package de.adorsys.keymanagement.keyrotation.impl.services;

import com.googlecode.cqengine.query.Query;
import com.googlecode.cqengine.query.QueryFactory;
import de.adorsys.keymanagement.api.Juggler;
import de.adorsys.keymanagement.api.types.ResultCollection;
import de.adorsys.keymanagement.api.types.entity.AliasWithMeta;
import de.adorsys.keymanagement.api.types.entity.KeyEntry;
import de.adorsys.keymanagement.api.types.source.KeySet;
import de.adorsys.keymanagement.api.types.template.ProvidedKeyTemplate;
import de.adorsys.keymanagement.api.view.EntryView;
import de.adorsys.keymanagement.keyrotation.api.persistence.KeyStoreAccess;
import de.adorsys.keymanagement.keyrotation.api.persistence.RotationLocker;
import de.adorsys.keymanagement.keyrotation.api.services.KeyGenerator;
import de.adorsys.keymanagement.keyrotation.api.services.Rotation;
import de.adorsys.keymanagement.keyrotation.api.types.KeyRotationConfig;
import de.adorsys.keymanagement.keyrotation.api.types.KeyState;
import de.adorsys.keymanagement.keyrotation.api.types.KeyStatus;
import de.adorsys.keymanagement.keyrotation.api.types.KeyType;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.security.KeyStore;
import java.time.Clock;
import java.time.Instant;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.IntStream;
import javax.annotation.Nullable;
import javax.inject.Inject;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/keymanagement/keyrotation/impl/services/RotationImpl.class */
public class RotationImpl implements Rotation {

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    private static final Logger log = LoggerFactory.getLogger(RotationImpl.class);
    private final KeyGenerator generator;
    private final KeyRotationConfig config;
    private final Juggler juggler;
    private final Clock timeSource;
    private final KeyStoreAccess access;
    private final RotationLocker locker;

    @Inject
    public RotationImpl(KeyGenerator keyGenerator, KeyRotationConfig keyRotationConfig, Juggler juggler, @Nullable Clock clock, KeyStoreAccess keyStoreAccess, RotationLocker rotationLocker) {
        this.generator = keyGenerator;
        this.config = keyRotationConfig;
        this.juggler = juggler;
        this.timeSource = null == clock ? Clock.systemUTC() : clock;
        this.access = keyStoreAccess;
        this.locker = rotationLocker;
    }

    @Override // de.adorsys.keymanagement.keyrotation.api.services.Rotation
    public void rotate() {
        this.locker.executeWithLock(this::doRotate);
    }

    private void doRotate() {
        Instant instant = this.timeSource.instant();
        KeyStore readOrCreateKeystoreIfMissing = readOrCreateKeystoreIfMissing();
        EntryView<Query<KeyEntry>> entries = this.juggler.readKeys().fromKeyStore(readOrCreateKeystoreIfMissing, str -> {
            return this.config.keyPassword().get();
        }).entries();
        moveValidToLegacy(instant, entries);
        moveLegacyToExpired(instant, entries);
        dropExpired(entries);
        ensureThereAreEnoughValidKeys(instant, entries);
        this.access.write(readOrCreateKeystoreIfMissing);
    }

    private void moveValidToLegacy(Instant instant, EntryView<Query<KeyEntry>> entryView) {
        ResultCollection<KeyEntry> collection = entryView.retrieve(QueryFactory.and(QueryFactory.in(KeyState.TYPE, this.config.getEnabledFor()), KeyState.BECAME_LEGACY.apply(instant))).toCollection();
        entryView.update((Collection) collection.stream().map(keyEntry -> {
            return toStatus(keyEntry, KeyStatus.LEGACY);
        }).collect(Collectors.toList()));
        log.info("Moved valid to legacy ids: {}", nameAndType(collection));
    }

    private void moveLegacyToExpired(Instant instant, EntryView<Query<KeyEntry>> entryView) {
        ResultCollection<KeyEntry> collection = entryView.retrieve(QueryFactory.and(QueryFactory.in(KeyState.TYPE, this.config.getEnabledFor()), KeyState.BECAME_EXPIRED.apply(instant))).toCollection();
        entryView.update((Collection) collection.stream().map(keyEntry -> {
            return toStatus(keyEntry, KeyStatus.EXPIRED);
        }).collect(Collectors.toList()));
        log.info("Moved legacy to expired ids: {}", nameAndType(collection));
    }

    private void dropExpired(EntryView<Query<KeyEntry>> entryView) {
        ResultCollection<KeyEntry> collection = entryView.retrieve(QueryFactory.and(QueryFactory.in(KeyState.TYPE, this.config.getEnabledFor()), QueryFactory.equal(KeyState.STATUS, KeyStatus.EXPIRED))).toCollection();
        entryView.remove(collection);
        log.info("Removed expired ids: {}", nameAndType(collection));
    }

    private void ensureThereAreEnoughValidKeys(Instant instant, EntryView<Query<KeyEntry>> entryView) {
        for (KeyType keyType : this.config.getEnabledFor()) {
            generateKeysIfNeeded(instant, entryView, keyType, this.config.getCountValidByType().get(keyType).intValue() - entryView.retrieve(QueryFactory.and(QueryFactory.equal(KeyState.TYPE, keyType), QueryFactory.equal(KeyState.STATUS, KeyStatus.VALID))).toCollection().size());
        }
    }

    private void generateKeysIfNeeded(Instant instant, EntryView<Query<KeyEntry>> entryView, KeyType keyType, int i) {
        if (i <= 0) {
            return;
        }
        List<ProvidedKeyTemplate> generateKeysForType = generateKeysForType(instant, keyType, i);
        entryView.add(generateKeysForType);
        log.info("Generated keys: {}", nameAndType(generateKeysForType));
    }

    private List<ProvidedKeyTemplate> generateKeysForType(Instant instant, KeyType keyType, int i) {
        return (List) IntStream.range(0, i).boxed().map(num -> {
            return this.generator.generateValidKey(instant, keyType);
        }).collect(Collectors.toList());
    }

    private KeyStore readOrCreateKeystoreIfMissing() {
        KeyStore read = this.access.read();
        if (null != read) {
            return read;
        }
        log.info("KeyStore does not exists, generating empty");
        return this.juggler.toKeystore().generate(KeySet.builder().build());
    }

    private AliasWithMeta<KeyState> toStatus(KeyEntry keyEntry, KeyStatus keyStatus) {
        AliasWithMeta aliasWithMeta = keyEntry.aliasWithMeta(KeyState.class);
        return aliasWithMeta.toBuilder().metadata(((KeyState) aliasWithMeta.getMetadata()).toBuilder().status(keyStatus).build()).build();
    }

    private List<String> nameAndType(ResultCollection<KeyEntry> resultCollection) {
        return (List) resultCollection.stream().map(keyEntry -> {
            return ((KeyState) keyEntry.getMeta(KeyState.class)).getType().name() + ":" + keyEntry.getAlias();
        }).collect(Collectors.toList());
    }

    private List<String> nameAndType(List<ProvidedKeyTemplate> list) {
        return (List) list.stream().map(providedKeyTemplate -> {
            return ((KeyState) providedKeyTemplate.getMetadata()).getType().name() + ":" + providedKeyTemplate.generateName();
        }).collect(Collectors.toList());
    }
}
