package AwsKmsEcdhKeyring_Compile;

import BoundedInts_Compile.uint8;
import EcdhEdkWrapping_Compile.EcdhGenerateAndWrapKeyMaterial;
import EcdhEdkWrapping_Compile.EcdhWrapInfo;
import EcdhEdkWrapping_Compile.EcdhWrapKeyMaterial;
import EdkWrapping_Compile.WrapEdkMaterialOutput;
import Keyring_Compile.VerifiableInterface;
import Materials_Compile.SealedDecryptionMaterials;
import UTF8.ValidUTF8Bytes;
import Wrappers_Compile.Option;
import Wrappers_Compile.Outcome;
import Wrappers_Compile.Result;
import dafny.DafnyMap;
import dafny.DafnySequence;
import dafny.TypeDescriptor;
import java.math.BigInteger;
import software.amazon.cryptography.materialproviders.internaldafny.types.DecryptionMaterials;
import software.amazon.cryptography.materialproviders.internaldafny.types.EncryptedDataKey;
import software.amazon.cryptography.materialproviders.internaldafny.types.EncryptionMaterials;
import software.amazon.cryptography.materialproviders.internaldafny.types.Error;
import software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring;
import software.amazon.cryptography.materialproviders.internaldafny.types.KmsEcdhStaticConfigurations;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnDecryptInput;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnDecryptOutput;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnEncryptInput;
import software.amazon.cryptography.materialproviders.internaldafny.types.OnEncryptOutput;
import software.amazon.cryptography.materialproviders.internaldafny.types._Companion_IKeyring;
import software.amazon.cryptography.primitives.internaldafny.AtomicPrimitivesClient;
import software.amazon.cryptography.primitives.internaldafny.types.ECDHCurveSpec;
import software.amazon.cryptography.services.kms.internaldafny.types.GrantTokenType;
import software.amazon.cryptography.services.kms.internaldafny.types.IKMSClient;

/* loaded from: input_file:AwsKmsEcdhKeyring_Compile/AwsKmsEcdhKeyring.class */
public class AwsKmsEcdhKeyring implements VerifiableInterface, IKeyring {
    public IKMSClient _client = null;
    public AtomicPrimitivesClient _cryptoPrimitives = null;
    public KmsEcdhStaticConfigurations _keyAgreementScheme = KmsEcdhStaticConfigurations.Default();
    public ECDHCurveSpec _curveSpec = ECDHCurveSpec.Default();
    public DafnySequence<? extends DafnySequence<? extends Character>> _grantTokens = DafnySequence.empty(GrantTokenType._typeDescriptor());
    public DafnySequence<? extends Byte> _recipientPublicKey = DafnySequence.empty(uint8._typeDescriptor());
    public Option<DafnySequence<? extends Byte>> _senderPublicKey = Option.Default();
    public Option<DafnySequence<? extends Byte>> _compressedSenderPublicKey = Option.Default();
    public DafnySequence<? extends Byte> _compressedRecipientPublicKey = DafnySequence.empty(uint8._typeDescriptor());
    public Option<DafnySequence<? extends Character>> _senderKmsKeyId = Option.Default();
    private static final TypeDescriptor<AwsKmsEcdhKeyring> _TYPE = TypeDescriptor.referenceWithInitializer(AwsKmsEcdhKeyring.class, () -> {
        return (AwsKmsEcdhKeyring) null;
    });

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnEncryptOutput, Error> OnEncrypt(OnEncryptInput onEncryptInput) {
        return _Companion_IKeyring.OnEncrypt(this, onEncryptInput);
    }

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnDecryptOutput, Error> OnDecrypt(OnDecryptInput onDecryptInput) {
        return _Companion_IKeyring.OnDecrypt(this, onDecryptInput);
    }

    public void __ctor(KmsEcdhStaticConfigurations kmsEcdhStaticConfigurations, ECDHCurveSpec eCDHCurveSpec, IKMSClient iKMSClient, DafnySequence<? extends DafnySequence<? extends Character>> dafnySequence, Option<DafnySequence<? extends Character>> option, Option<DafnySequence<? extends Byte>> option2, DafnySequence<? extends Byte> dafnySequence2, Option<DafnySequence<? extends Byte>> option3, DafnySequence<? extends Byte> dafnySequence3, AtomicPrimitivesClient atomicPrimitivesClient) {
        this._keyAgreementScheme = kmsEcdhStaticConfigurations;
        this._curveSpec = eCDHCurveSpec;
        this._client = iKMSClient;
        this._grantTokens = dafnySequence;
        this._recipientPublicKey = dafnySequence2;
        this._senderPublicKey = option2;
        this._compressedSenderPublicKey = option3;
        this._compressedRecipientPublicKey = dafnySequence3;
        this._senderKmsKeyId = option;
        this._cryptoPrimitives = atomicPrimitivesClient;
    }

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnEncryptOutput, Error> OnEncrypt_k(OnEncryptInput onEncryptInput) {
        Result<OnEncryptOutput, Error> result = (Result) null;
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), !keyAgreementScheme().is_KmsPublicKeyDiscovery(), __default.E(DafnySequence.asString("KmsPublicKeyDiscovery Key Agreement Scheme is forbidden on encrypt.")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        Outcome.Default();
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), senderKmsKeyId().is_Some(), __default.E(DafnySequence.asString("Keyring MUST be configured with a sender KMS Key ID")));
        if (Need2.IsFailure(Error._typeDescriptor())) {
            return Need2.PropagateFailure(Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        Outcome.Default();
        Outcome Need3 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), senderPublicKey().is_Some(), __default.E(DafnySequence.asString("Keyring MUST be configured with a senderPublicKey")));
        if (Need3.IsFailure(Error._typeDescriptor())) {
            return Need3.PropagateFailure(Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        DafnySequence<? extends Character> dtor_value = senderKmsKeyId().dtor_value();
        EncryptionMaterials dtor_materials = onEncryptInput.dtor_materials();
        onEncryptInput.dtor_materials().dtor_algorithmSuite();
        Result.Default(DafnyMap.empty());
        Result<DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>>, Error> StringifyEncryptionContext = AwsKmsUtils_Compile.__default.StringifyEncryptionContext(onEncryptInput.dtor_materials().dtor_encryptionContext());
        if (StringifyEncryptionContext.IsFailure(DafnyMap._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor())) {
            return StringifyEncryptionContext.PropagateFailure(DafnyMap._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        StringifyEncryptionContext.Extract(DafnyMap._typeDescriptor(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR)), Error._typeDescriptor());
        Result.Default(DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> DeriveSharedSecret = __default.DeriveSharedSecret(client(), dtor_value, recipientPublicKey(), grantTokens());
        if (DeriveSharedSecret.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return DeriveSharedSecret.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        DafnySequence<? extends Byte> Extract = DeriveSharedSecret.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor());
        DafnySequence<? extends Byte> empty = compressedSenderPublicKey().is_None() ? DafnySequence.empty(uint8._typeDescriptor()) : compressedSenderPublicKey().dtor_value();
        Result.Default(ValidUTF8Bytes.defaultValue());
        Result<DafnySequence<? extends Byte>, __NewR> MapFailure = UTF8.__default.Encode(RawECDHKeyring_Compile.__default.CurveSpecTypeToString(curveSpec())).MapFailure(ValidUTF8Bytes._typeDescriptor(), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), AwsKmsUtils_Compile.__default::WrapStringToError);
        if (MapFailure.IsFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        DafnySequence<? extends Byte> Extract2 = MapFailure.Extract(ValidUTF8Bytes._typeDescriptor(), Error._typeDescriptor());
        Result.Default(DafnySequence.empty(uint8._typeDescriptor()));
        Result<DafnySequence<? extends Byte>, Error> EncryptionContextToAAD = CanonicalEncryptionContext_Compile.__default.EncryptionContextToAAD(onEncryptInput.dtor_materials().dtor_encryptionContext());
        if (EncryptionContextToAAD.IsFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor())) {
            return EncryptionContextToAAD.PropagateFailure(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        DafnySequence<? extends Byte> SerializeFixedInfo = EcdhEdkWrapping_Compile.__default.SerializeFixedInfo(Constants_Compile.__default.ECDH__KDF__UTF8(), Extract2, empty, compressedRecipientPublicKey(), EncryptionContextToAAD.Extract(DafnySequence._typeDescriptor(uint8._typeDescriptor()), Error._typeDescriptor()), __default.AWS__KMS__ECDH__KEYRING__VERSION());
        EcdhGenerateAndWrapKeyMaterial ecdhGenerateAndWrapKeyMaterial = new EcdhGenerateAndWrapKeyMaterial();
        ecdhGenerateAndWrapKeyMaterial.__ctor(Extract, SerializeFixedInfo, cryptoPrimitives());
        EcdhWrapKeyMaterial ecdhWrapKeyMaterial = new EcdhWrapKeyMaterial();
        ecdhWrapKeyMaterial.__ctor(Extract, SerializeFixedInfo, cryptoPrimitives());
        Result.Default(WrapEdkMaterialOutput.Default(EcdhWrapInfo.Default()));
        Result WrapEdkMaterial = EdkWrapping_Compile.__default.WrapEdkMaterial(EcdhWrapInfo._typeDescriptor(), dtor_materials, ecdhWrapKeyMaterial, ecdhGenerateAndWrapKeyMaterial);
        if (WrapEdkMaterial.IsFailure(WrapEdkMaterialOutput._typeDescriptor(EcdhWrapInfo._typeDescriptor()), Error._typeDescriptor())) {
            return WrapEdkMaterial.PropagateFailure(WrapEdkMaterialOutput._typeDescriptor(EcdhWrapInfo._typeDescriptor()), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        WrapEdkMaterialOutput wrapEdkMaterialOutput = (WrapEdkMaterialOutput) WrapEdkMaterial.Extract(WrapEdkMaterialOutput._typeDescriptor(EcdhWrapInfo._typeDescriptor()), Error._typeDescriptor());
        Option create_Some = wrapEdkMaterialOutput.dtor_symmetricSigningKey().is_Some() ? Option.create_Some(DafnySequence.of(DafnySequence._typeDescriptor(uint8._typeDescriptor()), new DafnySequence[]{wrapEdkMaterialOutput.dtor_symmetricSigningKey().dtor_value()})) : Option.create_None();
        Outcome.Default();
        Outcome Need4 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), RawECDHKeyring_Compile.__default.ValidCompressedPublicKeyLength(empty) && RawECDHKeyring_Compile.__default.ValidCompressedPublicKeyLength(compressedRecipientPublicKey()), __default.E(DafnySequence.asString("Invalid compressed public key length.")));
        if (Need4.IsFailure(Error._typeDescriptor())) {
            return Need4.PropagateFailure(Error._typeDescriptor(), OnEncryptOutput._typeDescriptor());
        }
        EncryptedDataKey create = EncryptedDataKey.create(Constants_Compile.__default.KMS__ECDH__PROVIDER__ID(), RawECDHKeyring_Compile.__default.SerializeProviderInfo(empty, compressedRecipientPublicKey()), wrapEdkMaterialOutput.dtor_wrappedMaterial());
        if (wrapEdkMaterialOutput.is_GenerateAndWrapEdkMaterialOutput()) {
            Result<EncryptionMaterials, Error> EncryptionMaterialAddDataKey = Materials_Compile.__default.EncryptionMaterialAddDataKey(dtor_materials, wrapEdkMaterialOutput.dtor_plaintextDataKey(), DafnySequence.of(EncryptedDataKey._typeDescriptor(), new EncryptedDataKey[]{create}), create_Some);
            return EncryptionMaterialAddDataKey.IsFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor()) ? EncryptionMaterialAddDataKey.PropagateFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor()) : Result.create_Success(OnEncryptOutput.create(EncryptionMaterialAddDataKey.Extract(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor())));
        }
        if (!wrapEdkMaterialOutput.is_WrapOnlyEdkMaterialOutput()) {
            return result;
        }
        Result<EncryptionMaterials, Error> EncryptionMaterialAddEncryptedDataKeys = Materials_Compile.__default.EncryptionMaterialAddEncryptedDataKeys(dtor_materials, DafnySequence.of(EncryptedDataKey._typeDescriptor(), new EncryptedDataKey[]{create}), create_Some);
        return EncryptionMaterialAddEncryptedDataKeys.IsFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor()) ? EncryptionMaterialAddEncryptedDataKeys.PropagateFailure(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor(), OnEncryptOutput._typeDescriptor()) : Result.create_Success(OnEncryptOutput.create(EncryptionMaterialAddEncryptedDataKeys.Extract(EncryptionMaterials._typeDescriptor(), Error._typeDescriptor())));
    }

    @Override // software.amazon.cryptography.materialproviders.internaldafny.types.IKeyring
    public Result<OnDecryptOutput, Error> OnDecrypt_k(OnDecryptInput onDecryptInput) {
        DecryptionMaterials dtor_materials = onDecryptInput.dtor_materials();
        onDecryptInput.dtor_materials().dtor_algorithmSuite();
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Materials_Compile.__default.DecryptionMaterialsWithoutPlaintextDataKey(dtor_materials), __default.E(DafnySequence.asString("Keyring received decryption materials that already contain a plaintext data key.")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), OnDecryptOutput._typeDescriptor());
        }
        OnDecryptEcdhDataKeyFilter onDecryptEcdhDataKeyFilter = new OnDecryptEcdhDataKeyFilter();
        onDecryptEcdhDataKeyFilter.__ctor(keyAgreementScheme(), compressedRecipientPublicKey(), compressedSenderPublicKey());
        Result.Default(DafnySequence.empty(EncryptedDataKey._typeDescriptor()));
        Result FilterWithResult = Actions_Compile.__default.FilterWithResult(EncryptedDataKey._typeDescriptor(), Error._typeDescriptor(), onDecryptEcdhDataKeyFilter, onDecryptInput.dtor_encryptedDataKeys());
        if (FilterWithResult.IsFailure(DafnySequence._typeDescriptor(EncryptedDataKey._typeDescriptor()), Error._typeDescriptor())) {
            return FilterWithResult.PropagateFailure(DafnySequence._typeDescriptor(EncryptedDataKey._typeDescriptor()), Error._typeDescriptor(), OnDecryptOutput._typeDescriptor());
        }
        DafnySequence dafnySequence = (DafnySequence) FilterWithResult.Extract(DafnySequence._typeDescriptor(EncryptedDataKey._typeDescriptor()), Error._typeDescriptor());
        if (BigInteger.valueOf(dafnySequence.length()).signum() == 0) {
            Result.Default(DafnySequence.empty(TypeDescriptor.CHAR));
            Result<DafnySequence<? extends Character>, Error> IncorrectDataKeys = ErrorMessages_Compile.__default.IncorrectDataKeys(onDecryptInput.dtor_encryptedDataKeys(), onDecryptInput.dtor_materials().dtor_algorithmSuite(), DafnySequence.asString(""));
            return IncorrectDataKeys.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor()) ? IncorrectDataKeys.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), OnDecryptOutput._typeDescriptor()) : Result.create_Failure(__default.E(IncorrectDataKeys.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())));
        }
        DecryptSingleEncryptedDataKey decryptSingleEncryptedDataKey = new DecryptSingleEncryptedDataKey();
        decryptSingleEncryptedDataKey.__ctor(dtor_materials, cryptoPrimitives(), compressedRecipientPublicKey(), client(), grantTokens(), keyAgreementScheme(), curveSpec());
        Result ReduceToSuccess = Actions_Compile.__default.ReduceToSuccess(EncryptedDataKey._typeDescriptor(), SealedDecryptionMaterials._typeDescriptor(), Error._typeDescriptor(), decryptSingleEncryptedDataKey, dafnySequence);
        Result MapFailure = ReduceToSuccess.MapFailure(SealedDecryptionMaterials._typeDescriptor(), DafnySequence._typeDescriptor(Error._typeDescriptor()), Error._typeDescriptor(), dafnySequence2 -> {
            return Error.create_CollectionOfErrors(dafnySequence2, DafnySequence.asString("No Configured KMS Key was able to decrypt the Data Key. The list of encountered Exceptions is available via `list`."));
        });
        return MapFailure.IsFailure(SealedDecryptionMaterials._typeDescriptor(), Error._typeDescriptor()) ? MapFailure.PropagateFailure(SealedDecryptionMaterials._typeDescriptor(), Error._typeDescriptor(), OnDecryptOutput._typeDescriptor()) : Result.create_Success(OnDecryptOutput.create((DecryptionMaterials) MapFailure.Extract(SealedDecryptionMaterials._typeDescriptor(), Error._typeDescriptor())));
    }

    public IKMSClient client() {
        return this._client;
    }

    public AtomicPrimitivesClient cryptoPrimitives() {
        return this._cryptoPrimitives;
    }

    public KmsEcdhStaticConfigurations keyAgreementScheme() {
        return this._keyAgreementScheme;
    }

    public ECDHCurveSpec curveSpec() {
        return this._curveSpec;
    }

    public DafnySequence<? extends DafnySequence<? extends Character>> grantTokens() {
        return this._grantTokens;
    }

    public DafnySequence<? extends Byte> recipientPublicKey() {
        return this._recipientPublicKey;
    }

    public Option<DafnySequence<? extends Byte>> senderPublicKey() {
        return this._senderPublicKey;
    }

    public Option<DafnySequence<? extends Byte>> compressedSenderPublicKey() {
        return this._compressedSenderPublicKey;
    }

    public DafnySequence<? extends Byte> compressedRecipientPublicKey() {
        return this._compressedRecipientPublicKey;
    }

    public Option<DafnySequence<? extends Character>> senderKmsKeyId() {
        return this._senderKmsKeyId;
    }

    public static TypeDescriptor<AwsKmsEcdhKeyring> _typeDescriptor() {
        return _TYPE;
    }

    public String toString() {
        return "AwsKmsEcdhKeyring.AwsKmsEcdhKeyring";
    }
}
