package io.quarkus.vault.runtime;

import io.quarkus.vault.VaultTransitSecretReactiveEngine;
import io.quarkus.vault.client.VaultClient;
import io.quarkus.vault.client.VaultException;
import io.quarkus.vault.client.api.common.VaultHashAlgorithm;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransit;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitCreateKeyParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitDataKeyType;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitDecryptBatchItem;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitDecryptBatchParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitEncryptBatchItem;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitEncryptBatchParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitEncryptParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitExportKeyType;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitGenerateDataKeyParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitKeyInfo;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitKeyType;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitKeyVersion;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitMarshalingAlgorithm;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitRewrapBatchItem;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitRewrapBatchParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitRotateKeyParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitSignBatchItem;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitSignBatchParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitSignResultBatchItem;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitSignatureAlgorithm;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitUpdateKeyParams;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitVerifyBatchItem;
import io.quarkus.vault.client.api.secrets.transit.VaultSecretsTransitVerifyBatchParams;
import io.quarkus.vault.runtime.config.TransitKeyConfig;
import io.quarkus.vault.runtime.config.VaultRuntimeConfig;
import io.quarkus.vault.runtime.transit.DecryptionResult;
import io.quarkus.vault.runtime.transit.EncryptionResult;
import io.quarkus.vault.runtime.transit.SigningResult;
import io.quarkus.vault.runtime.transit.VaultTransitBatchResult;
import io.quarkus.vault.runtime.transit.VerificationResult;
import io.quarkus.vault.transit.ClearData;
import io.quarkus.vault.transit.DecryptionRequest;
import io.quarkus.vault.transit.EncryptionRequest;
import io.quarkus.vault.transit.KeyConfigRequestDetail;
import io.quarkus.vault.transit.KeyCreationRequestDetail;
import io.quarkus.vault.transit.RewrappingRequest;
import io.quarkus.vault.transit.SignVerifyOptions;
import io.quarkus.vault.transit.SigningInput;
import io.quarkus.vault.transit.SigningRequest;
import io.quarkus.vault.transit.TransitContext;
import io.quarkus.vault.transit.VaultDecryptionBatchException;
import io.quarkus.vault.transit.VaultEncryptionBatchException;
import io.quarkus.vault.transit.VaultRewrappingBatchException;
import io.quarkus.vault.transit.VaultSigningBatchException;
import io.quarkus.vault.transit.VaultTransitAsymmetricKeyDetail;
import io.quarkus.vault.transit.VaultTransitAsymmetricKeyVersion;
import io.quarkus.vault.transit.VaultTransitDataKey;
import io.quarkus.vault.transit.VaultTransitDataKeyRequestDetail;
import io.quarkus.vault.transit.VaultTransitDataKeyType;
import io.quarkus.vault.transit.VaultTransitExportKeyType;
import io.quarkus.vault.transit.VaultTransitKeyDetail;
import io.quarkus.vault.transit.VaultTransitKeyExportDetail;
import io.quarkus.vault.transit.VaultTransitSecretEngineConstants;
import io.quarkus.vault.transit.VaultTransitSymmetricKeyDetail;
import io.quarkus.vault.transit.VaultTransitSymmetricKeyVersion;
import io.quarkus.vault.transit.VaultVerificationBatchException;
import io.quarkus.vault.transit.VerificationRequest;
import io.quarkus.vault.utils.Plugs;
import io.smallrye.mutiny.Multi;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import java.util.Collections;
import java.util.IdentityHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.IntStream;

@ApplicationScoped
/* loaded from: input_file:io/quarkus/vault/runtime/VaultTransitManager.class */
public class VaultTransitManager implements VaultTransitSecretReactiveEngine {
    private final VaultSecretsTransit transit;
    private final VaultConfigHolder vaultConfigHolder;

    @Inject
    public VaultTransitManager(VaultClient vaultClient, VaultConfigHolder vaultConfigHolder) {
        this.transit = vaultClient.secrets().transit();
        this.vaultConfigHolder = vaultConfigHolder;
    }

    private VaultRuntimeConfig getConfig() {
        return this.vaultConfigHolder.getVaultRuntimeConfig();
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<String> encrypt(String str, String str2) {
        return encrypt(str, new ClearData(str2), null);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<String> encrypt(String str, ClearData clearData, TransitContext transitContext) {
        return encryptBatch(str, Collections.singletonList(new EncryptionRequest(clearData, transitContext))).map(list -> {
            return ((EncryptionResult) list.get(0)).getValueOrElseError();
        });
    }

    private Uni<String> encrypt(String str, EncryptionRequest encryptionRequest) {
        String str2;
        VaultSecretsTransitEncryptParams keyVersion = new VaultSecretsTransitEncryptParams().setPlaintext(encryptionRequest.getData().getValue()).setContext(encryptionRequest.getContext()).setKeyVersion(encryptionRequest.getKeyVersion());
        TransitKeyConfig transitConfig = getTransitConfig(str);
        if (transitConfig != null) {
            str2 = transitConfig.name().orElse(str);
            keyVersion.setType((VaultSecretsTransitKeyType) transitConfig.type().map(VaultSecretsTransitKeyType::from).orElse(null));
            keyVersion.setConvergentEncryption((Boolean) transitConfig.convergentEncryption().map(Boolean::valueOf).orElse(null));
        } else {
            str2 = str;
        }
        return Uni.createFrom().completionStage(this.transit.encrypt(str2, keyVersion)).map((v0) -> {
            return v0.getCiphertext();
        });
    }

    private TransitKeyConfig getTransitConfig(String str) {
        return getConfig().transit().key().get(str);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Map<EncryptionRequest, String>> encrypt(String str, List<EncryptionRequest> list) {
        if (list.size() != 1) {
            return encryptBatch(str, list).map(list2 -> {
                checkBatchErrors(list2, l -> {
                    return new VaultEncryptionBatchException(l + " encryption errors", zip(list, list2));
                });
                return zipRequestToValue(list, list2);
            });
        }
        EncryptionRequest encryptionRequest = list.get(0);
        return encrypt(str, encryptionRequest).map(str2 -> {
            return Map.of(encryptionRequest, str2);
        });
    }

    private Uni<List<EncryptionResult>> encryptBatch(String str, List<EncryptionRequest> list) {
        String str2;
        VaultSecretsTransitEncryptBatchParams vaultSecretsTransitEncryptBatchParams = new VaultSecretsTransitEncryptBatchParams();
        vaultSecretsTransitEncryptBatchParams.setBatchInput((List) list.stream().map(encryptionRequest -> {
            return new VaultSecretsTransitEncryptBatchItem().setPlaintext(encryptionRequest.getData().getValue()).setContext(encryptionRequest.getContext()).setKeyVersion(encryptionRequest.getKeyVersion());
        }).collect(Collectors.toList()));
        TransitKeyConfig transitConfig = getTransitConfig(str);
        if (transitConfig != null) {
            str2 = transitConfig.name().orElse(str);
            vaultSecretsTransitEncryptBatchParams.setType((VaultSecretsTransitKeyType) transitConfig.type().map(VaultSecretsTransitKeyType::from).orElse(null));
            vaultSecretsTransitEncryptBatchParams.setConvergentEncryption((Boolean) transitConfig.convergentEncryption().map(Boolean::valueOf).orElse(null));
        } else {
            str2 = str;
        }
        return Uni.createFrom().completionStage(this.transit.encryptBatch(str2, vaultSecretsTransitEncryptBatchParams)).map(list2 -> {
            return (List) list2.stream().map(vaultSecretsTransitEncryptResultBatchItem -> {
                return new EncryptionResult(vaultSecretsTransitEncryptResultBatchItem.getCiphertext(), vaultSecretsTransitEncryptResultBatchItem.getError());
            }).collect(Collectors.toList());
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<ClearData> decrypt(String str, String str2) {
        return decrypt(str, str2, null);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<ClearData> decrypt(String str, String str2, TransitContext transitContext) {
        return decryptBatch(str, Collections.singletonList(new DecryptionRequest(str2, transitContext))).map(list -> {
            return ((DecryptionResult) list.get(0)).getValueOrElseError();
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Map<DecryptionRequest, ClearData>> decrypt(String str, List<DecryptionRequest> list) {
        return decryptBatch(str, list).map(list2 -> {
            checkBatchErrors(list2, l -> {
                return new VaultDecryptionBatchException(l + " decryption errors", zip(list, list2));
            });
            return zipRequestToValue(list, list2);
        });
    }

    private Uni<List<DecryptionResult>> decryptBatch(String str, List<DecryptionRequest> list) {
        VaultSecretsTransitDecryptBatchParams batchInput = new VaultSecretsTransitDecryptBatchParams().setBatchInput((List) list.stream().map(decryptionRequest -> {
            return new VaultSecretsTransitDecryptBatchItem().setCiphertext(decryptionRequest.getCiphertext()).setContext(decryptionRequest.getContext());
        }).collect(Collectors.toList()));
        TransitKeyConfig transitConfig = getTransitConfig(str);
        return Uni.createFrom().completionStage(this.transit.decryptBatch(transitConfig != null ? transitConfig.name().orElse(str) : str, batchInput)).map(list2 -> {
            return (List) list2.stream().map(vaultSecretsTransitDecryptResultBatchItem -> {
                return new DecryptionResult(new ClearData(vaultSecretsTransitDecryptResultBatchItem.getPlaintext()), vaultSecretsTransitDecryptResultBatchItem.getError());
            }).collect(Collectors.toList());
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<String> rewrap(String str, String str2) {
        return rewrap(str, str2, null);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<String> rewrap(String str, String str2, TransitContext transitContext) {
        return rewrapBatch(str, Collections.singletonList(new RewrappingRequest(str2, transitContext))).map(list -> {
            return ((EncryptionResult) list.get(0)).getValueOrElseError();
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Map<RewrappingRequest, String>> rewrap(String str, List<RewrappingRequest> list) {
        return rewrapBatch(str, list).map(list2 -> {
            checkBatchErrors(list2, l -> {
                return new VaultRewrappingBatchException(l + " rewrapping errors", zip(list, list2));
            });
            return zipRequestToValue(list, list2);
        });
    }

    private Uni<List<EncryptionResult>> rewrapBatch(String str, List<RewrappingRequest> list) {
        VaultSecretsTransitRewrapBatchParams batchInput = new VaultSecretsTransitRewrapBatchParams().setBatchInput((List) list.stream().map(rewrappingRequest -> {
            return new VaultSecretsTransitRewrapBatchItem().setCiphertext(rewrappingRequest.getCiphertext()).setKeyVersion(rewrappingRequest.getKeyVersion()).setContext(rewrappingRequest.getContext());
        }).collect(Collectors.toList()));
        TransitKeyConfig transitConfig = getTransitConfig(str);
        return Uni.createFrom().completionStage(this.transit.rewrapBatch(transitConfig != null ? transitConfig.name().orElse(str) : str, batchInput)).map(list2 -> {
            return (List) list2.stream().map(vaultSecretsTransitRewrapResultBatchItem -> {
                return new EncryptionResult(vaultSecretsTransitRewrapResultBatchItem.getCiphertext(), vaultSecretsTransitRewrapResultBatchItem.getError());
            }).collect(Collectors.toList());
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<String> sign(String str, String str2) {
        return sign(str, new SigningInput(str2), (TransitContext) null);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<String> sign(String str, SigningInput signingInput, TransitContext transitContext) {
        return sign(str, signingInput, null, transitContext);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<String> sign(String str, SigningInput signingInput, SignVerifyOptions signVerifyOptions, TransitContext transitContext) {
        List<SigningRequestResultPair> singletonList = Collections.singletonList(new SigningRequestResultPair(new SigningRequest(signingInput, transitContext)));
        return signBatch(str, -1, singletonList, signVerifyOptions).map(r4 -> {
            return ((SigningRequestResultPair) singletonList.get(0)).getResult().getValueOrElseError();
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Map<SigningRequest, String>> sign(String str, List<SigningRequest> list) {
        return sign(str, list, (SignVerifyOptions) null);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Map<SigningRequest, String>> sign(String str, List<SigningRequest> list, SignVerifyOptions signVerifyOptions) {
        return Multi.createFrom().iterable(list).map(SigningRequestResultPair::new).group().by((v0) -> {
            return v0.getKeyVersion();
        }).onItem().transformToMultiAndMerge(groupedMulti -> {
            int intValue = ((Integer) groupedMulti.key()).intValue();
            return groupedMulti.collect().asList().onItem().transformToMulti(list2 -> {
                return signBatch(str, intValue, list2, signVerifyOptions).onItem().transformToMulti(r4 -> {
                    return Multi.createFrom().iterable(list2).map((v0) -> {
                        return v0.getResult();
                    });
                });
            });
        }).collect().asList().map(list2 -> {
            checkBatchErrors(list2, l -> {
                return new VaultSigningBatchException(l + " signing errors", zip(list, list2));
            });
            return zipRequestToValue(list, list2);
        });
    }

    private Uni<Void> signBatch(String str, int i, List<SigningRequestResultPair> list, SignVerifyOptions signVerifyOptions) {
        String str2;
        String str3;
        String str4;
        Boolean bool;
        VaultSecretsTransitSignBatchParams keyVersion = new VaultSecretsTransitSignBatchParams().setBatchInput((List) list.stream().map(signingRequestResultPair -> {
            SigningRequest request = signingRequestResultPair.getRequest();
            return new VaultSecretsTransitSignBatchItem().setInput(request.getInput().getValue()).setContext(request.getContext());
        }).collect(Collectors.toList())).setKeyVersion(i == -1 ? null : Integer.valueOf(i));
        TransitKeyConfig transitConfig = getTransitConfig(str);
        if (transitConfig != null) {
            str2 = transitConfig.name().orElse(str);
            str3 = transitConfig.hashAlgorithm().orElse(null);
            str4 = transitConfig.signatureAlgorithm().orElse(null);
            bool = transitConfig.prehashed().orElse(null);
        } else {
            str2 = str;
            str3 = null;
            str4 = null;
            bool = null;
        }
        if (signVerifyOptions != null) {
            keyVersion.setHashAlgorithm(VaultHashAlgorithm.from((String) defaultIfNull(signVerifyOptions.getHashAlgorithm(), str3)));
            keyVersion.setSignatureAlgorithm(VaultSecretsTransitSignatureAlgorithm.from((String) defaultIfNull(signVerifyOptions.getSignatureAlgorithm(), str4)));
            keyVersion.setPrehashed((Boolean) defaultIfNull(signVerifyOptions.getPrehashed(), bool));
            keyVersion.setMarshalingAlgorithm(VaultSecretsTransitMarshalingAlgorithm.from((String) defaultIfNull(signVerifyOptions.getMarshalingAlgorithm(), null)));
        }
        return Uni.createFrom().completionStage(this.transit.signBatch(str2, keyVersion)).map(list2 -> {
            for (int i2 = 0; i2 < list.size(); i2++) {
                VaultSecretsTransitSignResultBatchItem vaultSecretsTransitSignResultBatchItem = (VaultSecretsTransitSignResultBatchItem) list2.get(i2);
                ((SigningRequestResultPair) list.get(i2)).setResult(new SigningResult(vaultSecretsTransitSignResultBatchItem.getSignature(), vaultSecretsTransitSignResultBatchItem.getError()));
            }
            return null;
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> verifySignature(String str, String str2, String str3) {
        return verifySignature(str, str2, new SigningInput(str3), null);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> verifySignature(String str, String str2, SigningInput signingInput, TransitContext transitContext) {
        return verifySignature(str, str2, signingInput, null, transitContext);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> verifySignature(String str, String str2, SigningInput signingInput, SignVerifyOptions signVerifyOptions, TransitContext transitContext) {
        return verifyBatch(str, Collections.singletonList(new VerificationRequest(str2, signingInput, transitContext)), signVerifyOptions).map(list -> {
            if (Boolean.TRUE.equals(((VerificationResult) list.get(0)).getValueOrElseError())) {
                return null;
            }
            throw new VaultException(VaultTransitSecretEngineConstants.INVALID_SIGNATURE);
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> verifySignature(String str, List<VerificationRequest> list) {
        return verifySignature(str, list, (SignVerifyOptions) null);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> verifySignature(String str, List<VerificationRequest> list, SignVerifyOptions signVerifyOptions) {
        return verifyBatch(str, list, signVerifyOptions).map(list2 -> {
            Map zip = zip(list, list2);
            checkBatchErrors(list2, l -> {
                return new VaultVerificationBatchException(l + " verification errors", zip);
            });
            return null;
        });
    }

    private Uni<List<VerificationResult>> verifyBatch(String str, List<VerificationRequest> list, SignVerifyOptions signVerifyOptions) {
        String str2;
        String str3;
        String str4;
        Boolean bool;
        VaultSecretsTransitVerifyBatchParams batchInput = new VaultSecretsTransitVerifyBatchParams().setBatchInput((List) list.stream().map(verificationRequest -> {
            return new VaultSecretsTransitVerifyBatchItem().setInput(verificationRequest.getInput().getValue()).setContext(verificationRequest.getContext()).setSignature(verificationRequest.getSignature());
        }).collect(Collectors.toList()));
        TransitKeyConfig transitConfig = getTransitConfig(str);
        if (transitConfig != null) {
            str2 = transitConfig.name().orElse(str);
            str3 = transitConfig.hashAlgorithm().orElse(null);
            str4 = transitConfig.signatureAlgorithm().orElse(null);
            bool = transitConfig.prehashed().orElse(null);
        } else {
            str2 = str;
            str3 = null;
            str4 = null;
            bool = null;
        }
        if (signVerifyOptions != null) {
            batchInput.setHashAlgorithm(VaultHashAlgorithm.from((String) defaultIfNull(signVerifyOptions.getHashAlgorithm(), str3)));
            batchInput.setSignatureAlgorithm(VaultSecretsTransitSignatureAlgorithm.from((String) defaultIfNull(signVerifyOptions.getSignatureAlgorithm(), str4)));
            batchInput.setPrehashed((Boolean) defaultIfNull(signVerifyOptions.getPrehashed(), bool));
            batchInput.setMarshalingAlgorithm(VaultSecretsTransitMarshalingAlgorithm.from((String) defaultIfNull(signVerifyOptions.getMarshalingAlgorithm(), null)));
        }
        return Uni.createFrom().completionStage(this.transit.verifyBatch(str2, batchInput)).map(list2 -> {
            return (List) list2.stream().map(vaultSecretsTransitVerifyResultBatchItem -> {
                if (vaultSecretsTransitVerifyResultBatchItem.getError() != null) {
                    return new VerificationResult(vaultSecretsTransitVerifyResultBatchItem.isValid().booleanValue(), vaultSecretsTransitVerifyResultBatchItem.getError());
                }
                return new VerificationResult(vaultSecretsTransitVerifyResultBatchItem.isValid().booleanValue(), !vaultSecretsTransitVerifyResultBatchItem.isValid().booleanValue() ? VaultTransitSecretEngineConstants.INVALID_SIGNATURE : null);
            }).collect(Collectors.toList());
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> createKey(String str, KeyCreationRequestDetail keyCreationRequestDetail) {
        VaultSecretsTransitCreateKeyParams vaultSecretsTransitCreateKeyParams = new VaultSecretsTransitCreateKeyParams();
        if (keyCreationRequestDetail != null) {
            vaultSecretsTransitCreateKeyParams.setAllowPlaintextBackup(keyCreationRequestDetail.getAllowPlaintextBackup()).setConvergentEncryption(Boolean.valueOf(keyCreationRequestDetail.getConvergentEncryption())).setDerived(keyCreationRequestDetail.getDerived()).setExportable(keyCreationRequestDetail.getExportable()).setType(VaultSecretsTransitKeyType.from(keyCreationRequestDetail.getType()));
        }
        return Uni.createFrom().completionStage(this.transit.createKey(str, vaultSecretsTransitCreateKeyParams)).map(optional -> {
            return null;
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> updateKeyConfiguration(String str, KeyConfigRequestDetail keyConfigRequestDetail) {
        return Uni.createFrom().completionStage(this.transit.updateKey(str, new VaultSecretsTransitUpdateKeyParams().setAllowPlaintextBackup(keyConfigRequestDetail.getAllowPlaintextBackup()).setDeletionAllowed(keyConfigRequestDetail.getDeletionAllowed()).setExportable(keyConfigRequestDetail.getExportable()).setMinDecryptionVersion(keyConfigRequestDetail.getMinDecryptionVersion()).setMinEncryptionVersion(keyConfigRequestDetail.getMinEncryptionVersion())));
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> rotateKey(String str) {
        return Uni.createFrom().completionStage(this.transit.rotateKey(str, new VaultSecretsTransitRotateKeyParams())).map(r2 -> {
            return null;
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Void> deleteKey(String str) {
        return Uni.createFrom().completionStage(this.transit.deleteKey(str));
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<VaultTransitKeyExportDetail> exportKey(String str, VaultTransitExportKeyType vaultTransitExportKeyType, String str2) {
        return Uni.createFrom().completionStage(this.transit.exportKey(VaultSecretsTransitExportKeyType.from(vaultTransitExportKeyType.name() + "-key"), str, str2)).map(vaultSecretsTransitExportKeyResultData -> {
            return new VaultTransitKeyExportDetail().setName(vaultSecretsTransitExportKeyResultData.getName()).setKeys(vaultSecretsTransitExportKeyResultData.getKeys());
        });
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<Optional<VaultTransitKeyDetail<?>>> readKey(String str) {
        return Uni.createFrom().completionStage(this.transit.readKey(str)).map(vaultSecretsTransitKeyInfo -> {
            return Optional.of(map(vaultSecretsTransitKeyInfo));
        }).plug(Plugs::notFoundToEmpty);
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<List<String>> listKeys() {
        return Uni.createFrom().completionStage(this.transit.listKeys());
    }

    @Override // io.quarkus.vault.VaultTransitSecretReactiveEngine
    public Uni<VaultTransitDataKey> generateDataKey(VaultTransitDataKeyType vaultTransitDataKeyType, String str, VaultTransitDataKeyRequestDetail vaultTransitDataKeyRequestDetail) {
        return Uni.createFrom().completionStage(this.transit.generateDataKey(VaultSecretsTransitDataKeyType.from(vaultTransitDataKeyType.name()), str, vaultTransitDataKeyRequestDetail == null ? null : new VaultSecretsTransitGenerateDataKeyParams().setBits(vaultTransitDataKeyRequestDetail.getBits()).setNonce(vaultTransitDataKeyRequestDetail.getNonce()).setContext(vaultTransitDataKeyRequestDetail.getContext()))).map(vaultSecretsTransitGenerateDataKeyResultData -> {
            return new VaultTransitDataKey().setCiphertext(vaultSecretsTransitGenerateDataKeyResultData.getCiphertext()).setPlaintext(vaultSecretsTransitGenerateDataKeyResultData.getPlaintext());
        });
    }

    protected VaultTransitKeyDetail<?> map(VaultSecretsTransitKeyInfo vaultSecretsTransitKeyInfo) {
        VaultTransitKeyDetail<VaultTransitSymmetricKeyVersion> versions;
        if (((VaultSecretsTransitKeyVersion) vaultSecretsTransitKeyInfo.getKeys().get(Integer.toString(vaultSecretsTransitKeyInfo.getLatestVersion().intValue()))).getPublicKey() != null) {
            versions = new VaultTransitAsymmetricKeyDetail().setVersions((Map) vaultSecretsTransitKeyInfo.getKeys().entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, VaultTransitManager::mapAsymmetricKeyVersion)));
        } else {
            versions = new VaultTransitSymmetricKeyDetail().setVersions((Map) vaultSecretsTransitKeyInfo.getKeys().entrySet().stream().collect(Collectors.toMap((v0) -> {
                return v0.getKey();
            }, VaultTransitManager::mapSymmetricKeyVersion)));
        }
        versions.setDeletionAllowed(vaultSecretsTransitKeyInfo.isDeletionAllowed().booleanValue());
        versions.setDerived(vaultSecretsTransitKeyInfo.isDerived().booleanValue());
        versions.setExportable(vaultSecretsTransitKeyInfo.isExportable().booleanValue());
        versions.setAllowPlaintextBackup(vaultSecretsTransitKeyInfo.isAllowPlaintextBackup().booleanValue());
        versions.setLatestVersion(vaultSecretsTransitKeyInfo.getLatestVersion().intValue());
        versions.setMinAvailableVersion(vaultSecretsTransitKeyInfo.getMinAvailableVersion().intValue());
        versions.setMinDecryptionVersion(vaultSecretsTransitKeyInfo.getMinDecryptionVersion().intValue());
        versions.setMinEncryptionVersion(vaultSecretsTransitKeyInfo.getMinEncryptionVersion().intValue());
        versions.setName(vaultSecretsTransitKeyInfo.getName());
        versions.setSupportsEncryption(vaultSecretsTransitKeyInfo.isSupportsEncryption().booleanValue());
        versions.setSupportsDecryption(vaultSecretsTransitKeyInfo.isSupportsDecryption().booleanValue());
        versions.setSupportsDerivation(vaultSecretsTransitKeyInfo.isSupportsDerivation().booleanValue());
        versions.setSupportsSigning(vaultSecretsTransitKeyInfo.isSupportsSigning().booleanValue());
        versions.setType(vaultSecretsTransitKeyInfo.getType().getValue());
        return versions;
    }

    private static VaultTransitAsymmetricKeyVersion mapAsymmetricKeyVersion(Map.Entry<String, VaultSecretsTransitKeyVersion> entry) {
        VaultSecretsTransitKeyVersion value = entry.getValue();
        VaultTransitAsymmetricKeyVersion vaultTransitAsymmetricKeyVersion = new VaultTransitAsymmetricKeyVersion();
        vaultTransitAsymmetricKeyVersion.setName(value.getName());
        vaultTransitAsymmetricKeyVersion.setPublicKey(value.getPublicKey());
        vaultTransitAsymmetricKeyVersion.setCreationTime(value.getCreationTime());
        return vaultTransitAsymmetricKeyVersion;
    }

    private static VaultTransitSymmetricKeyVersion mapSymmetricKeyVersion(Map.Entry<String, VaultSecretsTransitKeyVersion> entry) {
        VaultSecretsTransitKeyVersion value = entry.getValue();
        VaultTransitSymmetricKeyVersion vaultTransitSymmetricKeyVersion = new VaultTransitSymmetricKeyVersion();
        vaultTransitSymmetricKeyVersion.setCreationTime(value.getCreationTime());
        return vaultTransitSymmetricKeyVersion;
    }

    private void checkBatchErrors(List<? extends VaultTransitBatchResult<?>> list, Function<Long, ? extends VaultException> function) {
        long count = list.stream().filter((v0) -> {
            return v0.isInError();
        }).count();
        if (count != 0) {
            throw function.apply(Long.valueOf(count));
        }
    }

    private <K, V> Map<K, V> zip(List<K> list, List<V> list2) {
        return zip(list, list2, Function.identity());
    }

    private <K, V extends VaultTransitBatchResult<T>, T> Map<K, T> zipRequestToValue(List<K> list, List<V> list2) {
        return zip(list, list2, (v0) -> {
            return v0.getValue();
        });
    }

    private <K, T, V> Map<K, V> zip(List<K> list, List<T> list2, Function<T, V> function) {
        if (list.size() != list2.size()) {
            throw new VaultException("unable to zip " + list.size() + " keys with " + list2.size() + " values");
        }
        IdentityHashMap identityHashMap = new IdentityHashMap();
        IntStream.range(0, list.size()).forEach(i -> {
            identityHashMap.put(list.get(i), function.apply(list2.get(i)));
        });
        return identityHashMap;
    }

    private <T> T defaultIfNull(T t, T t2) {
        return t != null ? t : t2;
    }
}
