package org.gridgain.internal.encryption;

import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import org.apache.ignite3.configuration.notifications.ConfigurationListener;
import org.apache.ignite3.internal.event.AbstractEventProducer;
import org.apache.ignite3.internal.logger.IgniteLogger;
import org.apache.ignite3.internal.logger.Loggers;
import org.apache.ignite3.internal.manager.ComponentContext;
import org.apache.ignite3.internal.util.CompletableFutures;
import org.gridgain.internal.encryption.configuration.EncryptionConfiguration;
import org.gridgain.internal.encryption.configuration.EncryptionView;
import org.gridgain.internal.encryption.event.EncryptionEvent;
import org.gridgain.internal.encryption.event.EncryptionEventParameters;
import org.gridgain.internal.encryption.event.KeyEncryptionKeyEventFactory;
import org.gridgain.internal.encryption.provider.DataEncryptionKey;
import org.gridgain.internal.encryption.provider.DataEncryptionKeyWithProvider;
import org.gridgain.internal.encryption.provider.KeyProvider;
import org.gridgain.internal.encryption.provider.KeyProviderFactory;
import org.gridgain.internal.encryption.utils.KeyProviderValidationUtils;
import org.gridgain.internal.license.LicenseFeature;
import org.gridgain.internal.license.LicenseFeatureChecker;
import org.jetbrains.annotations.Nullable;
import org.jetbrains.annotations.TestOnly;

/* loaded from: input_file:org/gridgain/internal/encryption/EncryptionManagerImpl.class */
public class EncryptionManagerImpl extends AbstractEventProducer<EncryptionEvent, EncryptionEventParameters> implements EncryptionManager {
    private static final IgniteLogger LOG = Loggers.forClass(EncryptionManagerImpl.class);
    private static final InternalState INITIAL_STATE = new InternalState(false, Collections.emptyMap(), null);
    private final EncryptionConfiguration encryptionConfiguration;
    private final LicenseFeatureChecker featureChecker;
    private volatile InternalState state = INITIAL_STATE;
    private final ConfigurationListener<EncryptionView> encryptionConfigurationListener = configurationNotificationEvent -> {
        refreshConfiguration((EncryptionView) configurationNotificationEvent.newValue());
        return CompletableFutures.nullCompletedFuture();
    };
    private final KeyEncryptionKeyEventFactory keyEncryptionKeyEventFactory = new KeyEncryptionKeyEventFactory(this::fireEvent);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gridgain/internal/encryption/EncryptionManagerImpl$InternalState.class */
    public static class InternalState {
        private final boolean encryptionEnabled;
        private final Map<String, KeyProvider> providers;
        private final KeyProvider activeProvider;

        private InternalState(boolean z, Map<String, KeyProvider> map, KeyProvider keyProvider) {
            this.encryptionEnabled = z;
            this.providers = map;
            this.activeProvider = keyProvider;
        }

        private KeyProvider getProvider(String str) {
            return this.providers.get(KeyProviderValidationUtils.normalizeProviderName(str));
        }
    }

    public EncryptionManagerImpl(EncryptionConfiguration encryptionConfiguration, LicenseFeatureChecker licenseFeatureChecker) {
        this.encryptionConfiguration = encryptionConfiguration;
        this.featureChecker = licenseFeatureChecker;
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> startAsync(ComponentContext componentContext) {
        this.encryptionConfiguration.listen(this.encryptionConfigurationListener);
        this.encryptionConfiguration.listen(this.keyEncryptionKeyEventFactory);
        return CompletableFutures.nullCompletedFuture();
    }

    @Override // org.apache.ignite3.internal.manager.IgniteComponent
    public CompletableFuture<Void> stopAsync(ComponentContext componentContext) {
        this.encryptionConfiguration.stopListen(this.keyEncryptionKeyEventFactory);
        this.encryptionConfiguration.stopListen(this.encryptionConfigurationListener);
        return CompletableFutures.nullCompletedFuture();
    }

    public void init(EncryptionView encryptionView) {
        if (isEncryptionEnabled(encryptionView)) {
            this.featureChecker.checkFeature(LicenseFeature.TRANSPARENT_DATA_ENCRYPTION);
            this.state = fillEncryptionState(encryptionView);
        }
    }

    public void initOnRecovery(EncryptionView encryptionView) {
        refreshConfiguration(encryptionView);
    }

    private void refreshConfiguration(@Nullable EncryptionView encryptionView) {
        try {
            this.state = fillEncryptionState(encryptionView);
            LOG.info("Master key successfully changed", new Object[0]);
        } catch (Exception e) {
            LOG.error("Couldn't refresh key providers. Leaving the old settings", e);
        }
    }

    private static boolean isEncryptionEnabled(@Nullable EncryptionView encryptionView) {
        return encryptionView != null && encryptionView.enabled();
    }

    private static InternalState fillEncryptionState(EncryptionView encryptionView) {
        boolean isEncryptionEnabled = isEncryptionEnabled(encryptionView);
        Map<String, KeyProvider> providersFromView = providersFromView(encryptionView);
        return new InternalState(isEncryptionEnabled, providersFromView, providersFromView.get(KeyProviderValidationUtils.normalizeProviderName(encryptionView.activeProvider())));
    }

    private static Map<String, KeyProvider> providersFromView(EncryptionView encryptionView) {
        return (Map) encryptionView.providers().stream().collect(Collectors.toMap(keyProviderView -> {
            return KeyProviderValidationUtils.normalizeProviderName(keyProviderView.name());
        }, KeyProviderFactory::createFromConfiguration));
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public boolean hasProvider(String str) {
        return this.state.providers.containsKey(KeyProviderValidationUtils.normalizeProviderName(str));
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public boolean encryptionEnabled() {
        return this.state.encryptionEnabled;
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public byte[] encryptDataKey(DataEncryptionKey dataEncryptionKey) {
        if (this.state.activeProvider == null) {
            throw new KeyProviderNotFoundException("activeProvider is null");
        }
        return doEncrypt(dataEncryptionKey, this.state.activeProvider);
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public byte[] encryptDataKeyByProvider(DataEncryptionKey dataEncryptionKey, String str) {
        KeyProvider provider = this.state.getProvider(str);
        if (provider == null) {
            throw new KeyProviderNotFoundException(str);
        }
        return doEncrypt(dataEncryptionKey, provider);
    }

    private static byte[] doEncrypt(DataEncryptionKey dataEncryptionKey, KeyProvider keyProvider) {
        byte[] encryptKey = keyProvider.encryptKey(dataEncryptionKey);
        byte[] bytes = keyProvider.getProviderIdentifier().getBytes(StandardCharsets.UTF_8);
        byte[] bytes2 = keyProvider.getActiveKeyIdentifier().getBytes(StandardCharsets.UTF_8);
        ByteBuffer order = ByteBuffer.allocate(4 + encryptKey.length + 4 + bytes.length + bytes2.length).order(ByteOrder.BIG_ENDIAN);
        order.putInt(encryptKey.length);
        order.put(encryptKey);
        order.putInt(bytes.length);
        order.put(bytes);
        order.put(bytes2);
        return order.array();
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public DataEncryptionKey decryptDataKey(byte[] bArr) {
        return decryptDataKeyWithProvider(bArr).dataEncryptionKey();
    }

    @Override // org.gridgain.internal.encryption.EncryptionManager
    public DataEncryptionKeyWithProvider decryptDataKeyWithProvider(byte[] bArr) {
        ByteBuffer order = ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN);
        byte[] bArr2 = new byte[order.getInt()];
        order.get(bArr2);
        byte[] bArr3 = new byte[order.getInt()];
        order.get(bArr3);
        byte[] bArr4 = new byte[order.remaining()];
        order.get(bArr4);
        String str = new String(bArr3, StandardCharsets.UTF_8);
        KeyProvider provider = this.state.getProvider(str);
        if (provider == null) {
            throw new KeyProviderNotFoundException(str);
        }
        return new DataEncryptionKeyWithProvider(provider.decryptKey(bArr2, new String(bArr4, StandardCharsets.UTF_8)), str);
    }

    @TestOnly
    Map<String, KeyProvider> providers() {
        return Collections.unmodifiableMap(this.state.providers);
    }

    private CompletableFuture<Void> fireEvent(EncryptionEventParameters encryptionEventParameters) {
        return fireEvent(encryptionEventParameters.type(), encryptionEventParameters);
    }
}
