package org.imixs.archive.service.cassandra;

import com.datastax.driver.core.Cluster;
import com.datastax.driver.core.RemoteEndpointAwareJdkSSLOptions;
import com.datastax.driver.core.SSLOptions;
import com.datastax.driver.core.Session;
import com.datastax.driver.core.exceptions.InvalidQueryException;
import com.datastax.driver.core.policies.DefaultRetryPolicy;
import com.datastax.driver.core.policies.RoundRobinPolicy;
import com.oracle.truffle.js.runtime.util.IntlUtil;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import jakarta.ejb.Singleton;
import jakarta.inject.Inject;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Optional;
import java.util.logging.Logger;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.imixs.archive.service.ArchiveException;

@Singleton
/* loaded from: input_file:WEB-INF/classes/org/imixs/archive/service/cassandra/ClusterService.class */
public class ClusterService {
    public static final String KEYSPACE_REGEX = "^[a-z_]*[^-]$";
    public static final String ENV_ARCHIVE_CLUSTER_CONTACTPOINTS = "ARCHIVE_CLUSTER_CONTACTPOINTS";
    public static final String ENV_ARCHIVE_CLUSTER_KEYSPACE = "ARCHIVE_CLUSTER_KEYSPACE";
    public static final String ENV_ARCHIVE_CLUSTER_AUTH_USER = "ARCHIVE_CLUSTER_AUTH_USER";
    public static final String ENV_ARCHIVE_CLUSTER_AUTH_PASSWORD = "ARCHIVE_CLUSTER_AUTH_PASSWORD";
    public static final String ENV_ARCHIVE_CLUSTER_SSL = "ARCHIVE_CLUSTER_SSL";
    public static final String ENV_ARCHIVE_CLUSTER_SSL_TRUSTSTOREPATH = "ARCHIVE_CLUSTER_SSL_TRUSTSTOREPATH";
    public static final String ENV_ARCHIVE_CLUSTER_SSL_TRUSTSTOREPASSWORD = "ARCHIVE_CLUSTER_SSL_TRUSTSTOREPASSWORD";
    public static final String ENV_ARCHIVE_CLUSTER_SSL_KEYSTOREPATH = "ARCHIVE_CLUSTER_SSL_KEYSTOREPATH";
    public static final String ENV_ARCHIVE_CLUSTER_SSL_KEYSTOREPASSWORD = "ARCHIVE_CLUSTER_SSL_KEYSTOREPASSWORD";
    public static final String ENV_ARCHIVE_CLUSTER_REPLICATION_FACTOR = "ARCHIVE_CLUSTER_REPLICATION_FACTOR";
    public static final String ENV_ARCHIVE_CLUSTER_REPLICATION_CLASS = "ARCHIVE_CLUSTER_REPLICATION_CLASS";
    public static final String ENV_WORKFLOW_SERVICE_ENDPOINT = "WORKFLOW_SERVICE_ENDPOINT";
    public static final String ENV_WORKFLOW_SERVICE_USER = "WORKFLOW_SERVICE_USER";
    public static final String ENV_WORKFLOW_SERVICE_PASSWORD = "WORKFLOW_SERVICE_PASSWORD";
    public static final String ENV_WORKFLOW_SERVICE_AUTHMETHOD = "WORKFLOW_SERVICE_AUTHMETHOD";
    public static final String TABLE_SCHEMA_SNAPSHOTS = "CREATE TABLE IF NOT EXISTS snapshots (snapshot text, data blob, PRIMARY KEY (snapshot))";
    public static final String TABLE_SCHEMA_SNAPSHOTS_BY_UNIQUEID = "CREATE TABLE IF NOT EXISTS snapshots_by_uniqueid (uniqueid text,snapshot text, PRIMARY KEY(uniqueid, snapshot));";
    public static final String TABLE_SCHEMA_SNAPSHOTS_BY_MODIFIED = "CREATE TABLE IF NOT EXISTS snapshots_by_modified (modified date,snapshot text,PRIMARY KEY(modified, snapshot));";
    public static final String TABLE_SCHEMA_DOCUMENTS = "CREATE TABLE IF NOT EXISTS documents (md5 text, sort_id int, data_id text, PRIMARY KEY (md5,sort_id))";
    public static final String TABLE_SCHEMA_SNAPSHOTS_BY_DOCUMENT = "CREATE TABLE IF NOT EXISTS snapshots_by_document (md5 text,snapshot text, PRIMARY KEY(md5, snapshot));";
    public static final String TABLE_SCHEMA_DOCUMENTS_DATA = "CREATE TABLE IF NOT EXISTS documents_data (data_id text, data blob, PRIMARY KEY (data_id))";
    private static Logger logger = Logger.getLogger(ClusterService.class.getName());

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_REPLICATION_FACTOR, defaultValue = "1")
    String repFactor;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_REPLICATION_CLASS, defaultValue = "SimpleStrategy")
    String repClass;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_CONTACTPOINTS)
    Optional<String> contactPoint;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_KEYSPACE)
    Optional<String> keySpace;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_AUTH_USER)
    Optional<String> userid;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_AUTH_PASSWORD)
    Optional<String> password;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_SSL, defaultValue = IntlUtil.FALSE)
    boolean bUseSSL;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_SSL_TRUSTSTOREPATH)
    Optional<String> truststorePath;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_SSL_TRUSTSTOREPASSWORD)
    Optional<String> truststorePwd;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_SSL_KEYSTOREPATH)
    Optional<String> keystorePath;

    @Inject
    @ConfigProperty(name = ENV_ARCHIVE_CLUSTER_SSL_KEYSTOREPASSWORD)
    Optional<String> keystorePwd;
    private Cluster cluster;
    private Session session;

    @PostConstruct
    private void init() {
        try {
            this.cluster = initCluster();
            this.session = initArchiveSession();
        } catch (ArchiveException e) {
            logger.severe("Failed to init achive session!");
            e.printStackTrace();
        }
    }

    @PreDestroy
    private void tearDown() {
        if (this.session != null) {
            this.session.close();
        }
        if (this.cluster != null) {
            this.cluster.close();
        }
    }

    public Session getSession() {
        if (this.session == null) {
            init();
        }
        return this.session;
    }

    private Session initArchiveSession() throws ArchiveException {
        if (!isValidKeyspaceName(this.keySpace.get())) {
            throw new ArchiveException(ArchiveException.INVALID_KEYSPACE, "keyspace '" + String.valueOf(this.keySpace) + "' name invalid.");
        }
        logger.info("......conecting keyspace '" + String.valueOf(this.keySpace) + "'...");
        try {
            this.session = this.cluster.connect(this.keySpace.get());
        } catch (InvalidQueryException e) {
            logger.warning("......conecting keyspace '" + String.valueOf(this.keySpace) + "' failed: " + e.getMessage());
            this.session = createKeySpace(this.keySpace.get());
        }
        if (this.session != null) {
            logger.finest("......keyspace conection status = OK");
        }
        return this.session;
    }

    protected Cluster initCluster() throws ArchiveException {
        boolean z = false;
        if (!this.contactPoint.isPresent() || this.contactPoint.get().isEmpty()) {
            throw new ArchiveException(ArchiveException.MISSING_CONTACTPOINT, "missing cluster contact points - verify configuration!");
        }
        logger.info("...cluster conecting: " + this.contactPoint.get());
        Cluster.Builder builder = Cluster.builder();
        for (String str : this.contactPoint.get().split(",")) {
            try {
                builder.addContactPoint(str);
                z = true;
            } catch (IllegalArgumentException e) {
                logger.warning("...the host '" + str + "' is unknown so it will be ignored");
            }
        }
        if (!z) {
            throw new IllegalStateException("All provided hosts are unknown - check cluster status and configuration!");
        }
        builder.withLoadBalancingPolicy(new RoundRobinPolicy());
        builder.withRetryPolicy(DefaultRetryPolicy.INSTANCE);
        if (this.userid.isPresent() && !this.userid.get().isEmpty()) {
            builder = builder.withCredentials(this.userid.get(), this.password.get());
        }
        if (this.bUseSSL) {
            try {
                SSLOptions createSSLOptions = createSSLOptions();
                logger.info("...creating SSL cluster session...");
                builder.withSSL(createSSLOptions);
            } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
                logger.severe("Failed to connect withSSL: " + e2.getMessage());
                e2.printStackTrace();
            }
        }
        this.cluster = builder.build();
        this.cluster.init();
        logger.info("...cluster conection status = OK");
        return this.cluster;
    }

    private SSLOptions createSSLOptions() throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, KeyManagementException, CertificateException, UnrecoverableKeyException {
        TrustManagerFactory trustManagerFactory = null;
        if (!this.truststorePath.isPresent() || this.truststorePath.get().isEmpty()) {
            logger.info("SSLOptions without truststore...");
        } else {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(new File(this.truststorePath.get())), this.truststorePwd.get().toCharArray());
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
        }
        KeyManagerFactory keyManagerFactory = null;
        if (!this.keystorePath.isPresent() || this.keystorePath.get().isEmpty()) {
            logger.info("SSLOptions without keystore...");
        } else {
            KeyStore keyStore2 = KeyStore.getInstance("JKS");
            keyStore2.load(new FileInputStream(new File(this.keystorePath.get())), this.keystorePwd.get().toCharArray());
            keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore2, this.keystorePwd.get().toCharArray());
        }
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null, trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null, new SecureRandom());
        return RemoteEndpointAwareJdkSSLOptions.builder().withSSLContext(sSLContext).build();
    }

    public boolean isValidKeyspaceName(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        return str.matches(KEYSPACE_REGEX);
    }

    protected Session createKeySpace(String str) throws ArchiveException {
        logger.info("......creating new keyspace '" + str + "'...");
        this.cluster.connect().execute("CREATE KEYSPACE IF NOT EXISTS " + str + " WITH replication = {'class': '" + this.repClass + "', 'replication_factor': " + this.repFactor + "};");
        logger.info("......keyspace created...");
        Session connect = this.cluster.connect(str);
        if (connect != null) {
            logger.info("......keyspace conection status = OK");
            createArchiveTableSchema(connect);
        }
        return connect;
    }

    protected void createArchiveTableSchema(Session session) {
        logger.info(TABLE_SCHEMA_SNAPSHOTS);
        session.execute(TABLE_SCHEMA_SNAPSHOTS);
        logger.info(TABLE_SCHEMA_SNAPSHOTS_BY_UNIQUEID);
        session.execute(TABLE_SCHEMA_SNAPSHOTS_BY_UNIQUEID);
        logger.info(TABLE_SCHEMA_SNAPSHOTS_BY_MODIFIED);
        session.execute(TABLE_SCHEMA_SNAPSHOTS_BY_MODIFIED);
        logger.info(TABLE_SCHEMA_DOCUMENTS);
        session.execute(TABLE_SCHEMA_DOCUMENTS);
        logger.info(TABLE_SCHEMA_SNAPSHOTS_BY_DOCUMENT);
        session.execute(TABLE_SCHEMA_SNAPSHOTS_BY_DOCUMENT);
        logger.info(TABLE_SCHEMA_DOCUMENTS_DATA);
        session.execute(TABLE_SCHEMA_DOCUMENTS_DATA);
    }
}
