package com.distelli.crypto.impl;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.distelli.aws.AWSCredentialsProviderFactory;
import com.distelli.aws.AmazonWebServiceClients;
import com.distelli.aws.ClientConfigurations;
import com.distelli.cred.CredProvider;
import com.distelli.crypto.KeyId;
import com.distelli.crypto.KeyProvider;
import java.net.URI;
import java.nio.ByteBuffer;
import java.security.Key;
import java.util.logging.Logger;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;

/* loaded from: input_file:com/distelli/crypto/impl/KeyProviderImpl.class */
public class KeyProviderImpl implements KeyProvider {
    private static Logger LOG = Logger.getLogger(KeyProviderImpl.class.getName());
    private Key _key;

    /* loaded from: input_file:com/distelli/crypto/impl/KeyProviderImpl$Builder.class */
    public static class Builder implements KeyProvider.Builder {

        @Inject
        private AWSCredentialsProviderFactory _credProviderFactory;

        @Inject
        private ClientConfigurations _clientConfigurations;

        @Inject
        private AmazonWebServiceClients _amazonWebServiceClients;
        private URI endpoint;
        private URI proxy;
        private CredProvider credProvider;
        private byte[] key;

        /* renamed from: withCredProvider, reason: merged with bridge method [inline-methods] */
        public Builder m4withCredProvider(CredProvider credProvider) {
            this.credProvider = credProvider;
            return this;
        }

        /* renamed from: withEndpoint, reason: merged with bridge method [inline-methods] */
        public Builder m3withEndpoint(URI uri) {
            this.endpoint = uri;
            return this;
        }

        /* renamed from: withProxy, reason: merged with bridge method [inline-methods] */
        public Builder m2withProxy(URI uri) {
            this.proxy = uri;
            return this;
        }

        /* renamed from: withKey, reason: merged with bridge method [inline-methods] */
        public Builder m1withKey(byte[] bArr) {
            this.key = bArr;
            return this;
        }

        public KeyProvider build() {
            if (null == this.key || 0 == this.key.length) {
                return new KeyProviderImpl(null);
            }
            if (16 == this.key.length) {
                return new KeyProviderImpl(new SecretKeySpec(this.key, "AES"));
            }
            this.key = this._amazonWebServiceClients.withEndpoint(new AWSKMSClient(this._credProviderFactory.create(this.credProvider), this._clientConfigurations.withProxy(new ClientConfiguration(), this.proxy)), this.endpoint).decrypt(new DecryptRequest().withCiphertextBlob(ByteBuffer.wrap(this.key))).getPlaintext().array();
            if (16 == this.key.length) {
                return new KeyProviderImpl(new SecretKeySpec(this.key, "AES"));
            }
            KeyProviderImpl.LOG.warning("Expected decrypted key to be exactly 16 bytes, got " + this.key.length + " bytes. Please verify the key was not base64 encoded before encrypting with KMS");
            return new KeyProviderImpl(null);
        }
    }

    private KeyProviderImpl(Key key) {
        this._key = key;
    }

    public Key getKey(long j) {
        if (j != 1) {
            throw new UnsupportedOperationException("Currently only key id=1 is supported, got key id=" + j);
        }
        return this._key;
    }

    public KeyId getLatestKey() {
        if (null == this._key) {
            return null;
        }
        return new KeyId().withId(1L).withKey(this._key);
    }
}
