package org.apache.james.blob.aes;

import com.github.fge.lambdas.Throwing;
import com.google.common.base.Preconditions;
import com.google.common.io.ByteSource;
import com.google.common.io.FileBackedOutputStream;
import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.Objects;
import org.apache.commons.io.IOUtils;
import org.apache.james.blob.api.BlobId;
import org.apache.james.blob.api.BlobStoreDAO;
import org.apache.james.blob.api.BucketName;
import org.apache.james.blob.api.ObjectNotFoundException;
import org.apache.james.blob.api.ObjectStoreIOException;
import org.reactivestreams.Publisher;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/apache/james/blob/aes/AESBlobStoreDAO.class */
public class AESBlobStoreDAO implements BlobStoreDAO {
    public static final int FILE_THRESHOLD_100_KB = 102400;
    private final BlobStoreDAO underlying;
    private final AesGcmHkdfStreaming streamingAead;

    public AESBlobStoreDAO(BlobStoreDAO blobStoreDAO, CryptoConfig cryptoConfig) {
        this.underlying = blobStoreDAO;
        this.streamingAead = PBKDF2StreamingAeadFactory.newAesGcmHkdfStreaming(cryptoConfig);
    }

    public FileBackedOutputStream encrypt(InputStream inputStream) {
        try {
            FileBackedOutputStream fileBackedOutputStream = new FileBackedOutputStream(FILE_THRESHOLD_100_KB);
            try {
                OutputStream newEncryptingStream = this.streamingAead.newEncryptingStream(fileBackedOutputStream, PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
                inputStream.transferTo(newEncryptingStream);
                newEncryptingStream.close();
                fileBackedOutputStream.close();
                return fileBackedOutputStream;
            } catch (Throwable th) {
                try {
                    fileBackedOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException("Unable to build payload for object storage, failed to encrypt", e);
        }
    }

    public InputStream decrypt(InputStream inputStream) throws IOException {
        try {
            return this.streamingAead.newDecryptingStream(inputStream, PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
        } catch (GeneralSecurityException e) {
            throw new IOException("Incorrect crypto setup", e);
        }
    }

    public InputStream read(BucketName bucketName, BlobId blobId) throws ObjectStoreIOException, ObjectNotFoundException {
        try {
            return decrypt(this.underlying.read(bucketName, blobId));
        } catch (IOException e) {
            throw new ObjectStoreIOException("Error reading blob " + blobId.asString(), e);
        }
    }

    public Publisher<InputStream> readReactive(BucketName bucketName, BlobId blobId) {
        return Mono.from(this.underlying.readReactive(bucketName, blobId)).map(Throwing.function(this::decrypt));
    }

    public Publisher<byte[]> readBytes(BucketName bucketName, BlobId blobId) {
        return Mono.from(this.underlying.readBytes(bucketName, blobId)).map(ByteArrayInputStream::new).map(Throwing.function((v1) -> {
            return decrypt(v1);
        })).map(Throwing.function(IOUtils::toByteArray));
    }

    public Publisher<Void> save(BucketName bucketName, BlobId blobId, byte[] bArr) {
        Preconditions.checkNotNull(bucketName);
        Preconditions.checkNotNull(blobId);
        Preconditions.checkNotNull(bArr);
        return save(bucketName, blobId, new ByteArrayInputStream(bArr));
    }

    public Publisher<Void> save(BucketName bucketName, BlobId blobId, InputStream inputStream) {
        Preconditions.checkNotNull(bucketName);
        Preconditions.checkNotNull(blobId);
        Preconditions.checkNotNull(inputStream);
        return Mono.using(() -> {
            return encrypt(inputStream);
        }, fileBackedOutputStream -> {
            return Mono.from(this.underlying.save(bucketName, blobId, fileBackedOutputStream.asByteSource()));
        }, Throwing.consumer((v0) -> {
            v0.reset();
        })).onErrorMap(th -> {
            return new ObjectStoreIOException("Exception occurred while saving bytearray", th);
        });
    }

    public Publisher<Void> save(BucketName bucketName, BlobId blobId, ByteSource byteSource) {
        Preconditions.checkNotNull(bucketName);
        Preconditions.checkNotNull(blobId);
        Preconditions.checkNotNull(byteSource);
        Objects.requireNonNull(byteSource);
        return Mono.using(byteSource::openStream, inputStream -> {
            return Mono.from(save(bucketName, blobId, inputStream));
        }, Throwing.consumer((v0) -> {
            v0.close();
        }));
    }

    public Publisher<Void> delete(BucketName bucketName, BlobId blobId) {
        return this.underlying.delete(bucketName, blobId);
    }

    public Publisher<Void> delete(BucketName bucketName, Collection<BlobId> collection) {
        return this.underlying.delete(bucketName, collection);
    }

    public Publisher<Void> deleteBucket(BucketName bucketName) {
        return this.underlying.deleteBucket(bucketName);
    }

    public Publisher<BucketName> listBuckets() {
        return this.underlying.listBuckets();
    }

    public Publisher<BlobId> listBlobs(BucketName bucketName) {
        return this.underlying.listBlobs(bucketName);
    }
}
