package com.aliyun.encryptionsdk.provider.dataKey;

import com.aliyun.encryptionsdk.exception.AliyunException;
import com.aliyun.encryptionsdk.kms.AliyunKms;
import com.aliyun.encryptionsdk.logger.CommonLogger;
import com.aliyun.encryptionsdk.model.CipherHeader;
import com.aliyun.encryptionsdk.model.Constants;
import com.aliyun.encryptionsdk.model.CryptoAlgorithm;
import com.aliyun.encryptionsdk.model.EncryptionMaterial;
import com.aliyuncs.exceptions.ClientException;
import java.util.Base64;
import java.util.UUID;

/* loaded from: input_file:com/aliyun/encryptionsdk/provider/dataKey/SecretManagerDataKeyProvider.class */
public class SecretManagerDataKeyProvider extends AbstractExternalStoreDataKeyProvider {
    private static final String SECRET_DATA_TYPE_TEXT = "text";

    public SecretManagerDataKeyProvider(String str, String str2) {
        super(str, str2);
    }

    public SecretManagerDataKeyProvider(String str, CryptoAlgorithm cryptoAlgorithm, String str2) {
        super(str, cryptoAlgorithm, str2);
    }

    @Override // com.aliyun.encryptionsdk.provider.BaseDataKeyProvider
    public EncryptionMaterial encryptDataKey(EncryptionMaterial encryptionMaterial) {
        CipherHeader cipherHeader = getCipherHeader(this.dataKeyName);
        if (cipherHeader != null) {
            return getEncryptionMaterial(cipherHeader, encryptionMaterial);
        }
        EncryptionMaterial encryptDataKey = super.encryptDataKey(encryptionMaterial);
        CipherHeader cipherHeader2 = new CipherHeader(encryptDataKey.getEncryptedDataKeys(), encryptDataKey.getEncryptionContext(), encryptDataKey.getAlgorithm());
        calculateHeaderAuthTag(encryptDataKey, cipherHeader2);
        try {
            storeCipherHeader(this.dataKeyName, cipherHeader2);
            return encryptDataKey;
        } catch (Exception e) {
            if (!(e.getCause() instanceof ClientException) || !"Rejected.ResourceExist".equals(e.getCause().getErrCode())) {
                CommonLogger.getCommonLogger(Constants.MODE_NAME).errorf("Failed to save dataKey to secretManager", e);
                throw e;
            }
            CipherHeader cipherHeader3 = getCipherHeader(this.dataKeyName);
            if (cipherHeader3 != null) {
                return getEncryptionMaterial(cipherHeader3, encryptionMaterial);
            }
            CommonLogger.getCommonLogger(Constants.MODE_NAME).errorf("The cause of the error was ResourceExist, but the obtained dataKey is empty", e);
            throw new AliyunException("The cause of the error was ResourceExist, but the obtained dataKey is empty", e);
        }
    }

    @Override // com.aliyun.encryptionsdk.provider.dataKey.AbstractExternalStoreDataKeyProvider
    protected CipherHeader getCipherHeader(String str) {
        try {
            AliyunKms.GetSecretValueResult secretValue = this.kms.getSecretValue(this.keyId, str);
            if (SECRET_DATA_TYPE_TEXT.equals(secretValue.getSecretDataType())) {
                return this.handler.deserializeCipherHeader(Base64.getDecoder().decode(secretValue.getSecretData()));
            }
            throw new AliyunException("Unprocessed case where secretDataType is binary");
        } catch (Exception e) {
            if ((e.getCause() instanceof ClientException) && "Forbidden.ResourceNotFound".equals(e.getCause().getErrCode())) {
                return null;
            }
            CommonLogger.getCommonLogger(Constants.MODE_NAME).errorf("Failed to get dataKey from secretManager", e);
            throw e;
        }
    }

    private void storeCipherHeader(String str, CipherHeader cipherHeader) {
        String encodeToString = Base64.getEncoder().encodeToString(this.handler.serializeCipherHeader(cipherHeader));
        this.kms.createSecret(this.keyId, str, UUID.randomUUID().toString(), encodeToString, SECRET_DATA_TYPE_TEXT);
    }
}
