.__ctor(drop, subsequence, Extract3, __default.RAW__ECDH__KEYRING__VERSION(), curveSpec(), cryptoPrimitives());
        Result UnwrapEdkMaterial = EdkWrapping_Compile.__default.UnwrapEdkMaterial(EcdhUnwrapInfo._typeDescriptor(), encryptedDataKey.dtor_ciphertext(), materials(), ecdhUnwrap);
        Result.Default(UnwrapEdkMaterialOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()), Error._typeDescriptor(), UnwrapEdkMaterialOutput.Default(EcdhUnwrapInfo._typeDescriptor(), EcdhUnwrapInfo.Default()));
        if (UnwrapEdkMaterial.IsFailure(UnwrapEdkMaterialOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()), Error._typeDescriptor())) {
            return UnwrapEdkMaterial.PropagateFailure(UnwrapEdkMaterialOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()), Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor());
        }
        UnwrapEdkMaterialOutput unwrapEdkMaterialOutput = (UnwrapEdkMaterialOutput) UnwrapEdkMaterial.Extract(UnwrapEdkMaterialOutput._typeDescriptor(EcdhUnwrapInfo._typeDescriptor()), Error._typeDescriptor());
        Result<DecryptionMaterials, Error> DecryptionMaterialsAddDataKey = Materials_Compile.__default.DecryptionMaterialsAddDataKey(materials(), unwrapEdkMaterialOutput.dtor_plaintextDataKey(), unwrapEdkMaterialOutput.dtor_symmetricSigningKey());
        return DecryptionMaterialsAddDataKey.IsFailure(DecryptionMaterials._typeDescriptor(), Error._typeDescriptor()) ? DecryptionMaterialsAddDataKey.PropagateFailure(DecryptionMaterials._typeDescriptor(), Error._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor()) : Result.create_Success(DecryptionMaterials._typeDescriptor(), Error._typeDescriptor(), DecryptionMaterialsAddDataKey.Extract(DecryptionMaterials._typeDescriptor(), Error._typeDescriptor()));
    }

    public DecryptionMaterials materials() {
        return this._materials;
    }

    public AtomicPrimitivesClient cryptoPrimitives() {
        return this._cryptoPrimitives;
    }

    public DafnySequence<? extends Byte> recipientPublicKey() {
        return this._recipientPublicKey;
    }

    public DafnySequence<? extends Byte> senderPublicKey() {
        return this._senderPublicKey;
    }

    public RawEcdhStaticConfigurations keyAgreementScheme() {
        return this._keyAgreementScheme;
    }

    public ECDHCurveSpec curveSpec() {
        return this._curveSpec;
    }

    public static TypeDescriptor<DecryptSingleEncryptedDataKey> _typeDescriptor() {
        return _TYPE;
    }

    public String toString() {
        return "RawECDHKeyring.DecryptSingleEncryptedDataKey";
    }
}
