package io.confluent.kafka.schemaregistry.encryption.azure;

import com.azure.security.keyvault.keys.cryptography.CryptographyClient;
import com.azure.security.keyvault.keys.cryptography.models.DecryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptResult;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeyTemplates;
import com.google.crypto.tink.KeysetHandle;
import io.confluent.kafka.schemaregistry.encryption.FieldEncryptionExecutor;
import io.confluent.kafka.schemaregistry.encryption.FieldEncryptionProperties;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:io/confluent/kafka/schemaregistry/encryption/azure/AzureFieldEncryptionProperties.class */
public class AzureFieldEncryptionProperties extends FieldEncryptionProperties {
    public AzureFieldEncryptionProperties(List<String> list) {
        super(list);
    }

    public AzureFieldEncryptionProperties(List<String> list, Class<?> cls) {
        super(list, cls);
    }

    public String getKmsType() {
        return "azure-kms";
    }

    public String getKmsKeyId() {
        return "https://yokota1.vault.azure.net/keys/key1/1234567890";
    }

    public Map<String, Object> getClientProperties(String str) throws Exception {
        List<String> ruleNames = getRuleNames();
        HashMap hashMap = new HashMap();
        hashMap.put("schema.registry.url", str);
        hashMap.put("auto.register.schemas", "false");
        hashMap.put("use.latest.version", "true");
        hashMap.put("latest.cache.ttl.sec", "60");
        hashMap.put("rule.executors", String.join(",", ruleNames));
        for (String str2 : ruleNames) {
            hashMap.put("rule.executors." + str2 + ".class", getRuleExecutor().getName());
            hashMap.put("rule.executors." + str2 + ".param.test.client", getTestClient());
        }
        return hashMap;
    }

    public Object getTestClient() throws Exception {
        return mockClient(getKmsKeyId());
    }

    static CryptographyClient mockClient(String str) throws Exception {
        Aead aead = (Aead) KeysetHandle.generateNew(KeyTemplates.get("AES128_GCM")).getPrimitive(Aead.class);
        CryptographyClient cryptographyClient = (CryptographyClient) Mockito.mock(CryptographyClient.class);
        Mockito.when(cryptographyClient.encrypt((EncryptionAlgorithm) ArgumentMatchers.any(EncryptionAlgorithm.class), (byte[]) ArgumentMatchers.any(byte[].class))).thenAnswer(invocationOnMock -> {
            return new EncryptResult(aead.encrypt((byte[]) invocationOnMock.getArgument(1), FieldEncryptionExecutor.EMPTY_AAD), (EncryptionAlgorithm) invocationOnMock.getArgument(0), str);
        });
        Mockito.when(cryptographyClient.decrypt((EncryptionAlgorithm) ArgumentMatchers.any(EncryptionAlgorithm.class), (byte[]) ArgumentMatchers.any(byte[].class))).thenAnswer(invocationOnMock2 -> {
            return new DecryptResult(aead.decrypt((byte[]) invocationOnMock2.getArgument(1), FieldEncryptionExecutor.EMPTY_AAD), (EncryptionAlgorithm) invocationOnMock2.getArgument(0), str);
        });
        return cryptographyClient;
    }
}
