package com.uid2.shared.util;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.core.JsonToken;
import com.uid2.shared.encryption.AesGcm;
import com.uid2.shared.model.CloudEncryptionKey;
import com.uid2.shared.store.reader.RotatingCloudEncryptionKeyProvider;
import io.micrometer.core.instrument.Counter;
import io.micrometer.core.instrument.Metrics;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.Base64;

/* loaded from: input_file:com/uid2/shared/util/CloudEncryptionHelpers.class */
public class CloudEncryptionHelpers {

    /* loaded from: input_file:com/uid2/shared/util/CloudEncryptionHelpers$DecryptionStatus.class */
    public enum DecryptionStatus {
        SUCCESS,
        KEY_NOT_FOUND,
        INTERNAL_DECRYPTION_FAILURE
    }

    public static String decryptInputStream(InputStream inputStream, RotatingCloudEncryptionKeyProvider rotatingCloudEncryptionKeyProvider, String str) throws IOException {
        JsonParser createParser = new JsonFactory().createParser(inputStream);
        int i = -1;
        byte[] bArr = null;
        createParser.nextToken();
        while (createParser.nextToken() != JsonToken.END_OBJECT) {
            String currentName = createParser.getCurrentName();
            if (currentName.equals("key_id")) {
                createParser.nextToken();
                i = createParser.getIntValue();
            }
            if (currentName.equals("encrypted_payload")) {
                createParser.nextToken();
                bArr = createParser.getBinaryValue();
            }
        }
        if (i == -1 || bArr == null) {
            throw new IllegalStateException("Failed to parse JSON");
        }
        CloudEncryptionKey key = rotatingCloudEncryptionKeyProvider.getKey(i);
        if (key == null) {
            incrementCounter(DecryptionStatus.KEY_NOT_FOUND, i, str);
            throw new IllegalStateException(String.format("No matching key found for S3 file decryption - key_id=%d store=%s", Integer.valueOf(i), str));
        }
        try {
            byte[] decrypt = AesGcm.decrypt(bArr, 0, Base64.getDecoder().decode(key.getSecret()));
            incrementCounter(DecryptionStatus.SUCCESS, i, str);
            return new String(decrypt, StandardCharsets.UTF_8);
        } catch (Exception e) {
            incrementCounter(DecryptionStatus.INTERNAL_DECRYPTION_FAILURE, i, str);
            throw new RuntimeException(String.format("Internal decryption failure - key_id=%d store=%s", Integer.valueOf(i), str), e);
        }
    }

    private static void incrementCounter(DecryptionStatus decryptionStatus, int i, String str) {
        Counter.builder("uid2.cloud_decryption.runs_total").description("counter for S3 file decryptions").tag("key_id", String.valueOf(i)).tag("store", str).tag("status", decryptionStatus.toString()).register(Metrics.globalRegistry).increment();
    }
}
