package com.google.cloud.storage.it.runner.registry;

import com.google.api.gax.rpc.NotFoundException;
import com.google.cloud.kms.v1.CreateCryptoKeyRequest;
import com.google.cloud.kms.v1.CreateKeyRingRequest;
import com.google.cloud.kms.v1.CryptoKey;
import com.google.cloud.kms.v1.CryptoKeyName;
import com.google.cloud.kms.v1.CryptoKeyVersion;
import com.google.cloud.kms.v1.CryptoKeyVersionTemplate;
import com.google.cloud.kms.v1.KeyManagementServiceClient;
import com.google.cloud.kms.v1.KeyRing;
import com.google.cloud.kms.v1.KeyRingName;
import com.google.cloud.kms.v1.LocationName;
import com.google.cloud.storage.Storage;
import com.google.iam.v1.Binding;
import com.google.iam.v1.Policy;
import com.google.iam.v1.SetIamPolicyRequest;
import io.grpc.StatusRuntimeException;
import java.io.IOException;

/* loaded from: input_file:com/google/cloud/storage/it/runner/registry/KmsFixture.class */
public class KmsFixture implements ManagedLifecycle {
    private final Storage storage;
    private final String keyRingLocation;
    private final String keyRingName;
    private final String key1Name;
    private final String key2Name;
    private KeyRing keyRing;
    private CryptoKey key1;
    private CryptoKey key2;

    private KmsFixture(Storage storage, String str, String str2, String str3, String str4) {
        this.storage = storage;
        this.keyRingLocation = str;
        this.keyRingName = str2;
        this.key1Name = str3;
        this.key2Name = str4;
    }

    public String getKeyRingLocation() {
        return this.keyRingLocation;
    }

    public KeyRing getKeyRing() {
        return this.keyRing;
    }

    public CryptoKey getKey1() {
        return this.key1;
    }

    public CryptoKey getKey2() {
        return this.key2;
    }

    @Override // com.google.cloud.storage.it.runner.registry.ManagedLifecycle
    public Object get() {
        return this;
    }

    @Override // com.google.cloud.storage.it.runner.registry.ManagedLifecycle
    public void start() {
        try {
            KeyManagementServiceClient create = KeyManagementServiceClient.create();
            try {
                this.keyRing = resolveKeyRing(create);
                grantStorageServiceAccountRolesToKeyRing(create);
                this.key1 = resolveKey(create, this.key1Name);
                this.key2 = resolveKey(create, this.key2Name);
                if (create != null) {
                    create.close();
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.google.cloud.storage.it.runner.registry.ManagedLifecycle
    public void stop() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KmsFixture of(Storage storage) {
        return new KmsFixture(storage, "us", "gcs_test_kms_key_ring", "gcs_kms_key_one", "gcs_kms_key_two");
    }

    private KeyRing resolveKeyRing(KeyManagementServiceClient keyManagementServiceClient) throws StatusRuntimeException {
        String projectId = this.storage.getOptions().getProjectId();
        try {
            return keyManagementServiceClient.getKeyRing(KeyRingName.of(projectId, this.keyRingLocation, this.keyRingName).toString());
        } catch (NotFoundException e) {
            CreateKeyRingRequest build = CreateKeyRingRequest.newBuilder().setParent(LocationName.of(projectId, this.keyRingLocation).toString()).setKeyRingId(this.keyRingName).setKeyRing(KeyRing.newBuilder().build()).build();
            System.out.println("req = " + build);
            return keyManagementServiceClient.createKeyRing(build);
        }
    }

    private Policy grantStorageServiceAccountRolesToKeyRing(KeyManagementServiceClient keyManagementServiceClient) {
        return keyManagementServiceClient.setIamPolicy(SetIamPolicyRequest.newBuilder().setResource(this.keyRing.getName()).setPolicy(Policy.newBuilder().addBindings(Binding.newBuilder().setRole("roles/cloudkms.cryptoKeyEncrypterDecrypter").addMembers("serviceAccount:" + this.storage.getServiceAccount(this.storage.getOptions().getProjectId()).getEmail()).build()).build()).build());
    }

    private CryptoKey resolveKey(KeyManagementServiceClient keyManagementServiceClient, String str) {
        try {
            return keyManagementServiceClient.getCryptoKey(cryptoKeyNameOnRing(this.keyRing, str));
        } catch (NotFoundException e) {
            return keyManagementServiceClient.createCryptoKey(CreateCryptoKeyRequest.newBuilder().setParent(this.keyRing.getName()).setCryptoKeyId(str).setCryptoKey(CryptoKey.newBuilder().setPurpose(CryptoKey.CryptoKeyPurpose.ENCRYPT_DECRYPT).setVersionTemplate(CryptoKeyVersionTemplate.newBuilder().setAlgorithm(CryptoKeyVersion.CryptoKeyVersionAlgorithm.GOOGLE_SYMMETRIC_ENCRYPTION))).build());
        }
    }

    private static CryptoKeyName cryptoKeyNameOnRing(KeyRing keyRing, String str) {
        KeyRingName parse = KeyRingName.parse(keyRing.getName());
        return CryptoKeyName.of(parse.getProject(), parse.getLocation(), parse.getKeyRing(), str);
    }
}
