package CreateKeys_Compile;

import Wrappers_Compile.Option;
import Wrappers_Compile.Outcome;
import Wrappers_Compile.Result;
import dafny.DafnyMap;
import dafny.DafnySequence;
import dafny.Helpers;
import dafny.Tuple0;
import dafny.Tuple2;
import dafny.TypeDescriptor;
import java.math.BigInteger;
import java.util.Objects;
import software.amazon.cryptography.keystore.internaldafny.types.CreateKeyOutput;
import software.amazon.cryptography.keystore.internaldafny.types.Error;
import software.amazon.cryptography.keystore.internaldafny.types.VersionKeyInput;
import software.amazon.cryptography.services.dynamodb.internaldafny.types.AttributeValue;
import software.amazon.cryptography.services.dynamodb.internaldafny.types.IDynamoDBClient;
import software.amazon.cryptography.services.dynamodb.internaldafny.types.Put;
import software.amazon.cryptography.services.dynamodb.internaldafny.types.QueryOutput;
import software.amazon.cryptography.services.dynamodb.internaldafny.types.TransactWriteItem;
import software.amazon.cryptography.services.dynamodb.internaldafny.types.TransactWriteItemsInput;
import software.amazon.cryptography.services.dynamodb.internaldafny.types.TransactWriteItemsOutput;
import software.amazon.cryptography.services.kms.internaldafny.types.GenerateDataKeyWithoutPlaintextRequest;
import software.amazon.cryptography.services.kms.internaldafny.types.GenerateDataKeyWithoutPlaintextResponse;
import software.amazon.cryptography.services.kms.internaldafny.types.IKMSClient;
import software.amazon.cryptography.services.kms.internaldafny.types.ReEncryptRequest;
import software.amazon.cryptography.services.kms.internaldafny.types.ReEncryptResponse;

/* loaded from: input_file:CreateKeys_Compile/__default.class */
public class __default {
    private static final TypeDescriptor<__default> _TYPE = TypeDescriptor.referenceWithInitializer(__default.class, () -> {
        return (__default) null;
    });

    public static boolean branchKeyContextHasRequiredFields_q(DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> dafnyMap) {
        return dafnyMap.contains(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD()) && dafnyMap.contains(GetKeys_Compile.__default.TYPE__FIELD()) && dafnyMap.contains(KEY__STATUS()) && dafnyMap.contains(KEY__CREATE__TIME()) && dafnyMap.contains(HIERARCHY__VERSION()) && dafnyMap.contains(GetKeys_Compile.__default.TABLE__FIELD()) && dafnyMap.contains(GetKeys_Compile.__default.KMS__FIELD());
    }

    public static DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> activeBranchKeyEncryptionContext(DafnySequence<? extends Character> dafnySequence, DafnySequence<? extends Character> dafnySequence2, DafnySequence<? extends Character> dafnySequence3, DafnySequence<? extends Character> dafnySequence4, DafnySequence<? extends Character> dafnySequence5) {
        return DafnyMap.fromElements(new Tuple2[]{new Tuple2(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD(), dafnySequence), new Tuple2(GetKeys_Compile.__default.TYPE__FIELD(), DafnySequence.concatenate(GetKeys_Compile.__default.BRANCH__KEY__TYPE__PREFIX(), dafnySequence2)), new Tuple2(KEY__STATUS(), DafnySequence.asString("ACTIVE")), new Tuple2(KEY__CREATE__TIME(), dafnySequence3), new Tuple2(GetKeys_Compile.__default.TABLE__FIELD(), dafnySequence4), new Tuple2(GetKeys_Compile.__default.KMS__FIELD(), dafnySequence5), new Tuple2(HIERARCHY__VERSION(), DafnySequence.asString("1"))});
    }

    public static DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> decryptOnlyBranchKeyEncryptionContext(DafnySequence<? extends Character> dafnySequence, DafnySequence<? extends Character> dafnySequence2, DafnySequence<? extends Character> dafnySequence3, DafnySequence<? extends Character> dafnySequence4, DafnySequence<? extends Character> dafnySequence5) {
        return DafnyMap.fromElements(new Tuple2[]{new Tuple2(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD(), dafnySequence), new Tuple2(GetKeys_Compile.__default.TYPE__FIELD(), DafnySequence.concatenate(GetKeys_Compile.__default.BRANCH__KEY__TYPE__PREFIX(), dafnySequence2)), new Tuple2(KEY__STATUS(), DafnySequence.asString("DECRYPT_ONLY")), new Tuple2(KEY__CREATE__TIME(), dafnySequence3), new Tuple2(GetKeys_Compile.__default.TABLE__FIELD(), dafnySequence4), new Tuple2(GetKeys_Compile.__default.KMS__FIELD(), dafnySequence5), new Tuple2(HIERARCHY__VERSION(), DafnySequence.asString("1"))});
    }

    public static DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> beaconKeyEncryptionContext(DafnySequence<? extends Character> dafnySequence, DafnySequence<? extends Character> dafnySequence2, DafnySequence<? extends Character> dafnySequence3, DafnySequence<? extends Character> dafnySequence4) {
        return DafnyMap.fromElements(new Tuple2[]{new Tuple2(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD(), dafnySequence), new Tuple2(GetKeys_Compile.__default.TYPE__FIELD(), BEACON__KEY__TYPE__VALUE()), new Tuple2(KEY__STATUS(), DafnySequence.asString("SEARCH")), new Tuple2(KEY__CREATE__TIME(), dafnySequence2), new Tuple2(GetKeys_Compile.__default.TABLE__FIELD(), dafnySequence3), new Tuple2(GetKeys_Compile.__default.KMS__FIELD(), dafnySequence4), new Tuple2(HIERARCHY__VERSION(), DafnySequence.asString("1"))});
    }

    public static Result<CreateKeyOutput, Error> CreateBranchAndBeaconKeys(DafnySequence<? extends Character> dafnySequence, DafnySequence<? extends Character> dafnySequence2, DafnySequence<? extends Character> dafnySequence3, DafnySequence<? extends DafnySequence<? extends Character>> dafnySequence4, IKMSClient iKMSClient, IDynamoDBClient iDynamoDBClient) {
        Result.Default(CreateKeyOutput.Default());
        Result<DafnySequence<? extends Character>, DafnySequence<? extends Character>> GenerateUUID = UUID.__default.GenerateUUID();
        Result.Default(DafnySequence.empty(TypeDescriptor.CHAR));
        Result<DafnySequence<? extends Character>, __NewR> MapFailure = GenerateUUID.MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence5 -> {
            return Error.create_KeyStoreException(dafnySequence5);
        });
        if (MapFailure.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), CreateKeyOutput._typeDescriptor());
        }
        DafnySequence<? extends Character> Extract = MapFailure.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor());
        Result.Default(DafnySequence.empty(TypeDescriptor.CHAR));
        Result<DafnySequence<? extends Character>, __NewR> MapFailure2 = Time.__default.GetCurrentTimeStamp().MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence6 -> {
            return CreateKeyStoreTable_Compile.__default.E(dafnySequence6);
        });
        if (MapFailure2.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
            return MapFailure2.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), CreateKeyOutput._typeDescriptor());
        }
        DafnySequence<? extends Character> Extract2 = MapFailure2.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor());
        Result<DafnySequence<? extends Character>, DafnySequence<? extends Character>> GenerateUUID2 = UUID.__default.GenerateUUID();
        Result.Default(DafnySequence.empty(TypeDescriptor.CHAR));
        Result<DafnySequence<? extends Character>, __NewR> MapFailure3 = GenerateUUID2.MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence7 -> {
            return Error.create_KeyStoreException(dafnySequence7);
        });
        if (MapFailure3.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
            return MapFailure3.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), CreateKeyOutput._typeDescriptor());
        }
        DafnySequence<? extends Character> Extract3 = MapFailure3.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor());
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), GenerateUUID.is_Success() && GenerateUUID2.is_Success(), Error.create_KeyStoreException(DafnySequence.asString("Failed to generate UUID for Key ID or Key Version.")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), CreateKeyOutput._typeDescriptor());
        }
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> activeBranchKeyEncryptionContext = activeBranchKeyEncryptionContext(Extract, Extract3, Extract2, dafnySequence2, dafnySequence3);
        Result.Default(GenerateDataKeyWithoutPlaintextResponse.Default());
        Result<GenerateDataKeyWithoutPlaintextResponse, Error> GenerateKey = GenerateKey(activeBranchKeyEncryptionContext, dafnySequence3, dafnySequence4, iKMSClient);
        if (GenerateKey.IsFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor())) {
            return GenerateKey.PropagateFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor(), CreateKeyOutput._typeDescriptor());
        }
        GenerateDataKeyWithoutPlaintextResponse Extract4 = GenerateKey.Extract(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor());
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> beaconKeyEncryptionContext = beaconKeyEncryptionContext(Extract, Extract2, dafnySequence2, dafnySequence3);
        Result.Default(GenerateDataKeyWithoutPlaintextResponse.Default());
        Result<GenerateDataKeyWithoutPlaintextResponse, Error> GenerateKey2 = GenerateKey(beaconKeyEncryptionContext, dafnySequence3, dafnySequence4, iKMSClient);
        if (GenerateKey2.IsFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor())) {
            return GenerateKey2.PropagateFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor(), CreateKeyOutput._typeDescriptor());
        }
        GenerateDataKeyWithoutPlaintextResponse Extract5 = GenerateKey2.Extract(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor());
        Result.Default(TransactWriteItemsOutput.Default());
        Result<TransactWriteItemsOutput, Error> WriteNewKeyToStore = WriteNewKeyToStore(activeBranchKeyEncryptionContext, Extract4.dtor_CiphertextBlob().dtor_value(), beaconKeyEncryptionContext, Extract5.dtor_CiphertextBlob().dtor_value(), dafnySequence, iDynamoDBClient);
        if (WriteNewKeyToStore.IsFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor())) {
            return WriteNewKeyToStore.PropagateFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor(), CreateKeyOutput._typeDescriptor());
        }
        WriteNewKeyToStore.Extract(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor());
        return Result.create_Success(CreateKeyOutput.create(Extract));
    }

    public static Result<GenerateDataKeyWithoutPlaintextResponse, Error> GenerateKey(DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> dafnyMap, DafnySequence<? extends Character> dafnySequence, DafnySequence<? extends DafnySequence<? extends Character>> dafnySequence2, IKMSClient iKMSClient) {
        Result.Default(GenerateDataKeyWithoutPlaintextResponse.Default());
        Result<GenerateDataKeyWithoutPlaintextResponse, software.amazon.cryptography.services.kms.internaldafny.types.Error> GenerateDataKeyWithoutPlaintext = iKMSClient.GenerateDataKeyWithoutPlaintext(GenerateDataKeyWithoutPlaintextRequest.create(dafnySequence, Option.create_Some(dafnyMap), Option.create_None(), Option.create_Some(32), Option.create_Some(dafnySequence2)));
        Result.Default(GenerateDataKeyWithoutPlaintextResponse.Default());
        Result<GenerateDataKeyWithoutPlaintextResponse, __NewR> MapFailure = GenerateDataKeyWithoutPlaintext.MapFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), software.amazon.cryptography.services.kms.internaldafny.types.Error._typeDescriptor(), Error._typeDescriptor(), error -> {
            return Error.create_ComAmazonawsKms(error);
        });
        if (MapFailure.IsFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor(), GenerateDataKeyWithoutPlaintextResponse._typeDescriptor());
        }
        GenerateDataKeyWithoutPlaintextResponse Extract = MapFailure.Extract(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor());
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Extract.dtor_KeyId().is_Some() && AwsArnParsing_Compile.__default.ParseAwsKmsIdentifier(Extract.dtor_KeyId().dtor_value()).is_Success(), Error.create_KeyStoreException(DafnySequence.asString("Invalid response from KMS GenerateDataKey:: Invalid Key Id")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), GenerateDataKeyWithoutPlaintextResponse._typeDescriptor());
        }
        Outcome.Default();
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Extract.dtor_CiphertextBlob().is_Some() && Objects.equals(BigInteger.valueOf((long) Extract.dtor_CiphertextBlob().dtor_value().length()), KMS__GEN__KEY__NO__PLAINTEXT__LENGTH__32()) && software.amazon.cryptography.services.kms.internaldafny.types.__default.IsValid__CiphertextType(Extract.dtor_CiphertextBlob().dtor_value()), Error.create_KeyStoreException(DafnySequence.asString("Invalid response from AWS KMS GeneratedDataKey: Invalid ciphertext")));
        return Need2.IsFailure(Error._typeDescriptor()) ? Need2.PropagateFailure(Error._typeDescriptor(), GenerateDataKeyWithoutPlaintextResponse._typeDescriptor()) : Result.create_Success(Extract);
    }

    public static Result<TransactWriteItemsOutput, Error> WriteNewKeyToStore(DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> dafnyMap, DafnySequence<? extends Byte> dafnySequence, DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> dafnyMap2, DafnySequence<? extends Byte> dafnySequence2, DafnySequence<? extends Character> dafnySequence3, IDynamoDBClient iDynamoDBClient) {
        Result.Default(TransactWriteItemsOutput.Default());
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> ToBranchKeyItemAttributeMap = ToBranchKeyItemAttributeMap(dafnyMap, dafnySequence);
        TransactWriteItem CreateTransactWritePutItem = CreateTransactWritePutItem(ToBranchKeyItemAttributeMap, dafnySequence3);
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> ToBranchKeyItemAttributeMap2 = ToBranchKeyItemAttributeMap(dafnyMap2, dafnySequence2);
        TransactWriteItem CreateTransactWritePutItem2 = CreateTransactWritePutItem(ToBranchKeyItemAttributeMap2, dafnySequence3);
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), GetKeys_Compile.__default.validBeaconKeyItem_q(ToBranchKeyItemAttributeMap2) && GetKeys_Compile.__default.validActiveBranchKey_q(ToBranchKeyItemAttributeMap), Error.create_KeyStoreException(DafnySequence.concatenate(DafnySequence.asString("Unable to write key material to Key Store: "), dafnySequence3)));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), TransactWriteItemsOutput._typeDescriptor());
        }
        Result<TransactWriteItemsOutput, software.amazon.cryptography.services.dynamodb.internaldafny.types.Error> TransactWriteItems = iDynamoDBClient.TransactWriteItems(TransactWriteItemsInput.create(DafnySequence.of(TransactWriteItem._typeDescriptor(), new TransactWriteItem[]{CreateTransactWritePutItem, CreateTransactWritePutItem2}), Option.create_None(), Option.create_None(), Option.create_None()));
        Result.Default(TransactWriteItemsOutput.Default());
        Result<TransactWriteItemsOutput, __NewR> MapFailure = TransactWriteItems.MapFailure(TransactWriteItemsOutput._typeDescriptor(), software.amazon.cryptography.services.dynamodb.internaldafny.types.Error._typeDescriptor(), Error._typeDescriptor(), error -> {
            return Error.create_ComAmazonawsDynamodb(error);
        });
        return MapFailure.IsFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor()) ? MapFailure.PropagateFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor(), TransactWriteItemsOutput._typeDescriptor()) : Result.create_Success(MapFailure.Extract(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor()));
    }

    public static Result<TransactWriteItemsOutput, Error> WriteVersionedKeyToStore(DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> dafnyMap, DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> dafnyMap2, DafnySequence<? extends Character> dafnySequence, IDynamoDBClient iDynamoDBClient) {
        Result.Default(TransactWriteItemsOutput.Default());
        TransactWriteItem CreateTransactWritePutItem = CreateTransactWritePutItem(dafnyMap, dafnySequence);
        TransactWriteItem CreateTransactWritePutItem2 = CreateTransactWritePutItem(dafnyMap2, dafnySequence);
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), GetKeys_Compile.__default.validActiveBranchKey_q(dafnyMap2) && GetKeys_Compile.__default.validVersionBranchKey_q(dafnyMap), Error.create_KeyStoreException(DafnySequence.concatenate(DafnySequence.asString("Unable to write key material to Key Store: "), dafnySequence)));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), TransactWriteItemsOutput._typeDescriptor());
        }
        Result<TransactWriteItemsOutput, software.amazon.cryptography.services.dynamodb.internaldafny.types.Error> TransactWriteItems = iDynamoDBClient.TransactWriteItems(TransactWriteItemsInput.create(DafnySequence.of(TransactWriteItem._typeDescriptor(), new TransactWriteItem[]{CreateTransactWritePutItem, CreateTransactWritePutItem2}), Option.create_None(), Option.create_None(), Option.create_None()));
        Result.Default(TransactWriteItemsOutput.Default());
        Result<TransactWriteItemsOutput, __NewR> MapFailure = TransactWriteItems.MapFailure(TransactWriteItemsOutput._typeDescriptor(), software.amazon.cryptography.services.dynamodb.internaldafny.types.Error._typeDescriptor(), Error._typeDescriptor(), error -> {
            return Error.create_ComAmazonawsDynamodb(error);
        });
        return MapFailure.IsFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor()) ? MapFailure.PropagateFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor(), TransactWriteItemsOutput._typeDescriptor()) : Result.create_Success(MapFailure.Extract(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor()));
    }

    public static DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> ToBranchKeyItemAttributeMap(DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> dafnyMap, DafnySequence<? extends Byte> dafnySequence) {
        return DafnyMap.fromElements(new Tuple2[]{new Tuple2(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD(), AttributeValue.create_S((DafnySequence) dafnyMap.get(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD()))), new Tuple2(GetKeys_Compile.__default.TYPE__FIELD(), AttributeValue.create_S((DafnySequence) dafnyMap.get(GetKeys_Compile.__default.TYPE__FIELD()))), new Tuple2(KEY__STATUS(), AttributeValue.create_S((DafnySequence) dafnyMap.get(KEY__STATUS()))), new Tuple2(GetKeys_Compile.__default.BRANCH__KEY__FIELD(), AttributeValue.create_B(dafnySequence)), new Tuple2(GetKeys_Compile.__default.KMS__FIELD(), AttributeValue.create_S((DafnySequence) dafnyMap.get(GetKeys_Compile.__default.KMS__FIELD()))), new Tuple2(KEY__CREATE__TIME(), AttributeValue.create_S((DafnySequence) dafnyMap.get(KEY__CREATE__TIME()))), new Tuple2(HIERARCHY__VERSION(), AttributeValue.create_N((DafnySequence) dafnyMap.get(HIERARCHY__VERSION())))});
    }

    public static TransactWriteItem CreateTransactWritePutItem(DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> dafnyMap, DafnySequence<? extends Character> dafnySequence) {
        return TransactWriteItem.create(Option.create_None(), Option.create_Some(Put.create(dafnyMap, dafnySequence, Option.create_None(), Option.create_None(), Option.create_None(), Option.create_None())), Option.create_None(), Option.create_None());
    }

    public static Result<Tuple0, Error> VersionActiveBranchKey(VersionKeyInput versionKeyInput, DafnySequence<? extends Character> dafnySequence, DafnySequence<? extends Character> dafnySequence2, DafnySequence<? extends Character> dafnySequence3, DafnySequence<? extends DafnySequence<? extends Character>> dafnySequence4, IKMSClient iKMSClient, IDynamoDBClient iDynamoDBClient) {
        Result.Default(Tuple0.Default());
        Result<QueryOutput, software.amazon.cryptography.services.dynamodb.internaldafny.types.Error> QueryForActiveBranchKey = GetKeys_Compile.__default.QueryForActiveBranchKey(versionKeyInput.dtor_branchKeyIdentifier(), dafnySequence, iDynamoDBClient);
        Result.Default(QueryOutput.Default());
        Result<QueryOutput, __NewR> MapFailure = QueryForActiveBranchKey.MapFailure(QueryOutput._typeDescriptor(), software.amazon.cryptography.services.dynamodb.internaldafny.types.Error._typeDescriptor(), Error._typeDescriptor(), error -> {
            return Error.create_ComAmazonawsDynamodb(error);
        });
        if (MapFailure.IsFailure(QueryOutput._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(QueryOutput._typeDescriptor(), Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        QueryOutput Extract = MapFailure.Extract(QueryOutput._typeDescriptor(), Error._typeDescriptor());
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Extract.dtor_Items().is_Some() && Objects.equals(BigInteger.valueOf((long) Extract.dtor_Items().dtor_value().length()), BigInteger.ONE), CreateKeyStoreTable_Compile.__default.E(DafnySequence.concatenate(DafnySequence.concatenate(DafnySequence.asString("Found more than one active key under: "), versionKeyInput.dtor_branchKeyIdentifier()), DafnySequence.asString(". Resolve by calling ActiveKeyResolution API."))));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        Outcome.Default();
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), GetKeys_Compile.__default.validActiveBranchKey_q((DafnyMap) Extract.dtor_Items().dtor_value().select(Helpers.toInt(BigInteger.ZERO))) && ((AttributeValue) ((DafnyMap) Extract.dtor_Items().dtor_value().select(Helpers.toInt(BigInteger.ZERO))).get(GetKeys_Compile.__default.TYPE__FIELD())).dtor_S().take(BigInteger.valueOf((long) GetKeys_Compile.__default.BRANCH__KEY__TYPE__PREFIX().length())).equals(GetKeys_Compile.__default.BRANCH__KEY__TYPE__PREFIX()), Error.create_KeyStoreException(DafnySequence.concatenate(DafnySequence.concatenate(DafnySequence.asString("Active key for "), versionKeyInput.dtor_branchKeyIdentifier()), DafnySequence.asString(" does not have required fields."))));
        if (Need2.IsFailure(Error._typeDescriptor())) {
            return Need2.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        DafnyMap dafnyMap = (DafnyMap) Extract.dtor_Items().dtor_value().select(Helpers.toInt(BigInteger.ZERO));
        Outcome.Default();
        Outcome Need3 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), ((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.KMS__FIELD())).dtor_S().equals(dafnySequence3), Error.create_KeyStoreException(DafnySequence.concatenate(DafnySequence.asString("Configured AWS KMS Key ARN does not match KMS Key ARN for branch-key-id: "), ((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD())).dtor_S())));
        if (Need3.IsFailure(Error._typeDescriptor())) {
            return Need3.PropagateFailure(Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> activeBranchKeyEncryptionContext = activeBranchKeyEncryptionContext(((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD())).dtor_S(), ((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.TYPE__FIELD())).dtor_S().drop(BigInteger.valueOf(GetKeys_Compile.__default.BRANCH__KEY__TYPE__PREFIX().length())), ((AttributeValue) dafnyMap.get(KEY__CREATE__TIME())).dtor_S(), dafnySequence2, ((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.KMS__FIELD())).dtor_S());
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> decryptOnlyBranchKeyEncryptionContext = decryptOnlyBranchKeyEncryptionContext(((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD())).dtor_S(), ((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.TYPE__FIELD())).dtor_S().drop(BigInteger.valueOf(GetKeys_Compile.__default.BRANCH__KEY__TYPE__PREFIX().length())), ((AttributeValue) dafnyMap.get(KEY__CREATE__TIME())).dtor_S(), dafnySequence2, ((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.KMS__FIELD())).dtor_S());
        Result.Default(ReEncryptResponse.Default());
        Result<ReEncryptResponse, Error> ReEncryptBranchKeyDecryptOnly = ReEncryptBranchKeyDecryptOnly(((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.BRANCH__KEY__FIELD())).dtor_B(), activeBranchKeyEncryptionContext, decryptOnlyBranchKeyEncryptionContext, dafnySequence3, dafnySequence4, iKMSClient);
        if (ReEncryptBranchKeyDecryptOnly.IsFailure(ReEncryptResponse._typeDescriptor(), Error._typeDescriptor())) {
            return ReEncryptBranchKeyDecryptOnly.PropagateFailure(ReEncryptResponse._typeDescriptor(), Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        ReEncryptResponse Extract2 = ReEncryptBranchKeyDecryptOnly.Extract(ReEncryptResponse._typeDescriptor(), Error._typeDescriptor());
        Result<DafnySequence<? extends Character>, DafnySequence<? extends Character>> GenerateUUID = UUID.__default.GenerateUUID();
        Result.Default(DafnySequence.empty(TypeDescriptor.CHAR));
        Result<DafnySequence<? extends Character>, __NewR> MapFailure2 = GenerateUUID.MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence5 -> {
            return Error.create_KeyStoreException(dafnySequence5);
        });
        if (MapFailure2.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
            return MapFailure2.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        DafnySequence<? extends Character> Extract3 = MapFailure2.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor());
        Result.Default(DafnySequence.empty(TypeDescriptor.CHAR));
        Result<DafnySequence<? extends Character>, __NewR> MapFailure3 = Time.__default.GetCurrentTimeStamp().MapFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), dafnySequence6 -> {
            return CreateKeyStoreTable_Compile.__default.E(dafnySequence6);
        });
        if (MapFailure3.IsFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor())) {
            return MapFailure3.PropagateFailure(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> activeBranchKeyEncryptionContext2 = activeBranchKeyEncryptionContext(((AttributeValue) dafnyMap.get(GetKeys_Compile.__default.BRANCH__KEY__IDENTIFIER__FIELD())).dtor_S(), Extract3, MapFailure3.Extract(DafnySequence._typeDescriptor(TypeDescriptor.CHAR), Error._typeDescriptor()), dafnySequence2, dafnySequence3);
        Result.Default(GenerateDataKeyWithoutPlaintextResponse.Default());
        Result<GenerateDataKeyWithoutPlaintextResponse, Error> GenerateKey = GenerateKey(activeBranchKeyEncryptionContext2, dafnySequence3, dafnySequence4, iKMSClient);
        if (GenerateKey.IsFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor())) {
            return GenerateKey.PropagateFailure(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        GenerateDataKeyWithoutPlaintextResponse Extract4 = GenerateKey.Extract(GenerateDataKeyWithoutPlaintextResponse._typeDescriptor(), Error._typeDescriptor());
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> ToBranchKeyItemAttributeMap = ToBranchKeyItemAttributeMap(decryptOnlyBranchKeyEncryptionContext, Extract2.dtor_CiphertextBlob().dtor_value());
        DafnyMap<? extends DafnySequence<? extends Character>, ? extends AttributeValue> ToBranchKeyItemAttributeMap2 = ToBranchKeyItemAttributeMap(activeBranchKeyEncryptionContext2, Extract4.dtor_CiphertextBlob().dtor_value());
        Result.Default(TransactWriteItemsOutput.Default());
        Result<TransactWriteItemsOutput, Error> WriteVersionedKeyToStore = WriteVersionedKeyToStore(ToBranchKeyItemAttributeMap, ToBranchKeyItemAttributeMap2, dafnySequence, iDynamoDBClient);
        if (WriteVersionedKeyToStore.IsFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor())) {
            return WriteVersionedKeyToStore.PropagateFailure(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor(), Tuple0._typeDescriptor());
        }
        WriteVersionedKeyToStore.Extract(TransactWriteItemsOutput._typeDescriptor(), Error._typeDescriptor());
        return Result.create_Success(Tuple0.create());
    }

    public static Result<ReEncryptResponse, Error> ReEncryptBranchKeyDecryptOnly(DafnySequence<? extends Byte> dafnySequence, DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> dafnyMap, DafnyMap<? extends DafnySequence<? extends Character>, ? extends DafnySequence<? extends Character>> dafnyMap2, DafnySequence<? extends Character> dafnySequence2, DafnySequence<? extends DafnySequence<? extends Character>> dafnySequence3, IKMSClient iKMSClient) {
        Result.Default(ReEncryptResponse.Default());
        Result<ReEncryptResponse, software.amazon.cryptography.services.kms.internaldafny.types.Error> ReEncrypt = iKMSClient.ReEncrypt(ReEncryptRequest.create(dafnySequence, Option.create_Some(dafnyMap), Option.create_Some(dafnySequence2), dafnySequence2, Option.create_Some(dafnyMap2), Option.create_None(), Option.create_None(), Option.create_Some(dafnySequence3)));
        Result.Default(ReEncryptResponse.Default());
        Result<ReEncryptResponse, __NewR> MapFailure = ReEncrypt.MapFailure(ReEncryptResponse._typeDescriptor(), software.amazon.cryptography.services.kms.internaldafny.types.Error._typeDescriptor(), Error._typeDescriptor(), error -> {
            return Error.create_ComAmazonawsKms(error);
        });
        if (MapFailure.IsFailure(ReEncryptResponse._typeDescriptor(), Error._typeDescriptor())) {
            return MapFailure.PropagateFailure(ReEncryptResponse._typeDescriptor(), Error._typeDescriptor(), ReEncryptResponse._typeDescriptor());
        }
        ReEncryptResponse Extract = MapFailure.Extract(ReEncryptResponse._typeDescriptor(), Error._typeDescriptor());
        Outcome.Default();
        Outcome Need = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Extract.dtor_SourceKeyId().is_Some() && Extract.dtor_KeyId().is_Some() && Extract.dtor_SourceKeyId().dtor_value().equals(dafnySequence2) && Extract.dtor_KeyId().dtor_value().equals(dafnySequence2) && AwsArnParsing_Compile.__default.ParseAwsKmsIdentifier(Extract.dtor_SourceKeyId().dtor_value()).is_Success() && AwsArnParsing_Compile.__default.ParseAwsKmsIdentifier(Extract.dtor_KeyId().dtor_value()).is_Success(), Error.create_KeyStoreException(DafnySequence.asString("Invalid response from KMS GenerateDataKey:: Invalid Key Id")));
        if (Need.IsFailure(Error._typeDescriptor())) {
            return Need.PropagateFailure(Error._typeDescriptor(), ReEncryptResponse._typeDescriptor());
        }
        Outcome.Default();
        Outcome Need2 = Wrappers_Compile.__default.Need(Error._typeDescriptor(), Extract.dtor_CiphertextBlob().is_Some() && software.amazon.cryptography.services.kms.internaldafny.types.__default.IsValid__CiphertextType(Extract.dtor_CiphertextBlob().dtor_value()), Error.create_KeyStoreException(DafnySequence.asString("Invalid response from AWS KMS GeneratedDataKey: Invalid ciphertext")));
        return Need2.IsFailure(Error._typeDescriptor()) ? Need2.PropagateFailure(Error._typeDescriptor(), ReEncryptResponse._typeDescriptor()) : Result.create_Success(Extract);
    }

    public static DafnySequence<? extends Character> KEY__STATUS() {
        return DafnySequence.asString("status");
    }

    public static DafnySequence<? extends Character> KEY__CREATE__TIME() {
        return DafnySequence.asString("create-time");
    }

    public static DafnySequence<? extends Character> HIERARCHY__VERSION() {
        return DafnySequence.asString("hierarchy-version");
    }

    public static DafnySequence<? extends Character> BEACON__KEY__TYPE__VALUE() {
        return DafnySequence.asString("beacon:true");
    }

    public static BigInteger KMS__GEN__KEY__NO__PLAINTEXT__LENGTH__32() {
        return BigInteger.valueOf(184L);
    }

    public static TypeDescriptor<__default> _typeDescriptor() {
        return _TYPE;
    }

    public String toString() {
        return "CreateKeys_Compile._default";
    }
}
