package com.couchbase.client.encryption;

import com.couchbase.client.core.encryption.CryptoManager;
import com.couchbase.client.core.util.CbCollections;
import com.couchbase.client.core.util.CbObjects;
import com.couchbase.client.core.util.CbStrings;
import com.couchbase.client.core.util.CbThrowables;
import com.couchbase.client.core.util.Validators;
import com.couchbase.client.encryption.errors.CryptoException;
import com.couchbase.client.encryption.errors.DecrypterNotFoundException;
import com.couchbase.client.encryption.errors.EncrypterNotFoundException;
import com.couchbase.client.encryption.internal.LegacyAesDecrypter;
import com.couchbase.client.encryption.internal.LegacyRsaDecrypter;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.function.Function;

/* loaded from: input_file:com/couchbase/client/encryption/DefaultCryptoManager.class */
public class DefaultCryptoManager implements CryptoManager {
    private final String encryptedFieldNamePrefix;
    private final Map<String, Encrypter> aliasToEncrypter;
    private final Map<String, Decrypter> algorithmToDecrypter;

    /* loaded from: input_file:com/couchbase/client/encryption/DefaultCryptoManager$Builder.class */
    public static class Builder {
        private String encryptedFieldNamePrefix = "encrypted$";
        private final Map<String, Decrypter> algorithmToDecrypter = new HashMap();
        private final Map<String, Encrypter> aliasToEncrypter = new HashMap();

        public Builder decrypter(Decrypter decrypter) {
            Decrypter putIfAbsent = this.algorithmToDecrypter.putIfAbsent(decrypter.algorithm(), decrypter);
            if (putIfAbsent != null) {
                throw new IllegalStateException("Algorithm '" + decrypter.algorithm() + "' is already associated with decrypter " + putIfAbsent);
            }
            return this;
        }

        public Builder encrypter(String str, Encrypter encrypter) {
            Validators.notNullOrEmpty(str, "Encrypter alias");
            Encrypter putIfAbsent = this.aliasToEncrypter.putIfAbsent(str, encrypter);
            if (putIfAbsent != null) {
                throw new IllegalStateException("Encrypter alias '" + str + "' is already associated with " + putIfAbsent);
            }
            return this;
        }

        public Builder defaultEncrypter(Encrypter encrypter) {
            return encrypter("__DEFAULT__", encrypter);
        }

        public Builder legacyAesDecrypters(Keyring keyring, Function<String, String> function) {
            decrypter(LegacyAesDecrypter.aes128(keyring, function));
            decrypter(LegacyAesDecrypter.aes256(keyring, function));
            return this;
        }

        public Builder legacyRsaDecrypter(Keyring keyring, Function<String, String> function) {
            return decrypter(new LegacyRsaDecrypter(keyring, function));
        }

        public Builder encryptedFieldNamePrefix(String str) {
            Validators.notNullOrEmpty(str, "Encrypted field prefix");
            this.encryptedFieldNamePrefix = str;
            return this;
        }

        public DefaultCryptoManager build() {
            return new DefaultCryptoManager(this.algorithmToDecrypter, this.aliasToEncrypter, this.encryptedFieldNamePrefix);
        }
    }

    private DefaultCryptoManager(Map<String, Decrypter> map, Map<String, Encrypter> map2, String str) {
        this.algorithmToDecrypter = Collections.unmodifiableMap(new HashMap(map));
        this.aliasToEncrypter = Collections.unmodifiableMap(new HashMap(map2));
        this.encryptedFieldNamePrefix = (String) Objects.requireNonNull(str);
    }

    public static Builder builder() {
        return new Builder();
    }

    public Map<String, Object> encrypt(byte[] bArr, String str) {
        try {
            return getEncrypterByAlias(str).encrypt(bArr).asMap();
        } catch (Exception e) {
            CbThrowables.throwIfInstanceOf(e, CryptoException.class);
            throw new CryptoException("Encryption failed", e);
        }
    }

    public byte[] decrypt(Map<String, Object> map) {
        try {
            EncryptionResult fromMap = EncryptionResult.fromMap(map);
            return getDecrypter(fromMap).decrypt(fromMap);
        } catch (Exception e) {
            CbThrowables.throwIfInstanceOf(e, CryptoException.class);
            throw new CryptoException("Decryption failed", e);
        }
    }

    public String mangle(String str) {
        return this.encryptedFieldNamePrefix + str;
    }

    public String demangle(String str) {
        return CbStrings.removeStart(str, this.encryptedFieldNamePrefix);
    }

    public boolean isMangled(String str) {
        return str.startsWith(this.encryptedFieldNamePrefix);
    }

    private Encrypter getEncrypterByAlias(String str) {
        String str2 = (String) CbObjects.defaultIfNull(str, "__DEFAULT__");
        Encrypter encrypter = this.aliasToEncrypter.get(str2);
        if (encrypter != null) {
            return encrypter;
        }
        throw EncrypterNotFoundException.forAlias(str2);
    }

    private Decrypter getDecrypter(EncryptionResult encryptionResult) {
        String algorithm = encryptionResult.getAlgorithm();
        if (CbCollections.isNullOrEmpty(algorithm)) {
            throw new IllegalArgumentException("Encryption result is missing algorithm attribute.");
        }
        Decrypter decrypter = this.algorithmToDecrypter.get(algorithm);
        if (decrypter == null) {
            throw DecrypterNotFoundException.forAlgorithm(algorithm);
        }
        return decrypter;
    }

    public String toString() {
        return "DefaultCryptoManager{encryptedFieldNamePrefix='" + this.encryptedFieldNamePrefix + "', aliasToEncrypter=" + this.aliasToEncrypter + ", algorithmToDecrypter=" + this.algorithmToDecrypter + '}';
    }
}
