package com.evolveum.midpoint.common.secrets;

import com.evolveum.midpoint.common.Clock;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.SecretsProvider;
import com.evolveum.midpoint.util.SingleLocalizableMessage;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecretsProviderType;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.ByteBuffer;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.xml.datatype.Duration;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/evolveum/midpoint/common/secrets/CacheableSecretsProviderDelegate.class */
public class CacheableSecretsProviderDelegate<C> implements SecretsProvider<C> {
    private static final Trace LOGGER = TraceManager.getTrace(CacheableSecretsProviderDelegate.class);
    private static final long DEFAULT_TTL = 0;
    private final SecretsProvider<C> delegate;
    private final Map<String, CacheValue> cache = new ConcurrentHashMap();
    private final long ttl;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/evolveum/midpoint/common/secrets/CacheableSecretsProviderDelegate$CacheValue.class */
    public static final class CacheValue extends Record {
        private final ByteBuffer value;
        private final long ttl;

        private CacheValue(ByteBuffer byteBuffer, long j) {
            this.value = byteBuffer;
            this.ttl = j;
        }

        @Override // java.lang.Record
        public String toString() {
            return "CacheKey{key='" + this.value + "', ttl=" + this.ttl + "}";
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CacheValue.class), CacheValue.class, "value;ttl", "FIELD:Lcom/evolveum/midpoint/common/secrets/CacheableSecretsProviderDelegate$CacheValue;->value:Ljava/nio/ByteBuffer;", "FIELD:Lcom/evolveum/midpoint/common/secrets/CacheableSecretsProviderDelegate$CacheValue;->ttl:J").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CacheValue.class, Object.class), CacheValue.class, "value;ttl", "FIELD:Lcom/evolveum/midpoint/common/secrets/CacheableSecretsProviderDelegate$CacheValue;->value:Ljava/nio/ByteBuffer;", "FIELD:Lcom/evolveum/midpoint/common/secrets/CacheableSecretsProviderDelegate$CacheValue;->ttl:J").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public ByteBuffer value() {
            return this.value;
        }

        public long ttl() {
            return this.ttl;
        }
    }

    public CacheableSecretsProviderDelegate(@NotNull SecretsProvider<C> secretsProvider, Duration duration) {
        this.delegate = secretsProvider;
        this.ttl = (duration == null || duration.getSign() == -1) ? DEFAULT_TTL : duration.getTimeInMillis(new Date());
    }

    public void initialize() {
        this.delegate.initialize();
    }

    public void destroy() {
        this.delegate.destroy();
        this.cache.clear();
    }

    @NotNull
    public String getIdentifier() {
        return this.delegate.getIdentifier();
    }

    @NotNull
    public String[] getDependencies() {
        return this.delegate.getDependencies();
    }

    public C getConfiguration() {
        return (C) this.delegate.getConfiguration();
    }

    public ByteBuffer getSecretBinary(@NotNull String str) throws EncryptionException {
        return (ByteBuffer) getOrResolveSecret(str, ByteBuffer.class);
    }

    public String getSecretString(@NotNull String str) throws EncryptionException {
        return (String) getOrResolveSecret(str, String.class);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <ST> ST getOrResolveSecret(String str, Class<ST> cls) throws EncryptionException {
        if (this.ttl <= DEFAULT_TTL) {
            return (ST) resolveSecret(str, cls);
        }
        CacheValue cacheValue = this.cache.get(str);
        if (cacheValue != null) {
            LOGGER.trace("Cache hit for key {}", str);
            if (cacheValue.ttl - Clock.get().currentTimeMillis() >= DEFAULT_TTL) {
                LOGGER.trace("Cache entry for key {} is still valid, using cached value", str);
                return (ST) createRealSecretValue(cacheValue.value, cls);
            }
            LOGGER.trace("Cache entry for key {} expired", str);
            this.cache.remove(str);
        } else {
            LOGGER.trace("Cache miss for key {}", str);
        }
        ST st = (ST) resolveSecret(str, cls);
        LOGGER.trace("Caching secret for key {}", str);
        this.cache.put(str, new CacheValue(createCacheableSecretValue(st), Clock.get().currentTimeMillis() + this.ttl));
        return st;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> T createRealSecretValue(ByteBuffer byteBuffer, Class<T> cls) {
        if (byteBuffer == 0) {
            return null;
        }
        if (cls == String.class) {
            return (T) new String(byteBuffer.array());
        }
        if (cls == ByteBuffer.class) {
            return byteBuffer;
        }
        throw new IllegalStateException("Can't translate cached secret value (" + byteBuffer.getClass() + ") to type  " + cls);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> ByteBuffer createCacheableSecretValue(@NotNull T t) {
        if (t instanceof String) {
            return ByteBuffer.wrap(((String) t).getBytes());
        }
        if (t instanceof ByteBuffer) {
            return (ByteBuffer) t;
        }
        throw new IllegalStateException("Unsupported secret type " + t.getClass());
    }

    protected <ST> ST resolveSecret(@NotNull String str, @NotNull Class<ST> cls) throws EncryptionException {
        if (LOGGER.isTraceEnabled()) {
            LOGGER.trace("Resolving secret for key {} of type {}", str, cls);
        }
        C configuration = getConfiguration();
        if (configuration instanceof SecretsProviderType) {
            List allowKeyPrefix = ((SecretsProviderType) configuration).getAllowKeyPrefix();
            if (!(allowKeyPrefix.isEmpty() || allowKeyPrefix.stream().anyMatch(str2 -> {
                return str.startsWith(str2);
            }))) {
                throw new EncryptionException(new SingleLocalizableMessage("CacheableSecretsProviderDelegate.noAllowedKey", new Object[]{str}, "Key " + str + " is not allowed by the configuration (allowKeyPrefix does not match the key)"));
            }
        }
        if (cls == String.class) {
            return (ST) this.delegate.getSecretString(str);
        }
        if (cls == ByteBuffer.class) {
            return (ST) this.delegate.getSecretBinary(str);
        }
        throw new IllegalStateException("Unsupported type " + cls);
    }
}
