package org.apache.ignite3.internal.storage.pagememory.encryption;

import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Random;
import java.util.concurrent.CompletableFuture;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import org.apache.ignite3.internal.failure.FailureProcessor;
import org.apache.ignite3.internal.manager.ComponentContext;
import org.apache.ignite3.internal.manager.IgniteComponent;
import org.apache.ignite3.internal.pagememory.persistence.PagePayloadSizeAware;
import org.apache.ignite3.internal.vault.VaultManager;
import org.apache.ignite3.lang.ErrorGroups;
import org.apache.ignite3.lang.IgniteException;
import org.gridgain.internal.encryption.EncryptionManager;
import org.gridgain.internal.encryption.provider.DataEncryptionKey;
import org.gridgain.internal.encryption.utils.EncryptionUtils;
import org.jetbrains.annotations.TestOnly;

/* loaded from: input_file:org/apache/ignite3/internal/storage/pagememory/encryption/PersistentPageMemoryEncryptionManager.class */
public class PersistentPageMemoryEncryptionManager implements PagePayloadSizeAware, IgniteComponent {
    private static final int INITIAL_KEY_ID = 0;
    private static final int DEFAULT_DATA_KEY_SIZE = 256;
    private static final String DEFAULT_DATA_ENCRYPTION_CIPHER = "AES/CBC/NoPadding";
    private static final Random RANDOM_INSTANCE;
    private final ThreadLocal<Cipher> cipher = ThreadLocal.withInitial(() -> {
        try {
            return Cipher.getInstance(DEFAULT_DATA_ENCRYPTION_CIPHER);
        } catch (GeneralSecurityException e) {
            throw new IgniteException(ErrorGroups.Common.INTERNAL_ERR, e);
        }
    });
    private final String dataKeyAlgorithm = getAlgorithm(this.cipher.get());
    private final EncryptionManager encryptionManager;
    private final DataEncryptionKeyStorage dataEncryptionKeyStorage;
    static final /* synthetic */ boolean $assertionsDisabled;

    public PersistentPageMemoryEncryptionManager(VaultManager vaultManager, EncryptionManager encryptionManager, FailureProcessor failureProcessor) {
        this.encryptionManager = encryptionManager;
        this.dataEncryptionKeyStorage = new DataEncryptionKeyStorage(vaultManager, encryptionManager, failureProcessor);
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> startAsync(ComponentContext componentContext) {
        return this.dataEncryptionKeyStorage.startAsync(componentContext);
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> stopAsync(ComponentContext componentContext) {
        return this.dataEncryptionKeyStorage.stopAsync(componentContext);
    }

    public void setInitialTableKey(int i) {
        this.dataEncryptionKeyStorage.setTableKeys(i, Collections.singletonList(create(0)));
    }

    public void onTableDestroyed(int i) {
        this.dataEncryptionKeyStorage.remove(i);
    }

    @Override // org.apache.ignite3.internal.pagememory.persistence.PagePayloadSizeAware
    public int pagePayloadSize(int i, int i2) {
        if (!this.encryptionManager.encryptionEnabled() || !this.dataEncryptionKeyStorage.hasActiveKey(i)) {
            return i2;
        }
        int pageHeaderSize = i2 - pageHeaderSize();
        return pageHeaderSize - (EncryptionUtils.encryptedSize(this.cipher.get(), pageHeaderSize) - pageHeaderSize);
    }

    public void encrypt(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, int i) {
        DataEncryptionKey activeKey = this.dataEncryptionKeyStorage.getActiveKey(i);
        byteBuffer2.putInt(activeKey.id());
        byteBuffer2.position(pageHeaderSize());
        EncryptionUtils.encrypt(this.cipher.get(), RANDOM_INSTANCE, byteBuffer, byteBuffer2, activeKey.key());
    }

    public void decrypt(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, int i) {
        Cipher cipher = this.cipher.get();
        DataEncryptionKey key = this.dataEncryptionKeyStorage.getKey(i, byteBuffer.getInt());
        byteBuffer.position(pageHeaderSize());
        if (!$assertionsDisabled && key == null) {
            throw new AssertionError();
        }
        EncryptionUtils.decrypt(cipher, byteBuffer, byteBuffer2, key.key());
    }

    @TestOnly
    public DataEncryptionKeyStorage dataEncryptionKeyStorage() {
        return this.dataEncryptionKeyStorage;
    }

    private int pageHeaderSize() {
        return EncryptionUtils.roundToBlockSize(this.cipher.get(), 4);
    }

    private static String getAlgorithm(Cipher cipher) {
        String algorithm = cipher.getAlgorithm();
        return algorithm.substring(0, algorithm.indexOf(47));
    }

    private DataEncryptionKey create(int i) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(this.dataKeyAlgorithm);
            keyGenerator.init(256);
            return new DataEncryptionKey(i, keyGenerator.generateKey());
        } catch (GeneralSecurityException e) {
            throw new IgniteException(ErrorGroups.Common.INTERNAL_ERR, e);
        }
    }

    static {
        $assertionsDisabled = !PersistentPageMemoryEncryptionManager.class.desiredAssertionStatus();
        RANDOM_INSTANCE = new SecureRandom();
    }
}
