package RawRSAKeyring_Compile;

import BoundedInts_Compile.uint8;
import EdkWrapping_Compile.UnwrapEdkMaterialOutput;
import EdkWrapping_Compile.WrapEdkMaterialOutput;
import Keyring_Compile.VerifiableInterface;
import UTF8.ValidUTF8Bytes;
import Wrappers_Compile.Option;
import Wrappers_Compile.Outcome;
import Wrappers_Compile.Result;
import Wrappers_Compile.__default;
import dafny.DafnySequence;
import dafny.Helpers;
import dafny.TypeDescriptor;
import java.math.BigInteger;
import software.amazon.cryptography.materialproviders.internaldafny.types.DecryptionMaterials;
import software.amazon.cryptography.materialproviders.internaldafny.types.EncryptedDataKey;
import software.amazon.cryptography.materialproviders.internaldafny.types.EncryptionMaterials;
import software.amazon.cryptography.materialproviders.internaldafny.types.Error;
import software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnDecryptInput;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnDecryptOutput;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnEncryptInput;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnEncryptOutput;
import software.amazon.cryptography.materialproviders.internaldafny.types._Companion_IKeyring;
import software.amazon.cryptography.primitives.internaldafny.AtomicPrimitivesClient;
import software.amazon.cryptography.primitives.internaldafny.types.RSAPaddingMode;

/* loaded from: input_file:RawRSAKeyring_Compile/RawRSAKeyring.class */
public class RawRSAKeyring implements VerifiableInterface, IKeyring {
    public AtomicPrimitivesClient _cryptoPrimitives = null;
    public DafnySequence<? extends Byte> _keyNamespace = ValidUTF8Bytes.defaultValue();
    public DafnySequence<? extends Byte> _keyName = ValidUTF8Bytes.defaultValue();
    public RSAPaddingMode _paddingScheme = RSAPaddingMode.Default();
    public Option<DafnySequence<? extends Byte>> _publicKey = Option.Default(DafnySequence._typeDescriptor(uint8._typeDescriptor()));
    public Option<DafnySequence<? extends Byte>> _privateKey = Option.Default(DafnySequence._typeDescriptor(uint8._typeDescriptor()));
    private static final TypeDescriptor<RawRSAKeyring> _TYPE = TypeDescriptor.referenceWithInitializer(RawRSAKeyring.class, () -> {
        return (RawRSAKeyring) null;
    });

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnDecryptOutput, Error> OnDecrypt(OnDecryptInput onDecryptInput) {
        return _Companion_IKeyring.OnDecrypt(this, onDecryptInput);
    }

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnEncryptOutput, Error> OnEncrypt(OnEncryptInput onEncryptInput) {
        return _Companion_IKeyring.OnEncrypt(this, onEncryptInput);
    }

    public void __ctor(DafnySequence<? extends Byte> dafnySequence, DafnySequence<? extends Byte> dafnySequence2, Option<DafnySequence<? extends Byte>> option, Option<DafnySequence<? extends Byte>> option2, RSAPaddingMode rSAPaddingMode, AtomicPrimitivesClient atomicPrimitivesClient) {
        this._keyNamespace = dafnySequence;
        this._keyName = dafnySequence2;
        this._paddingScheme = rSAPaddingMode;
        this._publicKey = option;
        this._privateKey = option2;
        this._cryptoPrimitives = atomicPrimitivesClient;
    }

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnEncryptOutput, Error> OnEncrypt_k(OnEncryptInput onEncryptInput) {
        Result<OnEncryptOutput, Error> result = (Result) null;
        Outcome.Default(Error._typeDescriptor());
        Outcome Need = __default.Need(Error._typeDescriptor(), publicKey().is_Some() && BigInteger.valueOf((long) publicKey().Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor())).length()).signum() == 1, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("A RawRSAKeyring without a public key cannot provide OnEncrypt")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        EncryptionMaterials dtor_materials = onEncryptInput.dtor_materials();
        dtor_materials.dtor_algorithmSuite();
        RsaWrapKeyMaterial rsaWrapKeyMaterial = new RsaWrapKeyMaterial();
        rsaWrapKeyMaterial.__ctor(publicKey().dtor_value(), paddingScheme(), cryptoPrimitives());
        RsaGenerateAndWrapKeyMaterial rsaGenerateAndWrapKeyMaterial = new RsaGenerateAndWrapKeyMaterial();
        rsaGenerateAndWrapKeyMaterial.__ctor(publicKey().dtor_value(), paddingScheme(), cryptoPrimitives());
        Result.Default(WrapEdkMaterialOutput._typeDescriptor(RsaWrapInfo._typeDescriptor()), Error._typeDescriptor(), WrapEdkMaterialOutput.Default(RsaWrapInfo._typeDescriptor(), RsaWrapInfo.Default()));
        Result WrapEdkMaterial = EdkWrapping_Compile.__default.WrapEdkMaterial(RsaWrapInfo._typeDescriptor(), dtor_materials, rsaWrapKeyMaterial, rsaGenerateAndWrapKeyMaterial);
        if (WrapEdkMaterial.IsFailure(WrapEdkMaterialOutput._typeDescriptor(RsaWrapInfo._typeDescriptor()), Error._typeDescriptor())) {
            return WrapEdkMaterial.PropagateFailure(WrapEdkMaterialOutput._typeDescriptor(RsaWrapInfo._typeDescriptor()), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        WrapEdkMaterialOutput wrapEdkMaterialOutput = (WrapEdkMaterialOutput) WrapEdkMaterial.Extract(WrapEdkMaterialOutput._typeDescriptor(RsaWrapInfo._typeDescriptor()), Error._typeDescriptor());
        Option create_Some = wrapEdkMaterialOutput.dtor_symmetricSigningKey().is_Some() ? Option.create_Some(DafnySequence._typeDescriptor(DafnySequence._typeDescriptor(uint8._typeDescriptor())), DafnySequence.of(DafnySequence._typeDescriptor(uint8._typeDescriptor()), new DafnySequence[]{wrapEdkMaterialOutput.dtor_symmetricSigningKey().dtor_value()})) : Option.create_None(DafnySequence._typeDescriptor(DafnySequence._typeDescriptor(uint8._typeDescriptor())));
        EncryptedDataKey create = EncryptedDataKey.create(keyNamespace(), keyName(), wrapEdkMaterialOutput.dtor_wrappedMaterial());
        if (wrapEdkMaterialOutput.is_GenerateAndWrapEdkMaterialOutput()) {
            Result<EncryptionMaterials, Error> EncryptionMaterialAddDataKey = Materials_Compile.__default.EncryptionMaterialAddDataKey(dtor_materials, wrapEdkMaterialOutput.dtor_plaintextDataKey(), DafnySequence.of(EncryptedDataKey._typeDescriptor(), new EncryptedDataKey[]{create}), create_Some);
            return EncryptionMaterialAddDataKey.IsFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor()) ? EncryptionMaterialAddDataKey.PropagateFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor()) : Result.create_Success(OnEncryptOutput._typeDescriptor(), Error._typeDescriptor(), OnEncryptOutput.create(EncryptionMaterialAddDataKey.Extract(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor())));
        }
        if (!wrapEdkMaterialOutput.is_WrapOnlyEdkMaterialOutput()) {
            return result;
        }
        Result<EncryptionMaterials, Error> EncryptionMaterialAddEncryptedDataKeys = Materials_Compile.__default.EncryptionMaterialAddEncryptedDataKeys(dtor_materials, DafnySequence.of(EncryptedDataKey._typeDescriptor(), new EncryptedDataKey[]{create}), create_Some);
        return EncryptionMaterialAddEncryptedDataKeys.IsFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor()) ? EncryptionMaterialAddEncryptedDataKeys.PropagateFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor()) : Result.create_Success(OnEncryptOutput._typeDescriptor(), Error._typeDescriptor(), OnEncryptOutput.create(EncryptionMaterialAddEncryptedDataKeys.Extract(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor())));
    }

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnDecryptOutput, Error> OnDecrypt_k(OnDecryptInput onDecryptInput) {
        DafnySequence concatenate;
        Outcome.Default(Error._typeDescriptor());
        Outcome Need = __default.Need(Error._typeDescriptor(), privateKey().is_Some() && BigInteger.valueOf((long) privateKey().Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor())).length()).signum() == 1, Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("A RawRSAKeyring without a private key cannot provide OnEncrypt")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), OnDecryptOutput._typeDescriptor());
        }
        DecryptionMaterials dtor_materials = onDecryptInput.dtor_materials();
        Outcome.Default(Error._typeDescriptor());
        Outcome Need2 = __default.Need(Error._typeDescriptor(), Materials_Compile.__default.DecryptionMaterialsWithoutPlaintextDataKey(dtor_materials), Error.create_AwsCryptographicMaterialProvidersException(DafnySequence.asString("Keyring received decryption materials that already contain a plaintext data key.")));
        if (Need2.IsFailure(Error._typeDescriptor())) {
            return Need2.PropagateFailure(Error._typeDescriptor(), OnDecryptOutput._typeDescriptor());
        }
        DafnySequence empty = DafnySequence.empty(Error._typeDescriptor());
        BigInteger valueOf = BigInteger.valueOf(onDecryptInput.dtor_encryptedDataKeys().length());
        BigInteger bigInteger = BigInteger.ZERO;
        while (true) {
            BigInteger bigInteger2 = bigInteger;
            if (bigInteger2.compareTo(valueOf) >= 0) {
                return Result.create_Failure(OnDecryptOutput._typeDescriptor(), Error._typeDescriptor(), Error.create_CollectionOfErrors(empty, DafnySequence.asString("Raw RSA Key was unable to decrypt any encrypted data key. The list of encountered Exceptions is avaible via `list`.")));
            }
            if (ShouldDecryptEDK((EncryptedDataKey) onDecryptInput.dtor_encryptedDataKeys().select(Helpers.toInt(bigInteger2)))) {
                EncryptedDataKey encryptedDataKey = (EncryptedDataKey) onDecryptInput.dtor_encryptedDataKeys().select(Helpers.toInt(bigInteger2));
                RsaUnwrapKeyMaterial rsaUnwrapKeyMaterial = new RsaUnwrapKeyMaterial();
                rsaUnwrapKeyMaterial.__ctor(privateKey().Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor())), paddingScheme(), cryptoPrimitives());
                Result UnwrapEdkMaterial = EdkWrapping_Compile.__default.UnwrapEdkMaterial(RsaUnwrapInfo._typeDescriptor(), encryptedDataKey.dtor_ciphertext(), dtor_materials, rsaUnwrapKeyMaterial);
                if (UnwrapEdkMaterial.is_Success()) {
                    Result<DecryptionMaterials, Error> DecryptionMaterialsAddDataKey = Materials_Compile.__default.DecryptionMaterialsAddDataKey(dtor_materials, ((UnwrapEdkMaterialOutput) UnwrapEdkMaterial.dtor_value()).dtor_plaintextDataKey(), ((UnwrapEdkMaterialOutput) UnwrapEdkMaterial.dtor_value()).dtor_symmetricSigningKey());
                    return DecryptionMaterialsAddDataKey.IsFailure(DecryptionMaterials._typeDescriptor(), Error._typeDescriptor()) ? DecryptionMaterialsAddDataKey.PropagateFailure(DecryptionMaterials._typeDescriptor(), Error._typeDescriptor(), OnDecryptOutput._typeDescriptor()) : Result.create_Success(OnDecryptOutput._typeDescriptor(), Error._typeDescriptor(), OnDecryptOutput.create(DecryptionMaterialsAddDataKey.Extract(DecryptionMaterials._typeDescriptor(), Error._typeDescriptor())));
                }
                concatenate = DafnySequence.concatenate(empty, DafnySequence.of(Error._typeDescriptor(), new Error[]{(Error) UnwrapEdkMaterial.dtor_error()}));
            } else {
                Result.Default(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), DafnySequence.empty(TypeDescriptor.CHAR));
                Result<DafnySequence<? extends Character>, __NewR> MapFailure = UTF8.__default.Decode(((EncryptedDataKey) onDecryptInput.dtor_encryptedDataKeys().select(Helpers.toInt(bigInteger2))).dtor_keyProviderId()).MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence -> {
                    return Error.create_AwsCryptographicMaterialProvidersException(dafnySequence);
                });
                if (MapFailure.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
                    return MapFailure.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), OnDecryptOutput._typeDescriptor());
                }
                concatenate = DafnySequence.concatenate(empty, DafnySequence.of(Error._typeDescriptor(), new Error[]{Error.create_AwsCryptographicMaterialProvidersException(ErrorMessages_Compile.__default.IncorrectRawDataKeys(StandardLibrary_mString_Compile.__default.Base10Int2String(bigInteger2), DafnySequence.asString("RSAKeyring"), MapFailure.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())))}));
            }
            empty = concatenate;
            bigInteger = bigInteger2.add(BigInteger.ONE);
        }
    }

    public boolean ShouldDecryptEDK(EncryptedDataKey encryptedDataKey) {
        return UTF8.__default.ValidUTF8Seq(encryptedDataKey.dtor_keyProviderInfo()) && encryptedDataKey.dtor_keyProviderInfo().equals(keyName()) && encryptedDataKey.dtor_keyProviderId().equals(keyNamespace()) && BigInteger.valueOf((long) encryptedDataKey.dtor_ciphertext().length()).signum() == 1;
    }

    public AtomicPrimitivesClient cryptoPrimitives() {
        return this._cryptoPrimitives;
    }

    public DafnySequence<? extends Byte> keyNamespace() {
        return this._keyNamespace;
    }

    public DafnySequence<? extends Byte> keyName() {
        return this._keyName;
    }

    public RSAPaddingMode paddingScheme() {
        return this._paddingScheme;
    }

    public Option<DafnySequence<? extends Byte>> publicKey() {
        return this._publicKey;
    }

    public Option<DafnySequence<? extends Byte>> privateKey() {
        return this._privateKey;
    }

    public static TypeDescriptor<RawRSAKeyring> _typeDescriptor() {
        return _TYPE;
    }

    public String toString() {
        return "RawRSAKeyring.RawRSAKeyring";
    }
}
