package com.mulesoft.connector.lib.keyvault.client;

import com.azure.core.exception.HttpResponseException;
import com.azure.core.exception.ResourceModifiedException;
import com.azure.core.exception.ResourceNotFoundException;
import com.azure.security.keyvault.certificates.CertificateClient;
import com.azure.security.keyvault.certificates.models.CertificatePolicy;
import com.azure.security.keyvault.certificates.models.CertificateProperties;
import com.azure.security.keyvault.certificates.models.KeyVaultCertificate;
import com.azure.security.keyvault.certificates.models.KeyVaultCertificateWithPolicy;
import com.azure.security.keyvault.keys.cryptography.models.EncryptionAlgorithm;
import com.azure.security.keyvault.secrets.SecretClient;
import com.azure.security.keyvault.secrets.models.KeyVaultSecret;
import com.azure.security.keyvault.secrets.models.SecretProperties;
import com.microsoft.aad.msal4j.MsalServiceException;
import com.mulesoft.connector.lib.keyvault.api.CryptographyResult;
import com.mulesoft.connector.lib.keyvault.api.VaultCertificate;
import com.mulesoft.connector.lib.keyvault.api.VaultEncryptionAlgorithm;
import com.mulesoft.connector.lib.keyvault.api.VaultSecret;
import com.mulesoft.connector.lib.keyvault.crypto.CryptoClientProvider;
import com.mulesoft.connector.lib.keyvault.error.AuthenticationException;
import com.mulesoft.connector.lib.keyvault.error.CertificateNotFoundException;
import com.mulesoft.connector.lib.keyvault.error.DecryptException;
import com.mulesoft.connector.lib.keyvault.error.EncryptException;
import com.mulesoft.connector.lib.keyvault.error.InvalidHostException;
import com.mulesoft.connector.lib.keyvault.error.SecretNotFoundException;
import java.net.UnknownHostException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connector/lib/keyvault/client/KeyVaultClientImpl.class */
class KeyVaultClientImpl implements KeyVaultClient {
    private static final Logger logger = LoggerFactory.getLogger(KeyVaultClientImpl.class);
    private final SecretClient secretClient;
    private final CertificateClient certificateClient;
    private final CryptoClientProvider cryptoClientProvider;

    public KeyVaultClientImpl(SecretClient secretClient, CertificateClient certificateClient, CryptoClientProvider cryptoClientProvider) {
        this.secretClient = secretClient;
        this.certificateClient = certificateClient;
        this.cryptoClientProvider = cryptoClientProvider;
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public VaultSecret getSecret(String str, String str2) {
        try {
            KeyVaultSecret secret = str2 == null ? this.secretClient.getSecret(str) : this.secretClient.getSecret(str, str2);
            SecretProperties properties = secret.getProperties();
            return new VaultSecret(secret.getValue(), secret.getId(), properties.getVersion(), properties.isEnabled(), properties.getNotBefore(), properties.getExpiresOn(), properties.getCreatedOn(), properties.getUpdatedOn(), secret.getName(), properties.getRecoveryLevel(), properties.getContentType());
        } catch (MsalServiceException e) {
            throw new AuthenticationException(e);
        } catch (HttpResponseException e2) {
            String message = e2.getMessage();
            if (message.contains("The request URI contains an invalid name") || message.contains("Method GET does not allow operation '" + str2) || message.contains("Bad Request")) {
                throw new SecretNotFoundException(str, str2, e2);
            }
            throw e2;
        } catch (Exception e3) {
            if (e3.getCause() instanceof UnknownHostException) {
                throw new InvalidHostException(this.secretClient.getVaultUrl(), e3);
            }
            throw e3;
        } catch (ResourceNotFoundException e4) {
            if (e4.getMessage().contains("VaultNotFound")) {
                throw new InvalidHostException(this.secretClient.getVaultUrl(), e4);
            }
            throw new SecretNotFoundException(str, e4);
        }
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public VaultSecret getSecret(String str) {
        return getSecret(str, null);
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public CryptographyResult encryptMessage(String str, VaultEncryptionAlgorithm vaultEncryptionAlgorithm, byte[] bArr) {
        return encryptMessage(str, vaultEncryptionAlgorithm, bArr, null);
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public CryptographyResult encryptMessage(String str, VaultEncryptionAlgorithm vaultEncryptionAlgorithm, byte[] bArr, String str2) {
        try {
            return new CryptographyResult(this.cryptoClientProvider.getCryptoClient(str, str2).encrypt(EncryptionAlgorithm.fromString(vaultEncryptionAlgorithm.getName()), bArr).getCipherText(), str, vaultEncryptionAlgorithm);
        } catch (UnsupportedOperationException e) {
            throw new EncryptException(e.getMessage(), e);
        } catch (ResourceModifiedException e2) {
            throw new EncryptException(str, str2, vaultEncryptionAlgorithm, e2);
        }
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public CryptographyResult decryptMessage(String str, VaultEncryptionAlgorithm vaultEncryptionAlgorithm, byte[] bArr) {
        return decryptMessage(str, vaultEncryptionAlgorithm, bArr, null);
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public CryptographyResult decryptMessage(String str, VaultEncryptionAlgorithm vaultEncryptionAlgorithm, byte[] bArr, String str2) {
        return decryptMessage(str, vaultEncryptionAlgorithm, bArr, str2, true);
    }

    private CryptographyResult decryptMessage(String str, VaultEncryptionAlgorithm vaultEncryptionAlgorithm, byte[] bArr, String str2, boolean z) {
        try {
            return new CryptographyResult(this.cryptoClientProvider.getCryptoClient(str, str2).decrypt(EncryptionAlgorithm.fromString(vaultEncryptionAlgorithm.getName()), bArr).getPlainText(), str, vaultEncryptionAlgorithm);
        } catch (UnsupportedOperationException e) {
            throw new DecryptException(e.getMessage(), e);
        } catch (ResourceModifiedException e2) {
            logger.warn("Decrypting failed, reattempting with newest version of key");
            if (z) {
                return decryptMessage(str, vaultEncryptionAlgorithm, bArr, str2, false);
            }
            throw new DecryptException(str, str2, vaultEncryptionAlgorithm, e2);
        }
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public boolean testConnection() {
        try {
            this.secretClient.listPropertiesOfSecrets().iterator().hasNext();
            return true;
        } catch (Exception e) {
            if (e.getCause() instanceof UnknownHostException) {
                throw new InvalidHostException(this.secretClient.getVaultUrl(), e);
            }
            throw e;
        } catch (MsalServiceException e2) {
            throw new AuthenticationException(e2);
        }
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public VaultCertificate getCertificate(String str) {
        try {
            KeyVaultCertificateWithPolicy certificate = this.certificateClient.getCertificate(str);
            CertificateProperties properties = certificate.getProperties();
            CertificatePolicy policy = certificate.getPolicy();
            return new VaultCertificate(certificate.getCer(), certificate.getKeyId(), certificate.getSecretId(), properties.isEnabled().booleanValue(), properties.getNotBefore(), properties.getExpiresOn(), properties.getCreatedOn(), properties.getUpdatedOn(), properties.getRecoveryLevel(), properties.getVersion(), properties.getName(), properties.getId(), getSecret(properties.getName(), properties.getVersion()), policy.getContentType().toString(), policy.getCertificateType(), policy.getKeyType().toString());
        } catch (HttpResponseException e) {
            if (e.getMessage().contains("The request URI contains an invalid name")) {
                throw new CertificateNotFoundException(str, e);
            }
            throw e;
        } catch (Exception e2) {
            if (e2.getCause() instanceof UnknownHostException) {
                throw new InvalidHostException(this.certificateClient.getVaultUrl(), e2);
            }
            throw e2;
        } catch (MsalServiceException e3) {
            throw new AuthenticationException(e3);
        } catch (ResourceNotFoundException e4) {
            if (e4.getMessage().contains("VaultNotFound")) {
                throw new InvalidHostException(this.secretClient.getVaultUrl(), e4);
            }
            throw new CertificateNotFoundException(str, e4);
        }
    }

    @Override // com.mulesoft.connector.lib.keyvault.client.KeyVaultClient
    public VaultCertificate getCertificate(String str, String str2) {
        try {
            KeyVaultCertificate certificateVersion = this.certificateClient.getCertificateVersion(str, str2);
            CertificateProperties properties = certificateVersion.getProperties();
            return new VaultCertificate(certificateVersion.getCer(), certificateVersion.getKeyId(), certificateVersion.getSecretId(), properties.isEnabled(), properties.getNotBefore(), properties.getExpiresOn(), properties.getCreatedOn(), properties.getUpdatedOn(), properties.getRecoveryLevel(), properties.getVersion(), properties.getName(), properties.getId());
        } catch (HttpResponseException e) {
            String message = e.getMessage();
            if (message.contains("The request URI contains an invalid name") || message.contains("Method GET does not allow operation '" + str2)) {
                throw new CertificateNotFoundException(str, str2, e);
            }
            throw e;
        } catch (ResourceNotFoundException e2) {
            if (e2.getMessage().contains("VaultNotFound")) {
                throw new InvalidHostException(this.secretClient.getVaultUrl(), e2);
            }
            throw new CertificateNotFoundException(str, e2);
        } catch (MsalServiceException e3) {
            throw new AuthenticationException(e3);
        } catch (Exception e4) {
            if (e4.getCause() instanceof UnknownHostException) {
                throw new InvalidHostException(this.certificateClient.getVaultUrl(), e4);
            }
            throw e4;
        }
    }
}
