package io.kroxylicious.filter.encryption.dek;

import edu.umd.cs.findbugs.annotations.NonNull;
import io.kroxylicious.filter.encryption.config.EncryptionConfigurationException;
import io.kroxylicious.kms.service.DestroyableRawSecretKey;
import io.kroxylicious.kms.service.Kms;
import io.kroxylicious.kms.service.Serde;
import java.util.Objects;
import java.util.concurrent.CompletionStage;
import javax.annotation.concurrent.ThreadSafe;

@ThreadSafe
/* loaded from: input_file:io/kroxylicious/filter/encryption/dek/DekManager.class */
public class DekManager<K, E> {
    private final Kms<K, E> kms;
    private final long maxEncryptionsPerDek;

    public DekManager(Kms<K, E> kms, long j) {
        this.kms = kms;
        this.maxEncryptionsPerDek = j;
    }

    public Serde<E> edekSerde() {
        return this.kms.edekSerde();
    }

    public CompletionStage<K> resolveAlias(String str) {
        return this.kms.resolveAlias(str);
    }

    public CompletionStage<Dek<E>> generateDek(@NonNull K k, @NonNull CipherManager cipherManager) {
        Objects.requireNonNull(k);
        Objects.requireNonNull(cipherManager);
        return this.kms.generateDekPair(k).thenApply(dekPair -> {
            DestroyableRawSecretKey destroyableKey = DestroyableRawSecretKey.toDestroyableKey(dekPair.dek());
            if (destroyableKey.numKeyBits() < cipherManager.requiredNumKeyBits()) {
                throw new EncryptionConfigurationException("KMS returned " + destroyableKey.numKeyBits() + "-bit DEK but " + String.valueOf(cipherManager.name()) + " requires keys of " + cipherManager.requiredNumKeyBits() + " bits");
            }
            return new Dek(dekPair.edek(), destroyableKey, cipherManager, this.maxEncryptionsPerDek);
        });
    }

    public CompletionStage<Dek<E>> decryptEdek(@NonNull E e, @NonNull CipherManager cipherManager) {
        Objects.requireNonNull(e);
        Objects.requireNonNull(cipherManager);
        return this.kms.decryptEdek(e).thenApply(secretKey -> {
            return new Dek(e, DestroyableRawSecretKey.toDestroyableKey(secretKey), cipherManager, 0L);
        });
    }
}
