package de.otto.kafka.messaging.e2ee;

import de.otto.kafka.messaging.e2ee.vault.VaultEncryptionKeyProviderConfig;
import io.github.jopenlibs.vault.json.Json;
import io.github.jopenlibs.vault.json.JsonArray;
import io.github.jopenlibs.vault.json.JsonObject;
import io.github.jopenlibs.vault.json.WriterConfig;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:de/otto/kafka/messaging/e2ee/KafkaEncryptionHelper.class */
public interface KafkaEncryptionHelper {
    public static final String KAFKA_HEADER_IV_KEY = "encryption/key/iv";
    public static final String KAFKA_HEADER_IV_VALUE = "encryption/iv";
    public static final String KAFKA_CE_HEADER_IV_VALUE = "ce_e2eeiv";
    public static final String KAFKA_HEADER_CIPHER_KEY = "encryption/key/ciphers";
    public static final String KAFKA_HEADER_CIPHER_VALUE = "encryption/ciphers";
    public static final String KAFKA_CE_HEADER_CIPHER_VERSION_VALUE = "ce_e2eekeyversion";
    public static final String KAFKA_CE_HEADER_CIPHER_NAME_VALUE = "ce_e2eekeyname";

    static String headerNameIv(boolean z) {
        return z ? KAFKA_HEADER_IV_KEY : KAFKA_HEADER_IV_VALUE;
    }

    static String headerNameCiphers(boolean z) {
        return z ? KAFKA_HEADER_CIPHER_KEY : KAFKA_HEADER_CIPHER_VALUE;
    }

    static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] bArr, String str, String str2) {
        return (str == null || str2 == null) ? AesEncryptedPayload.ofUnencryptedPayload(bArr) : AesEncryptedPayload.ofEncryptedPayload(bArr, str, extractCipherSpec(str2));
    }

    static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] bArr, String str, String str2, String str3, String str4, String str5) {
        return (str3 == null || str4 == null || str5 == null) ? (str == null || str2 == null) ? AesEncryptedPayload.ofUnencryptedPayload(bArr) : AesEncryptedPayload.ofEncryptedPayload(bArr, str, extractCipherSpec(str2)) : AesEncryptedPayload.ofEncryptedPayload(bArr, str3, extractCipherVersion(str4), str5);
    }

    static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        return aesEncryptedPayloadOfKafka(bArr, byteArrayToUtf8String(bArr2), byteArrayToUtf8String(bArr3));
    }

    static AesEncryptedPayload aesEncryptedPayloadOfKafka(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4, byte[] bArr5, byte[] bArr6) {
        return aesEncryptedPayloadOfKafka(bArr, byteArrayToUtf8String(bArr2), byteArrayToUtf8String(bArr3), byteArrayToUtf8String(bArr4), byteArrayToUtf8String(bArr5), byteArrayToUtf8String(bArr6));
    }

    static AesEncryptedPayload aesEncryptedPayloadOfKafkaForKey(byte[] bArr, Map<String, ?> map) {
        return aesEncryptedPayloadOfKafka(bArr, extractKafkaHeaderValueText(map, headerNameIv(true)), extractKafkaHeaderValueText(map, headerNameCiphers(true)));
    }

    static AesEncryptedPayload aesEncryptedPayloadOfKafkaForValue(byte[] bArr, Map<String, ?> map) {
        return aesEncryptedPayloadOfKafka(bArr, extractKafkaHeaderValueText(map, headerNameIv(false)), extractKafkaHeaderValueText(map, headerNameCiphers(false)), extractKafkaHeaderValueText(map, KAFKA_CE_HEADER_IV_VALUE), extractKafkaHeaderValueText(map, KAFKA_CE_HEADER_CIPHER_VERSION_VALUE), extractKafkaHeaderValueText(map, KAFKA_CE_HEADER_CIPHER_NAME_VALUE));
    }

    static String extractKafkaHeaderValueText(Map<String, ?> map, String str) {
        Object obj = map.get(str);
        if (obj == null) {
            return null;
        }
        return obj instanceof byte[] ? byteArrayToUtf8String((byte[]) obj) : obj instanceof String ? (String) obj : obj.toString();
    }

    static String byteArrayToUtf8String(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return new String(bArr, StandardCharsets.UTF_8);
    }

    static Map<String, byte[]> mapToKafkaHeadersForKey(AesEncryptedPayload aesEncryptedPayload) {
        return aesEncryptedPayload.isEncrypted() ? Map.of(headerNameIv(true), mapToIvHeaderValue(aesEncryptedPayload), headerNameCiphers(true), mapToCipherHeaderValue(aesEncryptedPayload)) : Map.of();
    }

    static Map<String, byte[]> mapToKafkaHeadersForValue(AesEncryptedPayload aesEncryptedPayload) {
        return aesEncryptedPayload.isEncrypted() ? Map.of(headerNameIv(false), mapToIvHeaderValue(aesEncryptedPayload), headerNameCiphers(false), mapToCipherHeaderValue(aesEncryptedPayload), KAFKA_CE_HEADER_IV_VALUE, mapToIvHeaderValue(aesEncryptedPayload), KAFKA_CE_HEADER_CIPHER_VERSION_VALUE, mapToCipherVersionHeaderValue(aesEncryptedPayload), KAFKA_CE_HEADER_CIPHER_NAME_VALUE, mapToCipherNameHeaderValue(aesEncryptedPayload)) : Map.of();
    }

    static String mapToIvHeaderValueText(AesEncryptedPayload aesEncryptedPayload) {
        return aesEncryptedPayload.initializationVectorBase64();
    }

    static byte[] mapToIvHeaderValue(AesEncryptedPayload aesEncryptedPayload) {
        if (aesEncryptedPayload.isEncrypted()) {
            return mapToIvHeaderValueText(aesEncryptedPayload).getBytes(StandardCharsets.UTF_8);
        }
        throw new IllegalArgumentException("Cannot call 'mapToIvHeaderValue' for unencrypted payloads.");
    }

    static String mapToCipherHeaderValueText(AesEncryptedPayload aesEncryptedPayload) {
        String encryptionKeyAttributeName = aesEncryptedPayload.encryptionKeyAttributeName();
        if (encryptionKeyAttributeName == null) {
            encryptionKeyAttributeName = VaultEncryptionKeyProviderConfig.DEFAULT_ENCRYPTION_KEY_ATTRIBUTE_NAME;
        }
        JsonObject jsonObject = new JsonObject();
        jsonObject.add("cipherVersion", Json.value(aesEncryptedPayload.keyVersion()));
        jsonObject.add("cipherVersionString", Json.NULL);
        jsonObject.add("cipherName", Json.value(encryptionKeyAttributeName));
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.add(encryptionKeyAttributeName, jsonObject);
        JsonArray jsonArray = new JsonArray();
        jsonArray.add(jsonObject2);
        return jsonArray.toString(WriterConfig.MINIMAL);
    }

    static String mapToCipherHeaderValueText(EncryptionCipherSpec encryptionCipherSpec) {
        String cipherName = encryptionCipherSpec.cipherName();
        if (cipherName == null) {
            cipherName = VaultEncryptionKeyProviderConfig.DEFAULT_ENCRYPTION_KEY_ATTRIBUTE_NAME;
        }
        JsonObject jsonObject = new JsonObject();
        jsonObject.add("cipherVersion", Json.value(encryptionCipherSpec.keyVersion()));
        jsonObject.add("cipherVersionString", Json.NULL);
        jsonObject.add("cipherName", Json.value(cipherName));
        JsonObject jsonObject2 = new JsonObject();
        jsonObject2.add(cipherName, jsonObject);
        JsonArray jsonArray = new JsonArray();
        jsonArray.add(jsonObject2);
        return jsonArray.toString(WriterConfig.MINIMAL);
    }

    static byte[] mapToCipherNameHeaderValue(AesEncryptedPayload aesEncryptedPayload) {
        return mapToCipherNameHeaderText(aesEncryptedPayload).getBytes(StandardCharsets.UTF_8);
    }

    static String mapToCipherNameHeaderText(AesEncryptedPayload aesEncryptedPayload) {
        if (!aesEncryptedPayload.isEncrypted()) {
            throw new IllegalArgumentException("Cannot call 'mapToCipherNameHeaderText' for unencrypted payloads.");
        }
        String encryptionKeyAttributeName = aesEncryptedPayload.encryptionKeyAttributeName();
        if (encryptionKeyAttributeName == null) {
            encryptionKeyAttributeName = VaultEncryptionKeyProviderConfig.DEFAULT_ENCRYPTION_KEY_ATTRIBUTE_NAME;
        }
        return encryptionKeyAttributeName;
    }

    static byte[] mapToCipherVersionHeaderValue(AesEncryptedPayload aesEncryptedPayload) {
        return mapToCipherVersionHeaderText(aesEncryptedPayload).getBytes(StandardCharsets.UTF_8);
    }

    static String mapToCipherVersionHeaderText(AesEncryptedPayload aesEncryptedPayload) {
        if (aesEncryptedPayload.isEncrypted()) {
            return Integer.toString(aesEncryptedPayload.keyVersion());
        }
        throw new IllegalArgumentException("Cannot call 'mapToCipherVersionHeaderText' for unencrypted payloads.");
    }

    static byte[] mapToCipherHeaderValue(AesEncryptedPayload aesEncryptedPayload) {
        if (aesEncryptedPayload.isEncrypted()) {
            return mapToCipherHeaderValueText(aesEncryptedPayload).getBytes(StandardCharsets.UTF_8);
        }
        throw new IllegalArgumentException("Cannot call 'mapToCipherHeaderValue' for unencrypted payloads.");
    }

    static byte[] extractIv(byte[] bArr) {
        return bArr == null ? new byte[0] : extractIv(byteArrayToUtf8String(bArr));
    }

    static byte[] extractIv(String str) {
        return str == null ? new byte[0] : Base64.getDecoder().decode(str);
    }

    static int extractCipherVersion(byte[] bArr) {
        if (bArr == null) {
            return 0;
        }
        return Integer.parseInt(byteArrayToUtf8String(bArr));
    }

    static int extractCipherVersion(String str) {
        if (str == null) {
            return 0;
        }
        return Integer.parseInt(str);
    }

    static String extractCipherName(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return byteArrayToUtf8String(bArr);
    }

    static String extractCipherName(String str) {
        return str;
    }

    static int extractKeyVersion(byte[] bArr) {
        if (bArr == null) {
            return 0;
        }
        return extractKeyVersion(byteArrayToUtf8String(bArr));
    }

    static int extractKeyVersion(String str) {
        EncryptionCipherSpec extractCipherSpec = extractCipherSpec(str);
        if (extractCipherSpec == null) {
            return 0;
        }
        return extractCipherSpec.keyVersion();
    }

    static String extractEncryptionKeyAttributeName(String str) {
        EncryptionCipherSpec extractCipherSpec = extractCipherSpec(str);
        if (extractCipherSpec == null) {
            return null;
        }
        return extractCipherSpec.cipherName();
    }

    static EncryptionCipherSpec extractCipherSpec(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return extractCipherSpec(byteArrayToUtf8String(bArr));
    }

    static EncryptionCipherSpec extractCipherSpec(String str) {
        if (str == null) {
            return null;
        }
        try {
            JsonArray asArray = Json.parse(str).asArray();
            if (asArray.size() != 1) {
                throw new JsonParsingRuntimeException("Cannot parse cipher. Error=CipherText has not exactly one element. Cipher=" + str);
            }
            JsonObject asObject = asArray.get(0).asObject();
            List names = asObject.names();
            if (names.size() != 1) {
                throw new JsonParsingRuntimeException("Cannot parse cipher. Error=Root object has not exactly one element. Cipher=" + str);
            }
            String str2 = (String) names.get(0);
            return new EncryptionCipherSpec(asObject.get(str2).asObject().getInt("cipherVersion").intValue(), str2);
        } catch (JsonParsingRuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new JsonParsingRuntimeException("Cannot parse cipher. Error=" + e2.getMessage() + " Cipher=" + str);
        }
    }
}
