package com.google.scp.operator.cpio.cryptoclient;

import com.google.common.primitives.Ints;
import com.google.inject.Inject;
import com.google.protobuf.InvalidProtocolBufferException;
import com.google.protobuf.util.JsonFormat;
import com.google.scp.coordinator.protos.keymanagement.shared.api.v1.EncryptionKeyProto;
import com.google.scp.operator.cpio.cryptoclient.EncryptionKeyFetchingService;
import com.google.scp.protos.shared.api.v1.ErrorResponseProto;
import com.google.scp.shared.api.exception.ServiceException;
import com.google.scp.shared.api.model.Code;
import com.google.scp.shared.api.util.ErrorUtil;
import com.google.scp.shared.api.util.HttpClientResponse;
import com.google.scp.shared.api.util.HttpClientWrapper;
import java.io.IOException;
import java.net.URI;
import java.time.Duration;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpGet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/google/scp/operator/cpio/cryptoclient/HttpEncryptionKeyFetchingService.class */
public final class HttpEncryptionKeyFetchingService implements EncryptionKeyFetchingService {
    private static final int REQUEST_TIMEOUT_DURATION = Ints.checkedCast(Duration.ofMinutes(1).toMillis());
    private final HttpClientWrapper httpClient;
    private final String encryptionKeyServiceBaseUrl;
    private final Logger logger = LoggerFactory.getLogger((Class<?>) HttpEncryptionKeyFetchingService.class);

    @Inject
    public HttpEncryptionKeyFetchingService(HttpClientWrapper httpClientWrapper, String str) {
        this.httpClient = httpClientWrapper;
        this.encryptionKeyServiceBaseUrl = str;
    }

    @Override // com.google.scp.operator.cpio.cryptoclient.EncryptionKeyFetchingService
    public EncryptionKeyProto.EncryptionKey fetchEncryptionKey(String str) throws EncryptionKeyFetchingService.EncryptionKeyFetchingServiceException {
        ServiceException serviceException;
        Code code;
        URI create = URI.create(String.format("%s/encryptionKeys/%s", this.encryptionKeyServiceBaseUrl, str));
        HttpGet httpGet = new HttpGet(create);
        httpGet.setConfig(RequestConfig.custom().setConnectionRequestTimeout(REQUEST_TIMEOUT_DURATION).setConnectTimeout(REQUEST_TIMEOUT_DURATION).setSocketTimeout(REQUEST_TIMEOUT_DURATION).build());
        try {
            HttpClientResponse execute = this.httpClient.execute(httpGet);
            String responseBody = execute.responseBody();
            if (execute.statusCode() == 200) {
                this.logger.info("Successfully fetched encrypted key-split for keyId: " + str + " using Uri: " + String.valueOf(create));
                return parseSuccessResponse(responseBody);
            }
            ErrorResponseProto.ErrorResponse parseErrorResponse = ErrorUtil.parseErrorResponse(responseBody);
            if (parseErrorResponse.getCode() != Code.UNKNOWN.getRpcStatusCode() || execute.statusCode() == 500) {
                serviceException = ErrorUtil.toServiceException(parseErrorResponse);
            } else {
                try {
                    code = Code.fromHttpStatusCode(execute.statusCode());
                } catch (IllegalArgumentException e) {
                    code = Code.UNKNOWN;
                }
                serviceException = new ServiceException(code, "Received error from private key vending service", responseBody);
            }
            this.logger.error("Received error from private key vending service", (Throwable) serviceException);
            throw new EncryptionKeyFetchingService.EncryptionKeyFetchingServiceException("Received error from private key vending service", serviceException);
        } catch (IOException e2) {
            this.logger.error("Error fetching private key ciphertext", (Throwable) e2);
            throw new EncryptionKeyFetchingService.EncryptionKeyFetchingServiceException("Error fetching private key ciphertext", e2);
        }
    }

    private EncryptionKeyProto.EncryptionKey parseSuccessResponse(String str) throws EncryptionKeyFetchingService.EncryptionKeyFetchingServiceException {
        try {
            EncryptionKeyProto.EncryptionKey.Builder newBuilder = EncryptionKeyProto.EncryptionKey.newBuilder();
            JsonFormat.parser().ignoringUnknownFields().merge(str, newBuilder);
            return newBuilder.build();
        } catch (InvalidProtocolBufferException e) {
            this.logger.error("Failed to parse success response as EncryptedPrivateKey", (Throwable) e);
            throw new EncryptionKeyFetchingService.EncryptionKeyFetchingServiceException("Failed to parse success response as EncryptedPrivateKey", e);
        }
    }
}
