package com.mastercard.developer.encryption;

import com.mastercard.developer.encryption.EncryptionConfig;
import com.mastercard.developer.encryption.FieldLevelEncryptionConfig;
import com.mastercard.developer.utils.EncodingUtils;
import com.mastercard.developer.utils.StringUtils;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.spec.MGF1ParameterSpec;

/* loaded from: input_file:com/mastercard/developer/encryption/FieldLevelEncryptionConfigBuilder.class */
public class FieldLevelEncryptionConfigBuilder extends EncryptionConfigBuilder {
    private String encryptionCertificateFingerprint;
    private String oaepPaddingDigestAlgorithm;
    private String ivFieldName;
    private String ivHeaderName;
    private String oaepPaddingDigestAlgorithmFieldName;
    private String oaepPaddingDigestAlgorithmHeaderName;
    private String encryptedKeyFieldName;
    private String encryptedKeyHeaderName;
    private String encryptionCertificateFingerprintFieldName;
    private String encryptionCertificateFingerprintHeaderName;
    private String encryptionKeyFingerprintFieldName;
    private String encryptionKeyFingerprintHeaderName;
    private FieldLevelEncryptionConfig.FieldValueEncoding fieldValueEncoding;

    public static FieldLevelEncryptionConfigBuilder aFieldLevelEncryptionConfig() {
        return new FieldLevelEncryptionConfigBuilder();
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionCertificate(Certificate certificate) {
        this.encryptionCertificate = certificate;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionCertificateFingerprint(String str) {
        this.encryptionCertificateFingerprint = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionKeyFingerprint(String str) {
        this.encryptionKeyFingerprint = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withDecryptionKey(PrivateKey privateKey) {
        this.decryptionKey = privateKey;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionPath(String str, String str2) {
        this.encryptionPaths.put(str, str2);
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withDecryptionPath(String str, String str2) {
        this.decryptionPaths.put(str, str2);
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withOaepPaddingDigestAlgorithm(String str) {
        this.oaepPaddingDigestAlgorithm = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withIvFieldName(String str) {
        this.ivFieldName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withOaepPaddingDigestAlgorithmFieldName(String str) {
        this.oaepPaddingDigestAlgorithmFieldName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptedKeyFieldName(String str) {
        this.encryptedKeyFieldName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptedValueFieldName(String str) {
        this.encryptedValueFieldName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionCertificateFingerprintFieldName(String str) {
        this.encryptionCertificateFingerprintFieldName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionKeyFingerprintFieldName(String str) {
        this.encryptionKeyFingerprintFieldName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withFieldValueEncoding(FieldLevelEncryptionConfig.FieldValueEncoding fieldValueEncoding) {
        this.fieldValueEncoding = fieldValueEncoding;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withIvHeaderName(String str) {
        this.ivHeaderName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withOaepPaddingDigestAlgorithmHeaderName(String str) {
        this.oaepPaddingDigestAlgorithmHeaderName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptedKeyHeaderName(String str) {
        this.encryptedKeyHeaderName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionCertificateFingerprintHeaderName(String str) {
        this.encryptionCertificateFingerprintHeaderName = str;
        return this;
    }

    public FieldLevelEncryptionConfigBuilder withEncryptionKeyFingerprintHeaderName(String str) {
        this.encryptionKeyFingerprintHeaderName = str;
        return this;
    }

    public FieldLevelEncryptionConfig build() throws EncryptionException {
        checkJsonPathParameterValues();
        checkParameterValues();
        checkParameterConsistency();
        computeEncryptionCertificateFingerprintWhenNeeded();
        computeEncryptionKeyFingerprintWhenNeeded();
        FieldLevelEncryptionConfig fieldLevelEncryptionConfig = new FieldLevelEncryptionConfig();
        fieldLevelEncryptionConfig.encryptionCertificateFingerprintFieldName = this.encryptionCertificateFingerprintFieldName;
        fieldLevelEncryptionConfig.encryptionKeyFingerprintFieldName = this.encryptionKeyFingerprintFieldName;
        fieldLevelEncryptionConfig.encryptionCertificateFingerprint = this.encryptionCertificateFingerprint;
        fieldLevelEncryptionConfig.encryptionKeyFingerprint = this.encryptionKeyFingerprint;
        fieldLevelEncryptionConfig.decryptionKey = this.decryptionKey;
        fieldLevelEncryptionConfig.encryptionPaths = this.encryptionPaths;
        fieldLevelEncryptionConfig.encryptionCertificate = this.encryptionCertificate;
        fieldLevelEncryptionConfig.oaepPaddingDigestAlgorithm = this.oaepPaddingDigestAlgorithm;
        fieldLevelEncryptionConfig.ivFieldName = this.ivFieldName;
        fieldLevelEncryptionConfig.oaepPaddingDigestAlgorithmFieldName = this.oaepPaddingDigestAlgorithmFieldName;
        fieldLevelEncryptionConfig.decryptionPaths = this.decryptionPaths;
        fieldLevelEncryptionConfig.encryptedKeyFieldName = this.encryptedKeyFieldName;
        fieldLevelEncryptionConfig.fieldValueEncoding = this.fieldValueEncoding;
        fieldLevelEncryptionConfig.encryptedValueFieldName = this.encryptedValueFieldName;
        fieldLevelEncryptionConfig.ivHeaderName = this.ivHeaderName;
        fieldLevelEncryptionConfig.oaepPaddingDigestAlgorithmHeaderName = this.oaepPaddingDigestAlgorithmHeaderName;
        fieldLevelEncryptionConfig.encryptedKeyHeaderName = this.encryptedKeyHeaderName;
        fieldLevelEncryptionConfig.encryptionCertificateFingerprintHeaderName = this.encryptionCertificateFingerprintHeaderName;
        fieldLevelEncryptionConfig.encryptionKeyFingerprintHeaderName = this.encryptionKeyFingerprintHeaderName;
        fieldLevelEncryptionConfig.scheme = EncryptionConfig.Scheme.LEGACY;
        return fieldLevelEncryptionConfig;
    }

    private void checkParameterValues() {
        if (this.oaepPaddingDigestAlgorithm == null) {
            throw new IllegalArgumentException("The digest algorithm for OAEP cannot be null!");
        }
        if (!MGF1ParameterSpec.SHA256.getDigestAlgorithm().equals(this.oaepPaddingDigestAlgorithm) && !MGF1ParameterSpec.SHA512.getDigestAlgorithm().equals(this.oaepPaddingDigestAlgorithm)) {
            throw new IllegalArgumentException(String.format("Unsupported OAEP digest algorithm: %s!", this.oaepPaddingDigestAlgorithm));
        }
        if (this.fieldValueEncoding == null) {
            throw new IllegalArgumentException("Value encoding for fields and headers cannot be null!");
        }
        if (this.ivFieldName == null && this.ivHeaderName == null) {
            throw new IllegalArgumentException("At least one of IV field name or IV header name must be set!");
        }
        if (this.encryptedKeyFieldName == null && this.encryptedKeyHeaderName == null) {
            throw new IllegalArgumentException("At least one of encrypted key field name or encrypted key header name must be set!");
        }
        if (this.encryptedValueFieldName == null) {
            throw new IllegalArgumentException("Encrypted value field name cannot be null!");
        }
    }

    private void checkParameterConsistency() {
        if (!this.decryptionPaths.isEmpty() && this.decryptionKey == null) {
            throw new IllegalArgumentException("Can't decrypt without decryption key!");
        }
        if (!this.encryptionPaths.isEmpty() && this.encryptionCertificate == null) {
            throw new IllegalArgumentException("Can't encrypt without encryption key!");
        }
        if ((this.ivHeaderName != null && this.encryptedKeyHeaderName == null) || (this.ivHeaderName == null && this.encryptedKeyHeaderName != null)) {
            throw new IllegalArgumentException("IV header name and encrypted key header name must be both set or both unset!");
        }
        if ((this.ivFieldName != null && this.encryptedKeyFieldName == null) || (this.ivFieldName == null && this.encryptedKeyFieldName != null)) {
            throw new IllegalArgumentException("IV field name and encrypted key field name must be both set or both unset!");
        }
    }

    private void computeEncryptionCertificateFingerprintWhenNeeded() throws EncryptionException {
        try {
            if (this.encryptionCertificate == null || !StringUtils.isNullOrEmpty(this.encryptionCertificateFingerprint)) {
                return;
            }
            this.encryptionCertificateFingerprint = EncodingUtils.encodeBytes(sha256digestBytes(this.encryptionCertificate.getEncoded()), FieldLevelEncryptionConfig.FieldValueEncoding.HEX);
        } catch (Exception e) {
            throw new EncryptionException("Failed to compute encryption certificate fingerprint!", e);
        }
    }
}
