package org.apache.james.blob.aes;

import com.github.fge.lambdas.Throwing;
import com.google.common.base.Preconditions;
import com.google.common.io.ByteSource;
import com.google.common.io.ByteStreams;
import com.google.common.io.CountingOutputStream;
import com.google.common.io.FileBackedOutputStream;
import com.google.crypto.tink.subtle.AesGcmHkdfStreaming;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.Collection;
import java.util.Objects;
import java.util.Optional;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.UnsynchronizedByteArrayOutputStream;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.james.blob.api.BlobId;
import org.apache.james.blob.api.BlobStoreDAO;
import org.apache.james.blob.api.BucketName;
import org.apache.james.blob.api.ObjectNotFoundException;
import org.apache.james.blob.api.ObjectStoreIOException;
import org.apache.james.util.Size;
import org.reactivestreams.Publisher;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;

/* loaded from: input_file:org/apache/james/blob/aes/AESBlobStoreDAO.class */
public class AESBlobStoreDAO implements BlobStoreDAO {
    public static final int FILE_THRESHOLD_ENCRYPT = ((Integer) Optional.ofNullable(System.getProperty("james.blob.aes.file.threshold.encrypt")).map(str -> {
        return Size.parse(str, Size.Unit.NoUnit);
    }).map(size -> {
        return Integer.valueOf((int) size.asBytes());
    }).orElse(102400)).intValue();
    public static final int MAXIMUM_BLOB_SIZE = ((Integer) Optional.ofNullable(System.getProperty("james.blob.aes.blob.max.size")).map(str -> {
        return Size.parse(str, Size.Unit.NoUnit);
    }).map(size -> {
        return Integer.valueOf((int) size.asBytes());
    }).orElse(104857600)).intValue();
    private final BlobStoreDAO underlying;
    private final AesGcmHkdfStreaming streamingAead;

    public AESBlobStoreDAO(BlobStoreDAO blobStoreDAO, CryptoConfig cryptoConfig) {
        this.underlying = blobStoreDAO;
        this.streamingAead = PBKDF2StreamingAeadFactory.newAesGcmHkdfStreaming(cryptoConfig);
    }

    private Pair<FileBackedOutputStream, Long> encrypt(InputStream inputStream) throws IOException {
        FileBackedOutputStream fileBackedOutputStream = new FileBackedOutputStream(FILE_THRESHOLD_ENCRYPT);
        try {
            try {
                CountingOutputStream countingOutputStream = new CountingOutputStream(fileBackedOutputStream);
                try {
                    OutputStream newEncryptingStream = this.streamingAead.newEncryptingStream(countingOutputStream, PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA);
                    inputStream.transferTo(newEncryptingStream);
                    newEncryptingStream.close();
                    Pair<FileBackedOutputStream, Long> of = Pair.of(fileBackedOutputStream, Long.valueOf(countingOutputStream.getCount()));
                    countingOutputStream.close();
                    fileBackedOutputStream.close();
                    return of;
                } catch (Throwable th) {
                    try {
                        countingOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (Exception e) {
                fileBackedOutputStream.reset();
                throw new RuntimeException("Unable to build payload for object storage, failed to encrypt", e);
            }
        } catch (Throwable th3) {
            fileBackedOutputStream.close();
            throw th3;
        }
    }

    public InputStream decrypt(InputStream inputStream) throws IOException {
        try {
            return ByteStreams.limit(this.streamingAead.newDecryptingStream(inputStream, PBKDF2StreamingAeadFactory.EMPTY_ASSOCIATED_DATA), MAXIMUM_BLOB_SIZE);
        } catch (GeneralSecurityException e) {
            throw new IOException("Incorrect crypto setup", e);
        }
    }

    public InputStream read(BucketName bucketName, BlobId blobId) throws ObjectStoreIOException, ObjectNotFoundException {
        try {
            return decrypt(this.underlying.read(bucketName, blobId));
        } catch (IOException e) {
            throw new ObjectStoreIOException("Error reading blob " + blobId.asString(), e);
        }
    }

    public Publisher<InputStream> readReactive(BucketName bucketName, BlobId blobId) {
        return Mono.from(this.underlying.readReactive(bucketName, blobId)).map(Throwing.function(this::decrypt));
    }

    public Publisher<byte[]> readBytes(BucketName bucketName, BlobId blobId) {
        return Mono.from(this.underlying.readBytes(bucketName, blobId)).map(Throwing.function(bArr -> {
            InputStream decrypt = decrypt(new ByteArrayInputStream(bArr));
            UnsynchronizedByteArrayOutputStream unsynchronizedByteArrayOutputStream = UnsynchronizedByteArrayOutputStream.builder().setBufferSize(bArr.length + 4096).get();
            try {
                IOUtils.copy(decrypt, unsynchronizedByteArrayOutputStream);
                byte[] byteArray = unsynchronizedByteArrayOutputStream.toByteArray();
                if (unsynchronizedByteArrayOutputStream != null) {
                    unsynchronizedByteArrayOutputStream.close();
                }
                return byteArray;
            } catch (Throwable th) {
                if (unsynchronizedByteArrayOutputStream != null) {
                    try {
                        unsynchronizedByteArrayOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }));
    }

    public Publisher<Void> save(BucketName bucketName, BlobId blobId, byte[] bArr) {
        Preconditions.checkNotNull(bucketName);
        Preconditions.checkNotNull(blobId);
        Preconditions.checkNotNull(bArr);
        return save(bucketName, blobId, new ByteArrayInputStream(bArr));
    }

    public Publisher<Void> save(BucketName bucketName, BlobId blobId, InputStream inputStream) {
        Preconditions.checkNotNull(bucketName);
        Preconditions.checkNotNull(blobId);
        Preconditions.checkNotNull(inputStream);
        return Mono.usingWhen(Mono.fromCallable(() -> {
            return encrypt(inputStream);
        }), pair -> {
            return Mono.from(this.underlying.save(bucketName, blobId, byteSourceWithSize(((FileBackedOutputStream) pair.getLeft()).asByteSource(), ((Long) pair.getRight()).longValue())));
        }, Throwing.function(pair2 -> {
            FileBackedOutputStream fileBackedOutputStream = (FileBackedOutputStream) pair2.getLeft();
            Objects.requireNonNull(fileBackedOutputStream);
            return Mono.fromRunnable(Throwing.runnable(fileBackedOutputStream::reset)).subscribeOn(Schedulers.boundedElastic());
        })).subscribeOn(Schedulers.boundedElastic()).onErrorMap(th -> {
            return new ObjectStoreIOException("Exception occurred while saving bytearray", th);
        });
    }

    private ByteSource byteSourceWithSize(final ByteSource byteSource, final long j) {
        return new ByteSource(this) { // from class: org.apache.james.blob.aes.AESBlobStoreDAO.1
            public InputStream openStream() throws IOException {
                return byteSource.openStream();
            }

            public com.google.common.base.Optional<Long> sizeIfKnown() {
                return com.google.common.base.Optional.of(Long.valueOf(j));
            }

            public long size() {
                return j;
            }
        };
    }

    public Publisher<Void> save(BucketName bucketName, BlobId blobId, ByteSource byteSource) {
        Preconditions.checkNotNull(bucketName);
        Preconditions.checkNotNull(blobId);
        Preconditions.checkNotNull(byteSource);
        Objects.requireNonNull(byteSource);
        return Mono.using(byteSource::openStream, inputStream -> {
            return Mono.from(save(bucketName, blobId, inputStream));
        }, Throwing.consumer((v0) -> {
            v0.close();
        })).subscribeOn(Schedulers.boundedElastic());
    }

    public Publisher<Void> delete(BucketName bucketName, BlobId blobId) {
        return this.underlying.delete(bucketName, blobId);
    }

    public Publisher<Void> delete(BucketName bucketName, Collection<BlobId> collection) {
        return this.underlying.delete(bucketName, collection);
    }

    public Publisher<Void> deleteBucket(BucketName bucketName) {
        return this.underlying.deleteBucket(bucketName);
    }

    public Publisher<BucketName> listBuckets() {
        return this.underlying.listBuckets();
    }

    public Publisher<BlobId> listBlobs(BucketName bucketName) {
        return this.underlying.listBlobs(bucketName);
    }
}
