package com.amazon.tahoe.kinesis.crypto;

import com.amazon.tahoe.backport.guava.Preconditions;
import com.amazon.tahoe.backport.java.util.Optional;
import com.amazon.tahoe.kinesis.crypto.DataKey;
import com.amazon.tahoe.metrics.MetricLogger;
import com.amazon.tahoe.utils.Maps;
import com.amazon.tahoe.utils.TimeProvider;
import com.amazon.tahoe.utils.log.FreeTimeLog;
import com.amazon.tahoe.utils.log.Logger;
import com.amazonaws.com.google.gson.Gson;
import com.amazonaws.com.google.gson.JsonIOException;
import com.amazonaws.com.google.gson.JsonNull;
import com.amazonaws.com.google.gson.JsonSyntaxException;
import com.amazonaws.com.google.gson.reflect.TypeToken;
import com.amazonaws.com.google.gson.stream.JsonReader;
import com.amazonaws.com.google.gson.stream.JsonToken;
import com.amazonaws.com.google.gson.stream.MalformedJsonException;
import com.amazonaws.util.Base64;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.lang.reflect.Type;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.json.JSONException;

@Singleton
/* loaded from: classes.dex */
public class DataKeyCache {
    private CachedKey mCachedKey;

    @Inject
    CryptoDataKeyStore mCryptoDataKeyStore;

    @Inject
    CryptoLoggerUtils mCryptoLoggerUtils;
    private Gson mGson = new Gson();

    @Inject
    MetricLogger mMetricLogger;

    @Inject
    TimeProvider mTimeProvider;

    @Inject
    SecretKeyWrapper mWrapper;
    private static final Logger LOGGER = FreeTimeLog.forClass(DataKeyCache.class);
    private static final long DATA_KEY_TTL_MILLIS = TimeUnit.DAYS.toMillis(1);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CachedKey {
        byte[] mEncryptedKey;
        long mTimeStamp;

        public CachedKey(byte[] bArr, long j) {
            this.mEncryptedKey = bArr;
            this.mTimeStamp = j;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public DataKeyCache() {
    }

    private Map<String, String> getCachedDataKey() throws GeneralSecurityException, JSONException {
        Object fromJson;
        String str = this.mCryptoDataKeyStore.get();
        Type type = new TypeToken<Map<String, String>>() { // from class: com.amazon.tahoe.kinesis.crypto.DataKeyCache.1
        }.type;
        Gson gson = this.mGson;
        if (str == null) {
            fromJson = null;
        } else {
            JsonReader jsonReader = new JsonReader(new StringReader(str));
            fromJson = gson.fromJson(jsonReader, type);
            if (fromJson != null) {
                try {
                    if (jsonReader.peek() != JsonToken.END_DOCUMENT) {
                        throw new JsonIOException("JSON document was not fully consumed.");
                    }
                } catch (MalformedJsonException e) {
                    throw new JsonSyntaxException(e);
                } catch (IOException e2) {
                    throw new JsonIOException(e2);
                }
            }
        }
        return (Map) fromJson;
    }

    private static byte[] getEncryptedKey(Map<String, String> map) {
        return Base64.decode(map.get("encryptedKey"));
    }

    private static Long getTimeStamp(Map<String, String> map) {
        String str = map.get("dataKeyTimeStamp");
        return Long.valueOf(str == null ? 0L : Long.parseLong(str));
    }

    private void initializeCachedKeyFromStore() {
        if (this.mCachedKey != null) {
            return;
        }
        try {
            Map<String, String> cachedDataKey = getCachedDataKey();
            this.mCachedKey = new CachedKey(getEncryptedKey(cachedDataKey), getTimeStamp(cachedDataKey).longValue());
        } catch (Exception e) {
            LOGGER.e("Failed to update memory cache or no previous key cached.", e);
        }
    }

    public final synchronized void cacheDataKey(DataKey dataKey) {
        String stringWriter;
        boolean z = true;
        synchronized (this) {
            if (dataKey == null) {
                LOGGER.e("Cannot cache null data key.");
            } else {
                initializeCachedKeyFromStore();
                if (this.mCachedKey != null) {
                    byte[] bArr = this.mCachedKey.mEncryptedKey;
                    if (bArr != null && Arrays.equals(bArr, dataKey.getEncryptedKey())) {
                        z = false;
                    }
                }
                if (z) {
                    try {
                        Preconditions.checkNotNull(dataKey.mSecretKey, "secretKey");
                        Preconditions.checkNotNull(dataKey.getEncryptedKey(), "encryptedKey");
                        SecretKeyWrapper secretKeyWrapper = this.mWrapper;
                        SecretKeySpec secretKeySpec = dataKey.mSecretKey;
                        secretKeyWrapper.mCipher.init(3, secretKeyWrapper.mPair.getPublic());
                        byte[] wrap = secretKeyWrapper.mCipher.wrap(secretKeySpec);
                        this.mCryptoLoggerUtils.logKeyLengthEvent(Optional.of(dataKey), Collections.singletonMap("wrappedSecretKeyLengthBeforeEncoding", String.valueOf(wrap.length)));
                        Map map = new Maps.Builder().put("wrappedSecretKey", Base64.encodeAsString(wrap)).put("encryptedKey", Base64.encodeAsString(dataKey.getEncryptedKey())).put("dataKeyTimeStamp", String.valueOf(this.mTimeProvider.currentTimeMillis())).getMap();
                        CryptoDataKeyStore cryptoDataKeyStore = this.mCryptoDataKeyStore;
                        Gson gson = this.mGson;
                        if (map == null) {
                            JsonNull jsonNull = JsonNull.INSTANCE;
                            StringWriter stringWriter2 = new StringWriter();
                            gson.toJson(jsonNull, stringWriter2);
                            stringWriter = stringWriter2.toString();
                        } else {
                            Class<?> cls = map.getClass();
                            StringWriter stringWriter3 = new StringWriter();
                            gson.toJson(map, cls, stringWriter3);
                            stringWriter = stringWriter3.toString();
                        }
                        cryptoDataKeyStore.put(stringWriter);
                        this.mCachedKey = new CachedKey(dataKey.getEncryptedKey(), getTimeStamp(map).longValue());
                    } catch (Exception e) {
                        LOGGER.e("Could not cache data key.", e);
                    }
                } else {
                    LOGGER.i("Already in cache.");
                }
            }
        }
    }

    public final synchronized void clearCachedDataKey() {
        this.mCryptoDataKeyStore.delete();
        this.mCachedKey = null;
    }

    public final synchronized boolean hasTtlExpired() {
        CachedKey cachedKey;
        initializeCachedKeyFromStore();
        cachedKey = this.mCachedKey;
        return this.mTimeProvider.currentTimeMillis() - (cachedKey == null ? 0L : cachedKey.mTimeStamp) >= DATA_KEY_TTL_MILLIS;
    }

    public final synchronized Optional<DataKey> retrieve() {
        Optional<DataKey> empty;
        try {
            Map<String, String> cachedDataKey = getCachedDataKey();
            byte[] decode = Base64.decode(cachedDataKey.get("wrappedSecretKey"));
            SecretKey unwrap = this.mWrapper.unwrap(decode);
            this.mCryptoLoggerUtils.logKeyLengthEvent(unwrap.getEncoded().length, Collections.singletonMap("wrappedSecretKeyLengthAfterDecoding", String.valueOf(decode.length)));
            SecretKeySpec secretKeySpec = new SecretKeySpec(unwrap.getEncoded(), unwrap.getAlgorithm());
            byte[] encryptedKey = getEncryptedKey(cachedDataKey);
            DataKey.Builder builder = new DataKey.Builder(this.mMetricLogger);
            builder.mSecretKey = secretKeySpec;
            empty = Optional.of(builder.setEncryptedKey(encryptedKey).build());
        } catch (Exception e) {
            LOGGER.e("Could not retrieve secret key or encrypted key. Hence, clearing.", e);
            clearCachedDataKey();
            empty = Optional.empty();
        }
        return empty;
    }
}
