package com.google.aggregate.adtech.worker.selector;

import com.google.auth.oauth2.GoogleCredentials;
import com.google.crypto.tink.integration.gcpkms.GcpKmsClient;
import com.google.inject.BindingAnnotation;
import com.google.inject.Module;
import com.google.inject.Provides;
import com.google.inject.Singleton;
import com.google.scp.operator.cpio.configclient.Annotations;
import com.google.scp.operator.cpio.configclient.aws.Annotations;
import com.google.scp.operator.cpio.configclient.gcp.Annotations;
import com.google.scp.operator.cpio.cryptoclient.Annotations;
import com.google.scp.operator.cpio.cryptoclient.DecryptionKeyService;
import com.google.scp.operator.cpio.cryptoclient.DecryptionKeyServiceModule;
import com.google.scp.operator.cpio.cryptoclient.EncryptionKeyFetchingService;
import com.google.scp.operator.cpio.cryptoclient.HttpEncryptionKeyFetchingService;
import com.google.scp.operator.cpio.cryptoclient.MultiPartyDecryptionKeyServiceImpl;
import com.google.scp.operator.cpio.cryptoclient.aws.Annotations;
import com.google.scp.shared.api.util.HttpClientWrapper;
import com.google.scp.shared.aws.credsprovider.AwsSessionCredentialsProvider;
import com.google.scp.shared.clients.configclient.aws.AwsClientConfigModule;
import com.google.scp.shared.crypto.tink.CloudAeadSelector;
import com.google.scp.shared.crypto.tink.aws.AwsTinkUtil;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.Optional;
import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
import software.amazon.awssdk.http.SdkHttpClient;
import software.amazon.awssdk.http.apache.ApacheHttpClient;

/* loaded from: input_file:com/google/aggregate/adtech/worker/selector/DecryptionKeyClientSelector.class */
public enum DecryptionKeyClientSelector {
    LOCAL_FILE_DECRYPTION_KEY_SERVICE(new DecryptionKeyServiceModule() { // from class: com.google.scp.operator.cpio.cryptoclient.local.LocalFileDecryptionKeyServiceModule

        @Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
        @BindingAnnotation
        @Retention(RetentionPolicy.RUNTIME)
        /* loaded from: input_file:com/google/scp/operator/cpio/cryptoclient/local/LocalFileDecryptionKeyServiceModule$DecryptionKeyFilePath.class */
        public @interface DecryptionKeyFilePath {
        }

        @Override // com.google.scp.operator.cpio.cryptoclient.DecryptionKeyServiceModule
        public Class<? extends DecryptionKeyService> getDecryptionKeyServiceImplementation() {
            return LocalFileDecryptionKeyService.class;
        }
    }),
    GCP_KMS_MULTI_PARTY_DECRYPTION_KEY_SERVICE(new DecryptionKeyServiceModule() { // from class: com.google.scp.operator.cpio.cryptoclient.gcp.GcpKmsMultiPartyDecryptionKeyServiceModule
        @Override // com.google.scp.operator.cpio.cryptoclient.DecryptionKeyServiceModule
        public Class<? extends DecryptionKeyService> getDecryptionKeyServiceImplementation() {
            return MultiPartyDecryptionKeyServiceImpl.class;
        }

        @MultiPartyDecryptionKeyServiceImpl.CoordinatorAEncryptionKeyFetchingService
        @Singleton
        @Provides
        public EncryptionKeyFetchingService provideCoordinatorAEncryptionKeyFetchingService(@Annotations.CoordinatorAHttpClient HttpClientWrapper httpClientWrapper, @Annotations.CoordinatorAEncryptionKeyServiceBaseUrl String str) {
            return new HttpEncryptionKeyFetchingService(httpClientWrapper, str);
        }

        @MultiPartyDecryptionKeyServiceImpl.CoordinatorBEncryptionKeyFetchingService
        @Singleton
        @Provides
        public EncryptionKeyFetchingService provideCoordinatorBEncryptionKeyFetchingService(@Annotations.CoordinatorBHttpClient HttpClientWrapper httpClientWrapper, @Annotations.CoordinatorBEncryptionKeyServiceBaseUrl String str) {
            return new HttpEncryptionKeyFetchingService(httpClientWrapper, str);
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorAAead
        CloudAeadSelector provideCoordinatorAKmsClient(@Annotations.CoordinatorACredentials GoogleCredentials googleCredentials, GcpKmsDecryptionKeyServiceConfig gcpKmsDecryptionKeyServiceConfig) {
            return gcpKmsDecryptionKeyServiceConfig.coordinatorAAead().isPresent() ? str -> {
                return gcpKmsDecryptionKeyServiceConfig.coordinatorAAead().get();
            } : str2 -> {
                GcpKmsClient gcpKmsClient = new GcpKmsClient();
                try {
                    gcpKmsClient.withCredentials(googleCredentials);
                    return gcpKmsClient.getAead(str2);
                } catch (GeneralSecurityException e) {
                    throw new RuntimeException(String.format("Error getting gcloud Aead with uri %s.", str2), e);
                }
            };
        }

        @Annotations.CoordinatorBAead
        @Singleton
        @Provides
        CloudAeadSelector provideCoordinatorBKmsClient(@Annotations.CoordinatorBCredentials GoogleCredentials googleCredentials, GcpKmsDecryptionKeyServiceConfig gcpKmsDecryptionKeyServiceConfig) {
            return gcpKmsDecryptionKeyServiceConfig.coordinatorBAead().isPresent() ? str -> {
                return gcpKmsDecryptionKeyServiceConfig.coordinatorBAead().get();
            } : str2 -> {
                GcpKmsClient gcpKmsClient = new GcpKmsClient();
                try {
                    gcpKmsClient.withCredentials(googleCredentials);
                    return gcpKmsClient.getAead(str2);
                } catch (GeneralSecurityException e) {
                    throw new RuntimeException(String.format("Error getting gcloud Aead with uri %s.", str2), e);
                }
            };
        }
    }),
    AWS_KMS_MULTI_PARTY_DECRYPTION_KEY_SERVICE(new DecryptionKeyServiceModule() { // from class: com.google.scp.operator.cpio.cryptoclient.aws.AwsKmsMultiPartyDecryptionKeyServiceModule
        @Override // com.google.scp.operator.cpio.cryptoclient.DecryptionKeyServiceModule
        public Class<? extends DecryptionKeyService> getDecryptionKeyServiceImplementation() {
            return MultiPartyDecryptionKeyServiceImpl.class;
        }

        @MultiPartyDecryptionKeyServiceImpl.CoordinatorAEncryptionKeyFetchingService
        @Singleton
        @Provides
        public EncryptionKeyFetchingService provideCoordinatorAEncryptionKeyFetchingService(@Annotations.CoordinatorAHttpClient HttpClientWrapper httpClientWrapper, @Annotations.CoordinatorAEncryptionKeyServiceBaseUrl String str) {
            return new HttpEncryptionKeyFetchingService(httpClientWrapper, str);
        }

        @MultiPartyDecryptionKeyServiceImpl.CoordinatorBEncryptionKeyFetchingService
        @Singleton
        @Provides
        public EncryptionKeyFetchingService provideCoordinatorBEncryptionKeyFetchingService(@Annotations.CoordinatorBHttpClient HttpClientWrapper httpClientWrapper, @Annotations.CoordinatorBEncryptionKeyServiceBaseUrl String str) {
            return new HttpEncryptionKeyFetchingService(httpClientWrapper, str);
        }

        private static CloudAeadSelector createCloudAeadSelector(String str, String str2, URI uri, AwsSessionCredentialsProvider awsSessionCredentialsProvider) throws GeneralSecurityException {
            SdkHttpClient build = ApacheHttpClient.builder().mo12755build();
            Optional filter = Optional.of(uri).filter(uri2 -> {
                return !uri2.toString().isEmpty();
            });
            AwsCredentialsProvider awsCredentialsProvider = awsSessionCredentialsProvider;
            if (!str.isEmpty() && !str2.isEmpty()) {
                awsCredentialsProvider = StaticCredentialsProvider.create(AwsBasicCredentials.create(str, str2));
            }
            return AwsTinkUtil.getKmsAeadSelector(awsCredentialsProvider, build, filter);
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorAAead
        CloudAeadSelector provideCoordinatorAKmsClient(@Annotations.KmsEndpointOverride URI uri, @AwsClientConfigModule.AwsCredentialAccessKey String str, @AwsClientConfigModule.AwsCredentialSecretKey String str2, @Annotations.CoordinatorACredentialsProvider AwsSessionCredentialsProvider awsSessionCredentialsProvider) throws GeneralSecurityException {
            return createCloudAeadSelector(str, str2, uri, awsSessionCredentialsProvider);
        }

        @Annotations.CoordinatorBAead
        @Singleton
        @Provides
        CloudAeadSelector provideCoordinatorBKmsClient(@Annotations.KmsEndpointOverride URI uri, @AwsClientConfigModule.AwsCredentialAccessKey String str, @AwsClientConfigModule.AwsCredentialSecretKey String str2, @Annotations.CoordinatorBCredentialsProvider AwsSessionCredentialsProvider awsSessionCredentialsProvider) throws GeneralSecurityException {
            return createCloudAeadSelector(str, str2, uri, awsSessionCredentialsProvider);
        }
    }),
    AWS_ENCLAVE_CLI_MULTI_PARTY_DECRYPTION_KEY_SERVICE(new DecryptionKeyServiceModule() { // from class: com.google.scp.operator.cpio.cryptoclient.aws.AwsEnclaveMultiPartyDecryptionKeyServiceModule
        @Override // com.google.scp.operator.cpio.cryptoclient.DecryptionKeyServiceModule
        public Class<? extends DecryptionKeyService> getDecryptionKeyServiceImplementation() {
            return MultiPartyDecryptionKeyServiceImpl.class;
        }

        @MultiPartyDecryptionKeyServiceImpl.CoordinatorAEncryptionKeyFetchingService
        @Singleton
        @Provides
        public EncryptionKeyFetchingService provideCoordinatorAEncryptionKeyFetchingService(@Annotations.CoordinatorAHttpClient HttpClientWrapper httpClientWrapper, @Annotations.CoordinatorAEncryptionKeyServiceBaseUrl String str) {
            return new HttpEncryptionKeyFetchingService(httpClientWrapper, str);
        }

        @MultiPartyDecryptionKeyServiceImpl.CoordinatorBEncryptionKeyFetchingService
        @Singleton
        @Provides
        public EncryptionKeyFetchingService provideCoordinatorBEncryptionKeyFetchingService(@Annotations.CoordinatorBHttpClient HttpClientWrapper httpClientWrapper, @Annotations.CoordinatorBEncryptionKeyServiceBaseUrl String str) {
            return new HttpEncryptionKeyFetchingService(httpClientWrapper, str);
        }

        @Singleton
        @Provides
        @Annotations.CoordinatorAAead
        CloudAeadSelector provideCoordinatorAAead(@Annotations.CoordinatorACredentialsProvider AwsSessionCredentialsProvider awsSessionCredentialsProvider) {
            return AwsTinkUtil.getEnclaveAeadSelector(awsSessionCredentialsProvider);
        }

        @Annotations.CoordinatorBAead
        @Singleton
        @Provides
        CloudAeadSelector provideCoordinatorBAead(@Annotations.CoordinatorBCredentialsProvider AwsSessionCredentialsProvider awsSessionCredentialsProvider) {
            return AwsTinkUtil.getEnclaveAeadSelector(awsSessionCredentialsProvider);
        }
    });

    private final Module decryptionKeyServiceModule;

    DecryptionKeyClientSelector(Module module) {
        this.decryptionKeyServiceModule = module;
    }

    public Module getDecryptionKeyClientModule() {
        return this.decryptionKeyServiceModule;
    }
}
