package com.amazonaws.encryptionsdk.kms;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.Request;
import com.amazonaws.Response;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.encryptionsdk.CryptoAlgorithm;
import com.amazonaws.encryptionsdk.DataKey;
import com.amazonaws.encryptionsdk.EncryptedDataKey;
import com.amazonaws.encryptionsdk.MasterKeyProvider;
import com.amazonaws.encryptionsdk.MasterKeyRequest;
import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
import com.amazonaws.encryptionsdk.exception.NoSuchMasterKeyException;
import com.amazonaws.encryptionsdk.exception.UnsupportedProviderException;
import com.amazonaws.handlers.RequestHandler2;
import com.amazonaws.regions.Region;
import com.amazonaws.regions.RegionUtils;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.AWSKMSClientBuilder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:com/amazonaws/encryptionsdk/kms/KmsMasterKeyProvider.class */
public class KmsMasterKeyProvider extends MasterKeyProvider<KmsMasterKey> implements KmsMethods {
    private static final String PROVIDER_NAME = "aws-kms";
    private final List<String> keyIds_;
    private final List<String> grantTokens_;
    private final RegionalClientSupplier regionalClientSupplier_;
    private final String defaultRegion_;

    /* loaded from: input_file:com/amazonaws/encryptionsdk/kms/KmsMasterKeyProvider$Builder.class */
    public static class Builder implements Cloneable {
        private String defaultRegion_ = null;
        private RegionalClientSupplier regionalClientSupplier_ = null;
        private AWSKMSClientBuilder templateBuilder_ = null;
        private List<String> keyIds_ = new ArrayList();

        Builder() {
        }

        /* renamed from: clone, reason: merged with bridge method [inline-methods] */
        public Builder m16clone() {
            try {
                Builder builder = (Builder) super.clone();
                if (this.templateBuilder_ != null) {
                    builder.templateBuilder_ = cloneClientBuilder(this.templateBuilder_);
                }
                builder.keyIds_ = new ArrayList(this.keyIds_);
                return builder;
            } catch (CloneNotSupportedException e) {
                throw new Error("Impossible: CloneNotSupportedException", e);
            }
        }

        public Builder withKeysForEncryption(String... strArr) {
            this.keyIds_.addAll(Arrays.asList(strArr));
            return this;
        }

        public Builder withKeysForEncryption(List<String> list) {
            this.keyIds_.addAll(list);
            return this;
        }

        public Builder withDefaultRegion(String str) {
            this.defaultRegion_ = str;
            return this;
        }

        public Builder withCustomClientFactory(RegionalClientSupplier regionalClientSupplier) {
            if (this.templateBuilder_ != null) {
                throw clientSupplierComboException();
            }
            this.regionalClientSupplier_ = regionalClientSupplier;
            return this;
        }

        private RuntimeException clientSupplierComboException() {
            return new IllegalStateException("withCustomClientFactory cannot be used in conjunction with withCredentials or withClientBuilder");
        }

        public Builder withCredentials(AWSCredentialsProvider aWSCredentialsProvider) {
            if (this.regionalClientSupplier_ != null) {
                throw clientSupplierComboException();
            }
            if (this.templateBuilder_ == null) {
                this.templateBuilder_ = AWSKMSClientBuilder.standard();
            }
            this.templateBuilder_.setCredentials(aWSCredentialsProvider);
            return this;
        }

        public Builder withCredentials(AWSCredentials aWSCredentials) {
            return withCredentials((AWSCredentialsProvider) new AWSStaticCredentialsProvider(aWSCredentials));
        }

        public Builder withClientBuilder(AWSKMSClientBuilder aWSKMSClientBuilder) {
            if (this.regionalClientSupplier_ != null) {
                throw clientSupplierComboException();
            }
            this.templateBuilder_ = cloneClientBuilder(aWSKMSClientBuilder);
            return this;
        }

        private AWSKMSClientBuilder cloneClientBuilder(AWSKMSClientBuilder aWSKMSClientBuilder) {
            if (aWSKMSClientBuilder.getEndpoint() != null) {
                throw new IllegalArgumentException("Setting endpoint configuration is not compatible with passing a builder to the KmsMasterKeyProvider. Use withCustomClientFactory instead.");
            }
            AWSKMSClientBuilder builder = AWSKMSClient.builder();
            builder.setClientConfiguration(aWSKMSClientBuilder.getClientConfiguration());
            builder.setCredentials(aWSKMSClientBuilder.getCredentials());
            builder.setEndpointConfiguration(aWSKMSClientBuilder.getEndpoint());
            builder.setMetricsCollector(aWSKMSClientBuilder.getMetricsCollector());
            if (aWSKMSClientBuilder.getRequestHandlers() != null) {
                builder.setRequestHandlers((RequestHandler2[]) aWSKMSClientBuilder.getRequestHandlers().toArray(new RequestHandler2[0]));
            }
            return builder;
        }

        public KmsMasterKeyProvider build() {
            if (this.defaultRegion_ == null) {
                Iterator<String> it = this.keyIds_.iterator();
                while (it.hasNext()) {
                    if (KmsMasterKeyProvider.parseRegionfromKeyArn(it.next()) == null) {
                        throw new AwsCryptoException("Can't use non-ARN key identifiers or aliases when no default region is set");
                    }
                }
            }
            return new KmsMasterKeyProvider(clientFactory(), this.defaultRegion_, this.keyIds_, Collections.emptyList(), false);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public RegionalClientSupplier clientFactory() {
            if (this.regionalClientSupplier_ != null) {
                return this.regionalClientSupplier_;
            }
            AWSKMSClientBuilder cloneClientBuilder = this.templateBuilder_ != null ? cloneClientBuilder(this.templateBuilder_) : AWSKMSClientBuilder.standard();
            ConcurrentHashMap<String, AWSKMS> concurrentHashMap = new ConcurrentHashMap<>();
            snoopClientCache(concurrentHashMap);
            return str -> {
                AWSKMS awskms = (AWSKMS) concurrentHashMap.get(str);
                if (awskms != null) {
                    return awskms;
                }
                SuccessfulRequestCacher successfulRequestCacher = new SuccessfulRequestCacher(concurrentHashMap, str);
                ArrayList arrayList = new ArrayList();
                if (cloneClientBuilder.getRequestHandlers() != null) {
                    arrayList.addAll(cloneClientBuilder.getRequestHandlers());
                }
                arrayList.add(successfulRequestCacher);
                AWSKMS awskms2 = (AWSKMS) cloneClientBuilder(cloneClientBuilder).withRegion(str).withRequestHandlers((RequestHandler2[]) arrayList.toArray(new RequestHandler2[arrayList.size()])).build();
                successfulRequestCacher.client_ = awskms2;
                return awskms2;
            };
        }

        protected void snoopClientCache(ConcurrentHashMap<String, AWSKMS> concurrentHashMap) {
        }
    }

    @FunctionalInterface
    /* loaded from: input_file:com/amazonaws/encryptionsdk/kms/KmsMasterKeyProvider$RegionalClientSupplier.class */
    public interface RegionalClientSupplier {
        AWSKMS getClient(String str);
    }

    /* loaded from: input_file:com/amazonaws/encryptionsdk/kms/KmsMasterKeyProvider$SuccessfulRequestCacher.class */
    private static class SuccessfulRequestCacher extends RequestHandler2 {
        private final ConcurrentHashMap<String, AWSKMS> cache_;
        private final String region_;
        private AWSKMS client_;
        volatile boolean ranBefore_;

        private SuccessfulRequestCacher(ConcurrentHashMap<String, AWSKMS> concurrentHashMap, String str) {
            this.ranBefore_ = false;
            this.region_ = str;
            this.cache_ = concurrentHashMap;
        }

        public void afterResponse(Request<?> request, Response<?> response) {
            if (this.ranBefore_) {
                return;
            }
            this.ranBefore_ = true;
            this.cache_.putIfAbsent(this.region_, this.client_);
        }

        public void afterError(Request<?> request, Response<?> response, Exception exc) {
            if (!this.ranBefore_ && (exc instanceof AmazonServiceException)) {
                this.ranBefore_ = true;
                this.cache_.putIfAbsent(this.region_, this.client_);
            }
        }
    }

    public static Builder builder() {
        return new Builder();
    }

    private KmsMasterKeyProvider(RegionalClientSupplier regionalClientSupplier, String str, List<String> list, List<String> list2, boolean z) {
        this.regionalClientSupplier_ = z ? str2 -> {
            if (Objects.equals(str2, str)) {
                return regionalClientSupplier.getClient(str2);
            }
            return null;
        } : regionalClientSupplier;
        this.defaultRegion_ = str;
        this.keyIds_ = Collections.unmodifiableList(new ArrayList(list));
        this.grantTokens_ = list2;
    }

    private KmsMasterKeyProvider(RegionalClientSupplier regionalClientSupplier, String str, List<String> list) {
        this(regionalClientSupplier, str, list, new ArrayList(), true);
    }

    private static RegionalClientSupplier defaultProvider() {
        return builder().clientFactory();
    }

    @Deprecated
    public KmsMasterKeyProvider() {
        this(defaultProvider(), Regions.DEFAULT_REGION.getName(), (List<String>) Collections.emptyList());
    }

    @Deprecated
    public KmsMasterKeyProvider(String str) {
        this(defaultProvider(), getStartingRegion(str).getName(), (List<String>) Collections.singletonList(str));
    }

    @Deprecated
    public KmsMasterKeyProvider(AWSCredentials aWSCredentials, String str) {
        this((AWSCredentialsProvider) new AWSStaticCredentialsProvider(aWSCredentials), getStartingRegion(str), new ClientConfiguration(), str);
    }

    @Deprecated
    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider, String str) {
        this(aWSCredentialsProvider, getStartingRegion(str), new ClientConfiguration(), str);
    }

    @Deprecated
    public KmsMasterKeyProvider(AWSCredentials aWSCredentials) {
        this((AWSCredentialsProvider) new AWSStaticCredentialsProvider(aWSCredentials), Region.getRegion(Regions.DEFAULT_REGION), new ClientConfiguration(), (List<String>) Collections.emptyList());
    }

    @Deprecated
    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider) {
        this(aWSCredentialsProvider, Region.getRegion(Regions.DEFAULT_REGION), new ClientConfiguration(), (List<String>) Collections.emptyList());
    }

    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider, Region region, ClientConfiguration clientConfiguration, String str) {
        this(aWSCredentialsProvider, region, clientConfiguration, (List<String>) Collections.singletonList(str));
    }

    public KmsMasterKeyProvider(AWSCredentialsProvider aWSCredentialsProvider, Region region, ClientConfiguration clientConfiguration, List<String> list) {
        this(builder().withClientBuilder((AWSKMSClientBuilder) AWSKMSClientBuilder.standard().withClientConfiguration(clientConfiguration).withCredentials(aWSCredentialsProvider)).clientFactory(), region.getName(), list);
    }

    @Deprecated
    public KmsMasterKeyProvider(AWSKMS awskms, Region region, List<String> list) {
        this(str -> {
            return awskms;
        }, region.getName(), list);
        awskms.setRegion(region);
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public String getDefaultProviderId() {
        return PROVIDER_NAME;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public KmsMasterKey getMasterKey(String str, String str2) throws UnsupportedProviderException, NoSuchMasterKeyException {
        if (!canProvide(str)) {
            throw new UnsupportedProviderException();
        }
        String parseRegionfromKeyArn = parseRegionfromKeyArn(str2);
        if (parseRegionfromKeyArn == null && this.defaultRegion_ != null) {
            parseRegionfromKeyArn = this.defaultRegion_;
        }
        String str3 = parseRegionfromKeyArn;
        KmsMasterKey kmsMasterKey = KmsMasterKey.getInstance(() -> {
            AWSKMS client = this.regionalClientSupplier_.getClient(str3);
            if (client == null) {
                throw new AwsCryptoException("Can't use keys from region " + str3);
            }
            return client;
        }, str2, this);
        kmsMasterKey.setGrantTokens(this.grantTokens_);
        return kmsMasterKey;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public List<KmsMasterKey> getMasterKeysForEncryption(MasterKeyRequest masterKeyRequest) {
        if (this.keyIds_ == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(this.keyIds_.size());
        Iterator<String> it = this.keyIds_.iterator();
        while (it.hasNext()) {
            arrayList.add(getMasterKey(it.next()));
        }
        return arrayList;
    }

    @Override // com.amazonaws.encryptionsdk.MasterKeyProvider
    public DataKey<KmsMasterKey> decryptDataKey(CryptoAlgorithm cryptoAlgorithm, Collection<? extends EncryptedDataKey> collection, Map<String, String> map) throws AwsCryptoException {
        ArrayList arrayList = new ArrayList();
        for (EncryptedDataKey encryptedDataKey : collection) {
            if (canProvide(encryptedDataKey.getProviderId())) {
                try {
                    return getMasterKey(new String(encryptedDataKey.getProviderInformation(), StandardCharsets.UTF_8)).decryptDataKey(cryptoAlgorithm, Collections.singletonList(encryptedDataKey), map);
                } catch (Exception e) {
                    arrayList.add(e);
                }
            }
        }
        throw buildCannotDecryptDksException(arrayList);
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    @Deprecated
    public void setGrantTokens(List<String> list) {
        try {
            this.grantTokens_.clear();
            this.grantTokens_.addAll(list);
        } catch (UnsupportedOperationException e) {
            throw grantTokenError();
        }
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    public List<String> getGrantTokens() {
        return new ArrayList(this.grantTokens_);
    }

    @Override // com.amazonaws.encryptionsdk.kms.KmsMethods
    @Deprecated
    public void addGrantToken(String str) {
        try {
            this.grantTokens_.add(str);
        } catch (UnsupportedOperationException e) {
            throw grantTokenError();
        }
    }

    private RuntimeException grantTokenError() {
        return new IllegalStateException("This master key provider is immutable. Use withGrantTokens instead.");
    }

    public KmsMasterKeyProvider withGrantTokens(List<String> list) {
        return new KmsMasterKeyProvider(this.regionalClientSupplier_, this.defaultRegion_, this.keyIds_, Collections.unmodifiableList(new ArrayList(list)), false);
    }

    public KmsMasterKeyProvider withGrantTokens(String... strArr) {
        return withGrantTokens(Arrays.asList(strArr));
    }

    private static Region getStartingRegion(String str) {
        String parseRegionfromKeyArn = parseRegionfromKeyArn(str);
        if (parseRegionfromKeyArn != null) {
            return RegionUtils.getRegion(parseRegionfromKeyArn);
        }
        Region currentRegion = Regions.getCurrentRegion();
        return currentRegion != null ? currentRegion : Region.getRegion(Regions.DEFAULT_REGION);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String parseRegionfromKeyArn(String str) {
        String[] split = str.split(":", 5);
        if (split[0].equals("arn") && split[2].equals("kms")) {
            return split[3];
        }
        return null;
    }
}
