package org.kafkacrypto;

import java.io.IOException;
import java.lang.Thread;
import java.time.Duration;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.kafka.clients.consumer.ConsumerRecord;
import org.apache.kafka.clients.consumer.ConsumerRecords;
import org.apache.kafka.clients.consumer.KafkaConsumer;
import org.apache.kafka.clients.consumer.OffsetAndMetadata;
import org.apache.kafka.clients.producer.KafkaProducer;
import org.apache.kafka.clients.producer.ProducerRecord;
import org.apache.kafka.common.TopicPartition;
import org.apache.kafka.common.errors.InterruptException;
import org.apache.kafka.common.serialization.Deserializer;
import org.apache.kafka.common.serialization.Serializer;
import org.kafkacrypto.exceptions.KafkaCryptoException;
import org.kafkacrypto.exceptions.KafkaCryptoInternalError;
import org.kafkacrypto.msgs.ByteString;
import org.kafkacrypto.msgs.ChainCert;
import org.kafkacrypto.msgs.CryptoState;
import org.kafkacrypto.msgs.EncryptionKey;
import org.kafkacrypto.msgs.EncryptionKeys;
import org.kafkacrypto.msgs.KafkaCryptoWireMessage;
import org.kafkacrypto.msgs.KafkaPlainWireMessage;
import org.kafkacrypto.msgs.SignedChain;
import org.kafkacrypto.msgs.msgpack;
import org.msgpack.value.Value;

/* loaded from: input_file:org/kafkacrypto/KafkaCrypto.class */
public class KafkaCrypto extends KafkaCryptoBase implements Runnable {
    private Ratchet _seed;
    private double _last_time;
    private Map<TopicPartition, OffsetAndMetadata> _tps;
    private boolean _tps_updated;
    private Map<String, EncryptionKey> _cur_pgens;
    private EncryptionKeys _pgens;
    private boolean _pgens_updated;
    private EncryptionKeys _cgens;
    private Thread _mgmt_thread;
    private boolean _running;

    /* loaded from: input_file:org/kafkacrypto/KafkaCrypto$ByteSerializer.class */
    private class ByteSerializer implements Serializer<byte[]> {
        private KafkaCrypto _parent;
        private boolean _key;

        public ByteSerializer(KafkaCrypto kafkaCrypto, boolean z) {
            this._parent = kafkaCrypto;
            this._key = z;
        }

        public void close() {
            this._parent = null;
        }

        public void configure(Map<String, ?> map, boolean z) {
            this._key = z;
        }

        public byte[] serialize(String str, byte[] bArr) {
            EncryptionKey encryptionKey;
            String str2 = this._parent.get_root(str);
            byte[] bArr2 = null;
            this._parent._lock.lock();
            try {
                try {
                    if (this._parent._cur_pgens.containsKey(str2)) {
                        encryptionKey = (EncryptionKey) this._parent._cur_pgens.get(str2);
                    } else {
                        encryptionKey = this._parent._seed.get_key_value_generators(str2, this._parent._nodeID);
                        this._parent._cur_pgens.put(str2, encryptionKey);
                        this._parent._pgens.ensureContains(str2);
                        this._parent._pgens.get(str2).put(encryptionKey.keyIndex, encryptionKey);
                    }
                    KeyGenerator keyGenerator = this._key ? encryptionKey.keygen : encryptionKey.valgen;
                    KafkaCryptoWireMessage kafkaCryptoWireMessage = new KafkaCryptoWireMessage(encryptionKey.keyIndex, keyGenerator.salt(), null);
                    byte[][] generate = keyGenerator.generate();
                    kafkaCryptoWireMessage.msg = jasodium.crypto_secretbox(bArr, generate[1], generate[0]);
                    bArr2 = kafkaCryptoWireMessage.toWire();
                    this._parent._lock.unlock();
                } catch (Throwable th) {
                    this._parent._logger.warn("Exception during serialization", th);
                    this._parent._lock.unlock();
                }
                return bArr2;
            } catch (Throwable th2) {
                this._parent._lock.unlock();
                throw th2;
            }
        }
    }

    /* loaded from: input_file:org/kafkacrypto/KafkaCrypto$DeadHandler.class */
    private class DeadHandler implements Thread.UncaughtExceptionHandler {
        private DeadHandler() {
        }

        @Override // java.lang.Thread.UncaughtExceptionHandler
        public void uncaughtException(Thread thread, Throwable th) {
            th.printStackTrace();
            System.err.println("Management thread died! Exiting.");
            System.exit(1);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/kafkacrypto/KafkaCrypto$KafkaCryptoMessageDeserializer.class */
    public class KafkaCryptoMessageDeserializer implements Deserializer<KafkaCryptoMessage>, KafkaCryptoMessageDecryptor<KafkaCryptoWireMessage> {
        private KafkaCrypto _parent;
        private boolean _key;
        private int _kwintervals;
        private long _kwi;
        private double _ikw;

        public KafkaCryptoMessageDeserializer(KafkaCrypto kafkaCrypto, boolean z, int i, long j) {
            this._parent = kafkaCrypto;
            this._key = z;
            this._kwintervals = i;
            this._kwi = j;
            this._ikw = (j * Double.parseDouble(this._parent._config.getProperty("DESER_INITIAL_WAIT_INTERVALS"))) / 1000.0d;
        }

        public void close() {
            this._parent = null;
        }

        public void configure(Map<String, ?> map, boolean z) {
            this._key = z;
        }

        /* renamed from: deserialize, reason: merged with bridge method [inline-methods] */
        public KafkaCryptoMessage m0deserialize(String str, byte[] bArr) {
            String str2 = this._parent.get_root(str);
            try {
                KafkaCryptoMessage fromWire = KafkaCryptoMessage.fromWire(bArr);
                if (fromWire == null) {
                    return null;
                }
                if (KafkaPlainWireMessage.class.isAssignableFrom(fromWire.getClass())) {
                    return fromWire;
                }
                if (!KafkaCryptoWireMessage.class.isAssignableFrom(fromWire.getClass())) {
                    return null;
                }
                KafkaCryptoWireMessage kafkaCryptoWireMessage = (KafkaCryptoWireMessage) fromWire;
                kafkaCryptoWireMessage.root = str2;
                kafkaCryptoWireMessage.deser = this;
                return decrypt(kafkaCryptoWireMessage);
            } catch (Throwable th) {
                this._parent._logger.warn("Exception during deserialization", th);
                return null;
            }
        }

        /* JADX WARN: Finally extract failed */
        @Override // org.kafkacrypto.KafkaCryptoMessageDecryptor
        public KafkaCryptoWireMessage decrypt(KafkaCryptoWireMessage kafkaCryptoWireMessage) {
            try {
                this._parent._lock.lock();
                try {
                    this._parent._cgens.ensureContains(kafkaCryptoWireMessage.root);
                    if (!this._parent._cgens.get(kafkaCryptoWireMessage.root).containsKey(kafkaCryptoWireMessage.keyIndex)) {
                        this._parent._cgens.get(kafkaCryptoWireMessage.root).put(kafkaCryptoWireMessage.keyIndex, new EncryptionKey(kafkaCryptoWireMessage.root, kafkaCryptoWireMessage.keyIndex));
                    }
                    EncryptionKey encryptionKey = this._parent._cgens.get(kafkaCryptoWireMessage.root).get(kafkaCryptoWireMessage.keyIndex);
                    for (int i = this._kwintervals; !encryptionKey.acquired && (encryptionKey.creation + this._ikw >= Utils.currentTime() || i > 0); i--) {
                        this._parent._lock.unlock();
                        Thread.sleep(this._kwi);
                        this._parent._lock.lock();
                        encryptionKey = this._parent._cgens.get(kafkaCryptoWireMessage.root).get(kafkaCryptoWireMessage.keyIndex);
                    }
                    if (encryptionKey.acquired) {
                        byte[][] generate = (this._key ? encryptionKey.keygen : encryptionKey.valgen).generate(kafkaCryptoWireMessage.salt);
                        kafkaCryptoWireMessage.setCleartext(jasodium.crypto_secretbox_open(kafkaCryptoWireMessage.msg, generate[1], generate[0]));
                    }
                    this._parent._lock.unlock();
                } catch (Throwable th) {
                    this._parent._lock.unlock();
                    throw th;
                }
            } catch (InterruptedException e) {
                throw new KafkaCryptoInternalError("Interrupted!", e);
            } catch (Throwable th2) {
                this._parent._logger.warn("Exception during deserialization decryption", th2);
            }
            return kafkaCryptoWireMessage;
        }
    }

    public KafkaCrypto(String str, KafkaProducer<byte[], byte[]> kafkaProducer, KafkaConsumer<byte[], byte[]> kafkaConsumer, Object obj) throws KafkaCryptoException, IOException {
        this(str, kafkaProducer, kafkaConsumer, obj, null, null);
    }

    public KafkaCrypto(String str, KafkaProducer<byte[], byte[]> kafkaProducer, KafkaConsumer<byte[], byte[]> kafkaConsumer, Object obj, Object obj2) throws KafkaCryptoException, IOException {
        this(str, kafkaProducer, kafkaConsumer, obj, obj2, null);
    }

    public KafkaCrypto(String str, KafkaProducer<byte[], byte[]> kafkaProducer, KafkaConsumer<byte[], byte[]> kafkaConsumer, Object obj, Object obj2, Object obj3) throws KafkaCryptoException, IOException {
        super(str, kafkaProducer, kafkaConsumer, obj, obj2);
        if (obj3 != null && Ratchet.class.isAssignableFrom(obj3.getClass())) {
            this._seed = (Ratchet) obj3;
        } else if (obj3 != null) {
            this._seed = new Ratchet((String) obj3);
        } else {
            this._seed = new Ratchet(this._nodeID + ".seed");
        }
        this._last_time = Utils.currentTime();
        this._tps = new HashMap();
        this._tps.put(new TopicPartition(this._config.getProperty("MGMT_TOPIC_CHAINS"), 0), new OffsetAndMetadata(0L));
        this._tps.put(new TopicPartition(this._config.getProperty("MGMT_TOPIC_ALLOWLIST"), 0), new OffsetAndMetadata(0L));
        this._tps.put(new TopicPartition(this._config.getProperty("MGMT_TOPIC_DENYLIST"), 0), new OffsetAndMetadata(0L));
        this._tps_updated = true;
        ByteString load_opaque_value = this._cryptostore.load_opaque_value("oldkeys", "crypto", (String) null);
        CryptoState unpackb = new CryptoState().unpackb(load_opaque_value != null ? load_opaque_value.getBytes() : null);
        if (unpackb.containsKey("pgens")) {
            this._pgens = unpackb.get("pgens");
        } else {
            this._pgens = new EncryptionKeys();
        }
        this._pgens_updated = true;
        this._cur_pgens = new HashMap();
        this._cgens = new EncryptionKeys();
        this._running = true;
        this._mgmt_thread = new Thread(this, "process_mgmt_messages");
        this._mgmt_thread.setDaemon(true);
        Thread thread = this._mgmt_thread;
        Thread.setDefaultUncaughtExceptionHandler(new DeadHandler());
        this._mgmt_thread.start();
    }

    public void close() {
        this._running = false;
        try {
            Thread.sleep(1000L);
        } catch (InterruptedException e) {
            throw new KafkaCryptoInternalError("Interrupted during close.", e);
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        ConsumerRecords empty;
        Duration ofMillis = Duration.ofMillis(Long.parseLong(this._config.getProperty("MGMT_POLL_INTERVAL")));
        while (this._running) {
            this._logger.debug("At beginning of management loop");
            try {
                if (this._kc.assignment().size() > 0) {
                    this._logger.debug("Polling");
                    empty = this._kc.poll(ofMillis);
                } else {
                    this._logger.debug("No assignments, so no poll");
                    empty = ConsumerRecords.empty();
                    Thread.sleep(ofMillis.toMillis());
                }
                this._logger.debug("Got {} messages", Integer.valueOf(empty.count()));
                Iterator it = empty.iterator();
                while (it.hasNext()) {
                    ConsumerRecord consumerRecord = (ConsumerRecord) it.next();
                    this._lock.lock();
                    try {
                        try {
                            TopicPartition topicPartition = new TopicPartition(consumerRecord.topic(), consumerRecord.partition());
                            if (!this._tps.containsKey(topicPartition) || this._tps.get(topicPartition).offset() <= consumerRecord.offset()) {
                                this._tps.put(topicPartition, new OffsetAndMetadata(consumerRecord.offset()));
                                if (consumerRecord.topic().endsWith(this._config.getProperty("TOPIC_SUFFIX_REQS"))) {
                                    String substring = consumerRecord.topic().substring(0, consumerRecord.topic().lastIndexOf(this._config.getProperty("TOPIC_SUFFIX_REQS")));
                                    List<Value> unpackb = msgpack.unpackb((byte[]) consumerRecord.key());
                                    if (this._pgens.containsKey(substring)) {
                                        ArrayList arrayList = new ArrayList();
                                        ArrayList arrayList2 = new ArrayList();
                                        Iterator<Value> it2 = unpackb.iterator();
                                        while (it2.hasNext()) {
                                            byte[] asByteArray = it2.next().asRawValue().asByteArray();
                                            if (this._pgens.get(substring).containsKey(asByteArray)) {
                                                arrayList.add(asByteArray);
                                                arrayList2.add(this._pgens.get(substring).get(asByteArray).key);
                                            }
                                        }
                                        if (arrayList.size() > 0) {
                                            byte[] packb = msgpack.packb(arrayList);
                                            msgpack.packb(arrayList2);
                                            this._kp.send(new ProducerRecord(substring + this._config.getProperty("TOPIC_SUFFIX_KEYS"), packb, this._cryptoexchange.encrypt_keys(arrayList, arrayList2, substring, (byte[]) consumerRecord.value())));
                                        }
                                    }
                                } else if (consumerRecord.topic().endsWith(this._config.getProperty("TOPIC_SUFFIX_KEYS"))) {
                                    String substring2 = consumerRecord.topic().substring(0, consumerRecord.topic().lastIndexOf(this._config.getProperty("TOPIC_SUFFIX_KEYS")));
                                    this._cgens.ensureContains(substring2);
                                    Map<byte[], byte[]> decrypt_keys = this._cryptoexchange.decrypt_keys(substring2, (byte[]) consumerRecord.value());
                                    for (byte[] bArr : decrypt_keys.keySet()) {
                                        if (this._cgens.get(substring2).containsKey(bArr)) {
                                            this._cgens.get(substring2).get(bArr).setKey(decrypt_keys.get(bArr));
                                        } else {
                                            this._cgens.get(substring2).put(bArr, new EncryptionKey(substring2, bArr, decrypt_keys.get(bArr)));
                                        }
                                    }
                                } else if (consumerRecord.topic().equals(this._config.getProperty("MGMT_TOPIC_CHAINS"))) {
                                    if (this._cryptokey.get_spk().equals(consumerRecord.key())) {
                                        SignedChain replace_spk_chain = this._cryptoexchange.replace_spk_chain(new SignedChain().unpackb((byte[]) consumerRecord.value()));
                                        if (replace_spk_chain != null) {
                                            this._cryptostore.store_value("chain", "crypto", msgpack.packb(replace_spk_chain));
                                        }
                                    }
                                } else if (consumerRecord.topic().equals(this._config.getProperty("MGMT_TOPIC_ALLOWLIST"))) {
                                    ChainCert add_allowlist = this._cryptoexchange.add_allowlist(new SignedChain().unpackb((byte[]) consumerRecord.value()));
                                    if (add_allowlist != null) {
                                        this._cryptostore.store_value(jasodium.crypto_hash_sha256(add_allowlist.pk), "allowlist", msgpack.packb(add_allowlist));
                                    }
                                } else if (consumerRecord.topic().equals(this._config.getProperty("MGMT_TOPIC_DENYLIST"))) {
                                    ChainCert add_denylist = this._cryptoexchange.add_denylist(new SignedChain().unpackb((byte[]) consumerRecord.value()));
                                    if (add_denylist != null) {
                                        this._cryptostore.store_value(jasodium.crypto_hash_sha256(add_denylist.pk), "denylist", msgpack.packb(add_denylist));
                                    }
                                } else {
                                    this._logger.warn("Help! I'm lost. Unknown message received on topic={}", consumerRecord.topic());
                                }
                            }
                            this._lock.unlock();
                        } catch (Throwable th) {
                            this._logger.info("Exception during message processin", th);
                            this._lock.unlock();
                        }
                    } finally {
                    }
                }
                this._logger.debug("Flushing producer");
                this._kp.flush();
                this._logger.debug("Updating assignment");
                this._lock.lock();
            } catch (InterruptedException | InterruptException e) {
                close();
            }
            try {
                if (this._tps_updated) {
                    this._kc.assign(this._tps.keySet());
                    this._tps_updated = false;
                }
                this._lock.unlock();
                this._logger.debug("(Re)subscribing and updating assignments accordingly");
                this._lock.lock();
                try {
                    try {
                        for (String str : this._cgens.keySet()) {
                            TopicPartition topicPartition2 = new TopicPartition(str + this._config.getProperty("TOPIC_SUFFIX_KEYS"), 0);
                            if (!this._tps.containsKey(topicPartition2)) {
                                this._tps.put(topicPartition2, new OffsetAndMetadata(0L));
                                this._tps_updated = true;
                            }
                            ArrayList arrayList3 = new ArrayList();
                            for (byte[] bArr2 : this._cgens.get(str).keySet()) {
                                try {
                                    if (this._cgens.get(str).get(bArr2).resubNeeded(Double.parseDouble(this._config.getProperty("CRYPTO_SUB_INTERVAL")))) {
                                        arrayList3.add(this._cgens.get(str).get(bArr2).keyIndex);
                                    }
                                } catch (Throwable th2) {
                                    this._logger.warn("Exception determining new subscriptions", th2);
                                }
                            }
                            if (arrayList3.size() > 0) {
                                byte[] packb2 = msgpack.packb(arrayList3);
                                byte[] signed_epk = this._cryptoexchange.signed_epk(str, null);
                                if (packb2 != null && signed_epk != null) {
                                    this._kp.send(new ProducerRecord(str + this._config.getProperty("TOPIC_SUFFIX_SUBS"), packb2, signed_epk));
                                    Iterator it3 = arrayList3.iterator();
                                    while (it3.hasNext()) {
                                        this._cgens.get(str).get((byte[]) it3.next()).resub(Utils.currentTime());
                                    }
                                }
                            }
                        }
                        this._lock.unlock();
                    } finally {
                        this._lock.unlock();
                    }
                } catch (Throwable th3) {
                    this._logger.info("Exception during preparing new subscriptions", th3);
                    this._lock.unlock();
                }
                this._logger.debug("Flushing producer(2)");
                this._kp.flush();
                this._logger.debug("Checking ratchet");
                this._lock.lock();
                try {
                    try {
                        if (this._last_time + Double.parseDouble(this._config.getProperty("CRYPTO_RATCHET_INTERVAL")) < Utils.currentTime()) {
                            this._seed.increment();
                            this._last_time = Utils.currentTime();
                            this._cur_pgens.clear();
                        }
                        this._lock.unlock();
                    } catch (Throwable th4) {
                        this._logger.warn("Exception incrementing ratchet", th4);
                        this._lock.unlock();
                    }
                    this._logger.debug("Updating assignments and clearing old keys");
                    this._lock.lock();
                    try {
                        try {
                            if (this._pgens_updated) {
                                for (String str2 : this._pgens.keySet()) {
                                    TopicPartition topicPartition3 = new TopicPartition(str2 + this._config.getProperty("TOPIC_SUFFIX_REQS"), 0);
                                    if (!this._tps.containsKey(topicPartition3)) {
                                        this._tps.put(topicPartition3, new OffsetAndMetadata(0L));
                                        this._tps_updated = true;
                                    }
                                    ArrayList arrayList4 = new ArrayList();
                                    for (byte[] bArr3 : this._pgens.get(str2).keySet()) {
                                        if (this._pgens.get(str2).get(bArr3).birth + Double.parseDouble(this._config.getProperty("CRYPTO_MAX_PGEN_AGE")) < Utils.currentTime()) {
                                            arrayList4.add(bArr3);
                                        }
                                    }
                                    Iterator it4 = arrayList4.iterator();
                                    while (it4.hasNext()) {
                                        this._pgens.get(str2).remove((byte[]) it4.next());
                                    }
                                }
                                CryptoState cryptoState = new CryptoState();
                                cryptoState.put("pgens", this._pgens);
                                this._cryptostore.store_opaque_value("oldkeys", msgpack.packb(cryptoState), "crypto");
                                this._pgens_updated = false;
                            }
                            this._lock.unlock();
                        } catch (Throwable th5) {
                            this._logger.warn("Exception writing oldkeys", th5);
                            this._lock.unlock();
                        }
                    } finally {
                        this._lock.unlock();
                    }
                } finally {
                    this._lock.unlock();
                }
            } finally {
            }
        }
        this._kc.close();
        this._kp.close();
    }

    public Serializer getKeySerializer() {
        return new ByteSerializer(this, true);
    }

    public Serializer getValueSerializer() {
        return new ByteSerializer(this, false);
    }

    public Deserializer<KafkaCryptoMessage> getKeyDeserializer() {
        return getKeyDeserializer(0, 1000L);
    }

    public Deserializer<KafkaCryptoMessage> getValueDeserializer() {
        return getValueDeserializer(0, 1000L);
    }

    public Deserializer<KafkaCryptoMessage> getKeyDeserializer(int i, long j) {
        return new KafkaCryptoMessageDeserializer(this, true, i, j);
    }

    public Deserializer<KafkaCryptoMessage> getValueDeserializer(int i, long j) {
        return new KafkaCryptoMessageDeserializer(this, false, i, j);
    }

    @Override // org.kafkacrypto.KafkaCryptoBase
    public /* bridge */ /* synthetic */ String get_root(String str) {
        return super.get_root(str);
    }
}
