package com.azure.cosmos.encryption.implementation;

import com.azure.cosmos.encryption.implementation.EncryptionImplementationBridgeHelpers;
import com.azure.cosmos.encryption.implementation.mdesrc.cryptography.AeadAes256CbcHmac256EncryptionAlgorithm;
import com.azure.cosmos.encryption.implementation.mdesrc.cryptography.EncryptionKeyStoreProvider;
import com.azure.cosmos.encryption.implementation.mdesrc.cryptography.EncryptionType;
import com.azure.cosmos.encryption.implementation.mdesrc.cryptography.KeyEncryptionKey;
import com.azure.cosmos.encryption.implementation.mdesrc.cryptography.MicrosoftDataEncryptionException;
import com.azure.cosmos.encryption.implementation.mdesrc.cryptography.ProtectedDataEncryptionKey;
import com.azure.cosmos.encryption.models.CosmosEncryptionType;
import com.azure.cosmos.implementation.Utils;
import com.azure.cosmos.implementation.caches.AsyncCache;
import com.azure.cosmos.models.ClientEncryptionIncludedPath;
import com.azure.cosmos.models.CosmosClientEncryptionKeyProperties;
import com.azure.cosmos.models.CosmosContainerProperties;
import java.security.InvalidKeyException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import reactor.util.retry.Retry;

/* loaded from: input_file:com/azure/cosmos/encryption/implementation/EncryptionSettings.class */
public final class EncryptionSettings {
    private AsyncCache<String, CachedEncryptionSettings> encryptionSettingCacheByPropertyName = new AsyncCache<>();
    private String clientEncryptionKeyId;
    private Instant encryptionSettingTimeToLive;
    private ProtectedDataEncryptionKey dataEncryptionKey;
    private AeadAes256CbcHmac256EncryptionAlgorithm aeadAes256CbcHmac256EncryptionAlgorithm;
    private EncryptionType encryptionType;
    private String databaseRid;
    private CosmosClientEncryptionKeyProperties cosmosClientEncryptionKeyProperties;
    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptionSettings.class);
    private static final EncryptionImplementationBridgeHelpers.CosmosEncryptionAsyncClientHelper.CosmosEncryptionAsyncClientAccessor cosmosEncryptionAsyncClientAccessor = EncryptionImplementationBridgeHelpers.CosmosEncryptionAsyncClientHelper.getCosmosEncryptionAsyncClientAccessor();

    public Mono<EncryptionSettings> getEncryptionSettingForPropertyAsync(String str, EncryptionProcessor encryptionProcessor) {
        return this.encryptionSettingCacheByPropertyName.getAsync(str, (Object) null, () -> {
            return fetchCachedEncryptionSettingsAsync(str, encryptionProcessor);
        }).flatMap(cachedEncryptionSettings -> {
            return cachedEncryptionSettings == null ? Mono.empty() : cachedEncryptionSettings.getEncryptionSettingsExpiryUtc().isBefore(Instant.now()) ? this.encryptionSettingCacheByPropertyName.getAsync(str, cachedEncryptionSettings, () -> {
                return fetchCachedEncryptionSettingsAsync(str, encryptionProcessor);
            }).map(cachedEncryptionSettings -> {
                return cachedEncryptionSettings.getEncryptionSettings();
            }) : Mono.just(cachedEncryptionSettings.getEncryptionSettings());
        });
    }

    Mono<CachedEncryptionSettings> fetchCachedEncryptionSettingsAsync(String str, EncryptionProcessor encryptionProcessor) {
        Mono<CosmosContainerProperties> containerPropertiesAsync = cosmosEncryptionAsyncClientAccessor.getContainerPropertiesAsync(encryptionProcessor.getEncryptionCosmosClient(), encryptionProcessor.getCosmosAsyncContainer(), false);
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        AtomicBoolean atomicBoolean2 = new AtomicBoolean(false);
        return containerPropertiesAsync.flatMap(cosmosContainerProperties -> {
            if (cosmosContainerProperties.getClientEncryptionPolicy() != null) {
                for (ClientEncryptionIncludedPath clientEncryptionIncludedPath : cosmosContainerProperties.getClientEncryptionPolicy().getIncludedPaths()) {
                    if (clientEncryptionIncludedPath.getPath().substring(1).equals(str)) {
                        AtomicReference atomicReference = new AtomicReference();
                        return cosmosEncryptionAsyncClientAccessor.getClientEncryptionPropertiesAsync(encryptionProcessor.getEncryptionCosmosClient(), clientEncryptionIncludedPath.getClientEncryptionKeyId(), this.databaseRid, encryptionProcessor.getCosmosAsyncContainer(), atomicBoolean.get(), (String) atomicReference.get(), atomicBoolean2.get()).publishOn(Schedulers.boundedElastic()).flatMap(cosmosClientEncryptionKeyProperties -> {
                            this.cosmosClientEncryptionKeyProperties = cosmosClientEncryptionKeyProperties;
                            try {
                                ProtectedDataEncryptionKey buildProtectedDataEncryptionKey = buildProtectedDataEncryptionKey(cosmosClientEncryptionKeyProperties, encryptionProcessor.getEncryptionKeyStoreProviderImpl(), clientEncryptionIncludedPath.getClientEncryptionKeyId());
                                EncryptionSettings encryptionSettings = new EncryptionSettings();
                                encryptionSettings.setDatabaseRid(this.databaseRid);
                                encryptionSettings.encryptionSettingTimeToLive = Instant.now().plus((TemporalAmount) Duration.ofMinutes(60L));
                                encryptionSettings.clientEncryptionKeyId = clientEncryptionIncludedPath.getClientEncryptionKeyId();
                                encryptionSettings.dataEncryptionKey = buildProtectedDataEncryptionKey;
                                EncryptionType encryptionType = EncryptionType.Plaintext;
                                switch (CosmosEncryptionType.get(clientEncryptionIncludedPath.getEncryptionType())) {
                                    case DETERMINISTIC:
                                        encryptionType = EncryptionType.Deterministic;
                                        break;
                                    case RANDOMIZED:
                                        encryptionType = EncryptionType.Randomized;
                                        break;
                                    default:
                                        LOGGER.debug("Invalid encryption type {}", clientEncryptionIncludedPath.getEncryptionType());
                                        break;
                                }
                                try {
                                    EncryptionSettings create = create(encryptionSettings, encryptionType);
                                    return Mono.just(new CachedEncryptionSettings(create, create.encryptionSettingTimeToLive));
                                } catch (MicrosoftDataEncryptionException e) {
                                    return Mono.error(e);
                                }
                            } catch (Exception e2) {
                                return Mono.error(e2);
                            }
                        }).retryWhen(Retry.withThrowable(flux -> {
                            return flux.flatMap(th -> {
                                InvalidKeyException invalidKeyException = (InvalidKeyException) Utils.as(th, InvalidKeyException.class);
                                if (invalidKeyException != null && !atomicBoolean.get()) {
                                    atomicBoolean.set(true);
                                    return Mono.delay(Duration.ZERO).flux();
                                }
                                if (invalidKeyException == null || atomicBoolean2.get()) {
                                    return Flux.error(th);
                                }
                                atomicBoolean2.set(true);
                                atomicReference.set(this.cosmosClientEncryptionKeyProperties.getETag());
                                return Mono.delay(Duration.ZERO).flux();
                            });
                        }));
                    }
                }
            }
            return Mono.empty();
        });
    }

    public ProtectedDataEncryptionKey buildProtectedDataEncryptionKey(CosmosClientEncryptionKeyProperties cosmosClientEncryptionKeyProperties, EncryptionKeyStoreProvider encryptionKeyStoreProvider, String str) throws Exception {
        return ProtectedDataEncryptionKey.getOrCreate(str, KeyEncryptionKey.getOrCreate(cosmosClientEncryptionKeyProperties.getEncryptionKeyWrapMetadata().getName(), cosmosClientEncryptionKeyProperties.getEncryptionKeyWrapMetadata().getValue(), encryptionKeyStoreProvider, false), cosmosClientEncryptionKeyProperties.getWrappedDataEncryptionKey());
    }

    String getClientEncryptionKeyId() {
        return this.clientEncryptionKeyId;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setClientEncryptionKeyId(String str) {
        this.clientEncryptionKeyId = str;
    }

    AsyncCache<String, CachedEncryptionSettings> getEncryptionSettingCacheByPropertyName() {
        return this.encryptionSettingCacheByPropertyName;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Instant getEncryptionSettingTimeToLive() {
        return this.encryptionSettingTimeToLive;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setEncryptionSettingTimeToLive(Instant instant) {
        this.encryptionSettingTimeToLive = instant;
    }

    ProtectedDataEncryptionKey getDataEncryptionKey() {
        return this.dataEncryptionKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setDataEncryptionKey(ProtectedDataEncryptionKey protectedDataEncryptionKey) {
        this.dataEncryptionKey = protectedDataEncryptionKey;
    }

    public void setEncryptionSettingCacheByPropertyName(AsyncCache<String, CachedEncryptionSettings> asyncCache) {
        this.encryptionSettingCacheByPropertyName = asyncCache;
    }

    public AeadAes256CbcHmac256EncryptionAlgorithm getAeadAes256CbcHmac256EncryptionAlgorithm() {
        return this.aeadAes256CbcHmac256EncryptionAlgorithm;
    }

    void setAeadAes256CbcHmac256EncryptionAlgorithm(AeadAes256CbcHmac256EncryptionAlgorithm aeadAes256CbcHmac256EncryptionAlgorithm) {
        this.aeadAes256CbcHmac256EncryptionAlgorithm = aeadAes256CbcHmac256EncryptionAlgorithm;
    }

    public EncryptionType getEncryptionType() {
        return this.encryptionType;
    }

    public void setEncryptionType(EncryptionType encryptionType) {
        this.encryptionType = encryptionType;
    }

    public String getDatabaseRid() {
        return this.databaseRid;
    }

    public void setDatabaseRid(String str) {
        this.databaseRid = str;
    }

    public void setEncryptionSettingForProperty(String str, EncryptionSettings encryptionSettings, Instant instant) {
        this.encryptionSettingCacheByPropertyName.set(str, new CachedEncryptionSettings(encryptionSettings, instant));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptionSettings create(EncryptionSettings encryptionSettings, EncryptionType encryptionType) throws MicrosoftDataEncryptionException {
        EncryptionSettings encryptionSettings2 = new EncryptionSettings();
        encryptionSettings2.setDatabaseRid(encryptionSettings.getDatabaseRid());
        encryptionSettings2.setClientEncryptionKeyId(encryptionSettings.clientEncryptionKeyId);
        encryptionSettings2.setDataEncryptionKey(encryptionSettings.getDataEncryptionKey());
        encryptionSettings2.setEncryptionSettingTimeToLive(encryptionSettings.getEncryptionSettingTimeToLive());
        encryptionSettings2.setEncryptionType(encryptionType);
        encryptionSettings2.setAeadAes256CbcHmac256EncryptionAlgorithm(AeadAes256CbcHmac256EncryptionAlgorithm.getOrCreate(encryptionSettings.getDataEncryptionKey(), encryptionType));
        return encryptionSettings2;
    }
}
