package misk.crypto;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
import com.amazonaws.services.s3.model.AmazonS3Exception;
import com.amazonaws.services.s3.model.S3Object;
import com.google.inject.Inject;
import java.util.LinkedHashMap;
import java.util.Map;
import kotlin.Lazy;
import kotlin.LazyKt;
import kotlin.Metadata;
import kotlin.collections.MapsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.text.Charsets;
import misk.config.MiskConfig;
import misk.crypto.BucketNameSource;
import mu.KLogger;
import mu.KotlinLogging;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import wisp.deployment.Deployment;

/* compiled from: S3KeyResolver.kt */
@Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��F\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\f\u0018��  2\u00020\u0001:\u0001 BC\b\u0007\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0018\b\u0001\u0010\u0006\u001a\u0012\u0012\b\u0012\u00060\bj\u0002`\t\u0012\u0004\u0012\u00020\n0\u0007\u0012\b\b\u0002\u0010\u000b\u001a\u00020\f\u0012\u0006\u0010\r\u001a\u00020\u000e¢\u0006\u0002\u0010\u000fJ\u0016\u0010\u001b\u001a\u0004\u0018\u00010\u00142\n\u0010\u001c\u001a\u00060\bj\u0002`\tH\u0016J\u001c\u0010\u001d\u001a\u00020\u00142\n\u0010\u001c\u001a\u00060\bj\u0002`\t2\u0006\u0010\u001e\u001a\u00020\nH\u0002J\u0010\u0010\u001f\u001a\u00020\b2\u0006\u0010\u001c\u001a\u00020\bH\u0002R$\u0010\u0006\u001a\u0012\u0012\b\u0012\u00060\bj\u0002`\t\u0012\u0004\u0012\u00020\n0\u0007X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u0010\u0010\u0011R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u0004¢\u0006\u0002\n��R\u0010\u0010\u000b\u001a\u00020\f8\u0002X\u0083\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R7\u0010\u0012\u001a\u001e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\u00140\u0013j\u000e\u0012\u0004\u0012\u00020\b\u0012\u0004\u0012\u00020\u0014`\u00158BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\u0018\u0010\u0019\u001a\u0004\b\u0016\u0010\u0017R\u000e\u0010\u001a\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006!"}, d2 = {"Lmisk/crypto/S3KeyResolver;", "Lmisk/crypto/ExternalKeyResolver;", "deployment", "Lwisp/deployment/Deployment;", "defaultS3", "Lcom/amazonaws/services/s3/AmazonS3;", "allKeyAliases", "", "", "Lmisk/crypto/KeyAlias;", "Lmisk/crypto/KeyType;", "bucketNameSource", "Lmisk/crypto/BucketNameSource;", "awsCredentials", "Lcom/amazonaws/auth/AWSCredentialsProvider;", "(Lwisp/deployment/Deployment;Lcom/amazonaws/services/s3/AmazonS3;Ljava/util/Map;Lmisk/crypto/BucketNameSource;Lcom/amazonaws/auth/AWSCredentialsProvider;)V", "getAllKeyAliases", "()Ljava/util/Map;", "keys", "Ljava/util/LinkedHashMap;", "Lmisk/crypto/Key;", "Lkotlin/collections/LinkedHashMap;", "getKeys", "()Ljava/util/LinkedHashMap;", "keys$delegate", "Lkotlin/Lazy;", "s3", "getKeyByAlias", "alias", "getRemoteKey", "type", "objectPath", "Companion", "misk-crypto"})
/* loaded from: input_file:misk/crypto/S3KeyResolver.class */
public final class S3KeyResolver implements ExternalKeyResolver {

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private final Deployment deployment;

    @NotNull
    private final AmazonS3 defaultS3;

    @NotNull
    private final Map<String, KeyType> allKeyAliases;

    @Inject(optional = true)
    @NotNull
    private final BucketNameSource bucketNameSource;

    @NotNull
    private final AWSCredentialsProvider awsCredentials;

    @NotNull
    private final AmazonS3 s3;

    @NotNull
    private final Lazy keys$delegate;

    @NotNull
    private static final String METADATA_KEY_KMS_ARN = "kms-key-arn";

    @NotNull
    private static final String METADATA_KEY_KEY_TYPE = "key-type";

    @NotNull
    private static final KLogger logger;

    /* compiled from: S3KeyResolver.kt */
    @Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006\b"}, d2 = {"Lmisk/crypto/S3KeyResolver$Companion;", "", "()V", "METADATA_KEY_KEY_TYPE", "", "METADATA_KEY_KMS_ARN", "logger", "Lmu/KLogger;", "misk-crypto"})
    /* loaded from: input_file:misk/crypto/S3KeyResolver$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Inject
    public S3KeyResolver(@NotNull Deployment deployment, @NotNull AmazonS3 amazonS3, @ExternalDataKeys @NotNull Map<String, ? extends KeyType> map, @NotNull BucketNameSource bucketNameSource, @NotNull AWSCredentialsProvider aWSCredentialsProvider) {
        AmazonS3 amazonS32;
        Intrinsics.checkNotNullParameter(deployment, "deployment");
        Intrinsics.checkNotNullParameter(amazonS3, "defaultS3");
        Intrinsics.checkNotNullParameter(map, "allKeyAliases");
        Intrinsics.checkNotNullParameter(bucketNameSource, "bucketNameSource");
        Intrinsics.checkNotNullParameter(aWSCredentialsProvider, "awsCredentials");
        this.deployment = deployment;
        this.defaultS3 = amazonS3;
        this.allKeyAliases = map;
        this.bucketNameSource = bucketNameSource;
        this.awsCredentials = aWSCredentialsProvider;
        S3KeyResolver s3KeyResolver = this;
        String bucketRegion = this.bucketNameSource.getBucketRegion(this.deployment);
        if (bucketRegion == null) {
            amazonS32 = null;
        } else {
            logger.info(Intrinsics.stringPlus("creating S3ExternalKeyManager S3 client for ", bucketRegion));
            s3KeyResolver = s3KeyResolver;
            amazonS32 = (AmazonS3) AmazonS3ClientBuilder.standard().withRegion(bucketRegion).withCredentials(this.awsCredentials).build();
        }
        AmazonS3 amazonS33 = amazonS32;
        s3KeyResolver.s3 = amazonS33 == null ? this.defaultS3 : amazonS33;
        this.keys$delegate = LazyKt.lazy(new Function0<LinkedHashMap<String, Key>>() { // from class: misk.crypto.S3KeyResolver$keys$2
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }

            @NotNull
            /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
            public final LinkedHashMap<String, Key> m18invoke() {
                KLogger kLogger;
                Key remoteKey;
                LinkedHashMap<String, Key> linkedHashMap = new LinkedHashMap<>();
                Map<String, KeyType> allKeyAliases = S3KeyResolver.this.getAllKeyAliases();
                S3KeyResolver s3KeyResolver2 = S3KeyResolver.this;
                LinkedHashMap linkedHashMap2 = new LinkedHashMap(MapsKt.mapCapacity(allKeyAliases.size()));
                for (Object obj : allKeyAliases.entrySet()) {
                    Object key = ((Map.Entry) obj).getKey();
                    Map.Entry entry = (Map.Entry) obj;
                    final String str = (String) entry.getKey();
                    KeyType keyType = (KeyType) entry.getValue();
                    kLogger = S3KeyResolver.logger;
                    kLogger.info(new Function0<Object>() { // from class: misk.crypto.S3KeyResolver$keys$2$1$1
                        /* JADX INFO: Access modifiers changed from: package-private */
                        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                        {
                            super(0);
                        }

                        @Nullable
                        public final Object invoke() {
                            return Intrinsics.stringPlus("registering external key: ", str);
                        }
                    });
                    remoteKey = s3KeyResolver2.getRemoteKey(str, keyType);
                    linkedHashMap2.put(key, remoteKey);
                }
                MapsKt.toMap(linkedHashMap2, linkedHashMap);
                return linkedHashMap;
            }
        });
    }

    public /* synthetic */ S3KeyResolver(Deployment deployment, AmazonS3 amazonS3, Map map, BucketNameSource bucketNameSource, AWSCredentialsProvider aWSCredentialsProvider, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(deployment, amazonS3, map, (i & 8) != 0 ? new BucketNameSource() { // from class: misk.crypto.S3KeyResolver.1
            @Override // misk.crypto.BucketNameSource
            @NotNull
            public String getBucketName(@NotNull Deployment deployment2) {
                Intrinsics.checkNotNullParameter(deployment2, "deployment");
                return deployment2.mapToEnvironmentName();
            }

            @Override // misk.crypto.BucketNameSource
            @Nullable
            public String getBucketRegion(@NotNull Deployment deployment2) {
                return BucketNameSource.DefaultImpls.getBucketRegion(this, deployment2);
            }
        } : bucketNameSource, aWSCredentialsProvider);
    }

    @Override // misk.crypto.KeyResolver
    @NotNull
    public Map<String, KeyType> getAllKeyAliases() {
        return this.allKeyAliases;
    }

    private final String objectPath(String str) {
        StringBuilder append = new StringBuilder().append(str).append('/');
        String regionName = this.defaultS3.getRegionName();
        Intrinsics.checkNotNullExpressionValue(regionName, "defaultS3.regionName");
        String lowerCase = regionName.toLowerCase();
        Intrinsics.checkNotNullExpressionValue(lowerCase, "(this as java.lang.String).toLowerCase()");
        return append.append(lowerCase).toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Key getRemoteKey(String str, KeyType keyType) {
        String objectPath = objectPath(str);
        String bucketName = this.bucketNameSource.getBucketName(this.deployment);
        try {
            S3Object object = this.s3.getObject(bucketName, objectPath);
            String userMetaDataOf = object.getObjectMetadata().getUserMetaDataOf(METADATA_KEY_KMS_ARN);
            String userMetaDataOf2 = object.getObjectMetadata().getUserMetaDataOf(METADATA_KEY_KEY_TYPE);
            Intrinsics.checkNotNullExpressionValue(userMetaDataOf2, "keyTypeDescription");
            String upperCase = userMetaDataOf2.toUpperCase();
            Intrinsics.checkNotNullExpressionValue(upperCase, "(this as java.lang.String).toUpperCase()");
            KeyType valueOf = KeyType.valueOf(upperCase);
            if (valueOf != keyType) {
                throw new ExternalKeyManagerException("type provided does not match type of remote key");
            }
            byte[] readAllBytes = object.getObjectContent().readAllBytes();
            Intrinsics.checkNotNullExpressionValue(readAllBytes, "obj.objectContent.readAllBytes()");
            return new Key(str, valueOf, new MiskConfig.RealSecret(new String(readAllBytes, Charsets.UTF_8)), userMetaDataOf);
        } catch (AmazonS3Exception e) {
            throw new ExternalKeyManagerException("key alias not accessible: " + str + " (bucket '" + bucketName + "', " + e + ')');
        }
    }

    private final LinkedHashMap<String, Key> getKeys() {
        return (LinkedHashMap) this.keys$delegate.getValue();
    }

    @Override // misk.crypto.KeyResolver
    @Nullable
    public Key getKeyByAlias(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "alias");
        return getKeys().get(str);
    }

    static {
        KotlinLogging kotlinLogging = KotlinLogging.INSTANCE;
        String qualifiedName = Reflection.getOrCreateKotlinClass(S3KeyResolver.class).getQualifiedName();
        Intrinsics.checkNotNull(qualifiedName);
        logger = kotlinLogging.logger(qualifiedName);
    }
}
