package misk.crypto;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.amazonaws.services.s3.model.S3Object;
import com.google.inject.Inject;
import java.util.LinkedHashMap;
import java.util.Map;
import kotlin.Lazy;
import kotlin.Metadata;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.text.Charsets;
import misk.config.MiskConfig;
import misk.crypto.BucketNameSource;
import mu.KLogger;
import mu.KotlinLogging;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import wisp.deployment.Deployment;

/* compiled from: S3KeyResolver.kt */
@Metadata(mv = {1, 4, 2}, bv = {1, 0, 3}, k = 1, d1 = {"��F\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\f\u0018��  2\u00020\u0001:\u0001 BC\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0018\b\u0001\u0010\u0006\u001a\u0012\u0012\b\u0012\u00060\bj\u0002`\t\u0012\u0004\u0012\u00020\n0\u0007\u0012\b\b\u0002\u0010\u000b\u001a\u00020\f\u0012\u0006\u0010\r\u001a\u00020\u000e¢\u0006\u0002\u0010\u000fJ\u0016\u0010\u001b\u001a\u0004\u0018\u00010\u00142\n\u0010\u001c\u001a\u00060\bj\u0002`\tH\u0016J\u001c\u0010\u001d\u001a\u00020\u00142\n\u0010\u001c\u001a\u00060\bj\u0002`\t2\u0006\u0010\u001e\u001a\u00020\nH\u0002J\u0010\u0010\u001f\u001a\u00020\b2\u0006\u0010\u001c\u001a\u00020\bH\u0002R$\u0010\u0006\u001a\u0012\u0012\b\u0012\u00060\bj\u0002`\t\u0012\u0004\u0012\u00020\n0\u0007X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u0010\u0010\u0011R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u000b\u001a\u00020\f8\u0002X\u0083\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R7\u0010\u0012\u001a\u001e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\u00140\u0013j\u000e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\u0014`\u00158BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0018\u0010\u0019\u001a\u0004\b\u0016\u0010\u0017R\u000e\u0010\u001a\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006!"}, d2 = {"Lmisk/crypto/S3KeyResolver;", "Lmisk/crypto/ExternalKeyResolver;", "deployment", "Lwisp/deployment/Deployment;", "defaultS3", "Lcom/amazonaws/services/s3/AmazonS3;", "allKeyAliases", "", "", "Lmisk/crypto/KeyAlias;", "Lmisk/crypto/KeyType;", "bucketNameSource", "Lmisk/crypto/BucketNameSource;", "awsCredentials", "Lcom/amazonaws/auth/AWSCredentialsProvider;", "(Lwisp/deployment/Deployment;Lcom/amazonaws/services/s3/AmazonS3;Ljava/util/Map;Lmisk/crypto/BucketNameSource;Lcom/amazonaws/auth/AWSCredentialsProvider;)V", "getAllKeyAliases", "()Ljava/util/Map;", "keys", "Ljava/util/LinkedHashMap;", "Lmisk/crypto/Key;", "Lkotlin/collections/LinkedHashMap;", "getKeys", "()Ljava/util/LinkedHashMap;", "keys$delegate", "Lkotlin/Lazy;", "s3", "getKeyByAlias", "alias", "getRemoteKey", "type", "objectPath", "Companion", "misk-crypto"})
/* loaded from: input_file:misk/crypto/S3KeyResolver.class */
public final class S3KeyResolver implements ExternalKeyResolver {
    private final AmazonS3 s3;
    private final Lazy keys$delegate;
    private final Deployment deployment;
    private final AmazonS3 defaultS3;

    @NotNull
    private final Map<String, KeyType> allKeyAliases;

    @Inject(optional = true)
    private final BucketNameSource bucketNameSource;
    private final AWSCredentialsProvider awsCredentials;
    private static final String METADATA_KEY_KMS_ARN = "kms-key-arn";
    private static final String METADATA_KEY_KEY_TYPE = "key-type";
    private static final KLogger logger;

    @NotNull
    public static final Companion Companion = new Companion(null);

    /* compiled from: S3KeyResolver.kt */
    @Metadata(mv = {1, 4, 2}, bv = {1, 0, 3}, k = 1, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006\b"}, d2 = {"Lmisk/crypto/S3KeyResolver$Companion;", "", "()V", "METADATA_KEY_KEY_TYPE", "", "METADATA_KEY_KMS_ARN", "logger", "Lmu/KLogger;", "misk-crypto"})
    /* loaded from: input_file:misk/crypto/S3KeyResolver$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private final String objectPath(String str) {
        StringBuilder append = new StringBuilder().append(str).append('/');
        String regionName = this.defaultS3.getRegionName();
        Intrinsics.checkNotNullExpressionValue(regionName, "defaultS3.regionName");
        if (regionName == null) {
            throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
        }
        String lowerCase = regionName.toLowerCase();
        Intrinsics.checkNotNullExpressionValue(lowerCase, "(this as java.lang.String).toLowerCase()");
        return append.append(lowerCase).toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Key getRemoteKey(String str, KeyType keyType) {
        String objectPath = objectPath(str);
        String bucketName = this.bucketNameSource.getBucketName(this.deployment);
        try {
            S3Object object = this.s3.getObject(bucketName, objectPath);
            Intrinsics.checkNotNullExpressionValue(object, "obj");
            String userMetaDataOf = object.getObjectMetadata().getUserMetaDataOf(METADATA_KEY_KMS_ARN);
            String userMetaDataOf2 = object.getObjectMetadata().getUserMetaDataOf(METADATA_KEY_KEY_TYPE);
            Intrinsics.checkNotNullExpressionValue(userMetaDataOf2, "keyTypeDescription");
            if (userMetaDataOf2 == null) {
                throw new NullPointerException("null cannot be cast to non-null type java.lang.String");
            }
            String upperCase = userMetaDataOf2.toUpperCase();
            Intrinsics.checkNotNullExpressionValue(upperCase, "(this as java.lang.String).toUpperCase()");
            KeyType valueOf = KeyType.valueOf(upperCase);
            if (valueOf != keyType) {
                throw new ExternalKeyManagerException("type provided does not match type of remote key");
            }
            byte[] readAllBytes = object.getObjectContent().readAllBytes();
            Intrinsics.checkNotNullExpressionValue(readAllBytes, "obj.objectContent.readAllBytes()");
            return new Key(str, valueOf, new MiskConfig.RealSecret(new String(readAllBytes, Charsets.UTF_8)), userMetaDataOf);
        } catch (AmazonS3Exception e) {
            throw new ExternalKeyManagerException("key alias not accessible: " + str + " (bucket '" + bucketName + "', " + e + ')');
        }
    }

    private final LinkedHashMap<String, Key> getKeys() {
        return (LinkedHashMap) this.keys$delegate.getValue();
    }

    @Override // misk.crypto.KeyResolver
    @Nullable
    public Key getKeyByAlias(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "alias");
        return getKeys().get(str);
    }

    @Override // misk.crypto.KeyResolver
    @NotNull
    public Map<String, KeyType> getAllKeyAliases() {
        return this.allKeyAliases;
    }

    /* JADX WARN: Code restructure failed: missing block: B:4:0x00a0, code lost:
    
        if (r1 != null) goto L8;
     */
    /* JADX WARN: Multi-variable type inference failed */
    @com.google.inject.Inject
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public S3KeyResolver(@org.jetbrains.annotations.NotNull wisp.deployment.Deployment r6, @org.jetbrains.annotations.NotNull com.amazonaws.services.s3.AmazonS3 r7, @misk.crypto.ExternalDataKeys @org.jetbrains.annotations.NotNull java.util.Map<java.lang.String, ? extends misk.crypto.KeyType> r8, @org.jetbrains.annotations.NotNull misk.crypto.BucketNameSource r9, @org.jetbrains.annotations.NotNull com.amazonaws.auth.AWSCredentialsProvider r10) {
        /*
            r5 = this;
            r0 = r6
            java.lang.String r1 = "deployment"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r0, r1)
            r0 = r7
            java.lang.String r1 = "defaultS3"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r0, r1)
            r0 = r8
            java.lang.String r1 = "allKeyAliases"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r0, r1)
            r0 = r9
            java.lang.String r1 = "bucketNameSource"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r0, r1)
            r0 = r10
            java.lang.String r1 = "awsCredentials"
            kotlin.jvm.internal.Intrinsics.checkNotNullParameter(r0, r1)
            r0 = r5
            r0.<init>()
            r0 = r5
            r1 = r6
            r0.deployment = r1
            r0 = r5
            r1 = r7
            r0.defaultS3 = r1
            r0 = r5
            r1 = r8
            r0.allKeyAliases = r1
            r0 = r5
            r1 = r9
            r0.bucketNameSource = r1
            r0 = r5
            r1 = r10
            r0.awsCredentials = r1
            r0 = r5
            r1 = r5
            misk.crypto.BucketNameSource r1 = r1.bucketNameSource
            r2 = r5
            wisp.deployment.Deployment r2 = r2.deployment
            java.lang.String r1 = r1.getBucketRegion(r2)
            r2 = r1
            if (r2 == 0) goto La6
            r11 = r1
            r1 = 0
            r12 = r1
            r1 = 0
            r13 = r1
            r1 = r11
            r14 = r1
            r16 = r0
            r0 = 0
            r15 = r0
            mu.KLogger r0 = misk.crypto.S3KeyResolver.logger
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r2 = r1
            r2.<init>()
            java.lang.String r2 = "creating S3ExternalKeyManager S3 client for "
            java.lang.StringBuilder r1 = r1.append(r2)
            r2 = r14
            java.lang.StringBuilder r1 = r1.append(r2)
            java.lang.String r1 = r1.toString()
            r0.info(r1)
            com.amazonaws.services.s3.AmazonS3ClientBuilder r0 = com.amazonaws.services.s3.AmazonS3ClientBuilder.standard()
            r1 = r14
            com.amazonaws.client.builder.AwsClientBuilder r0 = r0.withRegion(r1)
            com.amazonaws.services.s3.AmazonS3ClientBuilder r0 = (com.amazonaws.services.s3.AmazonS3ClientBuilder) r0
            r1 = r5
            com.amazonaws.auth.AWSCredentialsProvider r1 = r1.awsCredentials
            com.amazonaws.client.builder.AwsClientBuilder r0 = r0.withCredentials(r1)
            com.amazonaws.services.s3.AmazonS3ClientBuilder r0 = (com.amazonaws.services.s3.AmazonS3ClientBuilder) r0
            java.lang.Object r0 = r0.build()
            com.amazonaws.services.s3.AmazonS3 r0 = (com.amazonaws.services.s3.AmazonS3) r0
            r17 = r0
            r0 = r16
            r1 = r17
            r2 = r1
            if (r2 == 0) goto La6
            goto Lab
        La6:
            r1 = r5
            com.amazonaws.services.s3.AmazonS3 r1 = r1.defaultS3
        Lab:
            r0.s3 = r1
            r0 = r5
            misk.crypto.S3KeyResolver$keys$2 r1 = new misk.crypto.S3KeyResolver$keys$2
            r2 = r1
            r3 = r5
            r2.<init>()
            kotlin.jvm.functions.Function0 r1 = (kotlin.jvm.functions.Function0) r1
            kotlin.Lazy r1 = kotlin.LazyKt.lazy(r1)
            r0.keys$delegate = r1
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: misk.crypto.S3KeyResolver.<init>(wisp.deployment.Deployment, com.amazonaws.services.s3.AmazonS3, java.util.Map, misk.crypto.BucketNameSource, com.amazonaws.auth.AWSCredentialsProvider):void");
    }

    public /* synthetic */ S3KeyResolver(Deployment deployment, AmazonS3 amazonS3, Map map, BucketNameSource bucketNameSource, AWSCredentialsProvider aWSCredentialsProvider, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(deployment, amazonS3, map, (i & 8) != 0 ? new BucketNameSource() { // from class: misk.crypto.S3KeyResolver.1
            @Override // misk.crypto.BucketNameSource
            @NotNull
            public String getBucketName(@NotNull Deployment deployment2) {
                Intrinsics.checkNotNullParameter(deployment2, "deployment");
                return deployment2.mapToEnvironmentName();
            }

            @Override // misk.crypto.BucketNameSource
            @Nullable
            public String getBucketRegion(@NotNull Deployment deployment2) {
                Intrinsics.checkNotNullParameter(deployment2, "deployment");
                return BucketNameSource.DefaultImpls.getBucketRegion(this, deployment2);
            }
        } : bucketNameSource, aWSCredentialsProvider);
    }

    static {
        KotlinLogging kotlinLogging = KotlinLogging.INSTANCE;
        String qualifiedName = Reflection.getOrCreateKotlinClass(S3KeyResolver.class).getQualifiedName();
        Intrinsics.checkNotNull(qualifiedName);
        logger = kotlinLogging.logger(qualifiedName);
    }
}
