package org.gridgain.internal.encryption;

import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import org.apache.ignite3.configuration.notifications.ConfigurationListener;
import org.apache.ignite3.internal.event.AbstractEventProducer;
import org.apache.ignite3.internal.failure.FailureContext;
import org.apache.ignite3.internal.failure.FailureProcessor;
import org.apache.ignite3.internal.failure.FailureType;
import org.apache.ignite3.internal.logger.IgniteLogger;
import org.apache.ignite3.internal.logger.Loggers;
import org.apache.ignite3.internal.manager.ComponentContext;
import org.apache.ignite3.internal.util.CompletableFutures;
import org.gridgain.internal.encryption.configuration.EncryptionConfiguration;
import org.gridgain.internal.encryption.configuration.EncryptionView;
import org.gridgain.internal.encryption.event.EncryptionEvent;
import org.gridgain.internal.encryption.event.EncryptionEventParameters;
import org.gridgain.internal.encryption.event.KeyEncryptionKeyEventFactory;
import org.gridgain.internal.encryption.provider.DataEncryptionKey;
import org.gridgain.internal.encryption.provider.KeyProvider;
import org.gridgain.internal.encryption.provider.KeyProviderFactory;
import org.gridgain.internal.encryption.utils.KeyProviderValidationUtils;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.annotations.TestOnly;

/* loaded from: input_file:org/gridgain/internal/encryption/EncryptionManagerImpl.class */
public class EncryptionManagerImpl extends AbstractEventProducer<EncryptionEvent, EncryptionEventParameters> implements EncryptionManager {
    private static final IgniteLogger LOG;
    private static final InternalState INITIAL_STATE;
    private final EncryptionConfiguration encryptionConfiguration;
    private final FailureProcessor failureProcessor;
    static final /* synthetic */ boolean $assertionsDisabled;
    private volatile InternalState state = INITIAL_STATE;
    private final ConfigurationListener<EncryptionView> encryptionConfigurationListener = configurationNotificationEvent -> {
        refreshConfiguration((EncryptionView) configurationNotificationEvent.newValue());
        return CompletableFutures.nullCompletedFuture();
    };
    private final KeyEncryptionKeyEventFactory keyEncryptionKeyEventFactory = new KeyEncryptionKeyEventFactory((v1) -> {
        return fireEvent(v1);
    });

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gridgain/internal/encryption/EncryptionManagerImpl$InternalState.class */
    public static class InternalState {
        private final boolean encryptionEnabled;
        private final Map<String, KeyProvider> providers;

        @Nullable
        private final KeyProvider activeProvider;

        private InternalState(boolean z, Map<String, KeyProvider> map, @Nullable KeyProvider keyProvider) {
            this.encryptionEnabled = z;
            this.providers = map;
            this.activeProvider = keyProvider;
        }
    }

    public EncryptionManagerImpl(EncryptionConfiguration encryptionConfiguration, FailureProcessor failureProcessor) {
        this.encryptionConfiguration = encryptionConfiguration;
        this.failureProcessor = failureProcessor;
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> startAsync(ComponentContext componentContext) {
        this.encryptionConfiguration.listen(this.encryptionConfigurationListener);
        this.encryptionConfiguration.listen(this.keyEncryptionKeyEventFactory);
        return CompletableFutures.nullCompletedFuture();
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> stopAsync(ComponentContext componentContext) {
        this.encryptionConfiguration.stopListen(this.keyEncryptionKeyEventFactory);
        this.encryptionConfiguration.stopListen(this.encryptionConfigurationListener);
        return CompletableFutures.nullCompletedFuture();
    }

    public void refreshConfiguration(@Nullable EncryptionView encryptionView) {
        if (encryptionView != null) {
            try {
                if (encryptionView.enabled()) {
                    Map<String, KeyProvider> providersFromView = providersFromView(encryptionView);
                    this.state = new InternalState(true, providersFromView, providersFromView.get(KeyProviderValidationUtils.normalizeProviderName(encryptionView.activeProvider())));
                    LOG.info("Master key successfully changed", new Object[0]);
                }
            } catch (Exception e) {
                if (this.state != INITIAL_STATE) {
                    LOG.error("Couldn't refresh key providers. Leaving the old settings", e);
                    return;
                } else {
                    LOG.error("Failed to initialize key provider settings.", e);
                    this.failureProcessor.process(new FailureContext(FailureType.CRITICAL_ERROR, e));
                    throw e;
                }
            }
        }
        this.state = new InternalState(false, Collections.emptyMap(), null);
    }

    private static Map<String, KeyProvider> providersFromView(EncryptionView encryptionView) {
        return (Map) encryptionView.providers().stream().collect(Collectors.toMap(keyProviderView -> {
            return KeyProviderValidationUtils.normalizeProviderName(keyProviderView.name());
        }, KeyProviderFactory::createFromConfiguration));
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public boolean encryptionEnabled() {
        return this.state.encryptionEnabled;
    }

    @TestOnly
    void encryptionEnabled(boolean z) {
        InternalState internalState = this.state;
        this.state = new InternalState(z, internalState.providers, internalState.activeProvider);
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public byte[] encryptDataKey(DataEncryptionKey dataEncryptionKey) {
        InternalState internalState = this.state;
        if (!$assertionsDisabled && !internalState.encryptionEnabled) {
            throw new AssertionError();
        }
        KeyProvider keyProvider = internalState.activeProvider;
        if (!$assertionsDisabled && keyProvider == null) {
            throw new AssertionError();
        }
        byte[] encryptKey = keyProvider.encryptKey(dataEncryptionKey);
        byte[] bytes = keyProvider.getProviderIdentifier().getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = keyProvider.getActiveKeyIdentifier().getBytes(StandardCharsets.UTF_8);
        ByteBuffer allocate = ByteBuffer.allocate(4 + encryptKey.length + 4 + bytes.length + bytes2.length);
        allocate.putInt(encryptKey.length);
        allocate.put(encryptKey);
        allocate.putInt(bytes.length);
        allocate.put(bytes);
        allocate.put(bytes2);
        return allocate.array();
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public DataEncryptionKey decryptDataKey(byte[] bArr) {
        InternalState internalState = this.state;
        if (!$assertionsDisabled && !internalState.encryptionEnabled) {
            throw new AssertionError();
        }
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        byte[] bArr2 = new byte[wrap.getInt()];
        wrap.get(bArr2);
        byte[] bArr3 = new byte[wrap.getInt()];
        wrap.get(bArr3);
        byte[] bArr4 = new byte[wrap.remaining()];
        wrap.get(bArr4);
        String str = new String(bArr3, StandardCharsets.UTF_8);
        KeyProvider keyProvider = internalState.providers.get(str);
        if (keyProvider == null) {
            throw new KeyProviderNotFoundException(str);
        }
        return keyProvider.decryptKey(bArr2, new String(bArr4, StandardCharsets.UTF_8));
    }

    @TestOnly
    Map<String, KeyProvider> providers() {
        return Collections.unmodifiableMap(this.state.providers);
    }

    private CompletableFuture<Void> fireEvent(EncryptionEventParameters encryptionEventParameters) {
        return fireEvent(encryptionEventParameters.type(), encryptionEventParameters);
    }

    static {
        $assertionsDisabled = !EncryptionManagerImpl.class.desiredAssertionStatus();
        LOG = Loggers.forClass(EncryptionManagerImpl.class);
        INITIAL_STATE = new InternalState(false, Collections.emptyMap(), null);
    }
}
