package com.mongodb.client.internal;

import com.mongodb.ClientEncryptionSettings;
import com.mongodb.MongoClientSettings;
import com.mongodb.MongoConfigurationException;
import com.mongodb.MongoNamespace;
import com.mongodb.MongoUpdatedEncryptedFieldsException;
import com.mongodb.ReadConcern;
import com.mongodb.WriteConcern;
import com.mongodb.assertions.Assertions;
import com.mongodb.client.FindIterable;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;
import com.mongodb.client.model.CreateCollectionOptions;
import com.mongodb.client.model.CreateEncryptedCollectionParams;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.UpdateOneModel;
import com.mongodb.client.model.Updates;
import com.mongodb.client.model.vault.DataKeyOptions;
import com.mongodb.client.model.vault.EncryptOptions;
import com.mongodb.client.model.vault.RewrapManyDataKeyOptions;
import com.mongodb.client.model.vault.RewrapManyDataKeyResult;
import com.mongodb.client.result.DeleteResult;
import com.mongodb.client.vault.ClientEncryption;
import com.mongodb.internal.capi.MongoCryptHelper;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import org.bson.BsonArray;
import org.bson.BsonBinary;
import org.bson.BsonDocument;
import org.bson.BsonNull;
import org.bson.BsonString;
import org.bson.BsonValue;
import org.bson.conversions.Bson;

/* loaded from: input_file:com/mongodb/client/internal/ClientEncryptionImpl.class */
public class ClientEncryptionImpl implements ClientEncryption {
    private final Crypt crypt;
    private final ClientEncryptionSettings options;
    private final MongoClient keyVaultClient;
    private final MongoCollection<BsonDocument> collection;

    public ClientEncryptionImpl(ClientEncryptionSettings clientEncryptionSettings) {
        this(MongoClients.create(clientEncryptionSettings.getKeyVaultMongoClientSettings()), clientEncryptionSettings);
    }

    public ClientEncryptionImpl(MongoClient mongoClient, ClientEncryptionSettings clientEncryptionSettings) {
        this.keyVaultClient = mongoClient;
        this.crypt = Crypts.create(mongoClient, clientEncryptionSettings);
        this.options = clientEncryptionSettings;
        MongoNamespace mongoNamespace = new MongoNamespace(clientEncryptionSettings.getKeyVaultNamespace());
        this.collection = mongoClient.getDatabase(mongoNamespace.getDatabaseName()).getCollection(mongoNamespace.getCollectionName(), BsonDocument.class).withWriteConcern(WriteConcern.MAJORITY).withReadConcern(ReadConcern.MAJORITY);
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonBinary createDataKey(String str) {
        return createDataKey(str, new DataKeyOptions());
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonBinary createDataKey(String str, DataKeyOptions dataKeyOptions) {
        BsonDocument createDataKey = this.crypt.createDataKey(str, dataKeyOptions);
        this.collection.insertOne(createDataKey);
        return createDataKey.getBinary("_id");
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonBinary encrypt(BsonValue bsonValue, EncryptOptions encryptOptions) {
        return this.crypt.encryptExplicitly(bsonValue, encryptOptions);
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonDocument encryptExpression(Bson bson, EncryptOptions encryptOptions) {
        return this.crypt.encryptExpression(bson.toBsonDocument(BsonDocument.class, this.collection.getCodecRegistry()), encryptOptions);
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonValue decrypt(BsonBinary bsonBinary) {
        return this.crypt.decryptExplicitly(bsonBinary);
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public DeleteResult deleteKey(BsonBinary bsonBinary) {
        return this.collection.deleteOne(Filters.eq("_id", bsonBinary));
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonDocument getKey(BsonBinary bsonBinary) {
        return this.collection.find(Filters.eq("_id", bsonBinary)).first();
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public FindIterable<BsonDocument> getKeys() {
        return this.collection.find();
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonDocument addKeyAltName(BsonBinary bsonBinary, String str) {
        return this.collection.findOneAndUpdate(Filters.eq("_id", bsonBinary), Updates.addToSet("keyAltNames", str));
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonDocument removeKeyAltName(BsonBinary bsonBinary, String str) {
        return this.collection.findOneAndUpdate(Filters.eq("_id", bsonBinary), Collections.singletonList(new BsonDocument().append("$set", new BsonDocument().append("keyAltNames", new BsonDocument().append("$cond", new BsonArray((List<? extends BsonValue>) Arrays.asList(new BsonDocument().append("$eq", new BsonArray((List<? extends BsonValue>) Arrays.asList(new BsonString("$keyAltNames"), new BsonArray((List<? extends BsonValue>) Collections.singletonList(new BsonString(str)))))), new BsonString("$$REMOVE"), new BsonDocument().append("$filter", new BsonDocument().append("input", new BsonString("$keyAltNames")).append("cond", new BsonDocument().append("$ne", new BsonArray((List<? extends BsonValue>) Arrays.asList(new BsonString("$$this"), new BsonString(str)))))))))))));
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonDocument getKeyByAltName(String str) {
        return this.collection.find(Filters.eq("keyAltNames", str)).first();
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public RewrapManyDataKeyResult rewrapManyDataKey(Bson bson) {
        return rewrapManyDataKey(bson, new RewrapManyDataKeyOptions());
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public RewrapManyDataKeyResult rewrapManyDataKey(Bson bson, RewrapManyDataKeyOptions rewrapManyDataKeyOptions) {
        MongoCryptHelper.validateRewrapManyDataKeyOptions(rewrapManyDataKeyOptions);
        BsonDocument rewrapManyDataKey = this.crypt.rewrapManyDataKey(bson.toBsonDocument(BsonDocument.class, this.collection.getCodecRegistry()), rewrapManyDataKeyOptions);
        if (rewrapManyDataKey.isEmpty()) {
            return new RewrapManyDataKeyResult();
        }
        return new RewrapManyDataKeyResult(this.collection.bulkWrite((List) rewrapManyDataKey.getArray("v", new BsonArray()).stream().map(bsonValue -> {
            BsonDocument asDocument = bsonValue.asDocument();
            return new UpdateOneModel(Filters.eq(asDocument.get("_id")), Updates.combine(Updates.set("masterKey", asDocument.get("masterKey")), Updates.set("keyMaterial", asDocument.get("keyMaterial")), Updates.currentDate("updateDate")));
        }).collect(Collectors.toList())));
    }

    @Override // com.mongodb.client.vault.ClientEncryption
    public BsonDocument createEncryptedCollection(MongoDatabase mongoDatabase, String str, CreateCollectionOptions createCollectionOptions, CreateEncryptedCollectionParams createEncryptedCollectionParams) {
        Assertions.notNull("collectionName", str);
        Assertions.notNull("createCollectionOptions", createCollectionOptions);
        Assertions.notNull("createEncryptedCollectionParams", createEncryptedCollectionParams);
        MongoNamespace mongoNamespace = new MongoNamespace(mongoDatabase.getName(), str);
        Bson encryptedFields = createCollectionOptions.getEncryptedFields();
        if (encryptedFields == null) {
            throw new MongoConfigurationException(String.format("`encryptedFields` is not configured for the collection %s.", mongoNamespace));
        }
        BsonDocument bsonDocument = encryptedFields.toBsonDocument(BsonDocument.class, this.options.getKeyVaultMongoClientSettings() == null ? MongoClientSettings.getDefaultCodecRegistry() : this.options.getKeyVaultMongoClientSettings().getCodecRegistry());
        BsonValue bsonValue = bsonDocument.get("fields");
        if (bsonValue == null || !bsonValue.isArray()) {
            mongoDatabase.createCollection(str, createCollectionOptions);
            return bsonDocument;
        }
        String kmsProvider = createEncryptedCollectionParams.getKmsProvider();
        DataKeyOptions dataKeyOptions = new DataKeyOptions();
        BsonDocument masterKey = createEncryptedCollectionParams.getMasterKey();
        if (masterKey != null) {
            dataKeyOptions.masterKey(masterKey);
        }
        String str2 = "keyId";
        BsonDocument mo438clone = bsonDocument.mo438clone();
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        try {
            mo438clone.get("fields").asArray().stream().filter((v0) -> {
                return v0.isDocument();
            }).map((v0) -> {
                return v0.asDocument();
            }).filter(bsonDocument2 -> {
                return bsonDocument2.containsKey(str2);
            }).filter(bsonDocument3 -> {
                return Objects.equals(bsonDocument3.get((Object) str2), BsonNull.VALUE);
            }).forEachOrdered(bsonDocument4 -> {
                atomicBoolean.set(true);
                bsonDocument4.put(str2, (BsonValue) createDataKey(kmsProvider, dataKeyOptions));
            });
            mongoDatabase.createCollection(str, new CreateCollectionOptions(createCollectionOptions).encryptedFields(mo438clone));
            return mo438clone;
        } catch (Exception e) {
            if (atomicBoolean.get()) {
                throw new MongoUpdatedEncryptedFieldsException(mo438clone, String.format("Failed to create %s.", mongoNamespace), e);
            }
            throw e;
        }
    }

    @Override // com.mongodb.client.vault.ClientEncryption, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.crypt.close();
        this.keyVaultClient.close();
    }
}
