package com.mongodb.reactivestreams.client.internal.crypt;

import com.mongodb.MongoClientException;
import com.mongodb.MongoException;
import com.mongodb.MongoInternalException;
import com.mongodb.assertions.Assertions;
import com.mongodb.client.model.vault.DataKeyOptions;
import com.mongodb.client.model.vault.EncryptOptions;
import com.mongodb.client.model.vault.RewrapManyDataKeyOptions;
import com.mongodb.crypt.capi.MongoCryptException;
import com.mongodb.internal.capi.MongoCryptHelper;
import com.mongodb.internal.client.vault.EncryptOptionsHelper;
import com.mongodb.internal.connection.tlschannel.impl.TlsExplorer;
import com.mongodb.internal.crypt.capi.MongoCrypt;
import com.mongodb.internal.crypt.capi.MongoCryptContext;
import com.mongodb.internal.crypt.capi.MongoDataKeyOptions;
import com.mongodb.internal.crypt.capi.MongoKeyDecryptor;
import com.mongodb.internal.crypt.capi.MongoRewrapManyDataKeyOptions;
import com.mongodb.internal.diagnostics.logging.Logger;
import com.mongodb.internal.diagnostics.logging.Loggers;
import com.mongodb.internal.time.Timeout;
import com.mongodb.lang.Nullable;
import com.mongodb.reactivestreams.client.MongoClient;
import java.io.Closeable;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.function.Supplier;
import org.bson.BsonBinary;
import org.bson.BsonDocument;
import org.bson.BsonValue;
import org.bson.RawBsonDocument;
import reactor.core.Fuseable;
import reactor.core.publisher.Mono;
import reactor.core.publisher.MonoSink;

/* loaded from: input_file:com/mongodb/reactivestreams/client/internal/crypt/Crypt.class */
public class Crypt implements Closeable {
    private static final RawBsonDocument EMPTY_RAW_BSON_DOCUMENT = RawBsonDocument.parse("{}");
    private static final Logger LOGGER = Loggers.getLogger("client");
    private final MongoCrypt mongoCrypt;
    private final Map<String, Map<String, Object>> kmsProviders;
    private final Map<String, Supplier<Map<String, Object>>> kmsProviderPropertySuppliers;
    private final CollectionInfoRetriever collectionInfoRetriever;
    private final CommandMarker commandMarker;
    private final KeyRetriever keyRetriever;
    private final KeyManagementService keyManagementService;
    private final boolean bypassAutoEncryption;

    @Nullable
    private final MongoClient collectionInfoRetrieverClient;

    @Nullable
    private final MongoClient keyVaultClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.mongodb.reactivestreams.client.internal.crypt.Crypt$1, reason: invalid class name */
    /* loaded from: input_file:com/mongodb/reactivestreams/client/internal/crypt/Crypt$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State = new int[MongoCryptContext.State.values().length];

        static {
            try {
                $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[MongoCryptContext.State.NEED_MONGO_COLLINFO.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[MongoCryptContext.State.NEED_MONGO_MARKINGS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[MongoCryptContext.State.NEED_KMS_CREDENTIALS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[MongoCryptContext.State.NEED_MONGO_KEYS.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[MongoCryptContext.State.NEED_KMS.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[MongoCryptContext.State.READY.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[MongoCryptContext.State.DONE.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Crypt(MongoCrypt mongoCrypt, KeyRetriever keyRetriever, KeyManagementService keyManagementService, Map<String, Map<String, Object>> map, Map<String, Supplier<Map<String, Object>>> map2) {
        this(mongoCrypt, keyRetriever, keyManagementService, map, map2, false, null, null, null, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Crypt(MongoCrypt mongoCrypt, KeyRetriever keyRetriever, KeyManagementService keyManagementService, Map<String, Map<String, Object>> map, Map<String, Supplier<Map<String, Object>>> map2, boolean z, @Nullable CollectionInfoRetriever collectionInfoRetriever, @Nullable CommandMarker commandMarker, @Nullable MongoClient mongoClient, @Nullable MongoClient mongoClient2) {
        this.mongoCrypt = mongoCrypt;
        this.keyRetriever = keyRetriever;
        this.keyManagementService = keyManagementService;
        this.kmsProviders = map;
        this.kmsProviderPropertySuppliers = map2;
        this.bypassAutoEncryption = z;
        this.collectionInfoRetriever = collectionInfoRetriever;
        this.commandMarker = commandMarker;
        this.collectionInfoRetrieverClient = mongoClient;
        this.keyVaultClient = mongoClient2;
    }

    public Mono<RawBsonDocument> encrypt(String str, RawBsonDocument rawBsonDocument, @Nullable Timeout timeout) {
        Assertions.notNull("databaseName", str);
        Assertions.notNull("command", rawBsonDocument);
        return this.bypassAutoEncryption ? Mono.fromCallable(() -> {
            return rawBsonDocument;
        }) : executeStateMachine(() -> {
            return this.mongoCrypt.createEncryptionContext(str, rawBsonDocument);
        }, str, timeout);
    }

    public Mono<RawBsonDocument> decrypt(RawBsonDocument rawBsonDocument, @Nullable Timeout timeout) {
        Assertions.notNull("commandResponse", rawBsonDocument);
        return executeStateMachine(() -> {
            return this.mongoCrypt.createDecryptionContext(rawBsonDocument);
        }, timeout).onErrorMap(this::wrapInClientException);
    }

    public Mono<RawBsonDocument> createDataKey(String str, DataKeyOptions dataKeyOptions, @Nullable Timeout timeout) {
        Assertions.notNull("kmsProvider", str);
        Assertions.notNull("options", dataKeyOptions);
        return executeStateMachine(() -> {
            return this.mongoCrypt.createDataKeyContext(str, MongoDataKeyOptions.builder().keyAltNames(dataKeyOptions.getKeyAltNames()).masterKey(dataKeyOptions.getMasterKey()).keyMaterial(dataKeyOptions.getKeyMaterial()).build());
        }, timeout);
    }

    public Mono<BsonBinary> encryptExplicitly(BsonValue bsonValue, EncryptOptions encryptOptions, @Nullable Timeout timeout) {
        return executeStateMachine(() -> {
            return this.mongoCrypt.createExplicitEncryptionContext(new BsonDocument("v", bsonValue), EncryptOptionsHelper.asMongoExplicitEncryptOptions(encryptOptions));
        }, timeout).map(rawBsonDocument -> {
            return rawBsonDocument.getBinary("v");
        });
    }

    public Mono<BsonDocument> encryptExpression(BsonDocument bsonDocument, EncryptOptions encryptOptions, @Nullable Timeout timeout) {
        return executeStateMachine(() -> {
            return this.mongoCrypt.createEncryptExpressionContext(new BsonDocument("v", bsonDocument), EncryptOptionsHelper.asMongoExplicitEncryptOptions(encryptOptions));
        }, timeout).map(rawBsonDocument -> {
            return rawBsonDocument.getDocument("v");
        });
    }

    public Mono<BsonValue> decryptExplicitly(BsonBinary bsonBinary, @Nullable Timeout timeout) {
        return executeStateMachine(() -> {
            return this.mongoCrypt.createExplicitDecryptionContext(new BsonDocument("v", bsonBinary));
        }, timeout).map(rawBsonDocument -> {
            return rawBsonDocument.get("v");
        });
    }

    public Mono<RawBsonDocument> rewrapManyDataKey(BsonDocument bsonDocument, RewrapManyDataKeyOptions rewrapManyDataKeyOptions, @Nullable Timeout timeout) {
        return executeStateMachine(() -> {
            return this.mongoCrypt.createRewrapManyDatakeyContext(bsonDocument, MongoRewrapManyDataKeyOptions.builder().provider(rewrapManyDataKeyOptions.getProvider()).masterKey(rewrapManyDataKeyOptions.getMasterKey()).build());
        }, timeout);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        MongoCrypt mongoCrypt = this.mongoCrypt;
        try {
            CommandMarker commandMarker = this.commandMarker;
            try {
                MongoClient mongoClient = this.collectionInfoRetrieverClient;
                try {
                    MongoClient mongoClient2 = this.keyVaultClient;
                    try {
                        KeyManagementService keyManagementService = this.keyManagementService;
                        if (keyManagementService != null) {
                            keyManagementService.close();
                        }
                        if (mongoClient2 != null) {
                            mongoClient2.close();
                        }
                        if (mongoClient != null) {
                            mongoClient.close();
                        }
                        if (commandMarker != null) {
                            commandMarker.close();
                        }
                        if (mongoCrypt != null) {
                            mongoCrypt.close();
                        }
                    } catch (Throwable th) {
                        if (mongoClient2 != null) {
                            try {
                                mongoClient2.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (mongoClient != null) {
                        try {
                            mongoClient.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                    throw th3;
                }
            } catch (Throwable th5) {
                if (commandMarker != null) {
                    try {
                        commandMarker.close();
                    } catch (Throwable th6) {
                        th5.addSuppressed(th6);
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (mongoCrypt != null) {
                try {
                    mongoCrypt.close();
                } catch (Throwable th8) {
                    th7.addSuppressed(th8);
                }
            }
            throw th7;
        }
    }

    private Mono<RawBsonDocument> executeStateMachine(Supplier<MongoCryptContext> supplier, @Nullable Timeout timeout) {
        return executeStateMachine(supplier, null, timeout);
    }

    private Mono<RawBsonDocument> executeStateMachine(Supplier<MongoCryptContext> supplier, @Nullable String str, @Nullable Timeout timeout) {
        try {
            MongoCryptContext mongoCryptContext = supplier.get();
            return Mono.create(monoSink -> {
                executeStateMachineWithSink(mongoCryptContext, str, monoSink, timeout);
            }).onErrorMap(this::wrapInClientException).doFinally(signalType -> {
                mongoCryptContext.close();
            });
        } catch (MongoCryptException e) {
            return Mono.error(wrapInClientException(e));
        }
    }

    private void executeStateMachineWithSink(MongoCryptContext mongoCryptContext, @Nullable String str, MonoSink<RawBsonDocument> monoSink, @Nullable Timeout timeout) {
        MongoCryptContext.State state = mongoCryptContext.getState();
        switch (AnonymousClass1.$SwitchMap$com$mongodb$internal$crypt$capi$MongoCryptContext$State[state.ordinal()]) {
            case 1:
                collInfo(mongoCryptContext, str, monoSink, timeout);
                return;
            case Fuseable.ASYNC /* 2 */:
                mark(mongoCryptContext, str, monoSink, timeout);
                return;
            case Fuseable.ANY /* 3 */:
                fetchCredentials(mongoCryptContext, str, monoSink, timeout);
                return;
            case Fuseable.THREAD_BARRIER /* 4 */:
                fetchKeys(mongoCryptContext, str, monoSink, timeout);
                return;
            case TlsExplorer.RECORD_HEADER_SIZE /* 5 */:
                decryptKeys(mongoCryptContext, str, monoSink, timeout);
                return;
            case 6:
                monoSink.success(mongoCryptContext.finish());
                return;
            case 7:
                monoSink.success(EMPTY_RAW_BSON_DOCUMENT);
                return;
            default:
                monoSink.error(new MongoInternalException("Unsupported encryptor state + " + state));
                return;
        }
    }

    private void fetchCredentials(MongoCryptContext mongoCryptContext, @Nullable String str, MonoSink<RawBsonDocument> monoSink, @Nullable Timeout timeout) {
        try {
            mongoCryptContext.provideKmsProviderCredentials(MongoCryptHelper.fetchCredentials(this.kmsProviders, this.kmsProviderPropertySuppliers));
            executeStateMachineWithSink(mongoCryptContext, str, monoSink, timeout);
        } catch (Exception e) {
            monoSink.error(e);
        }
    }

    private void collInfo(MongoCryptContext mongoCryptContext, @Nullable String str, MonoSink<RawBsonDocument> monoSink, @Nullable Timeout timeout) {
        if (this.collectionInfoRetriever == null) {
            monoSink.error(new IllegalStateException("Missing collection Info retriever"));
        } else if (str == null) {
            monoSink.error(new IllegalStateException("Missing database name"));
        } else {
            this.collectionInfoRetriever.filter(str, mongoCryptContext.getMongoOperation(), timeout).contextWrite(monoSink.contextView()).doOnSuccess(bsonDocument -> {
                if (bsonDocument != null) {
                    mongoCryptContext.addMongoOperationResult(bsonDocument);
                }
                mongoCryptContext.completeMongoOperation();
                executeStateMachineWithSink(mongoCryptContext, str, monoSink, timeout);
            }).doOnError(th -> {
                monoSink.error(MongoException.fromThrowableNonNull(th));
            }).subscribe();
        }
    }

    private void mark(MongoCryptContext mongoCryptContext, @Nullable String str, MonoSink<RawBsonDocument> monoSink, @Nullable Timeout timeout) {
        if (this.commandMarker == null) {
            monoSink.error(wrapInClientException(new MongoInternalException("Missing command marker")));
        } else if (str == null) {
            monoSink.error(wrapInClientException(new IllegalStateException("Missing database name")));
        } else {
            this.commandMarker.mark(str, mongoCryptContext.getMongoOperation(), timeout).contextWrite(monoSink.contextView()).doOnSuccess(rawBsonDocument -> {
                mongoCryptContext.addMongoOperationResult(rawBsonDocument);
                mongoCryptContext.completeMongoOperation();
                executeStateMachineWithSink(mongoCryptContext, str, monoSink, timeout);
            }).doOnError(th -> {
                monoSink.error(wrapInClientException(th));
            }).subscribe();
        }
    }

    private void fetchKeys(MongoCryptContext mongoCryptContext, @Nullable String str, MonoSink<RawBsonDocument> monoSink, @Nullable Timeout timeout) {
        this.keyRetriever.find(mongoCryptContext.getMongoOperation(), timeout).contextWrite(monoSink.contextView()).doOnSuccess(list -> {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                mongoCryptContext.addMongoOperationResult((BsonDocument) it.next());
            }
            mongoCryptContext.completeMongoOperation();
            executeStateMachineWithSink(mongoCryptContext, str, monoSink, timeout);
        }).doOnError(th -> {
            monoSink.error(MongoException.fromThrowableNonNull(th));
        }).subscribe();
    }

    private void decryptKeys(MongoCryptContext mongoCryptContext, @Nullable String str, MonoSink<RawBsonDocument> monoSink, @Nullable Timeout timeout) {
        MongoKeyDecryptor nextKeyDecryptor = mongoCryptContext.nextKeyDecryptor();
        if (nextKeyDecryptor != null) {
            this.keyManagementService.decryptKey(nextKeyDecryptor, timeout).contextWrite(monoSink.contextView()).doOnSuccess(r11 -> {
                decryptKeys(mongoCryptContext, str, monoSink, timeout);
            }).doOnError(th -> {
                monoSink.error(wrapInClientException(th));
            }).subscribe();
        } else {
            Objects.requireNonNull(mongoCryptContext);
            Mono.fromRunnable(mongoCryptContext::completeKeyDecryptors).contextWrite(monoSink.contextView()).doOnSuccess(obj -> {
                executeStateMachineWithSink(mongoCryptContext, str, monoSink, timeout);
            }).doOnError(th2 -> {
                monoSink.error(wrapInClientException(th2));
            }).subscribe();
        }
    }

    private Throwable wrapInClientException(Throwable th) {
        return th instanceof MongoClientException ? th : new MongoClientException("Exception in encryption library: " + th.getMessage(), th);
    }
}
