package org.springframework.content.encryption.keys;

import java.nio.charset.StandardCharsets;
import java.util.Objects;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.springframework.content.encryption.engine.ContentEncryptionEngine;
import org.springframework.content.encryption.keys.StoredDataEncryptionKey;
import org.springframework.vault.core.VaultTransitOperations;
import org.springframework.vault.support.Ciphertext;
import org.springframework.vault.support.Plaintext;

/* loaded from: input_file:org/springframework/content/encryption/keys/VaultTransitDataEncryptionKeyWrapper.class */
public class VaultTransitDataEncryptionKeyWrapper implements DataEncryptionKeyWrapper<StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey> {
    private static final String WRAPPING_ALGORITHM = "vault-transit";
    private final VaultTransitOperations transitOperations;
    private final String wrappingKeyId;

    @Override // org.springframework.content.encryption.keys.DataEncryptionKeyWrapper
    public boolean supports(StoredDataEncryptionKey storedDataEncryptionKey) {
        if (!(storedDataEncryptionKey instanceof StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey)) {
            return false;
        }
        StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey encryptedSymmetricDataEncryptionKey = (StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey) storedDataEncryptionKey;
        return Objects.equals(encryptedSymmetricDataEncryptionKey.getWrappingAlgorithm(), WRAPPING_ALGORITHM) && Objects.equals(encryptedSymmetricDataEncryptionKey.getWrappingKeyId(), this.wrappingKeyId);
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.springframework.content.encryption.keys.DataEncryptionKeyWrapper
    public StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey wrapEncryptionKey(ContentEncryptionEngine.EncryptionParameters encryptionParameters) {
        Ciphertext encrypt = this.transitOperations.encrypt(this.wrappingKeyId, Plaintext.of(encryptionParameters.getSecretKey().getEncoded()));
        return new StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey(WRAPPING_ALGORITHM, this.wrappingKeyId, Integer.toString(encrypt.getContext().getKeyVersion()), encryptionParameters.getSecretKey().getAlgorithm(), encrypt.getCiphertext().getBytes(StandardCharsets.UTF_8), encryptionParameters.getInitializationVector());
    }

    @Override // org.springframework.content.encryption.keys.DataEncryptionKeyWrapper
    public ContentEncryptionEngine.EncryptionParameters unwrapEncryptionKey(StoredDataEncryptionKey.EncryptedSymmetricDataEncryptionKey encryptedSymmetricDataEncryptionKey) {
        return new ContentEncryptionEngine.EncryptionParameters(new SecretKeySpec(this.transitOperations.decrypt(this.wrappingKeyId, Ciphertext.of(new String(encryptedSymmetricDataEncryptionKey.getEncryptedKeyData(), StandardCharsets.UTF_8))).getPlaintext(), encryptedSymmetricDataEncryptionKey.getDataEncryptionAlgorithm()), encryptedSymmetricDataEncryptionKey.getInitializationVector());
    }

    @Generated
    public VaultTransitDataEncryptionKeyWrapper(VaultTransitOperations vaultTransitOperations, String str) {
        this.transitOperations = vaultTransitOperations;
        this.wrappingKeyId = str;
    }
}
