package io.peacemakr.crypto.impl.crypto;

import com.google.common.io.BaseEncoding;
import com.google.gson.Gson;
import io.peacemakr.corecrypto.AsymmetricCipher;
import io.peacemakr.corecrypto.AsymmetricKey;
import io.peacemakr.corecrypto.Crypto;
import io.peacemakr.corecrypto.MessageDigest;
import io.peacemakr.corecrypto.SymmetricCipher;
import io.peacemakr.crypto.ICrypto;
import io.peacemakr.crypto.Persister;
import io.peacemakr.crypto.exception.CoreCryptoException;
import io.peacemakr.crypto.exception.FailedToDownloadKey;
import io.peacemakr.crypto.exception.InvalidCipherException;
import io.peacemakr.crypto.exception.NoValidUseDomainsForEncryptionOperation;
import io.peacemakr.crypto.exception.PeacemakrException;
import io.peacemakr.crypto.exception.PersistenceLayerCorruptionDetected;
import io.peacemakr.crypto.exception.ServerException;
import io.peacemakr.crypto.exception.UnrecoverableClockSkewDetectedException;
import io.peacemakr.crypto.impl.crypto.models.CiphertextAAD;
import io.peacemakr.crypto.impl.persister.InMemoryPersister;
import io.peacemakr.crypto.swagger.client.ApiClient;
import io.peacemakr.crypto.swagger.client.ApiException;
import io.peacemakr.crypto.swagger.client.api.ClientApi;
import io.peacemakr.crypto.swagger.client.api.CryptoConfigApi;
import io.peacemakr.crypto.swagger.client.api.KeyServiceApi;
import io.peacemakr.crypto.swagger.client.api.OrgApi;
import io.peacemakr.crypto.swagger.client.auth.Authentication;
import io.peacemakr.crypto.swagger.client.model.Client;
import io.peacemakr.crypto.swagger.client.model.CryptoConfig;
import io.peacemakr.crypto.swagger.client.model.EncryptedSymmetricKey;
import io.peacemakr.crypto.swagger.client.model.Organization;
import io.peacemakr.crypto.swagger.client.model.PublicKey;
import io.peacemakr.crypto.swagger.client.model.SymmetricKeyUseDomain;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ThreadLocalRandom;
import org.apache.log4j.Logger;

/* loaded from: input_file:io/peacemakr/crypto/impl/crypto/ICryptoImpl.class */
public class ICryptoImpl implements ICrypto {
    private static final String JAVA_SDK_VERSION = "0.0.2";
    private static final String PERSISTER_PRIV_KEY = "Priv";
    private static final String PERSISTER_PUB_KEY = "Pub";
    private static final String PERSISTER_ASYM_TYPE = "AsymmetricKeyType";
    private static final String PERSISTER_ASYM_CREATED_DATE_EPOCH = "AsymmetricKeyCreated";
    private static final String PERSISTER_ASYM_BITLEN = "AsymmetricKeyBitlen";
    private static final String PERSISTER_CLIENTID_KEY = "ClientId";
    private static final String PERSISTER_PREFERRED_KEYID = "PreferredKeyId";
    private static final String PERSISTER_APIKEY_KEY = "ApiKey";
    private static final String Chacha20Poly1305 = "Peacemakr.Symmetric.CHACHA20_POLY1305";
    private static final String Aes128gcm = "Peacemakr.Symmetric.AES_128_GCM";
    private static final String Aes192gcm = "Peacemakr.Symmetric.AES_192_GCM";
    private static final String Aes256gcm = "Peacemakr.Symmetric.AES_256_GCM";
    private static final String Sha224 = "Peacemakr.Digest.SHA_224";
    private static final String Sha256 = "Peacemakr.Digest.SHA_256";
    private static final String Sha384 = "Peacemakr.Digest.SHA_384";
    private static final String Sha512 = "Peacemakr.Digest.SHA_512";
    private final String apiKey;
    private final String clientName;
    private final String peacemakrHostname;
    private Client client;
    private ApiClient apiClient;
    private Authentication authentication;
    private Persister persister;
    private Logger logger;
    private AsymmetricKey loadedPrivatePreferredKey;
    private AsymmetricCipher loadedPrivatePreferredCipher;
    private static final SymmetricCipher DEFAULT_SYMMETRIC_CIPHER = SymmetricCipher.CHACHA20_POLY1305;
    private static final MessageDigest DEFAULT_MESSAGE_DIGEST = MessageDigest.SHA_256;
    private final String sdkVersion = JAVA_SDK_VERSION;
    private Organization org = null;
    private CryptoConfig cryptoConfig = null;
    private long lastUpdatedAt = 0;

    public ICryptoImpl(String str, String str2, String str3, Persister persister, Logger logger) {
        this.apiKey = str;
        this.clientName = str2;
        this.peacemakrHostname = str3;
        this.persister = persister;
        this.logger = logger;
    }

    public void init() throws PeacemakrException {
        try {
            Crypto.init();
        } catch (UnsatisfiedLinkError e) {
            throw new PeacemakrException("Failed to link peacemakr core cryptolib: " + e.getMessage());
        }
    }

    private synchronized String getApiKey() throws PeacemakrException {
        if (this.apiKey == null) {
            throw new PeacemakrException("Missing api key, please provide apiKey when constructing the SDK.");
        }
        return this.apiKey;
    }

    protected synchronized ApiClient getClient() throws PeacemakrException {
        if (this.apiClient != null) {
            return this.apiClient;
        }
        this.apiClient = new ApiClient();
        this.apiClient.setBasePath(this.peacemakrHostname + "/api/v1");
        this.apiClient.setApiKey(getApiKey());
        this.apiClient.setConnectTimeout(30000);
        this.apiClient.setReadTimeout(30000);
        this.apiClient.setWriteTimeout(30000);
        this.persister.save(PERSISTER_APIKEY_KEY, this.apiKey);
        return this.apiClient;
    }

    private synchronized void doBootstrapOrgAndCryptoConfig() throws PeacemakrException {
        if (isBootstraped()) {
            return;
        }
        ApiClient client = getClient();
        this.org = loadOrg(client);
        this.cryptoConfig = loadCryptoConfig(client);
    }

    private Organization loadOrg(ApiClient apiClient) throws ServerException {
        try {
            return new OrgApi(apiClient).getOrganizationFromAPIKey(this.apiKey);
        } catch (ApiException e) {
            throw new ServerException(e);
        }
    }

    protected CryptoConfig loadCryptoConfig(ApiClient apiClient) throws ServerException {
        try {
            return new CryptoConfigApi(apiClient).getCryptoConfig(this.org.getCryptoConfigId());
        } catch (ApiException e) {
            throw new ServerException(e);
        }
    }

    private boolean isBootstraped() {
        return (this.org == null || this.cryptoConfig == null || this.client == null) ? false : true;
    }

    private void verifyIsBootstrappedAndRegistered() throws PeacemakrException {
        if (this.apiKey.equals("")) {
            return;
        }
        if (!isBootstraped() || !isRegisterd()) {
            throw new PeacemakrException("SDK was not registered, please register before using other SDK operations.");
        }
    }

    private boolean isRegisterd() {
        return this.persister.exists(PERSISTER_PREFERRED_KEYID) && this.persister.exists(PERSISTER_CLIENTID_KEY) && this.persister.exists(PERSISTER_PRIV_KEY) && this.persister.exists(PERSISTER_PUB_KEY) && this.persister.exists(PERSISTER_ASYM_TYPE);
    }

    @Override // io.peacemakr.crypto.ICrypto
    public synchronized void register() throws PeacemakrException {
        if (getApiKey().equals("")) {
            this.logger.debug("Using local-only test settings for client because there is no API Key");
            this.persister.save(PERSISTER_CLIENTID_KEY, "my-client-id");
            this.persister.save(PERSISTER_PREFERRED_KEYID, "my-public-key-id");
            this.cryptoConfig = new CryptoConfig();
            this.cryptoConfig.setClientKeyBitlength(256);
            this.cryptoConfig.setClientKeyTTL(31557600);
            this.cryptoConfig.setClientKeyType("ec");
            this.cryptoConfig.setId("my-crypto-config-id");
            this.cryptoConfig.setOwnerOrgId("my-org-id");
            this.persister.save("my-public-key-id", genNewAsymmetricKeypair(this.persister).getKey());
            return;
        }
        if (isRegisterd()) {
            if (isBootstraped()) {
                return;
            }
            doBootstrapOrgAndCryptoConfig();
            return;
        }
        doBootstrapOrgAndCryptoConfig();
        PublicKey genNewAsymmetricKeypair = genNewAsymmetricKeypair(this.persister);
        Client client = new Client();
        client.setId("");
        client.addPublicKeysItem(genNewAsymmetricKeypair);
        client.setSdk(JAVA_SDK_VERSION);
        try {
            Client addClient = new ClientApi(getClient()).addClient(client);
            if (addClient == null) {
                throw new ServerException("Failed to get new client, null returned from server");
            }
            this.client = addClient;
            if (this.client.getId() == null || this.client.getId().isEmpty()) {
                throw new ServerException("Failed to register a new clientId during client registration");
            }
            if (this.client.getPublicKeys().isEmpty()) {
                throw new ServerException("Failed to register new public keys during client registration");
            }
            if (this.client.getPublicKeys().get(0) == null) {
                throw new ServerException("Failed to register, null public key detected during client registration");
            }
            if (this.client.getPublicKeys().get(0).getId() == null || this.client.getPublicKeys().get(0).getId().isEmpty()) {
                throw new ServerException("Failed to register, missing public key id detected during client registration");
            }
            this.persister.save(PERSISTER_CLIENTID_KEY, this.client.getId());
            this.persister.save(PERSISTER_PREFERRED_KEYID, this.client.getPublicKeys().get(0).getId());
        } catch (ApiException e) {
            throw new ServerException(e);
        }
    }

    protected AsymmetricCipher getAsymmetricCipher(String str, int i) {
        AsymmetricCipher asymmetricCipher;
        boolean z = -1;
        switch (str.hashCode()) {
            case 3230:
                if (str.equals("ec")) {
                    z = true;
                    break;
                }
                break;
            case 113216:
                if (str.equals("rsa")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                switch (i) {
                    case 2048:
                        asymmetricCipher = AsymmetricCipher.RSA_2048;
                        break;
                    case 4096:
                    default:
                        asymmetricCipher = AsymmetricCipher.RSA_4096;
                        break;
                }
            case true:
                switch (i) {
                    case 256:
                        asymmetricCipher = AsymmetricCipher.ECDH_P256;
                        break;
                    case 384:
                        asymmetricCipher = AsymmetricCipher.ECDH_P384;
                        break;
                    case 521:
                    default:
                        asymmetricCipher = AsymmetricCipher.ECDH_P521;
                        break;
                }
            default:
                this.logger.warn("Unknown keyType specified by server" + str + " so just defaulting to ECDH P521.");
                asymmetricCipher = AsymmetricCipher.ECDH_P521;
                break;
        }
        return asymmetricCipher;
    }

    private CiphertextAAD parseCiphertextAAD(String str) {
        return (CiphertextAAD) new Gson().fromJson(str, CiphertextAAD.class);
    }

    private AsymmetricKey getOrDownloadPublicKey(String str) throws PeacemakrException {
        if (this.persister.exists(str)) {
            return AsymmetricKey.fromPubPem(DEFAULT_SYMMETRIC_CIPHER, this.persister.load(str));
        }
        try {
            PublicKey publicKey = new KeyServiceApi(getClient()).getPublicKey(str);
            this.persister.save(str, publicKey.getKey());
            return AsymmetricKey.fromPubPem(DEFAULT_SYMMETRIC_CIPHER, publicKey.getKey());
        } catch (ApiException e) {
            this.logger.error("Failed to get public key keyId " + str, e);
            throw new ServerException(e);
        }
    }

    private void decryptAndSave(List<EncryptedSymmetricKey> list) throws PeacemakrException {
        byte[] decryptSymmetric;
        if (this.loadedPrivatePreferredKey == null) {
            this.loadedPrivatePreferredKey = AsymmetricKey.fromPrivPem(DEFAULT_SYMMETRIC_CIPHER, this.persister.load(PERSISTER_PRIV_KEY));
            this.loadedPrivatePreferredCipher = getAsymmetricCipher(this.persister.load(PERSISTER_ASYM_TYPE), Integer.parseInt(this.persister.load(PERSISTER_ASYM_BITLEN)));
        }
        for (EncryptedSymmetricKey encryptedSymmetricKey : list) {
            if (encryptedSymmetricKey != null) {
                String packagedCiphertext = encryptedSymmetricKey.getPackagedCiphertext();
                if (packagedCiphertext == null) {
                    this.logger.error("Failed to get raw ciphertext str from EncryptedSymmetricKey " + encryptedSymmetricKey);
                } else {
                    byte[] ciphertextAAD = Crypto.getCiphertextAAD(packagedCiphertext.getBytes(StandardCharsets.UTF_8));
                    if (ciphertextAAD == null) {
                        throw new CoreCryptoException("Failed to extract aad from the ciphertext: " + packagedCiphertext);
                    }
                    AsymmetricKey orDownloadPublicKey = getOrDownloadPublicKey(parseCiphertextAAD(new String(ciphertextAAD)).senderKeyID);
                    if (this.loadedPrivatePreferredCipher == AsymmetricCipher.ECDH_P256 || this.loadedPrivatePreferredCipher == AsymmetricCipher.ECDH_P384 || this.loadedPrivatePreferredCipher == AsymmetricCipher.ECDH_P521) {
                        decryptSymmetric = Crypto.decryptSymmetric(this.loadedPrivatePreferredKey.ecdhKeygen(DEFAULT_SYMMETRIC_CIPHER, orDownloadPublicKey), orDownloadPublicKey, packagedCiphertext.getBytes(StandardCharsets.UTF_8));
                    } else {
                        if (this.loadedPrivatePreferredCipher != AsymmetricCipher.RSA_2048 && this.loadedPrivatePreferredCipher != AsymmetricCipher.RSA_4096) {
                            throw new InvalidCipherException("This version of java SDK only supports ec or rsa, invalid type: " + this.loadedPrivatePreferredCipher + " detected. This line of code is impossible to hit unless the Persister was corrupted. Please re-initialize.");
                        }
                        decryptSymmetric = Crypto.decryptAsymmetric(this.loadedPrivatePreferredKey, orDownloadPublicKey, packagedCiphertext.getBytes(StandardCharsets.UTF_8));
                    }
                    int intValue = encryptedSymmetricKey.getKeyLength().intValue();
                    int i = 0;
                    byte[] decode = BaseEncoding.base64().decode(new String(decryptSymmetric));
                    for (String str : encryptedSymmetricKey.getKeyIds()) {
                        this.persister.save(str, BaseEncoding.base64().encode(Arrays.copyOfRange(decode, i, i + intValue)));
                        i += intValue;
                        this.logger.debug("Decrypted and saved keyId " + str);
                    }
                }
            }
        }
    }

    private void updateLocalCryptoConfig(CryptoConfig cryptoConfig) throws PeacemakrException {
        String load = this.persister.load(PERSISTER_ASYM_TYPE);
        if (!cryptoConfig.getClientKeyType().equals(load)) {
            this.logger.info("Detected a new asymmetric client key type of " + cryptoConfig.getClientKeyType() + " instead of " + load);
            this.cryptoConfig = cryptoConfig;
            genAndRegisterNewPreferredClientKey();
            return;
        }
        if (cryptoConfig.getClientKeyTTL().intValue() + Long.parseLong(this.persister.load(PERSISTER_ASYM_CREATED_DATE_EPOCH)) > System.currentTimeMillis() / 1000) {
            this.logger.info("Detected an expired local asymmetric client key");
            this.cryptoConfig = cryptoConfig;
            genAndRegisterNewPreferredClientKey();
            return;
        }
        String load2 = this.persister.load(PERSISTER_ASYM_BITLEN);
        if (Integer.parseInt(load2) == cryptoConfig.getClientKeyBitlength().intValue()) {
            this.cryptoConfig = cryptoConfig;
            return;
        }
        this.logger.info("Detected an updated local asymmetric client key bitlength requirement of " + cryptoConfig.getClientKeyBitlength() + " insteads of the previous " + load2);
        this.cryptoConfig = cryptoConfig;
        genAndRegisterNewPreferredClientKey();
    }

    private void saveNewAsymmetricKeyPair(Persister persister, Persister persister2) {
        persister2.save(PERSISTER_PRIV_KEY, persister.load(PERSISTER_PRIV_KEY));
        persister2.save(PERSISTER_PUB_KEY, persister.load(PERSISTER_PUB_KEY));
        persister2.save(PERSISTER_ASYM_TYPE, persister.load(PERSISTER_ASYM_TYPE));
        persister2.save(PERSISTER_ASYM_CREATED_DATE_EPOCH, persister.load(PERSISTER_ASYM_CREATED_DATE_EPOCH));
        persister2.save(PERSISTER_ASYM_BITLEN, persister.load(PERSISTER_ASYM_BITLEN));
    }

    private PublicKey genNewAsymmetricKeypair(Persister persister) throws UnrecoverableClockSkewDetectedException {
        AsymmetricKey fromPRNG = AsymmetricKey.fromPRNG(getAsymmetricCipher(this.cryptoConfig.getClientKeyType(), this.cryptoConfig.getClientKeyBitlength().intValue()), SymmetricCipher.CHACHA20_POLY1305);
        String pubPemStr = fromPRNG.getPubPemStr();
        persister.save(PERSISTER_PRIV_KEY, fromPRNG.getPrivPemStr());
        persister.save(PERSISTER_PUB_KEY, pubPemStr);
        persister.save(PERSISTER_ASYM_TYPE, this.cryptoConfig.getClientKeyType());
        persister.save(PERSISTER_ASYM_CREATED_DATE_EPOCH, "" + (System.currentTimeMillis() / 1000));
        persister.save(PERSISTER_ASYM_BITLEN, "" + this.cryptoConfig.getClientKeyBitlength());
        PublicKey publicKey = new PublicKey();
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (currentTimeMillis > 2147483647L) {
            throw new UnrecoverableClockSkewDetectedException("Failed to detect a valid time for local asymmetric key creation time, time expected to be less than 2147483647");
        }
        publicKey.setCreationTime(Integer.valueOf((int) currentTimeMillis));
        publicKey.setEncoding("pem");
        publicKey.setId("");
        publicKey.setKey(pubPemStr);
        publicKey.setKeyType(this.cryptoConfig.getClientKeyType());
        return publicKey;
    }

    private synchronized void genAndRegisterNewPreferredClientKey() throws PeacemakrException {
        this.logger.info("Generating a new preferred client key");
        InMemoryPersister inMemoryPersister = new InMemoryPersister();
        PublicKey genNewAsymmetricKeypair = genNewAsymmetricKeypair(inMemoryPersister);
        this.logger.info("Registering the new public key");
        try {
            PublicKey addClientPublicKey = new ClientApi(getClient()).addClientPublicKey(this.client.getId(), genNewAsymmetricKeypair);
            this.logger.info("Successfully registered new public key as client preferred key");
            saveNewAsymmetricKeyPair(inMemoryPersister, this.persister);
            this.persister.save(PERSISTER_PREFERRED_KEYID, addClientPublicKey.getId());
            this.logger.info("Successfully saved new public key as client preferred key");
        } catch (ApiException e) {
            this.logger.error("Failed to register a new public key", e);
            throw new ServerException(e);
        }
    }

    @Override // io.peacemakr.crypto.ICrypto
    public void sync() throws PeacemakrException {
        if (this.apiKey.equals("")) {
            this.logger.warn("No sync occurred because there is no API Key");
            return;
        }
        verifyIsBootstrappedAndRegistered();
        try {
            CryptoConfig cryptoConfig = new CryptoConfigApi(getClient()).getCryptoConfig(this.cryptoConfig.getId());
            if (cryptoConfig.equals(this.cryptoConfig)) {
                this.logger.info("No changes to crypto configs.");
            } else {
                updateLocalCryptoConfig(cryptoConfig);
            }
            downloadAndSaveAllKeys(null);
        } catch (ApiException e) {
            this.logger.error("failed to pull new crypto config from server during sync due to", e);
            throw new ServerException(e);
        }
    }

    private void downloadAndSaveAllKeys(List<String> list) throws PeacemakrException {
        try {
            List<EncryptedSymmetricKey> allEncryptedKeys = new KeyServiceApi(getClient()).getAllEncryptedKeys(this.client.getPreferredPublicKeyId(), list);
            this.logger.info("Downloaded " + allEncryptedKeys.size() + " encrypted symmetric keys.");
            decryptAndSave(allEncryptedKeys);
        } catch (ApiException e) {
            this.logger.error("Failed to download all keys", e);
            throw new ServerException(e);
        }
    }

    private boolean domainIsValidForEncryption(SymmetricKeyUseDomain symmetricKeyUseDomain) {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        return ((long) symmetricKeyUseDomain.getCreationTime().intValue()) + ((long) symmetricKeyUseDomain.getSymmetricKeyEncryptionUseTTL().intValue()) > currentTimeMillis && ((long) symmetricKeyUseDomain.getCreationTime().intValue()) + ((long) symmetricKeyUseDomain.getSymmetricKeyInceptionTTL().intValue()) <= currentTimeMillis;
    }

    private String selectUseDomainName() {
        if (this.apiKey.equals("")) {
            return "my-use-domain";
        }
        ArrayList arrayList = new ArrayList();
        for (SymmetricKeyUseDomain symmetricKeyUseDomain : this.cryptoConfig.getSymmetricKeyUseDomains()) {
            if (domainIsValidForEncryption(symmetricKeyUseDomain)) {
                arrayList.add(symmetricKeyUseDomain);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return ((SymmetricKeyUseDomain) arrayList.get(ThreadLocalRandom.current().nextInt(arrayList.size()))).getName();
    }

    @Override // io.peacemakr.crypto.ICrypto
    public byte[] encrypt(byte[] bArr) throws PeacemakrException {
        verifyIsBootstrappedAndRegistered();
        return encryptInDomain(bArr, selectUseDomainName());
    }

    private SymmetricKeyUseDomain getValidUseDomainForEncryption(String str) throws NoValidUseDomainsForEncryptionOperation {
        if (this.apiKey.equals("")) {
            return new SymmetricKeyUseDomain();
        }
        List<SymmetricKeyUseDomain> symmetricKeyUseDomains = this.cryptoConfig.getSymmetricKeyUseDomains();
        ArrayList arrayList = new ArrayList();
        this.logger.debug("Looking for the domain " + str + " in a total of " + symmetricKeyUseDomains.size() + " use domains.");
        for (SymmetricKeyUseDomain symmetricKeyUseDomain : symmetricKeyUseDomains) {
            if (symmetricKeyUseDomain.getName().equals(str) && domainIsValidForEncryption(symmetricKeyUseDomain) && !symmetricKeyUseDomain.getEncryptionKeyIds().isEmpty()) {
                arrayList.add(symmetricKeyUseDomain);
            }
        }
        if (arrayList.isEmpty()) {
            throw new NoValidUseDomainsForEncryptionOperation("No valid use domain for encryption found, with the name " + str);
        }
        return (SymmetricKeyUseDomain) arrayList.get(ThreadLocalRandom.current().nextInt(arrayList.size()));
    }

    private String getEncryptionKeyId(SymmetricKeyUseDomain symmetricKeyUseDomain) {
        if (this.apiKey.equals("")) {
            this.logger.warn("Returning local-only test key because there is no API Key");
            return "local-only-test-key";
        }
        return symmetricKeyUseDomain.getEncryptionKeyIds().get(ThreadLocalRandom.current().nextInt(symmetricKeyUseDomain.getEncryptionKeyIds().size()));
    }

    private byte[] getKey(String str) throws UnsupportedEncodingException, PeacemakrException {
        if (str.equals("local-only-test-key")) {
            byte[] bArr = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};
            this.logger.warn("The key being returned is: " + bArr.toString() + " DO NOT USE IN PRODUCTION");
            return bArr;
        }
        if (this.persister.exists(str)) {
            return BaseEncoding.base64().decode(this.persister.load(str));
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        downloadAndSaveAllKeys(arrayList);
        if (this.persister.exists(str)) {
            return BaseEncoding.base64().decode(this.persister.load(str));
        }
        throw new FailedToDownloadKey("KeyId: " + str);
    }

    private SymmetricCipher getSymmetricCipher(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -1987148432:
                if (str.equals(Aes192gcm)) {
                    z = 2;
                    break;
                }
                break;
            case -1743443560:
                if (str.equals(Chacha20Poly1305)) {
                    z = false;
                    break;
                }
                break;
            case -1210467271:
                if (str.equals(Aes256gcm)) {
                    z = 3;
                    break;
                }
                break;
            case 2112955933:
                if (str.equals(Aes128gcm)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return SymmetricCipher.CHACHA20_POLY1305;
            case true:
                return SymmetricCipher.AES_128_GCM;
            case true:
                return SymmetricCipher.AES_192_GCM;
            case true:
                return SymmetricCipher.AES_256_GCM;
            default:
                this.logger.warn("unrecognized symmetric cipher from server: " + str + ", defaulting to " + DEFAULT_SYMMETRIC_CIPHER);
                return DEFAULT_SYMMETRIC_CIPHER;
        }
    }

    private MessageDigest getDigestAlg(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -2113809156:
                if (str.equals(Sha224)) {
                    z = false;
                    break;
                }
                break;
            case -2113809061:
                if (str.equals(Sha256)) {
                    z = true;
                    break;
                }
                break;
            case -2113808009:
                if (str.equals(Sha384)) {
                    z = 2;
                    break;
                }
                break;
            case -2113806306:
                if (str.equals(Sha512)) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return MessageDigest.SHA_224;
            case true:
                return MessageDigest.SHA_256;
            case true:
                return MessageDigest.SHA_384;
            case true:
                return MessageDigest.SHA_512;
            default:
                this.logger.warn("Unknown digest alg " + str + ", so using the default of " + DEFAULT_MESSAGE_DIGEST);
                return DEFAULT_MESSAGE_DIGEST;
        }
    }

    private AsymmetricKey getSigningKey(SymmetricKeyUseDomain symmetricKeyUseDomain) {
        if (symmetricKeyUseDomain.getDigestAlgorithm() == null) {
            return null;
        }
        if (this.loadedPrivatePreferredKey != null) {
            return this.loadedPrivatePreferredKey;
        }
        this.loadedPrivatePreferredKey = AsymmetricKey.fromPrivPem(DEFAULT_SYMMETRIC_CIPHER, this.persister.load(PERSISTER_PRIV_KEY));
        this.loadedPrivatePreferredCipher = getAsymmetricCipher(this.persister.load(PERSISTER_ASYM_TYPE), Integer.parseInt(this.persister.load(PERSISTER_ASYM_BITLEN)));
        return this.loadedPrivatePreferredKey;
    }

    @Override // io.peacemakr.crypto.ICrypto
    public byte[] encryptInDomain(byte[] bArr, String str) throws PeacemakrException {
        verifyIsBootstrappedAndRegistered();
        SymmetricKeyUseDomain validUseDomainForEncryption = getValidUseDomainForEncryption(str);
        String encryptionKeyId = getEncryptionKeyId(validUseDomainForEncryption);
        try {
            byte[] key = getKey(encryptionKeyId);
            SymmetricCipher symmetricCipher = getSymmetricCipher(validUseDomainForEncryption.getSymmetricKeyEncryptionAlg());
            AsymmetricKey signingKey = getSigningKey(validUseDomainForEncryption);
            MessageDigest digestAlg = getDigestAlg(validUseDomainForEncryption.getDigestAlgorithm());
            CiphertextAAD ciphertextAAD = new CiphertextAAD();
            ciphertextAAD.cryptoKeyID = encryptionKeyId;
            ciphertextAAD.senderKeyID = this.persister.load(PERSISTER_PREFERRED_KEYID);
            Gson gson = new Gson();
            return this.apiKey.equals("") ? Crypto.encryptSymmetric(key, symmetricCipher, (AsymmetricKey) null, bArr, gson.toJson(ciphertextAAD).getBytes(StandardCharsets.UTF_8), digestAlg) : Crypto.encryptSymmetric(key, symmetricCipher, signingKey, bArr, gson.toJson(ciphertextAAD).getBytes(StandardCharsets.UTF_8), digestAlg);
        } catch (UnsupportedEncodingException e) {
            this.logger.error("Failed to get key due to ", e);
            throw new PersistenceLayerCorruptionDetected(e);
        }
    }

    @Override // io.peacemakr.crypto.ICrypto
    public byte[] decrypt(byte[] bArr) throws PeacemakrException {
        verifyIsBootstrappedAndRegistered();
        CiphertextAAD parseCiphertextAAD = parseCiphertextAAD(new String(Crypto.getCiphertextAAD(bArr), StandardCharsets.UTF_8));
        try {
            byte[] key = getKey(parseCiphertextAAD.cryptoKeyID);
            AsymmetricKey orDownloadPublicKey = getOrDownloadPublicKey(parseCiphertextAAD.senderKeyID);
            if (this.apiKey.equals("")) {
                Crypto.decryptSymmetric(key, (AsymmetricKey) null, bArr);
            }
            return Crypto.decryptSymmetric(key, orDownloadPublicKey, bArr);
        } catch (UnsupportedEncodingException e) {
            this.logger.error("Failed to get key due to ", e);
            throw new PersistenceLayerCorruptionDetected(e);
        }
    }

    @Override // io.peacemakr.crypto.ICrypto
    public String getDebugInfo() {
        String str = "UnknownOrgId";
        if (this.org != null && this.org.getId() != null) {
            str = this.org.getId();
        }
        String str2 = "UnknownPreferredKeyId";
        if (this.persister != null && this.persister.exists(PERSISTER_PREFERRED_KEYID)) {
            str2 = this.persister.load(PERSISTER_PREFERRED_KEYID);
        }
        String str3 = "UnknownClientId";
        if (this.client != null && this.client.getId() != null) {
            str3 = this.client.getId();
        } else if (this.persister != null && this.persister.exists(PERSISTER_CLIENTID_KEY)) {
            str3 = this.persister.load(PERSISTER_CLIENTID_KEY);
        }
        return "Peacemakr Java Sdk DebugInfo - orgId=" + str + " clientId=" + str3 + " preferredKeyId=" + str2;
    }
}
