package org.eclipse.hono.deviceregistry.mongodb.quarkus;

import com.bol.config.CryptVaultAutoConfiguration;
import com.bol.crypt.CryptVault;
import io.opentracing.Tracer;
import io.vertx.core.Vertx;
import io.vertx.ext.mongo.MongoClient;
import java.io.FileInputStream;
import java.util.Base64;
import java.util.Objects;
import java.util.Optional;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.eclipse.hono.deviceregistry.mongodb.config.MongoDbBasedCredentialsConfigOptions;
import org.eclipse.hono.deviceregistry.mongodb.config.MongoDbBasedRegistrationConfigOptions;
import org.eclipse.hono.deviceregistry.mongodb.config.MongoDbBasedTenantsConfigOptions;
import org.eclipse.hono.deviceregistry.mongodb.config.MongoDbConfigOptions;
import org.eclipse.hono.deviceregistry.mongodb.config.MongoDbConfigProperties;
import org.eclipse.hono.deviceregistry.mongodb.model.CredentialsDao;
import org.eclipse.hono.deviceregistry.mongodb.model.DeviceDao;
import org.eclipse.hono.deviceregistry.mongodb.model.MongoDbBasedCredentialsDao;
import org.eclipse.hono.deviceregistry.mongodb.model.MongoDbBasedDeviceDao;
import org.eclipse.hono.deviceregistry.mongodb.model.MongoDbBasedTenantDao;
import org.eclipse.hono.deviceregistry.mongodb.model.TenantDao;
import org.eclipse.hono.deviceregistry.util.CryptVaultBasedFieldLevelEncryption;
import org.eclipse.hono.deviceregistry.util.FieldLevelEncryption;
import org.eclipse.hono.service.HealthCheckServer;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;

@ApplicationScoped
/* loaded from: input_file:org/eclipse/hono/deviceregistry/mongodb/quarkus/DaoProducer.class */
public class DaoProducer {

    @Inject
    Vertx vertx;

    @Inject
    Tracer tracer;

    @Inject
    HealthCheckServer healthCheckServer;

    @Singleton
    @Produces
    public MongoClient mongoClient(MongoDbConfigOptions mongoDbConfigOptions) {
        return MongoClient.createShared(this.vertx, new MongoDbConfigProperties(mongoDbConfigOptions).getMongoClientConfig());
    }

    @Singleton
    @Produces
    public TenantDao tenantDao(MongoClient mongoClient, MongoDbBasedTenantsConfigOptions mongoDbBasedTenantsConfigOptions) {
        MongoDbBasedTenantDao mongoDbBasedTenantDao = new MongoDbBasedTenantDao(mongoClient, mongoDbBasedTenantsConfigOptions.collectionName(), this.tracer);
        this.healthCheckServer.registerHealthCheckResources(mongoDbBasedTenantDao);
        return mongoDbBasedTenantDao;
    }

    @Singleton
    @Produces
    public DeviceDao deviceDao(MongoClient mongoClient, MongoDbBasedRegistrationConfigOptions mongoDbBasedRegistrationConfigOptions) {
        MongoDbBasedDeviceDao mongoDbBasedDeviceDao = new MongoDbBasedDeviceDao(mongoClient, mongoDbBasedRegistrationConfigOptions.collectionName(), this.tracer);
        this.healthCheckServer.registerHealthCheckResources(mongoDbBasedDeviceDao);
        return mongoDbBasedDeviceDao;
    }

    @Singleton
    @Produces
    public CredentialsDao credentialsDao(MongoClient mongoClient, MongoDbBasedCredentialsConfigOptions mongoDbBasedCredentialsConfigOptions) {
        MongoDbBasedCredentialsDao mongoDbBasedCredentialsDao = new MongoDbBasedCredentialsDao(mongoClient, mongoDbBasedCredentialsConfigOptions.collectionName(), this.tracer, (FieldLevelEncryption) mongoDbBasedCredentialsConfigOptions.encryptionKeyFile().map(this::fieldLevelEncryption).orElse(FieldLevelEncryption.NOOP_ENCRYPTION));
        this.healthCheckServer.registerHealthCheckResources(mongoDbBasedCredentialsDao);
        return mongoDbBasedCredentialsDao;
    }

    private FieldLevelEncryption fieldLevelEncryption(String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                CryptVaultAutoConfiguration.CryptVaultConfigurationProperties cryptVaultConfigurationProperties = (CryptVaultAutoConfiguration.CryptVaultConfigurationProperties) new Yaml(new Constructor(CryptVaultAutoConfiguration.CryptVaultConfigurationProperties.class)).load(fileInputStream);
                CryptVault cryptVault = new CryptVault();
                for (CryptVaultAutoConfiguration.Key key : cryptVaultConfigurationProperties.getKeys()) {
                    cryptVault.with256BitAesCbcPkcs5PaddingAnd128BitSaltKey(key.getVersion(), Base64.getDecoder().decode(key.getKey()));
                }
                Optional ofNullable = Optional.ofNullable(cryptVaultConfigurationProperties.getDefaultKey());
                Objects.requireNonNull(cryptVault);
                ofNullable.ifPresent((v1) -> {
                    r1.withDefaultKeyVersion(v1);
                });
                CryptVaultBasedFieldLevelEncryption cryptVaultBasedFieldLevelEncryption = new CryptVaultBasedFieldLevelEncryption(cryptVault);
                fileInputStream.close();
                return cryptVaultBasedFieldLevelEncryption;
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalArgumentException(String.format("error reading CryptVault configuration from file [%s]", str), e);
        }
    }
}
