package org.projectnessie.catalog.service.impl;

import com.google.common.annotations.VisibleForTesting;
import jakarta.enterprise.context.RequestScoped;
import jakarta.inject.Inject;
import java.security.SecureRandom;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.ThreadLocalRandom;
import org.projectnessie.catalog.service.api.SignerKeysService;
import org.projectnessie.catalog.service.objtypes.ImmutableSignerKeysObj;
import org.projectnessie.catalog.service.objtypes.SignerKey;
import org.projectnessie.catalog.service.objtypes.SignerKeysObj;
import org.projectnessie.versioned.storage.common.exceptions.ObjNotFoundException;
import org.projectnessie.versioned.storage.common.exceptions.ObjTooLargeException;
import org.projectnessie.versioned.storage.common.persist.Persist;

@RequestScoped
/* loaded from: input_file:org/projectnessie/catalog/service/impl/SignerKeysServiceImpl.class */
public class SignerKeysServiceImpl implements SignerKeysService {
    public static final long SPIN_LOOP_MIN_SLEEP_MILLIS = 20;
    public static final long SPIN_LOOP_MAX_SLEEP_MILLIS = 200;
    public static final Duration NEW_KEY_ROTATE_AFTER = Duration.of(3, ChronoUnit.DAYS);
    public static final Duration NEW_KEY_EXPIRE_AFTER = Duration.of(5, ChronoUnit.DAYS);

    @Inject
    Persist persist;

    @VisibleForTesting
    Clock clock = Clock.systemUTC();

    private SignerKeysObj loadOrCreate() {
        SignerKeysObj addNewKey;
        do {
            try {
                addNewKey = (SignerKeysObj) this.persist.fetchTypedObj(SignerKeysObj.OBJ_ID, SignerKeysObj.OBJ_TYPE, SignerKeysObj.class);
                break;
            } catch (ObjNotFoundException e) {
                addNewKey = addNewKey(null);
                try {
                } catch (Exception e2) {
                    throw new RuntimeException(e2);
                }
            }
        } while (!storeInitial(addNewKey));
        return addNewKey;
    }

    private SignerKeysObj addNewKey(SignerKeysObj signerKeysObj) {
        Instant instant = this.clock.instant();
        Instant plus = instant.plus((TemporalAmount) NEW_KEY_ROTATE_AFTER);
        Instant plus2 = instant.plus((TemporalAmount) NEW_KEY_EXPIRE_AFTER);
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        ImmutableSignerKeysObj.Builder builder = ImmutableSignerKeysObj.builder();
        if (signerKeysObj != null) {
            builder.from(signerKeysObj);
        }
        builder.versionToken(UUID.randomUUID().toString()).signerKeys(List.of());
        if (signerKeysObj != null) {
            for (SignerKey signerKey : signerKeysObj.signerKeys()) {
                if (signerKey.expirationTime().compareTo(instant) > 0) {
                    builder.addSignerKey(signerKey);
                }
            }
        }
        return builder.addSignerKey(SignerKey.builder().name(UUID.randomUUID().toString()).secretKey(bArr).creationTime(instant).rotationTime(plus).expirationTime(plus2).build()).build();
    }

    public SignerKey getSignerKey(String str) {
        return loadOrCreate().getSignerKey(str);
    }

    public SignerKey currentSignerKey() {
        Instant instant = this.clock.instant();
        while (true) {
            SignerKeysObj loadOrCreate = loadOrCreate();
            SignerKey signerKey = (SignerKey) loadOrCreate.signerKeys().get(loadOrCreate.signerKeys().size() - 1);
            if (signerKey.rotationTime().compareTo(instant) > 0) {
                return signerKey;
            }
            try {
                if (!updateKeys(loadOrCreate, addNewKey(loadOrCreate))) {
                    persistSpinLoop();
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    @VisibleForTesting
    boolean storeInitial(SignerKeysObj signerKeysObj) throws ObjTooLargeException {
        return this.persist.storeObj(signerKeysObj);
    }

    @VisibleForTesting
    boolean updateKeys(SignerKeysObj signerKeysObj, SignerKeysObj signerKeysObj2) throws ObjTooLargeException {
        return this.persist.updateConditional(signerKeysObj, signerKeysObj2);
    }

    private static void persistSpinLoop() throws InterruptedException {
        Thread.sleep(ThreadLocalRandom.current().nextLong(20L, 200L));
    }
}
