package de.otto.kafka.messaging.e2ee;

import de.otto.kafka.messaging.e2ee.EncryptionKeyProvider;
import de.otto.kafka.messaging.e2ee.vault.VaultHelper;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.util.Objects;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:de/otto/kafka/messaging/e2ee/EncryptionService.class */
public final class EncryptionService {
    private final EncryptionKeyProvider encryptionKeyProvider;
    private final InitializationVectorFactory initializationVectorFactory;
    private final Cache<String, EncryptionKeyData> encryptionKeyDataCache;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/otto/kafka/messaging/e2ee/EncryptionService$EncryptionKeyData.class */
    public static final class EncryptionKeyData extends Record {
        private final Key aesKey;
        private final EncryptionKeyProvider.KeyVersion keyVersion;

        private EncryptionKeyData(Key key, EncryptionKeyProvider.KeyVersion keyVersion) {
            Objects.requireNonNull(key, "aesKey must not be null");
            Objects.requireNonNull(keyVersion, "keyVersion must not be null");
            this.aesKey = key;
            this.keyVersion = keyVersion;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, EncryptionKeyData.class), EncryptionKeyData.class, "aesKey;keyVersion", "FIELD:Lde/otto/kafka/messaging/e2ee/EncryptionService$EncryptionKeyData;->aesKey:Ljava/security/Key;", "FIELD:Lde/otto/kafka/messaging/e2ee/EncryptionService$EncryptionKeyData;->keyVersion:Lde/otto/kafka/messaging/e2ee/EncryptionKeyProvider$KeyVersion;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, EncryptionKeyData.class), EncryptionKeyData.class, "aesKey;keyVersion", "FIELD:Lde/otto/kafka/messaging/e2ee/EncryptionService$EncryptionKeyData;->aesKey:Ljava/security/Key;", "FIELD:Lde/otto/kafka/messaging/e2ee/EncryptionService$EncryptionKeyData;->keyVersion:Lde/otto/kafka/messaging/e2ee/EncryptionKeyProvider$KeyVersion;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, EncryptionKeyData.class, Object.class), EncryptionKeyData.class, "aesKey;keyVersion", "FIELD:Lde/otto/kafka/messaging/e2ee/EncryptionService$EncryptionKeyData;->aesKey:Ljava/security/Key;", "FIELD:Lde/otto/kafka/messaging/e2ee/EncryptionService$EncryptionKeyData;->keyVersion:Lde/otto/kafka/messaging/e2ee/EncryptionKeyProvider$KeyVersion;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Key aesKey() {
            return this.aesKey;
        }

        public EncryptionKeyProvider.KeyVersion keyVersion() {
            return this.keyVersion;
        }
    }

    public EncryptionService(EncryptionKeyProvider encryptionKeyProvider) {
        this(encryptionKeyProvider, new SecureRandomInitializationVectorFactory());
    }

    public EncryptionService(EncryptionKeyProvider encryptionKeyProvider, InitializationVectorFactory initializationVectorFactory) {
        Objects.requireNonNull(encryptionKeyProvider, "encryptionKeyProvider");
        Objects.requireNonNull(initializationVectorFactory, "initializationVectorFactory");
        this.encryptionKeyProvider = encryptionKeyProvider;
        this.initializationVectorFactory = initializationVectorFactory;
        this.encryptionKeyDataCache = new Cache<>(DefaultAesEncryptionConfiguration.CACHING_DURATION);
    }

    public AesEncryptedPayload encryptPayloadWithAes(String str, byte[] bArr) {
        Objects.requireNonNull(str, "kafkaTopicName must not be null");
        Objects.requireNonNull(bArr, "plainPayload must not be null");
        EncryptionKeyData orRetrieve = this.encryptionKeyDataCache.getOrRetrieve(str, this::retrieveKeyData);
        if (orRetrieve == null) {
            return AesEncryptedPayload.ofUnencryptedPayload(bArr);
        }
        Key aesKey = orRetrieve.aesKey();
        byte[] generateInitializationVector = this.initializationVectorFactory.generateInitializationVector();
        return AesEncryptedPayload.ofEncryptedPayload(DefaultAesEncryptionConfiguration.encrypt(bArr, aesKey, generateInitializationVector), generateInitializationVector, orRetrieve.keyVersion());
    }

    public AesEncryptedPayload encryptPayloadWithAes(String str, String str2) {
        Objects.requireNonNull(str, "kafkaTopicName must not be null");
        Objects.requireNonNull(str2, "plainText must not be null");
        return encryptPayloadWithAes(str, str2.getBytes(StandardCharsets.UTF_8));
    }

    private EncryptionKeyData retrieveKeyData(String str) {
        EncryptionKeyProvider.KeyVersion retrieveKeyForEncryption = this.encryptionKeyProvider.retrieveKeyForEncryption(str);
        if (retrieveKeyForEncryption == null) {
            return null;
        }
        return new EncryptionKeyData(createAesKey(retrieveKeyForEncryption), retrieveKeyForEncryption);
    }

    private SecretKeySpec createAesKey(EncryptionKeyProvider.KeyVersion keyVersion) {
        return new SecretKeySpec(VaultHelper.decodeBase64Key(keyVersion.encodedKey()), "AES");
    }
}
