package com.google.cloud.broker.encryption.backends.keyset;

import com.google.cloud.WriteChannel;
import com.google.cloud.broker.utils.CloudStorageUtils;
import com.google.cloud.storage.BlobId;
import com.google.cloud.storage.BlobInfo;
import com.google.cloud.storage.Storage;
import com.google.crypto.tink.JsonKeysetReader;
import com.google.crypto.tink.JsonKeysetWriter;
import com.google.crypto.tink.proto.EncryptedKeyset;
import com.google.crypto.tink.proto.Keyset;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.channels.Channels;
import java.nio.channels.WritableByteChannel;

/* loaded from: input_file:com/google/cloud/broker/encryption/backends/keyset/CloudStorageKeysetManager.class */
public class CloudStorageKeysetManager extends KeysetManager {
    private URI dekUri;

    /* JADX INFO: Access modifiers changed from: package-private */
    public CloudStorageKeysetManager(String str) {
        try {
            this.dekUri = new URI(str);
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.google.crypto.tink.KeysetReader
    public Keyset read() throws IOException {
        throw new UnsupportedOperationException();
    }

    @Override // com.google.crypto.tink.KeysetReader
    public EncryptedKeyset readEncrypted() throws IOException {
        return JsonKeysetReader.withBytes(CloudStorageUtils.getCloudStorageClient().readAllBytes(BlobId.of(this.dekUri.getAuthority(), this.dekUri.getPath().substring(1)), new Storage.BlobSourceOption[0])).readEncrypted();
    }

    @Override // com.google.crypto.tink.KeysetWriter
    public void write(Keyset keyset) throws IOException {
        throw new UnsupportedOperationException();
    }

    @Override // com.google.crypto.tink.KeysetWriter
    public void write(EncryptedKeyset encryptedKeyset) throws IOException {
        WriteChannel writer = CloudStorageUtils.getCloudStorageClient().writer(BlobInfo.newBuilder(BlobId.of(this.dekUri.getAuthority(), this.dekUri.getPath().substring(1))).build(), new Storage.BlobWriteOption[0]);
        OutputStream newOutputStream = Channels.newOutputStream((WritableByteChannel) writer);
        JsonKeysetWriter.withOutputStream(newOutputStream).write(encryptedKeyset);
        newOutputStream.close();
        writer.close();
    }
}
