package io.confluent.kafka.schemaregistry.encryption.azure;

import com.azure.core.exception.AzureException;
import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.google.crypto.tink.Aead;
import java.security.GeneralSecurityException;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/encryption/azure/AzureKmsAead.class */
public final class AzureKmsAead implements Aead {
    private final CryptographyClient kmsClient;
    private final EncryptionAlgorithm algorithm;

    public AzureKmsAead(CryptographyClient cryptographyClient, EncryptionAlgorithm encryptionAlgorithm) {
        this.kmsClient = cryptographyClient;
        this.algorithm = encryptionAlgorithm;
    }

    public byte[] encrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        try {
            return this.kmsClient.encrypt(this.algorithm, bArr).getCipherText();
        } catch (AzureException e) {
            throw new GeneralSecurityException("encryption failed", e);
        }
    }

    public byte[] decrypt(byte[] bArr, byte[] bArr2) throws GeneralSecurityException {
        try {
            return this.kmsClient.decrypt(this.algorithm, bArr).getPlainText();
        } catch (AzureException e) {
            throw new GeneralSecurityException("decryption failed", e);
        }
    }
}
