package org.apache.ignite.spi.discovery.tcp.ipfinder.s3.encrypt;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.encryptionsdk.AwsCrypto;
import com.amazonaws.encryptionsdk.CryptoResult;
import com.amazonaws.encryptionsdk.kms.KmsMasterKeyProvider;
import com.amazonaws.regions.Region;
import com.amazonaws.services.kms.AWSKMSClientBuilder;
import java.util.List;
import org.apache.ignite.IgniteException;
import org.apache.ignite.internal.util.typedef.internal.S;

/* loaded from: input_file:org/apache/ignite/spi/discovery/tcp/ipfinder/s3/encrypt/AwsKmsEncryptionService.class */
public class AwsKmsEncryptionService implements EncryptionService {
    private String keyId;
    private String region;
    private AWSCredentials creds;
    private ClientConfiguration clientConf = new ClientConfiguration();
    private KmsMasterKeyProvider prov;
    private AwsCrypto crypto;

    public AwsKmsEncryptionService setKeyId(String str) {
        this.keyId = str;
        return this;
    }

    public AwsKmsEncryptionService setRegion(Region region) {
        this.region = region.getName();
        return this;
    }

    public AwsKmsEncryptionService setRegion(String str) {
        this.region = str;
        return this;
    }

    public AwsKmsEncryptionService setCredentials(AWSCredentials aWSCredentials) {
        this.creds = aWSCredentials;
        return this;
    }

    public AwsKmsEncryptionService setClientConf(ClientConfiguration clientConfiguration) {
        this.clientConf = clientConfiguration;
        return this;
    }

    @Override // org.apache.ignite.spi.discovery.tcp.ipfinder.s3.encrypt.EncryptionService
    public void init() {
        if (this.creds == null || this.region == null || this.keyId == null || this.keyId.trim().isEmpty()) {
            throw new IgniteException(String.format("At-least one of the required parameters [creds = %s, region = %s, keyId = %s] is invalid.", this.creds, this.region, this.keyId));
        }
        this.crypto = createClient();
        this.prov = createKmsMasterKeyProvider();
    }

    @Override // org.apache.ignite.spi.discovery.tcp.ipfinder.s3.encrypt.EncryptionService
    public byte[] encrypt(byte[] bArr) {
        if (this.crypto == null || this.prov == null) {
            throw new IgniteException("The init() method was not called.");
        }
        return (byte[]) this.crypto.encryptData(this.prov, bArr).getResult();
    }

    @Override // org.apache.ignite.spi.discovery.tcp.ipfinder.s3.encrypt.EncryptionService
    public byte[] decrypt(byte[] bArr) {
        if (this.crypto == null || this.prov == null) {
            throw new IgniteException("The init() method was not called.");
        }
        CryptoResult decryptData = this.crypto.decryptData(this.prov, bArr);
        List masterKeyIds = decryptData.getMasterKeyIds();
        if (masterKeyIds == null || masterKeyIds.contains(this.keyId)) {
            return (byte[]) decryptData.getResult();
        }
        throw new IgniteException("Wrong KMS key ID!");
    }

    AwsCrypto createClient() {
        AwsCrypto standard = AwsCrypto.standard();
        this.crypto = standard;
        return standard;
    }

    KmsMasterKeyProvider createKmsMasterKeyProvider() {
        return KmsMasterKeyProvider.builder().withClientBuilder(AWSKMSClientBuilder.standard().withClientConfiguration(this.clientConf).withRegion(this.region)).withCredentials(this.creds).buildStrict(new String[]{this.keyId});
    }

    public String toString() {
        return S.toString(AwsKmsEncryptionService.class, this, "super", super.toString());
    }
}
