package org.apache.ignite3.internal.storage.pagememory.encryption;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.ignite3.internal.configuration.storage.StorageException;
import org.apache.ignite3.internal.event.EventListener;
import org.apache.ignite3.internal.failure.FailureContext;
import org.apache.ignite3.internal.failure.FailureProcessor;
import org.apache.ignite3.internal.failure.FailureType;
import org.apache.ignite3.internal.lang.ByteArray;
import org.apache.ignite3.internal.logger.IgniteLogger;
import org.apache.ignite3.internal.logger.Loggers;
import org.apache.ignite3.internal.manager.ComponentContext;
import org.apache.ignite3.internal.manager.IgniteComponent;
import org.apache.ignite3.internal.util.CollectionUtils;
import org.apache.ignite3.internal.util.CompletableFutures;
import org.apache.ignite3.internal.util.Cursor;
import org.apache.ignite3.internal.util.IgniteSpinBusyLock;
import org.apache.ignite3.internal.util.IgniteUtils;
import org.apache.ignite3.internal.util.StringUtils;
import org.apache.ignite3.internal.vault.VaultEntry;
import org.apache.ignite3.internal.vault.VaultManager;
import org.apache.ignite3.internal.versioned.VersionedSerialization;
import org.gridgain.internal.encryption.DataEncryptionKeyNotFoundException;
import org.gridgain.internal.encryption.EncryptionManager;
import org.gridgain.internal.encryption.event.EncryptionEvent;
import org.gridgain.internal.encryption.event.EncryptionEventParameters;
import org.gridgain.internal.encryption.provider.DataEncryptionKey;

/* loaded from: input_file:org/apache/ignite3/internal/storage/pagememory/encryption/DataEncryptionKeyStorage.class */
public class DataEncryptionKeyStorage implements IgniteComponent, EventListener<EncryptionEventParameters> {
    private static final IgniteLogger LOG;
    public static final String ENCRYPTION_KEYS_PREFIX = "table-encryption-keys-";
    private static final ByteArray ENCRYPTION_KEYS_RANGE_START;
    private static final ByteArray ENCRYPTION_KEYS_RANGE_END;
    private final Map<Integer, TableDataEncryptionKeys> keysByTable = new ConcurrentHashMap();
    private final Object vaultMux = new Object();
    private final IgniteSpinBusyLock busyLock = new IgniteSpinBusyLock();
    private final VaultManager vaultManager;
    private final EncryptionManager encryptionManager;
    private final FailureProcessor failureProcessor;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/ignite3/internal/storage/pagememory/encryption/DataEncryptionKeyStorage$TableDataEncryptionKeys.class */
    public static class TableDataEncryptionKeys {
        private final List<DataEncryptionKey> keys;
        private final ReadWriteLock rwLock = new ReentrantReadWriteLock(true);
        static final /* synthetic */ boolean $assertionsDisabled;

        private TableDataEncryptionKeys(List<DataEncryptionKey> list) {
            this.keys = new ArrayList(list);
        }

        private DataEncryptionKey getActiveKey() {
            this.rwLock.readLock().lock();
            try {
                DataEncryptionKey dataEncryptionKey = (DataEncryptionKey) CollectionUtils.first((List) this.keys);
                if ($assertionsDisabled || dataEncryptionKey != null) {
                    return dataEncryptionKey;
                }
                throw new AssertionError("key couldn't be null");
            } finally {
                this.rwLock.readLock().unlock();
            }
        }

        private DataEncryptionKey getKey(int i) {
            this.rwLock.readLock().lock();
            try {
                for (DataEncryptionKey dataEncryptionKey : this.keys) {
                    if (dataEncryptionKey.id() == i) {
                        return dataEncryptionKey;
                    }
                }
                throw new DataEncryptionKeyNotFoundException(i);
            } finally {
                this.rwLock.readLock().unlock();
            }
        }

        private List<DataEncryptionKey> addKey(DataEncryptionKey dataEncryptionKey) {
            this.rwLock.readLock().lock();
            try {
                this.keys.add(dataEncryptionKey);
                return Collections.unmodifiableList(this.keys);
            } finally {
                this.rwLock.readLock().unlock();
            }
        }

        private DataEncryptionKey changeActiveKey(int i) {
            this.rwLock.writeLock().lock();
            try {
                DataEncryptionKey dataEncryptionKey = (DataEncryptionKey) CollectionUtils.first((List) this.keys);
                if (!$assertionsDisabled && dataEncryptionKey == null) {
                    throw new AssertionError("key couldn't be null");
                }
                if (!$assertionsDisabled && dataEncryptionKey.id() == i) {
                    throw new AssertionError("key couldn't be the same");
                }
                DataEncryptionKey dataEncryptionKey2 = null;
                ListIterator<DataEncryptionKey> listIterator = this.keys.listIterator(this.keys.size());
                while (true) {
                    if (!listIterator.hasPrevious()) {
                        break;
                    }
                    DataEncryptionKey previous = listIterator.previous();
                    if (previous.id() == i) {
                        dataEncryptionKey2 = previous;
                        break;
                    }
                }
                if (!$assertionsDisabled && dataEncryptionKey2 == null) {
                    throw new AssertionError("exp=" + i + ", act=" + this.keys);
                }
                this.keys.add(0, dataEncryptionKey2);
                this.keys.subList(1, this.keys.size()).removeIf(dataEncryptionKey3 -> {
                    return dataEncryptionKey3.id() == i;
                });
                this.rwLock.writeLock().unlock();
                return dataEncryptionKey;
            } catch (Throwable th) {
                this.rwLock.writeLock().unlock();
                throw th;
            }
        }

        static {
            $assertionsDisabled = !DataEncryptionKeyStorage.class.desiredAssertionStatus();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DataEncryptionKeyStorage(VaultManager vaultManager, EncryptionManager encryptionManager, FailureProcessor failureProcessor) {
        this.vaultManager = vaultManager;
        this.encryptionManager = encryptionManager;
        this.failureProcessor = failureProcessor;
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> startAsync(ComponentContext componentContext) {
        if (this.encryptionManager.encryptionEnabled()) {
            loadDataEncryptionKeysOnRecovery();
        }
        this.encryptionManager.listen(EncryptionEvent.KEY_ENCRYPTION_KEY_UPDATED, this);
        return CompletableFutures.nullCompletedFuture();
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> stopAsync(ComponentContext componentContext) {
        this.encryptionManager.removeListener(EncryptionEvent.KEY_ENCRYPTION_KEY_UPDATED, this);
        return CompletableFutures.nullCompletedFuture();
    }

    @Override // org.apache.ignite3.internal.event.EventListener
    public CompletableFuture<Boolean> notify(EncryptionEventParameters encryptionEventParameters) {
        if (encryptionEventParameters.type() == EncryptionEvent.KEY_ENCRYPTION_KEY_UPDATED) {
            doChangeMasterKey();
        }
        return CompletableFutures.falseCompletedFuture();
    }

    public DataEncryptionKey getActiveKey(int i) {
        TableDataEncryptionKeys tableDataEncryptionKeys = this.keysByTable.get(Integer.valueOf(i));
        if (tableDataEncryptionKeys == null) {
            throw new DataEncryptionKeyNotFoundException(0);
        }
        return tableDataEncryptionKeys.getActiveKey();
    }

    public DataEncryptionKey getKey(int i, int i2) {
        TableDataEncryptionKeys tableDataEncryptionKeys = this.keysByTable.get(Integer.valueOf(i));
        if (tableDataEncryptionKeys == null) {
            throw new DataEncryptionKeyNotFoundException(i2);
        }
        return tableDataEncryptionKeys.getKey(i2);
    }

    public boolean hasActiveKey(int i) {
        TableDataEncryptionKeys tableDataEncryptionKeys = this.keysByTable.get(Integer.valueOf(i));
        return (tableDataEncryptionKeys == null || CollectionUtils.nullOrEmpty((Collection<?>) tableDataEncryptionKeys.keys)) ? false : true;
    }

    public List<DataEncryptionKey> addKey(int i, DataEncryptionKey dataEncryptionKey) {
        TableDataEncryptionKeys tableDataEncryptionKeys = this.keysByTable.get(Integer.valueOf(i));
        if (tableDataEncryptionKeys == null) {
            throw new DataEncryptionKeyNotFoundException(0);
        }
        return tableDataEncryptionKeys.addKey(dataEncryptionKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setTableKeys(int i, List<DataEncryptionKey> list) {
        IgniteUtils.inBusyLock(this.busyLock, () -> {
            synchronized (this.vaultMux) {
                if (this.keysByTable.putIfAbsent(Integer.valueOf(i), new TableDataEncryptionKeys(list)) == null) {
                    writeTableKeysToVault(i, list);
                }
            }
        });
    }

    public DataEncryptionKey changeActiveKey(int i, int i2) {
        TableDataEncryptionKeys tableDataEncryptionKeys = this.keysByTable.get(Integer.valueOf(i));
        if ($assertionsDisabled || tableDataEncryptionKeys != null) {
            return tableDataEncryptionKeys.changeActiveKey(i2);
        }
        throw new AssertionError();
    }

    public List<DataEncryptionKey> getKeysByTable(int i) {
        TableDataEncryptionKeys tableDataEncryptionKeys = this.keysByTable.get(Integer.valueOf(i));
        return tableDataEncryptionKeys != null ? tableDataEncryptionKeys.keys : Collections.emptyList();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void remove(int i) {
        IgniteUtils.inBusyLock(this.busyLock, () -> {
            synchronized (this.vaultMux) {
                this.keysByTable.remove(Integer.valueOf(i));
                this.vaultManager.remove(toVaultKey(i));
                LOG.debug("Key(s) removed. [tableId=" + i + "]", new Object[0]);
            }
        });
    }

    private void loadDataEncryptionKeysOnRecovery() {
        synchronized (this.vaultMux) {
            try {
                Cursor<VaultEntry> range = this.vaultManager.range(ENCRYPTION_KEYS_RANGE_START, ENCRYPTION_KEYS_RANGE_END);
                try {
                    for (VaultEntry vaultEntry : range) {
                        int parseInt = Integer.parseInt(removePrefix(vaultEntry.key()));
                        Stream stream = ((List) VersionedSerialization.fromBytes(vaultEntry.value(), EncryptedDataEncryptionKeysSerializer.INSTANCE)).stream();
                        EncryptionManager encryptionManager = this.encryptionManager;
                        Objects.requireNonNull(encryptionManager);
                        setTableKeys(parseInt, (List) stream.map(encryptionManager::decryptDataKey).collect(Collectors.toList()));
                    }
                    if (range != null) {
                        range.close();
                    }
                } catch (Throwable th) {
                    if (range != null) {
                        try {
                            range.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Exception e) {
                throw new StorageException("Failed to restore data encryption keys for tables", e);
            }
        }
    }

    private void writeTableKeysToVault(int i, List<DataEncryptionKey> list) {
        Stream<DataEncryptionKey> stream = list.stream();
        EncryptionManager encryptionManager = this.encryptionManager;
        Objects.requireNonNull(encryptionManager);
        this.vaultManager.put(toVaultKey(i), VersionedSerialization.toBytes((List) stream.map(encryptionManager::encryptDataKey).collect(Collectors.toList()), EncryptedDataEncryptionKeysSerializer.INSTANCE));
    }

    private static ByteArray toVaultKey(int i) {
        return ByteArray.fromString("table-encryption-keys-" + i);
    }

    private static String removePrefix(ByteArray byteArray) {
        return byteArray.toString().substring(ENCRYPTION_KEYS_PREFIX.length());
    }

    private void doChangeMasterKey() {
        LOG.info("Start master key change", new Object[0]);
        try {
            IgniteUtils.inBusyLock(this.busyLock, () -> {
                synchronized (this.vaultMux) {
                    for (Integer num : this.keysByTable.keySet()) {
                        List<DataEncryptionKey> keysByTable = getKeysByTable(num.intValue());
                        if (!keysByTable.isEmpty()) {
                            writeTableKeysToVault(num.intValue(), keysByTable);
                        }
                    }
                }
            });
            LOG.info("Master key successfully changed", new Object[0]);
        } catch (Exception e) {
            LOG.error("Unable to change master key locally.", e);
            this.failureProcessor.process(new FailureContext(FailureType.CRITICAL_ERROR, e));
        }
    }

    static {
        $assertionsDisabled = !DataEncryptionKeyStorage.class.desiredAssertionStatus();
        LOG = Loggers.forClass(DataEncryptionKeyStorage.class);
        ENCRYPTION_KEYS_RANGE_START = ByteArray.fromString(ENCRYPTION_KEYS_PREFIX);
        ENCRYPTION_KEYS_RANGE_END = ByteArray.fromString(StringUtils.incrementLastChar(ENCRYPTION_KEYS_PREFIX));
    }
}
