package com.atlassian.jira.security.properties;

import com.atlassian.event.api.EventListener;
import com.atlassian.jira.EventComponent;
import com.atlassian.jira.bc.dataimport.ImportCompletedEvent;
import com.atlassian.jira.cluster.zdu.ClusterUpgradeStateDao;
import com.atlassian.jira.cluster.zdu.JiraUpgradeApprovedEvent;
import com.atlassian.jira.cluster.zdu.UpgradeState;
import com.atlassian.jira.event.ClearCacheEvent;
import com.atlassian.jira.event.JiraUpgradedEvent;
import com.atlassian.security.random.SecureRandomFactory;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import java.util.Base64;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@EventComponent
/* loaded from: input_file:com/atlassian/jira/security/properties/DefaultSecurityPropertiesService.class */
public class DefaultSecurityPropertiesService implements SecurityPropertiesService {
    private static final Logger log = LoggerFactory.getLogger(DefaultSecurityPropertiesService.class);
    private static final long CACHE_MAX_SIZE = 1000;
    private static final long CACHE_EXPIRATION_SECONDS = 30;
    private static final int DEFAULT_KEY_LENGTH_BYTES = 64;
    private final SecurityPropertiesDao securityPropertiesDao;
    private final ClusterUpgradeStateDao clusterUpgradeStateDao;
    private final Cache<String, Optional<String>> cache = CacheBuilder.newBuilder().maximumSize(1000).expireAfterWrite(CACHE_EXPIRATION_SECONDS, TimeUnit.SECONDS).build();
    private AtomicBoolean upgradeStateStable = new AtomicBoolean(false);

    public static String defaultGenerateKey() {
        byte[] bArr = new byte[DEFAULT_KEY_LENGTH_BYTES];
        SecureRandomFactory.newInstance().nextBytes(bArr);
        return Base64.getEncoder().encodeToString(bArr);
    }

    public DefaultSecurityPropertiesService(SecurityPropertiesDao securityPropertiesDao, ClusterUpgradeStateDao clusterUpgradeStateDao) {
        this.securityPropertiesDao = securityPropertiesDao;
        this.clusterUpgradeStateDao = clusterUpgradeStateDao;
    }

    @Override // com.atlassian.jira.security.properties.SecurityPropertiesService
    public void invalidate() {
        log.debug("invalidate all");
        this.cache.invalidateAll();
    }

    @Override // com.atlassian.jira.security.properties.SecurityPropertiesService
    public void invalidate(String str) {
        log.debug("invalidate key: {}", str);
        this.cache.invalidate(str);
    }

    @Override // com.atlassian.jira.security.properties.SecurityPropertiesService
    public Optional<String> getSecret(String str) {
        return getSecret(str, this::isUpgradeStateStable);
    }

    public Optional<String> getSecret(String str, boolean z) {
        return getSecretUsingValueCreator(str, z ? DefaultSecurityPropertiesService::defaultGenerateKey : () -> {
            return null;
        });
    }

    public Optional<String> getSecret(String str, Supplier<Boolean> supplier) {
        return getSecretUsingValueCreator(str, () -> {
            if (((Boolean) supplier.get()).booleanValue()) {
                return defaultGenerateKey();
            }
            return null;
        });
    }

    public Optional<String> getSecretUsingValueCreator(String str, Supplier<String> supplier) {
        try {
            return (Optional) this.cache.get(str, () -> {
                String orCreate = this.securityPropertiesDao.getOrCreate(str, supplier);
                if (orCreate == null || orCreate.trim().isEmpty()) {
                    log.debug("missing key: {}", str);
                    return Optional.empty();
                }
                log.debug("loaded key: {}", str);
                return Optional.of(orCreate);
            });
        } catch (ExecutionException e) {
            throw new RuntimeException(e);
        }
    }

    @EventListener
    public void onImportCompleted(ImportCompletedEvent importCompletedEvent) {
        log.debug("ImportCompletedEvent event");
        invalidate();
    }

    @EventListener
    public void onClearCacheEvent(ClearCacheEvent clearCacheEvent) {
        log.debug("ClearCacheEvent event");
        invalidate();
    }

    @EventListener
    public void onJiraUpgradedEvent(JiraUpgradedEvent jiraUpgradedEvent) {
        log.debug("JiraUpgradedEvent event");
        invalidate();
    }

    @EventListener
    public void onJiraUpgradeApprovedEvent(JiraUpgradeApprovedEvent jiraUpgradeApprovedEvent) {
        log.debug("JiraUpgradeApprovedEvent event");
        invalidate();
    }

    private boolean isUpgradeStateStable() {
        if (this.upgradeStateStable.get()) {
            return true;
        }
        if (!UpgradeState.STABLE.equals(getUpgradeState())) {
            return false;
        }
        this.upgradeStateStable.set(true);
        log.debug("upgrade state is STABLE");
        return true;
    }

    private UpgradeState getUpgradeState() {
        return (UpgradeState) this.clusterUpgradeStateDao.getCurrent().map((v0) -> {
            return v0.getState();
        }).map(UpgradeState::valueOf).orElse(UpgradeState.STABLE);
    }
}
