package internal.org.springframework.content.fragments;

import internal.org.springframework.content.encryption.engine.AesCtrEncryptionEngine;
import internal.org.springframework.content.encryption.keys.ContentPropertyDataEncryptionKeyAccessor;
import internal.org.springframework.content.encryption.keys.UnencryptedSymmetricDataEncryptionKeyWrapper;
import internal.org.springframework.content.encryption.keys.converter.ByteArrayToListConverter;
import internal.org.springframework.content.encryption.keys.converter.EncryptedSymmetricDataEncryptionKeyConverter;
import internal.org.springframework.content.encryption.keys.converter.ListToByteArrayConverter;
import internal.org.springframework.content.encryption.keys.converter.StoredDataEncryptionKeyGenericConverter;
import internal.org.springframework.content.encryption.keys.converter.UnencryptedSymmetricDataEncryptionKeyConverter;
import java.util.List;
import java.util.function.Consumer;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.content.commons.mappingcontext.MappingContext;
import org.springframework.content.commons.store.Store;
import org.springframework.content.encryption.config.EncryptingContentStoreConfiguration;
import org.springframework.content.encryption.engine.ContentEncryptionEngine;
import org.springframework.content.encryption.keys.DataEncryptionKeyAccessor;
import org.springframework.content.encryption.keys.DataEncryptionKeyWrapper;
import org.springframework.content.encryption.keys.StoredDataEncryptionKey;
import org.springframework.core.convert.converter.ConverterRegistry;
import org.springframework.core.convert.support.ConfigurableConversionService;
import org.springframework.core.convert.support.GenericConversionService;

/* loaded from: input_file:internal/org/springframework/content/fragments/EncryptingContentStoreConfigurationImpl.class */
class EncryptingContentStoreConfigurationImpl<S> implements EncryptingContentStoreConfiguration<S> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(EncryptingContentStoreConfigurationImpl.class);
    private DataEncryptionKeyAccessor<S, ? extends StoredDataEncryptionKey> dataEncryptionKeyAccessor;
    private List<DataEncryptionKeyWrapper<? extends StoredDataEncryptionKey>> dataEncryptionKeyWrappers;
    private ContentEncryptionEngine contentEncryptionEngine;
    private final ConfigurableConversionService conversionService = new GenericConversionService();

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptingContentStoreConfigurationImpl() {
        this.conversionService.addConverter(new ByteArrayToListConverter(this.conversionService));
        this.conversionService.addConverter(new ListToByteArrayConverter(this.conversionService));
        this.conversionService.addConverter(new StoredDataEncryptionKeyGenericConverter(this.conversionService));
        this.conversionService.addConverter(byte[].class, StoredDataEncryptionKey.UnencryptedSymmetricDataEncryptionKey.class, UnencryptedSymmetricDataEncryptionKeyConverter::convert);
        this.conversionService.addConverter(StoredDataEncryptionKey.UnencryptedSymmetricDataEncryptionKey.class, byte[].class, UnencryptedSymmetricDataEncryptionKeyConverter::convert);
        this.conversionService.addConverter(byte[].class, StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey.class, EncryptedSymmetricDataEncryptionKeyConverter::convert);
        this.conversionService.addConverter(StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey.class, byte[].class, EncryptedSymmetricDataEncryptionKeyConverter::convert);
    }

    @Override // org.springframework.content.encryption.config.EncryptingContentStoreConfiguration
    public EncryptingContentStoreConfiguration<S> dataEncryptionKeyAccessor(DataEncryptionKeyAccessor<S, ? extends StoredDataEncryptionKey> dataEncryptionKeyAccessor) {
        this.dataEncryptionKeyAccessor = dataEncryptionKeyAccessor;
        return this;
    }

    @Override // org.springframework.content.encryption.config.EncryptingContentStoreConfiguration
    public EncryptingContentStoreConfiguration<S> dataEncryptionKeyWrappers(List<DataEncryptionKeyWrapper<? extends StoredDataEncryptionKey>> list) {
        this.dataEncryptionKeyWrappers = List.copyOf(list);
        return this;
    }

    @Override // org.springframework.content.encryption.config.EncryptingContentStoreConfiguration
    public EncryptingContentStoreConfiguration<S> contentEncryptionEngine(ContentEncryptionEngine contentEncryptionEngine) {
        this.contentEncryptionEngine = contentEncryptionEngine;
        return this;
    }

    @Override // org.springframework.content.encryption.config.EncryptingContentStoreConfiguration
    public EncryptingContentStoreConfiguration<S> encryptionKeyContentProperty(String str) {
        return dataEncryptionKeyAccessor(new ContentPropertyDataEncryptionKeyAccessor(str, this.conversionService));
    }

    @Override // org.springframework.content.encryption.config.EncryptingContentStoreConfiguration
    public EncryptingContentStoreConfiguration<S> unencryptedDataEncryptionKeys() {
        return dataEncryptionKeyWrappers(List.of(new UnencryptedSymmetricDataEncryptionKeyWrapper()));
    }

    @Override // org.springframework.content.encryption.config.EncryptingContentStoreConfiguration
    public EncryptingContentStoreConfiguration<S> configureConverters(Consumer<ConverterRegistry> consumer) {
        consumer.accept(this.conversionService);
        return this;
    }

    @Override // org.springframework.content.encryption.config.EncryptingContentStoreConfiguration
    public EncryptingContentStoreConfiguration<S> contentEncryptionMethod(EncryptingContentStoreConfiguration.ContentEncryptionMethod contentEncryptionMethod) {
        AesCtrEncryptionEngine aesCtrEncryptionEngine;
        switch (contentEncryptionMethod) {
            case AES_CTR_128:
                aesCtrEncryptionEngine = new AesCtrEncryptionEngine(128);
                break;
            case AES_CTR_192:
                aesCtrEncryptionEngine = new AesCtrEncryptionEngine(192);
                break;
            case AES_CTR_256:
                aesCtrEncryptionEngine = new AesCtrEncryptionEngine(256);
                break;
            default:
                throw new IncompatibleClassChangeError();
        }
        return contentEncryptionEngine(aesCtrEncryptionEngine);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContentCryptoService<S, ?> initializeCryptoService(MappingContext mappingContext, Class<? extends Store<?>> cls) {
        if (this.dataEncryptionKeyAccessor == null) {
            encryptionKeyContentProperty("encryption");
        }
        if (this.dataEncryptionKeyWrappers == null) {
            log.warn("Data Encryption Keys are NOT encrypted: No DataEncryptionKeyWrapper configured on store {}", cls);
            unencryptedDataEncryptionKeys();
        }
        if (this.contentEncryptionEngine == null) {
            log.warn("Using AES-CTR-128 as default encryption for store {}", cls);
            contentEncryptionMethod(EncryptingContentStoreConfiguration.ContentEncryptionMethod.AES_CTR_128);
        }
        if (this.dataEncryptionKeyWrappers.isEmpty()) {
            throw new IllegalStateException("No DataEncryptionKeyWrappers configured on store %s. Refusing to start as encrypted content would be unrecoverable.".formatted(cls));
        }
        return new ContentCryptoService<>(mappingContext, this.dataEncryptionKeyAccessor, this.dataEncryptionKeyWrappers, this.contentEncryptionEngine);
    }
}
