package com.oracle.bmc.encryption;

import com.oracle.bmc.auth.BasicAuthenticationDetailsProvider;
import com.oracle.bmc.encryption.internal.CryptoAlgorithm;
import com.oracle.bmc.encryption.internal.DataKey;
import com.oracle.bmc.keymanagement.KmsCryptoClient;
import com.oracle.bmc.keymanagement.KmsManagementClient;
import com.oracle.bmc.keymanagement.KmsVaultClient;
import com.oracle.bmc.keymanagement.model.DecryptDataDetails;
import com.oracle.bmc.keymanagement.model.GenerateKeyDetails;
import com.oracle.bmc.keymanagement.model.KeyShape;
import com.oracle.bmc.keymanagement.model.Vault;
import com.oracle.bmc.keymanagement.requests.DecryptRequest;
import com.oracle.bmc.keymanagement.requests.GenerateDataEncryptionKeyRequest;
import com.oracle.bmc.keymanagement.requests.GetKeyRequest;
import com.oracle.bmc.keymanagement.requests.GetVaultRequest;
import com.oracle.bmc.keymanagement.responses.GenerateDataEncryptionKeyResponse;
import com.oracle.bmc.model.BmcException;

/* loaded from: input_file:com/oracle/bmc/encryption/KmsMasterKey.class */
public class KmsMasterKey implements MasterKey {
    private final KmsCryptoClient kmsCryptoClient;
    private final KmsManagementClient kmsManagementClient;
    private final KmsVaultClient kmsVaultClient;
    private final BasicAuthenticationDetailsProvider provider;
    private final String vaultId;
    private final String kmsMasterKeyId;
    private final String region;

    public KmsMasterKey(BasicAuthenticationDetailsProvider basicAuthenticationDetailsProvider, String str, String str2, String str3) {
        if (basicAuthenticationDetailsProvider == null || str.isEmpty()) {
            throw new IllegalArgumentException("Please provide a valid authenticationDetailsProvider and a region.");
        }
        if (str2.isEmpty() || str3.isEmpty()) {
            throw new IllegalArgumentException("Encryption Key info is missing. Please provide a kmsMasterKeyId and vaultId.");
        }
        this.vaultId = str2;
        this.kmsMasterKeyId = str3;
        this.region = str;
        this.provider = basicAuthenticationDetailsProvider;
        this.kmsVaultClient = new KmsVaultClient(this.provider);
        this.kmsManagementClient = new KmsManagementClient(this.provider);
        this.kmsCryptoClient = new KmsCryptoClient(this.provider);
        this.kmsVaultClient.setRegion(str);
        setVault(str2);
    }

    private void setVault(String str) {
        try {
            Vault vault = this.kmsVaultClient.getVault(GetVaultRequest.builder().vaultId(str).build()).getVault();
            this.kmsManagementClient.setEndpoint(vault.getManagementEndpoint());
            this.kmsCryptoClient.setEndpoint(vault.getCryptoEndpoint());
        } catch (BmcException e) {
            throw new RuntimeException(getVaultAccessErrorMsg(), e);
        }
    }

    @Override // com.oracle.bmc.encryption.MasterKey
    public DataKey generateDataEncryptionKey(CryptoAlgorithm cryptoAlgorithm) {
        try {
            GenerateDataEncryptionKeyResponse generateDataEncryptionKey = this.kmsCryptoClient.generateDataEncryptionKey(GenerateDataEncryptionKeyRequest.builder().generateKeyDetails(GenerateKeyDetails.builder().keyId(this.kmsMasterKeyId).keyShape(KeyShape.builder().algorithm(KeyShape.Algorithm.Aes).length(Integer.valueOf(cryptoAlgorithm.getDataKeyLen())).build()).includePlaintextKey(true).build()).build());
            return new DataKey(generateDataEncryptionKey.getGeneratedKey().getCiphertext(), generateDataEncryptionKey.getGeneratedKey().getPlaintext(), generateDataEncryptionKey.getGeneratedKey().getPlaintextChecksum());
        } catch (BmcException e) {
            try {
                this.kmsManagementClient.getKey(GetKeyRequest.builder().keyId(this.kmsMasterKeyId).build());
                throw new RuntimeException("Can't generate the DataKey using MasterKeyId: " + this.kmsMasterKeyId, e);
            } catch (BmcException e2) {
                throw new RuntimeException(getMasterKeyAccessErrorMsg(), e2);
            }
        }
    }

    @Override // com.oracle.bmc.encryption.MasterKey
    public String decryptDataKey(String str, String str2) {
        try {
            return this.kmsCryptoClient.decrypt(DecryptRequest.builder().decryptDataDetails(DecryptDataDetails.builder().ciphertext(str).keyId(str2).build()).build()).getDecryptedData().getPlaintext();
        } catch (BmcException e) {
            try {
                this.kmsManagementClient.getKey(GetKeyRequest.builder().keyId(str2).build());
                throw new RuntimeException("Can't decrypt the DataKey using MasterKeyId: " + str2, e);
            } catch (BmcException e2) {
                throw new RuntimeException(getMasterKeyAccessErrorMsg(), e2);
            }
        }
    }

    private String getMasterKeyAccessErrorMsg() {
        return "Failed to access MasterKeyId: " + this.kmsMasterKeyId + " in vaultId: " + this.vaultId + " in region: " + this.region;
    }

    private String getVaultAccessErrorMsg() {
        return "Failed to access vaultId: " + this.vaultId + " in region: " + this.region;
    }

    public void close() {
        if (this.kmsVaultClient != null) {
            this.kmsVaultClient.close();
        }
        if (this.kmsManagementClient != null) {
            this.kmsManagementClient.close();
        }
        if (this.kmsCryptoClient != null) {
            this.kmsCryptoClient.close();
        }
    }

    public BasicAuthenticationDetailsProvider getProvider() {
        return this.provider;
    }

    public String getVaultId() {
        return this.vaultId;
    }

    public String getKmsMasterKeyId() {
        return this.kmsMasterKeyId;
    }

    public String getRegion() {
        return this.region;
    }
}
