package org.kafkacrypto;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.kafkacrypto.exceptions.KafkaCryptoException;
import org.kafkacrypto.exceptions.KafkaCryptoKeyException;
import org.kafkacrypto.msgs.CryptoKeyFileFormat;
import org.kafkacrypto.msgs.KEMPublicKey;
import org.kafkacrypto.msgs.KEMSecretKey;
import org.kafkacrypto.msgs.SignPublicKey;
import org.kafkacrypto.msgs.SignSecretKey;
import org.kafkacrypto.msgs.msgpack;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kafkacrypto/CryptoKey.class */
public class CryptoKey {
    private byte __version;
    private boolean __use_legacy;
    private byte[] __ek;
    private List<SignSecretKey> __ssk_all;
    private List<SignPublicKey> __spk_all;
    private List<SignSecretKey> __ssk;
    private List<SignPublicKey> __spk;
    private List<Byte> __versions;
    private Map<String, Map<String, Map<Byte, KEMSecretKey>>> __eskepk;
    private Lock __eskepklock;

    public CryptoKey(String str) throws KafkaCryptoException {
        this(str, new ArrayList());
    }

    public CryptoKey(String str, List<Byte> list) throws KafkaCryptoException {
        this.__ssk_all = new ArrayList();
        this.__spk_all = new ArrayList();
        this.__ssk = new ArrayList();
        this.__spk = new ArrayList();
        Logger logger = LoggerFactory.getLogger("kafkacrypto-java.CryptoKey");
        if (!new File(str).exists()) {
            __init_empty_cryptokey(str);
        }
        try {
            CryptoKeyFileFormat unpackb = new CryptoKeyFileFormat().unpackb(Files.readAllBytes(Paths.get(str, new String[0])));
            ArrayList arrayList = new ArrayList();
            this.__version = unpackb.version;
            for (int i = 0; i < unpackb.ssk.size(); i++) {
                this.__ssk_all.add(unpackb.ssk.get(i));
                this.__ssk.add(unpackb.ssk.get(i));
                SignPublicKey signPublicKey = new SignPublicKey(unpackb.ssk.get(i));
                this.__spk_all.add(signPublicKey);
                this.__spk.add(signPublicKey);
            }
            this.__ek = unpackb.ek;
            this.__use_legacy = unpackb.use_legacy;
            this.__versions = unpackb.versions;
            for (int i2 = 0; i2 < list.size(); i2++) {
                int i3 = 0;
                while (i3 < this.__ssk_all.size() && this.__ssk_all.get(i3).getType() != list.get(i2).byteValue()) {
                    i3++;
                }
                if (i3 >= this.__ssk_all.size()) {
                    arrayList.add(list.get(i2));
                }
            }
            for (int i4 = 0; i4 < arrayList.size(); i4++) {
                unpackb.needs_update = true;
                SignSecretKey signSecretKey = new SignSecretKey(((Byte) arrayList.get(i4)).byteValue());
                unpackb.ssk.add(signSecretKey);
                this.__ssk_all.add(signSecretKey);
                this.__ssk.add(signSecretKey);
                SignPublicKey signPublicKey2 = new SignPublicKey(signSecretKey);
                this.__spk_all.add(signPublicKey2);
                this.__spk.add(signPublicKey2);
                logger.warn("  Adding New Public Key: {}", signPublicKey2.toString());
            }
            if (unpackb.needs_update) {
                if (unpackb.needs_update_poison) {
                    logger.warn("CryptoKey file {} update required, but cannot update!", str);
                    throw new KafkaCryptoKeyException("Could not update CryptoKey file!");
                }
                logger.warn("Updating CryptoKey file {}.", str);
                try {
                    Files.write(Paths.get(str, new String[0]), msgpack.packb(unpackb), new OpenOption[0]);
                } catch (IOException e) {
                    logger.warn("  Error updating file.", e);
                    throw new KafkaCryptoKeyException("Could not update CryptoKey file!", e);
                }
            }
            this.__eskepklock = new ReentrantLock();
            this.__eskepk = new HashMap();
        } catch (IOException e2) {
            throw new KafkaCryptoKeyException("Could not read CryptoKey file!", e2);
        }
    }

    public void limit_spk(List<Byte> list) {
        this.__ssk = new ArrayList();
        this.__spk = new ArrayList();
        for (int i = 0; i < this.__ssk_all.size(); i++) {
            int i2 = 0;
            while (i2 < list.size()) {
                if (this.__ssk_all.get(i).getType() == list.get(i2).byteValue()) {
                }
                i2++;
            }
            if (i2 < list.size()) {
                this.__ssk.add(this.__ssk_all.get(i));
                this.__spk.add(this.__spk_all.get(i));
            }
        }
    }

    public int get_num_spk() {
        return this.__ssk.size();
    }

    /* JADX WARN: Type inference failed for: r0v12, types: [byte[], byte[][]] */
    public byte[] get_id_spk() {
        byte[] bArr = new byte[0];
        Iterator<SignPublicKey> it = this.__spk.iterator();
        while (it.hasNext()) {
            bArr = Utils.concatArrays(new byte[]{bArr, it.next().getBytes()});
        }
        return bArr;
    }

    public SignPublicKey get_spk(int i) {
        return this.__spk.get(i);
    }

    public byte[] sign_spk(byte[] bArr, int i) {
        return this.__ssk.get(i).crypto_sign(bArr);
    }

    public List<KEMPublicKey> get_epks(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        this.__eskepklock.lock();
        try {
            if (!this.__eskepk.containsKey(str)) {
                this.__eskepk.put(str, new HashMap());
            }
            if (!this.__eskepk.get(str).containsKey(str2)) {
                this.__eskepk.get(str).put(str2, new HashMap());
            }
            for (int i = 0; i < this.__versions.size(); i++) {
                KEMSecretKey kEMSecretKey = new KEMSecretKey(this.__versions.get(i).byteValue());
                this.__eskepk.get(str).get(str2).put(this.__versions.get(i), kEMSecretKey);
                arrayList.add(new KEMPublicKey(kEMSecretKey));
            }
            return arrayList;
        } finally {
            this.__eskepklock.unlock();
        }
    }

    public Map<byte[], KEMPublicKey> use_epks(String str, String str2, List<KEMPublicKey> list, boolean z) {
        HashMap hashMap = new HashMap();
        this.__eskepklock.lock();
        try {
            if (!this.__eskepk.containsKey(str) || !this.__eskepk.get(str).containsKey(str2)) {
                return hashMap;
            }
            for (KEMPublicKey kEMPublicKey : list) {
                if (this.__eskepk.get(str).get(str2).containsKey(Byte.valueOf(kEMPublicKey.getType()))) {
                    KEMSecretKey kEMSecretKey = this.__eskepk.get(str).get(str2).get(Byte.valueOf(kEMPublicKey.getType()));
                    hashMap.put(kEMSecretKey.complete_kem(kEMPublicKey), new KEMPublicKey(kEMSecretKey));
                }
            }
            if (z) {
                this.__eskepk.get(str).remove(str2);
            }
            this.__eskepklock.unlock();
            return hashMap;
        } finally {
            this.__eskepklock.unlock();
        }
    }

    public byte[] wrap_opaque(byte[] bArr) {
        return jasodium.crypto_secretbox_auto(bArr, this.__ek);
    }

    public byte[] unwrap_opaque(byte[] bArr) {
        return jasodium.crypto_secretbox_open_auto(bArr, this.__ek);
    }

    public boolean use_legacy() {
        return this.__use_legacy;
    }

    private void __init_empty_cryptokey(String str) {
        Logger logger = LoggerFactory.getLogger("kafkacrypto-java.CryptoKey");
        logger.warn("Initializing new CryptoKey file {}", str);
        CryptoKeyFileFormat cryptoKeyFileFormat = new CryptoKeyFileFormat();
        cryptoKeyFileFormat.ek = jasodium.randombytes(32);
        cryptoKeyFileFormat.use_legacy = false;
        cryptoKeyFileFormat.versions.add((byte) 5);
        cryptoKeyFileFormat.versions.add((byte) 2);
        cryptoKeyFileFormat.versions.add((byte) 1);
        try {
            Files.write(Paths.get(str, new String[0]), msgpack.packb(cryptoKeyFileFormat), new OpenOption[0]);
        } catch (IOException e) {
            logger.warn("  Error writing file.", e);
        }
        logger.warn("  CryptoKey Initialized. Provisioning required for successful operation.");
    }
}
