package com.amazon.tahoe.kinesis.crypto;

import com.amazon.tahoe.backport.java.util.Optional;
import com.amazon.tahoe.kinesis.CognitoCredentialsUpdater;
import com.amazon.tahoe.kinesis.crypto.DataKey;
import com.amazon.tahoe.metrics.Event;
import com.amazon.tahoe.metrics.MetricLogger;
import com.amazon.tahoe.metrics.utils.MetricUtils;
import com.amazon.tahoe.service.TimeoutConstants;
import com.amazon.tahoe.utils.log.FreeTimeLog;
import com.amazon.tahoe.utils.log.Logger;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.DataKeySpec;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import java.nio.ByteBuffer;
import java.util.HashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;

/* loaded from: classes.dex */
public class KmsDataKeyProvider {
    private static final DataKeySpec KEY_SPEC = DataKeySpec.AES_256;
    private static final Logger LOGGER = FreeTimeLog.forClass(KmsDataKeyProvider.class);

    @Inject
    AWSKMSClient mClient;

    @Inject
    CognitoCredentialsUpdater mCognitoCredentialsUpdater;

    @Inject
    CryptoLoggerUtils mCryptoLoggerUtils;

    @Inject
    KmsCustomerMasterKeyProvider mKmsCustomerMasterKeyProvider;

    @Inject
    MetricLogger mMetricLogger;

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public KmsDataKeyProvider() {
    }

    private Optional<DataKey> getDataKeyWithRetries() {
        int i;
        Optional<DataKey> of;
        Exception exc = null;
        Optional<DataKey> empty = Optional.empty();
        int i2 = 0;
        while (true) {
            i = i2 + 1;
            if (i2 >= 3 || empty.mPresent) {
                break;
            }
            try {
                AWSKMSClient aWSKMSClient = this.mClient;
                GenerateDataKeyRequest generateDataKeyRequest = new GenerateDataKeyRequest();
                generateDataKeyRequest.keyId = this.mKmsCustomerMasterKeyProvider.getKmsCustomerMasterKey();
                generateDataKeyRequest.encryptionContext = EncryptionContextProvider.ENCRYPTION_CONTEXT_MAP;
                generateDataKeyRequest.keySpec = KEY_SPEC.toString();
                GenerateDataKeyResult generateDataKey = aWSKMSClient.generateDataKey(generateDataKeyRequest);
                if (generateDataKey == null) {
                    of = Optional.empty();
                } else {
                    DataKey.Builder builder = new DataKey.Builder(this.mMetricLogger);
                    ByteBuffer byteBuffer = generateDataKey.plaintext;
                    builder.rewindPreUsedByteBufferKey(byteBuffer, "SecretKey");
                    byte[] bArr = new byte[byteBuffer.remaining()];
                    byteBuffer.get(bArr);
                    builder.mSecretKey = new SecretKeySpec(bArr, "AES");
                    ByteBuffer byteBuffer2 = generateDataKey.ciphertextBlob;
                    builder.rewindPreUsedByteBufferKey(byteBuffer2, "EncryptedKey");
                    builder.mEncryptedKey = new byte[byteBuffer2.remaining()];
                    byteBuffer2.get(builder.mEncryptedKey);
                    of = Optional.of(builder.build());
                }
                if (of.mPresent && of.get().isValid()) {
                    empty = of;
                } else {
                    this.mCryptoLoggerUtils.logKeyLengthEvent(of, new HashMap());
                    empty = Optional.empty();
                }
                i2 = i;
            } catch (Exception e) {
                Event event = this.mMetricLogger.event("CryptoMetricSource");
                event.incrementCounter(MetricUtils.getMetricName("FailedToGenerateDataKey", e.getClass().getSimpleName()));
                event.addAttribute("DataKeyGenerationRetryAttempt", String.valueOf(i));
                event.record();
                LOGGER.e().event("Failed to generate data key").value("attempt", Integer.valueOf(i)).throwable(e).log();
                exc = e;
                i2 = i;
            }
        }
        this.mMetricLogger.incrementCounter("TotalGenerateDataKeyAttempts", i - 1);
        if (empty.mPresent) {
            this.mMetricLogger.incrementCounter("SucceededToGenerateDataKey");
            return empty;
        }
        LOGGER.wtf().event("Failed to generate data key after: ").value("attempts", 3).throwable(exc).log();
        return Optional.empty();
    }

    public final Optional<DataKey> getDataKey() {
        this.mMetricLogger.incrementCounter("GetKmsDataKey");
        try {
            this.mCognitoCredentialsUpdater.updateCredentialsIfNecessary().get(10L, TimeoutConstants.FUTURE_TIMEOUT_TIME_UNIT);
            return getDataKeyWithRetries();
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            LOGGER.e("Failed to update cognito credentials", e);
            return Optional.empty();
        }
    }
}
