package com.azure.storage.blob.specialized.cryptography;

import com.azure.core.annotation.ServiceClientBuilder;
import com.azure.core.client.traits.AzureNamedKeyCredentialTrait;
import com.azure.core.client.traits.AzureSasCredentialTrait;
import com.azure.core.client.traits.ConfigurationTrait;
import com.azure.core.client.traits.ConnectionStringTrait;
import com.azure.core.client.traits.EndpointTrait;
import com.azure.core.client.traits.HttpTrait;
import com.azure.core.client.traits.TokenCredentialTrait;
import com.azure.core.credential.AzureNamedKeyCredential;
import com.azure.core.credential.AzureSasCredential;
import com.azure.core.credential.TokenCredential;
import com.azure.core.cryptography.AsyncKeyEncryptionKey;
import com.azure.core.cryptography.AsyncKeyEncryptionKeyResolver;
import com.azure.core.http.HttpClient;
import com.azure.core.http.HttpHeaders;
import com.azure.core.http.HttpPipeline;
import com.azure.core.http.HttpPipelineBuilder;
import com.azure.core.http.HttpPipelinePosition;
import com.azure.core.http.policy.AddDatePolicy;
import com.azure.core.http.policy.AddHeadersPolicy;
import com.azure.core.http.policy.AzureSasCredentialPolicy;
import com.azure.core.http.policy.BearerTokenAuthenticationPolicy;
import com.azure.core.http.policy.HttpLogOptions;
import com.azure.core.http.policy.HttpLoggingPolicy;
import com.azure.core.http.policy.HttpPipelinePolicy;
import com.azure.core.http.policy.HttpPolicyProviders;
import com.azure.core.http.policy.RequestIdPolicy;
import com.azure.core.http.policy.RetryOptions;
import com.azure.core.http.policy.UserAgentPolicy;
import com.azure.core.util.ClientOptions;
import com.azure.core.util.Configuration;
import com.azure.core.util.CoreUtils;
import com.azure.core.util.UserAgentUtil;
import com.azure.core.util.logging.ClientLogger;
import com.azure.storage.blob.BlobAsyncClient;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobServiceVersion;
import com.azure.storage.blob.BlobUrlParts;
import com.azure.storage.blob.implementation.models.EncryptionScope;
import com.azure.storage.blob.implementation.util.BlobUserAgentModificationPolicy;
import com.azure.storage.blob.implementation.util.BuilderHelper;
import com.azure.storage.blob.models.CpkInfo;
import com.azure.storage.blob.models.CustomerProvidedKey;
import com.azure.storage.common.StorageSharedKeyCredential;
import com.azure.storage.common.Utility;
import com.azure.storage.common.implementation.BuilderUtils;
import com.azure.storage.common.implementation.connectionstring.StorageAuthenticationSettings;
import com.azure.storage.common.implementation.connectionstring.StorageConnectionString;
import com.azure.storage.common.implementation.connectionstring.StorageEndpoint;
import com.azure.storage.common.implementation.credentials.CredentialValidator;
import com.azure.storage.common.policy.MetadataValidationPolicy;
import com.azure.storage.common.policy.RequestRetryOptions;
import com.azure.storage.common.policy.ResponseValidationPolicyBuilder;
import com.azure.storage.common.policy.ScrubEtagPolicy;
import com.azure.storage.common.policy.StorageSharedKeyCredentialPolicy;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

@ServiceClientBuilder(serviceClients = {EncryptedBlobAsyncClient.class, EncryptedBlobClient.class})
/* loaded from: input_file:com/azure/storage/blob/specialized/cryptography/EncryptedBlobClientBuilder.class */
public final class EncryptedBlobClientBuilder implements TokenCredentialTrait<EncryptedBlobClientBuilder>, ConnectionStringTrait<EncryptedBlobClientBuilder>, AzureNamedKeyCredentialTrait<EncryptedBlobClientBuilder>, AzureSasCredentialTrait<EncryptedBlobClientBuilder>, HttpTrait<EncryptedBlobClientBuilder>, ConfigurationTrait<EncryptedBlobClientBuilder>, EndpointTrait<EncryptedBlobClientBuilder> {
    private static final String USER_AGENT_MODIFICATION_REGEX = "(.*? )?(azsdk-java-azure-storage-blob/12\\.\\d{1,2}\\.\\d{1,2}(?:-beta\\.\\d{1,2})?)( .*?)?";
    private String endpoint;
    private String accountName;
    private String containerName;
    private String blobName;
    private String snapshot;
    private String versionId;
    private boolean requiresEncryption;
    private final EncryptionVersion encryptionVersion;
    private StorageSharedKeyCredential storageSharedKeyCredential;
    private TokenCredential tokenCredential;
    private AzureSasCredential azureSasCredential;
    private String sasToken;
    private HttpClient httpClient;
    private final List<HttpPipelinePolicy> perCallPolicies;
    private final List<HttpPipelinePolicy> perRetryPolicies;
    private HttpLogOptions logOptions;
    private RequestRetryOptions retryOptions;
    private RetryOptions coreRetryOptions;
    private HttpPipeline httpPipeline;
    private ClientOptions clientOptions;
    private Configuration configuration;
    private AsyncKeyEncryptionKey keyWrapper;
    private AsyncKeyEncryptionKeyResolver keyResolver;
    private String keyWrapAlgorithm;
    private BlobServiceVersion version;
    private CpkInfo customerProvidedKey;
    private EncryptionScope encryptionScope;
    private static final ClientLogger LOGGER = new ClientLogger(EncryptedBlobClientBuilder.class);
    private static final Map<String, String> PROPERTIES = CoreUtils.getProperties("azure-storage-blob-cryptography.properties");
    private static final String SDK_NAME = "name";
    private static final String CLIENT_NAME = PROPERTIES.getOrDefault(SDK_NAME, "UnknownName");
    private static final String SDK_VERSION = "version";
    private static final String CLIENT_VERSION = PROPERTIES.getOrDefault(SDK_VERSION, "UnknownVersion");
    private static final String BLOB_CLIENT_NAME = CryptographyConstants.USER_AGENT_PROPERTIES.getOrDefault(SDK_NAME, "UnknownName");
    private static final String BLOB_CLIENT_VERSION = CryptographyConstants.USER_AGENT_PROPERTIES.getOrDefault(SDK_VERSION, "UnknownVersion");

    @Deprecated
    public EncryptedBlobClientBuilder() {
        this.perCallPolicies = new ArrayList();
        this.perRetryPolicies = new ArrayList();
        this.clientOptions = new ClientOptions();
        this.logOptions = getDefaultHttpLogOptions();
        this.encryptionVersion = EncryptionVersion.V1;
        LOGGER.warning("Client is being configured to use v1 of client side encryption, which is no longer considered secure. The default is v1 for compatibility reasons, but it is highlyrecommended the version be set to v2 using the constructor");
    }

    public EncryptedBlobClientBuilder(EncryptionVersion encryptionVersion) {
        this.perCallPolicies = new ArrayList();
        this.perRetryPolicies = new ArrayList();
        this.clientOptions = new ClientOptions();
        Objects.requireNonNull(encryptionVersion);
        this.logOptions = getDefaultHttpLogOptions();
        this.encryptionVersion = encryptionVersion;
        if (EncryptionVersion.V1.equals(this.encryptionVersion)) {
            LOGGER.warning("Client is being configured to use v1 of client side encryption, which is no longer considered secure. The default is v1 for compatibility reasons, but it is highlyrecommended the version be set to v2 using the constructor");
        }
    }

    public EncryptedBlobClient buildEncryptedBlobClient() {
        return new EncryptedBlobClient(buildEncryptedBlobAsyncClient());
    }

    public EncryptedBlobAsyncClient buildEncryptedBlobAsyncClient() {
        Objects.requireNonNull(this.blobName, "'blobName' cannot be null.");
        checkValidEncryptionParameters();
        if (CoreUtils.isNullOrEmpty(this.containerName)) {
            this.containerName = "$root";
        }
        return new EncryptedBlobAsyncClient(addBlobUserAgentModificationPolicy(getHttpPipeline()), this.endpoint, this.version != null ? this.version : BlobServiceVersion.getLatest(), this.accountName, this.containerName, this.blobName, this.snapshot, this.customerProvidedKey, this.encryptionScope, this.keyWrapper, this.keyWrapAlgorithm, this.versionId, this.encryptionVersion, this.requiresEncryption);
    }

    private HttpPipeline addBlobUserAgentModificationPolicy(HttpPipeline httpPipeline) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < httpPipeline.getPolicyCount(); i++) {
            HttpPipelinePolicy policy = httpPipeline.getPolicy(i);
            arrayList.add(policy);
            if (policy instanceof UserAgentPolicy) {
                arrayList.add(new BlobUserAgentModificationPolicy(CLIENT_NAME, CLIENT_VERSION));
            }
        }
        return new HttpPipelineBuilder().httpClient(httpPipeline.getHttpClient()).policies((HttpPipelinePolicy[]) arrayList.toArray(new HttpPipelinePolicy[0])).tracer(httpPipeline.getTracer()).build();
    }

    private String modifyUserAgentString(String str, Configuration configuration) {
        Pattern compile = Pattern.compile(USER_AGENT_MODIFICATION_REGEX);
        String userAgentString = UserAgentUtil.toUserAgentString(str, BLOB_CLIENT_NAME, BLOB_CLIENT_VERSION, configuration);
        Matcher matcher = compile.matcher(userAgentString);
        String str2 = "azstorage-clientsideencryption/" + (this.encryptionVersion == EncryptionVersion.V2 ? "2.0" : "1.0");
        if (matcher.matches() && !userAgentString.contains(str2)) {
            userAgentString = (matcher.group(1) == null ? "" : matcher.group(1)) + str2 + " " + (matcher.group(2) == null ? "" : matcher.group(2)) + (matcher.group(3) == null ? "" : matcher.group(3));
        }
        return userAgentString;
    }

    private HttpPipeline getHttpPipeline() {
        CredentialValidator.validateSingleCredentialIsPresent(this.storageSharedKeyCredential, this.tokenCredential, this.azureSasCredential, this.sasToken, LOGGER);
        if (this.httpPipeline != null) {
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < this.httpPipeline.getPolicyCount(); i++) {
                HttpPipelinePolicy policy = this.httpPipeline.getPolicy(i);
                if (policy instanceof BlobDecryptionPolicy) {
                    throw LOGGER.logExceptionAsError(new IllegalArgumentException("The passed pipeline was already configured for encryption/decryption in a way that might conflict with the passed key information. Please ensure that the passed pipeline is not already configured for encryption/decryption"));
                }
                arrayList.add(policy);
            }
            arrayList.add(0, new BlobDecryptionPolicy(this.keyWrapper, this.keyResolver, this.requiresEncryption));
            return new HttpPipelineBuilder().httpClient(this.httpPipeline.getHttpClient()).tracer(this.httpPipeline.getTracer()).policies((HttpPipelinePolicy[]) arrayList.toArray(new HttpPipelinePolicy[0])).build();
        }
        Configuration configuration = this.configuration == null ? Configuration.NONE : this.configuration;
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new BlobDecryptionPolicy(this.keyWrapper, this.keyResolver, this.requiresEncryption));
        arrayList2.add(new UserAgentPolicy(modifyUserAgentString(this.clientOptions.getApplicationId() != null ? this.clientOptions.getApplicationId() : this.logOptions.getApplicationId(), configuration)));
        arrayList2.add(new RequestIdPolicy());
        arrayList2.addAll(this.perCallPolicies);
        HttpPolicyProviders.addBeforeRetryPolicies(arrayList2);
        arrayList2.add(BuilderUtils.createRetryPolicy(this.retryOptions, this.coreRetryOptions, LOGGER));
        arrayList2.add(new AddDatePolicy());
        HttpHeaders httpHeaders = new HttpHeaders();
        this.clientOptions.getHeaders().forEach(header -> {
            httpHeaders.put(header.getName(), header.getValue());
        });
        if (httpHeaders.getSize() > 0) {
            arrayList2.add(new AddHeadersPolicy(httpHeaders));
        }
        arrayList2.add(new MetadataValidationPolicy());
        if (this.storageSharedKeyCredential != null) {
            arrayList2.add(new StorageSharedKeyCredentialPolicy(this.storageSharedKeyCredential));
        } else if (this.tokenCredential != null) {
            BuilderHelper.httpsValidation(this.tokenCredential, "bearer token", this.endpoint, LOGGER);
            arrayList2.add(new BearerTokenAuthenticationPolicy(this.tokenCredential, new String[]{"https://storage.azure.com/.default"}));
        } else if (this.azureSasCredential != null) {
            arrayList2.add(new AzureSasCredentialPolicy(this.azureSasCredential, false));
        } else if (this.sasToken != null) {
            arrayList2.add(new AzureSasCredentialPolicy(new AzureSasCredential(this.sasToken), false));
        }
        arrayList2.addAll(this.perRetryPolicies);
        HttpPolicyProviders.addAfterRetryPolicies(arrayList2);
        arrayList2.add(new ResponseValidationPolicyBuilder().addOptionalEcho("x-ms-client-request-id").addOptionalEcho("x-ms-encryption-key-sha256").build());
        arrayList2.add(new HttpLoggingPolicy(this.logOptions));
        arrayList2.add(new ScrubEtagPolicy());
        return new HttpPipelineBuilder().policies((HttpPipelinePolicy[]) arrayList2.toArray(new HttpPipelinePolicy[0])).httpClient(this.httpClient).tracer(BuilderHelper.createTracer(this.clientOptions)).build();
    }

    public EncryptedBlobClientBuilder key(AsyncKeyEncryptionKey asyncKeyEncryptionKey, String str) {
        this.keyWrapper = asyncKeyEncryptionKey;
        this.keyWrapAlgorithm = str;
        return this;
    }

    public EncryptedBlobClientBuilder keyResolver(AsyncKeyEncryptionKeyResolver asyncKeyEncryptionKeyResolver) {
        this.keyResolver = asyncKeyEncryptionKeyResolver;
        return this;
    }

    private void checkValidEncryptionParameters() {
        if (this.keyWrapper == null && this.keyResolver == null) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("Key and KeyResolver cannot both be null"));
        }
        if (this.keyWrapper != null && this.keyWrapAlgorithm == null) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("Key Wrap Algorithm must be specified with a Key."));
        }
    }

    public EncryptedBlobClientBuilder credential(StorageSharedKeyCredential storageSharedKeyCredential) {
        this.storageSharedKeyCredential = (StorageSharedKeyCredential) Objects.requireNonNull(storageSharedKeyCredential, "'credential' cannot be null.");
        this.tokenCredential = null;
        this.sasToken = null;
        return this;
    }

    /* renamed from: credential, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m18credential(AzureNamedKeyCredential azureNamedKeyCredential) {
        Objects.requireNonNull(azureNamedKeyCredential, "'credential' cannot be null.");
        return credential(StorageSharedKeyCredential.fromAzureNamedKeyCredential(azureNamedKeyCredential));
    }

    /* renamed from: credential, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m16credential(TokenCredential tokenCredential) {
        this.tokenCredential = (TokenCredential) Objects.requireNonNull(tokenCredential, "'credential' cannot be null.");
        this.storageSharedKeyCredential = null;
        this.sasToken = null;
        return this;
    }

    public EncryptedBlobClientBuilder sasToken(String str) {
        this.sasToken = (String) Objects.requireNonNull(str, "'sasToken' cannot be null.");
        this.storageSharedKeyCredential = null;
        this.tokenCredential = null;
        return this;
    }

    /* renamed from: credential, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m19credential(AzureSasCredential azureSasCredential) {
        this.azureSasCredential = (AzureSasCredential) Objects.requireNonNull(azureSasCredential, "'credential' cannot be null.");
        return this;
    }

    public EncryptedBlobClientBuilder setAnonymousAccess() {
        this.storageSharedKeyCredential = null;
        this.tokenCredential = null;
        this.azureSasCredential = null;
        this.sasToken = null;
        return this;
    }

    /* renamed from: connectionString, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m17connectionString(String str) {
        StorageConnectionString create = StorageConnectionString.create(str, LOGGER);
        StorageEndpoint blobEndpoint = create.getBlobEndpoint();
        if (blobEndpoint == null || blobEndpoint.getPrimaryUri() == null) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("connectionString missing required settings to derive blob service endpoint."));
        }
        m27endpoint(blobEndpoint.getPrimaryUri());
        if (create.getAccountName() != null) {
            this.accountName = create.getAccountName();
        }
        StorageAuthenticationSettings storageAuthSettings = create.getStorageAuthSettings();
        if (storageAuthSettings.getType() == StorageAuthenticationSettings.Type.ACCOUNT_NAME_KEY) {
            credential(new StorageSharedKeyCredential(storageAuthSettings.getAccount().getName(), storageAuthSettings.getAccount().getAccessKey()));
        } else if (storageAuthSettings.getType() == StorageAuthenticationSettings.Type.SAS_TOKEN) {
            sasToken(storageAuthSettings.getSasToken());
        }
        return this;
    }

    /* renamed from: endpoint, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m27endpoint(String str) {
        try {
            BlobUrlParts parse = BlobUrlParts.parse(new URL(str));
            this.accountName = parse.getAccountName();
            this.endpoint = BuilderHelper.getEndpoint(parse);
            this.containerName = parse.getBlobContainerName() == null ? this.containerName : parse.getBlobContainerName();
            this.blobName = parse.getBlobName() == null ? this.blobName : Utility.urlEncode(parse.getBlobName());
            this.snapshot = parse.getSnapshot();
            this.versionId = parse.getVersionId();
            String encode = parse.getCommonSasQueryParameters().encode();
            if (!CoreUtils.isNullOrEmpty(encode)) {
                sasToken(encode);
            }
            return this;
        } catch (MalformedURLException e) {
            throw LOGGER.logExceptionAsError(new IllegalArgumentException("The Azure Storage Blob endpoint url is malformed.", e));
        }
    }

    public EncryptedBlobClientBuilder containerName(String str) {
        this.containerName = str;
        return this;
    }

    public EncryptedBlobClientBuilder blobName(String str) {
        this.blobName = Utility.urlEncode(Utility.urlDecode((String) Objects.requireNonNull(str, "'blobName' cannot be null.")));
        return this;
    }

    public EncryptedBlobClientBuilder snapshot(String str) {
        this.snapshot = str;
        return this;
    }

    public EncryptedBlobClientBuilder versionId(String str) {
        this.versionId = str;
        return this;
    }

    /* renamed from: httpClient, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m25httpClient(HttpClient httpClient) {
        if (this.httpClient != null && httpClient == null) {
            LOGGER.info("'httpClient' is being set to 'null' when it was previously configured.");
        }
        this.httpClient = httpClient;
        return this;
    }

    /* renamed from: addPolicy, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m23addPolicy(HttpPipelinePolicy httpPipelinePolicy) {
        Objects.requireNonNull(httpPipelinePolicy, "'pipelinePolicy' cannot be null");
        if (httpPipelinePolicy.getPipelinePosition() == HttpPipelinePosition.PER_CALL) {
            this.perCallPolicies.add(httpPipelinePolicy);
        } else {
            this.perRetryPolicies.add(httpPipelinePolicy);
        }
        return this;
    }

    /* renamed from: httpLogOptions, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m21httpLogOptions(HttpLogOptions httpLogOptions) {
        this.logOptions = (HttpLogOptions) Objects.requireNonNull(httpLogOptions, "'logOptions' cannot be null.");
        return this;
    }

    public static HttpLogOptions getDefaultHttpLogOptions() {
        return BuilderHelper.getDefaultHttpLogOptions();
    }

    /* renamed from: configuration, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m26configuration(Configuration configuration) {
        this.configuration = configuration;
        return this;
    }

    public EncryptedBlobClientBuilder retryOptions(RequestRetryOptions requestRetryOptions) {
        this.retryOptions = requestRetryOptions;
        return this;
    }

    /* renamed from: retryOptions, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m22retryOptions(RetryOptions retryOptions) {
        this.coreRetryOptions = retryOptions;
        return this;
    }

    /* renamed from: pipeline, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m24pipeline(HttpPipeline httpPipeline) {
        if (this.httpPipeline != null && httpPipeline == null) {
            LOGGER.info("HttpPipeline is being set to 'null' when it was previously configured.");
        }
        this.httpPipeline = httpPipeline;
        return this;
    }

    /* renamed from: clientOptions, reason: merged with bridge method [inline-methods] */
    public EncryptedBlobClientBuilder m20clientOptions(ClientOptions clientOptions) {
        this.clientOptions = (ClientOptions) Objects.requireNonNull(clientOptions, "'clientOptions' cannot be null.");
        return this;
    }

    public EncryptedBlobClientBuilder serviceVersion(BlobServiceVersion blobServiceVersion) {
        this.version = blobServiceVersion;
        return this;
    }

    public EncryptedBlobClientBuilder customerProvidedKey(CustomerProvidedKey customerProvidedKey) {
        if (customerProvidedKey == null) {
            this.customerProvidedKey = null;
        } else {
            this.customerProvidedKey = new CpkInfo().setEncryptionKey(customerProvidedKey.getKey()).setEncryptionKeySha256(customerProvidedKey.getKeySha256()).setEncryptionAlgorithm(customerProvidedKey.getEncryptionAlgorithm());
        }
        return this;
    }

    public EncryptedBlobClientBuilder encryptionScope(String str) {
        if (str == null) {
            this.encryptionScope = null;
        } else {
            this.encryptionScope = new EncryptionScope().setEncryptionScope(str);
        }
        return this;
    }

    public EncryptedBlobClientBuilder blobClient(BlobClient blobClient) {
        Objects.requireNonNull(blobClient);
        return client(blobClient.getHttpPipeline(), blobClient.getBlobUrl(), blobClient.getServiceVersion());
    }

    public EncryptedBlobClientBuilder blobAsyncClient(BlobAsyncClient blobAsyncClient) {
        Objects.requireNonNull(blobAsyncClient);
        return client(blobAsyncClient.getHttpPipeline(), blobAsyncClient.getBlobUrl(), blobAsyncClient.getServiceVersion());
    }

    private EncryptedBlobClientBuilder client(HttpPipeline httpPipeline, String str, BlobServiceVersion blobServiceVersion) {
        m27endpoint(str);
        serviceVersion(blobServiceVersion);
        return m24pipeline(httpPipeline);
    }

    public EncryptedBlobClientBuilder requiresEncryption(boolean z) {
        this.requiresEncryption = z;
        return this;
    }
}
