package engineering.everest.axon.cryptoshredding;

import engineering.everest.axon.cryptoshredding.encryption.KeyGenerator;
import engineering.everest.axon.cryptoshredding.exceptions.MissingEncryptionKeyRecordException;
import engineering.everest.axon.cryptoshredding.persistence.PersistableSecretKey;
import engineering.everest.axon.cryptoshredding.persistence.SecretKeyRepository;
import java.util.Optional;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

@Component
/* loaded from: input_file:engineering/everest/axon/cryptoshredding/CryptoShreddingKeyService.class */
public class CryptoShreddingKeyService {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(CryptoShreddingKeyService.class);
    private final SecretKeyRepository secretKeyRepository;
    private final KeyGenerator secretKeyGenerator;

    public CryptoShreddingKeyService(SecretKeyRepository secretKeyRepository, KeyGenerator keyGenerator) {
        this.secretKeyRepository = secretKeyRepository;
        this.secretKeyGenerator = keyGenerator;
    }

    @Transactional(propagation = Propagation.NOT_SUPPORTED)
    public Optional<SecretKey> getOrCreateSecretKeyUnlessDeleted(TypeDifferentiatedSecretKeyId typeDifferentiatedSecretKeyId) {
        Optional findById = this.secretKeyRepository.findById(typeDifferentiatedSecretKeyId);
        if (!findById.isEmpty()) {
            return createSecretKeyOrEmptyOptional((PersistableSecretKey) findById.get());
        }
        LOGGER.trace("Creating crypto shredding key {}", typeDifferentiatedSecretKeyId.toString());
        return Optional.of(this.secretKeyRepository.create(typeDifferentiatedSecretKeyId, this.secretKeyGenerator.generateKey()));
    }

    @Transactional(propagation = Propagation.NOT_SUPPORTED)
    public Optional<SecretKey> getExistingSecretKey(TypeDifferentiatedSecretKeyId typeDifferentiatedSecretKeyId) {
        Optional findById = this.secretKeyRepository.findById(typeDifferentiatedSecretKeyId);
        if (findById.isEmpty()) {
            throw new MissingEncryptionKeyRecordException(typeDifferentiatedSecretKeyId.getKeyId(), typeDifferentiatedSecretKeyId.getKeyType());
        }
        LOGGER.trace("Retrieved crypto shredding key {}", typeDifferentiatedSecretKeyId.toString());
        return createSecretKeyOrEmptyOptional((PersistableSecretKey) findById.get());
    }

    @Transactional(propagation = Propagation.NOT_SUPPORTED)
    public void deleteSecretKey(TypeDifferentiatedSecretKeyId typeDifferentiatedSecretKeyId) {
        PersistableSecretKey persistableSecretKey = (PersistableSecretKey) this.secretKeyRepository.findById(typeDifferentiatedSecretKeyId).orElseThrow(() -> {
            return new MissingEncryptionKeyRecordException(typeDifferentiatedSecretKeyId.getKeyId(), typeDifferentiatedSecretKeyId.getKeyType());
        });
        if (persistableSecretKey.getKey() == null && persistableSecretKey.getAlgorithm() == null) {
            return;
        }
        persistableSecretKey.setAlgorithm(null);
        persistableSecretKey.setKey(null);
        this.secretKeyRepository.save(persistableSecretKey);
        LOGGER.trace("Permanently deleted crypto shredding key {}", typeDifferentiatedSecretKeyId.toString());
    }

    private Optional<SecretKey> createSecretKeyOrEmptyOptional(PersistableSecretKey persistableSecretKey) {
        return (persistableSecretKey.getAlgorithm() == null || persistableSecretKey.getKey() == null) ? Optional.empty() : Optional.of(new SecretKeySpec(persistableSecretKey.getKey(), persistableSecretKey.getAlgorithm()));
    }
}
