package com.schibsted.security.strongbox.sdk.impl;

import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.services.dynamodbv2.model.ResourceNotFoundException;
import com.schibsted.security.strongbox.sdk.SecretsGroup;
import com.schibsted.security.strongbox.sdk.SecretsGroupManager;
import com.schibsted.security.strongbox.sdk.exceptions.AlreadyExistsException;
import com.schibsted.security.strongbox.sdk.exceptions.DoesNotExistException;
import com.schibsted.security.strongbox.sdk.exceptions.FailedToDeleteResourceException;
import com.schibsted.security.strongbox.sdk.exceptions.SecretsGroupException;
import com.schibsted.security.strongbox.sdk.exceptions.UnexpectedStateException;
import com.schibsted.security.strongbox.sdk.exceptions.UnsupportedTypeException;
import com.schibsted.security.strongbox.sdk.internal.access.IAMPolicyManager;
import com.schibsted.security.strongbox.sdk.internal.encryption.Encryptor;
import com.schibsted.security.strongbox.sdk.internal.encryption.FileEncryptionContext;
import com.schibsted.security.strongbox.sdk.internal.encryption.KMSEncryptor;
import com.schibsted.security.strongbox.sdk.internal.impl.DefaultSecretsGroup;
import com.schibsted.security.strongbox.sdk.internal.kv4j.generated.DynamoDB;
import com.schibsted.security.strongbox.sdk.internal.kv4j.generated.File;
import com.schibsted.security.strongbox.sdk.internal.kv4j.generated.Store;
import com.schibsted.security.strongbox.sdk.internal.kv4j.generic.frontend.KVStream;
import com.schibsted.security.strongbox.sdk.internal.srn.SecretsGroupSRN;
import com.schibsted.security.strongbox.sdk.internal.types.config.UserConfig;
import com.schibsted.security.strongbox.sdk.internal.types.store.DynamoDBReference;
import com.schibsted.security.strongbox.sdk.internal.types.store.FileReference;
import com.schibsted.security.strongbox.sdk.internal.types.store.StorageReference;
import com.schibsted.security.strongbox.sdk.internal.types.store.StorageType;
import com.schibsted.security.strongbox.sdk.types.ClientConfiguration;
import com.schibsted.security.strongbox.sdk.types.EncryptionStrength;
import com.schibsted.security.strongbox.sdk.types.Principal;
import com.schibsted.security.strongbox.sdk.types.RawSecretEntry;
import com.schibsted.security.strongbox.sdk.types.SRN;
import com.schibsted.security.strongbox.sdk.types.SecretsGroupIdentifier;
import com.schibsted.security.strongbox.sdk.types.SecretsGroupInfo;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/schibsted/security/strongbox/sdk/impl/DefaultSecretsGroupManager.class */
public class DefaultSecretsGroupManager implements SecretsGroupManager {
    private static final Logger log = LoggerFactory.getLogger(DefaultSecretsGroupManager.class);
    private final AWSCredentialsProvider awsCredentials;
    private final IAMPolicyManager policyManager;
    private final UserConfig userConfig;
    private final EncryptionStrength encryptionStrength;
    private final ClientConfiguration clientConfiguration;
    private final ConcurrentHashMap<SecretsGroupIdentifier, ReadWriteLock> readWriteLocks;
    private final ConcurrentHashMap<SecretsGroupIdentifier, KMSEncryptor> encryptors;

    public DefaultSecretsGroupManager() {
        this(new DefaultAWSCredentialsProviderChain());
    }

    public DefaultSecretsGroupManager(AWSCredentialsProvider aWSCredentialsProvider) {
        this(aWSCredentialsProvider, new UserConfig(), EncryptionStrength.AES_128, getDefaultClientConfiguration());
    }

    public DefaultSecretsGroupManager(AWSCredentialsProvider aWSCredentialsProvider, UserConfig userConfig) {
        this(aWSCredentialsProvider, userConfig, EncryptionStrength.AES_128, getDefaultClientConfiguration());
    }

    public DefaultSecretsGroupManager(AWSCredentialsProvider aWSCredentialsProvider, UserConfig userConfig, EncryptionStrength encryptionStrength) {
        this(aWSCredentialsProvider, userConfig, encryptionStrength, getDefaultClientConfiguration());
    }

    public DefaultSecretsGroupManager(AWSCredentialsProvider aWSCredentialsProvider, UserConfig userConfig, EncryptionStrength encryptionStrength, ClientConfiguration clientConfiguration) {
        this.readWriteLocks = new ConcurrentHashMap<>();
        this.encryptors = new ConcurrentHashMap<>();
        this.awsCredentials = aWSCredentialsProvider;
        this.clientConfiguration = clientConfiguration;
        this.policyManager = IAMPolicyManager.fromCredentials(aWSCredentialsProvider, this.clientConfiguration);
        this.userConfig = userConfig;
        this.encryptionStrength = encryptionStrength;
    }

    private static ClientConfiguration getDefaultClientConfiguration() {
        return new ClientConfiguration();
    }

    public SRN srn(SecretsGroupIdentifier secretsGroupIdentifier) {
        return new SecretsGroupSRN(this.policyManager.getAccount(), secretsGroupIdentifier);
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public SecretsGroupInfo create(SecretsGroupIdentifier secretsGroupIdentifier) {
        return create(secretsGroupIdentifier, new DynamoDBReference());
    }

    public SecretsGroupInfo create(SecretsGroupIdentifier secretsGroupIdentifier, StorageReference storageReference) {
        return create(secretsGroupIdentifier, storageReference, false);
    }

    public SecretsGroupInfo create(SecretsGroupIdentifier secretsGroupIdentifier, StorageReference storageReference, boolean z) {
        SecretsGroupInfo secretsGroupInfo;
        synchronized (this.readWriteLocks) {
            ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
            readWriteLock.writeLock().lock();
            try {
                KMSEncryptor encryptor = getEncryptor(secretsGroupIdentifier);
                ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
                verifyThatNonOfTheResourcesExistsOrThrow(secretsGroupIdentifier, encryptor, reentrantReadWriteLock, z);
                ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(6);
                try {
                    try {
                        Future submit = newFixedThreadPool.submit(() -> {
                            Store createStore = createStore(secretsGroupIdentifier, storageReference, reentrantReadWriteLock);
                            setLocalState(secretsGroupIdentifier, storageReference);
                            return createStore;
                        });
                        newFixedThreadPool.submit(() -> {
                            encryptor.create(z);
                            return null;
                        }).get();
                        Store store = (Store) submit.get();
                        Future submit2 = newFixedThreadPool.submit(() -> {
                            return this.policyManager.createAdminPolicy(secretsGroupIdentifier, encryptor, store);
                        });
                        Future submit3 = newFixedThreadPool.submit(() -> {
                            return this.policyManager.createReadOnlyPolicy(secretsGroupIdentifier, encryptor, store);
                        });
                        secretsGroupInfo = new SecretsGroupInfo(new SecretsGroupSRN(this.policyManager.getAccount(), secretsGroupIdentifier), Optional.of(encryptor.getArn()), Optional.of(store.getArn()), Optional.of((String) submit2.get()), Optional.of((String) submit3.get()), new ArrayList(), new ArrayList());
                        newFixedThreadPool.shutdownNow();
                        readWriteLock.writeLock().unlock();
                    } catch (InterruptedException | ExecutionException e) {
                        throw new SecretsGroupException(secretsGroupIdentifier, "Failed to create group: this might have left a partially constructed group, which can be deleted.", e);
                    }
                } catch (Throwable th) {
                    newFixedThreadPool.shutdownNow();
                    throw th;
                }
            } catch (Throwable th2) {
                readWriteLock.writeLock().unlock();
                throw th2;
            }
        }
        return secretsGroupInfo;
    }

    private ReadWriteLock getReadWriteLock(SecretsGroupIdentifier secretsGroupIdentifier) {
        ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
        ReadWriteLock putIfAbsent = this.readWriteLocks.putIfAbsent(secretsGroupIdentifier, new ReentrantReadWriteLock());
        return putIfAbsent != null ? putIfAbsent : reentrantReadWriteLock;
    }

    private void verifyThatNonOfTheResourcesExistsOrThrow(SecretsGroupIdentifier secretsGroupIdentifier, KMSEncryptor kMSEncryptor, ReadWriteLock readWriteLock, boolean z) {
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(4);
        try {
            try {
                Future submit = newFixedThreadPool.submit(() -> {
                    return storageExists(secretsGroupIdentifier, readWriteLock);
                });
                Future submit2 = newFixedThreadPool.submit(() -> {
                    return Boolean.valueOf(kMSEncryptor.exists(z));
                });
                Future submit3 = newFixedThreadPool.submit(() -> {
                    return Boolean.valueOf(this.policyManager.adminPolicyExists(secretsGroupIdentifier));
                });
                Future submit4 = newFixedThreadPool.submit(() -> {
                    return Boolean.valueOf(this.policyManager.readOnlyPolicyExists(secretsGroupIdentifier));
                });
                Optional optional = (Optional) submit.get();
                if (optional.isPresent()) {
                    throw new AlreadyExistsException(String.format("There already exists a storage backend for the group '%s' of type '%s'", secretsGroupIdentifier, optional.get()));
                }
                if (((Boolean) submit3.get()).booleanValue()) {
                    throw new AlreadyExistsException(String.format("There already exists an admin policy for the group '%s'", secretsGroupIdentifier));
                }
                if (((Boolean) submit4.get()).booleanValue()) {
                    throw new AlreadyExistsException(String.format("There already exists a read only policy for the group '%s'", secretsGroupIdentifier));
                }
                if (((Boolean) submit2.get()).booleanValue()) {
                    throw new AlreadyExistsException(String.format("There already exists an encryptor backend for the group '%s'. Please note that it takes %d days for a key to be deleted. If you intend to reuse the key, use the '--allow-key-reuse' flag.", secretsGroupIdentifier, Integer.valueOf(kMSEncryptor.pendingDeletionWindowInDays())));
                }
            } catch (AlreadyExistsException e) {
                throw new SecretsGroupException(secretsGroupIdentifier, "The group already exists", e);
            } catch (InterruptedException | ExecutionException e2) {
                throw new SecretsGroupException(secretsGroupIdentifier, "Failed to verify if the group already exists", e2);
            }
        } finally {
            newFixedThreadPool.shutdownNow();
        }
    }

    private Store getCurrentStore(SecretsGroupIdentifier secretsGroupIdentifier, ReadWriteLock readWriteLock) {
        if (this.userConfig.getLocalFilePath(secretsGroupIdentifier).isPresent()) {
            return new File(this.userConfig.getLocalFilePath(secretsGroupIdentifier).get(), getEncryptor(secretsGroupIdentifier), new FileEncryptionContext(secretsGroupIdentifier), readWriteLock);
        }
        try {
            return DynamoDB.fromCredentials(this.awsCredentials, this.clientConfiguration, secretsGroupIdentifier, readWriteLock);
        } catch (ResourceNotFoundException e) {
            throw new DoesNotExistException("No storage backend found!", e);
        }
    }

    private StorageReference getCurrentStorageReference(SecretsGroupIdentifier secretsGroupIdentifier) {
        return this.userConfig.getLocalFilePath(secretsGroupIdentifier).isPresent() ? new FileReference(this.userConfig.getLocalFilePath(secretsGroupIdentifier).get()) : new DynamoDBReference();
    }

    private Optional<StorageType> storageExists(SecretsGroupIdentifier secretsGroupIdentifier, ReadWriteLock readWriteLock) {
        if (this.userConfig.getLocalFilePath(secretsGroupIdentifier).isPresent()) {
            return new File(this.userConfig.getLocalFilePath(secretsGroupIdentifier).get(), getEncryptor(secretsGroupIdentifier), new FileEncryptionContext(secretsGroupIdentifier), readWriteLock).exists() ? Optional.of(StorageType.FILE) : Optional.empty();
        }
        return DynamoDB.fromCredentials(this.awsCredentials, this.clientConfiguration, secretsGroupIdentifier, readWriteLock).exists() ? Optional.of(StorageType.DYNAMODB) : Optional.empty();
    }

    private Store createStore(SecretsGroupIdentifier secretsGroupIdentifier, StorageReference storageReference, ReadWriteLock readWriteLock) {
        if (storageReference instanceof DynamoDBReference) {
            DynamoDB fromCredentials = DynamoDB.fromCredentials(this.awsCredentials, this.clientConfiguration, secretsGroupIdentifier, readWriteLock);
            fromCredentials.create();
            return fromCredentials;
        }
        if (!(storageReference instanceof FileReference)) {
            throw new UnsupportedTypeException(storageReference.getClass().getName());
        }
        File file = new File(((FileReference) storageReference).path, getEncryptor(secretsGroupIdentifier), new FileEncryptionContext(secretsGroupIdentifier), readWriteLock);
        file.create();
        return file;
    }

    private KMSEncryptor getEncryptor(SecretsGroupIdentifier secretsGroupIdentifier) {
        return this.encryptors.computeIfAbsent(secretsGroupIdentifier, secretsGroupIdentifier2 -> {
            return KMSEncryptor.fromCredentials(this.awsCredentials, this.clientConfiguration, secretsGroupIdentifier, this.encryptionStrength);
        });
    }

    public Encryptor encryptor(SecretsGroupIdentifier secretsGroupIdentifier) {
        return getEncryptor(secretsGroupIdentifier);
    }

    private void setLocalState(SecretsGroupIdentifier secretsGroupIdentifier, StorageReference storageReference) {
        if (storageReference instanceof FileReference) {
            this.userConfig.addLocalFilePath(secretsGroupIdentifier, ((FileReference) storageReference).path);
        }
    }

    private void removeLocalState(SecretsGroupIdentifier secretsGroupIdentifier, Store store) {
        if (store instanceof File) {
            this.userConfig.removeLocalFilePath(secretsGroupIdentifier);
        }
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public SecretsGroup get(SecretsGroupIdentifier secretsGroupIdentifier) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        return new DefaultSecretsGroup(getAccount(), secretsGroupIdentifier, getCurrentStore(secretsGroupIdentifier, readWriteLock), getEncryptor(secretsGroupIdentifier), readWriteLock);
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public Set<SecretsGroupIdentifier> identifiers() {
        Set<SecretsGroupIdentifier> secretsGroupIdentifiers;
        synchronized (this.readWriteLocks) {
            secretsGroupIdentifiers = IAMPolicyManager.fromCredentials(this.awsCredentials, this.clientConfiguration).getSecretsGroupIdentifiers();
        }
        return secretsGroupIdentifiers;
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public SecretsGroupInfo info(SecretsGroupIdentifier secretsGroupIdentifier) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.readLock().lock();
        try {
            ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(6);
            KMSEncryptor encryptor = getEncryptor(secretsGroupIdentifier);
            Future submit = newFixedThreadPool.submit(() -> {
                return encryptor.exists() ? Optional.of(encryptor.getArn()) : Optional.empty();
            });
            Future submit2 = newFixedThreadPool.submit(() -> {
                try {
                    Store currentStore = getCurrentStore(secretsGroupIdentifier, readWriteLock);
                    return currentStore.exists() ? Optional.of(currentStore.getArn()) : Optional.empty();
                } catch (DoesNotExistException e) {
                    return Optional.empty();
                }
            });
            Future submit3 = newFixedThreadPool.submit(() -> {
                return this.policyManager.adminPolicyExists(secretsGroupIdentifier) ? Optional.of(this.policyManager.getAdminPolicyArn(secretsGroupIdentifier)) : Optional.empty();
            });
            Future submit4 = newFixedThreadPool.submit(() -> {
                return this.policyManager.readOnlyPolicyExists(secretsGroupIdentifier) ? Optional.of(this.policyManager.getReadOnlyArn(secretsGroupIdentifier)) : Optional.empty();
            });
            Future submit5 = newFixedThreadPool.submit(() -> {
                try {
                    return this.policyManager.listAttachedAdmin(secretsGroupIdentifier);
                } catch (DoesNotExistException e) {
                    return new ArrayList();
                }
            });
            Future submit6 = newFixedThreadPool.submit(() -> {
                try {
                    return this.policyManager.listAttachedReadOnly(secretsGroupIdentifier);
                } catch (DoesNotExistException e) {
                    return new ArrayList();
                }
            });
            newFixedThreadPool.shutdown();
            try {
                SecretsGroupInfo secretsGroupInfo = new SecretsGroupInfo(new SecretsGroupSRN(this.policyManager.getAccount(), secretsGroupIdentifier), (Optional) submit.get(), (Optional) submit2.get(), (Optional) submit3.get(), (Optional) submit4.get(), (List) submit5.get(), (List) submit6.get());
                readWriteLock.readLock().unlock();
                return secretsGroupInfo;
            } catch (InterruptedException | ExecutionException e) {
                throw new SecretsGroupException(secretsGroupIdentifier, "Error getting group information", e);
            }
        } catch (Throwable th) {
            readWriteLock.readLock().unlock();
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public void delete(SecretsGroupIdentifier secretsGroupIdentifier) {
        synchronized (this.readWriteLocks) {
            ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
            readWriteLock.readLock().lock();
            try {
                try {
                    log.info("About to delete Secrets Group: {}", secretsGroupIdentifier.name);
                    ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(3);
                    newFixedThreadPool.submit(() -> {
                        try {
                            Store currentStore = getCurrentStore(secretsGroupIdentifier, new ReentrantReadWriteLock());
                            currentStore.delete();
                            removeLocalState(secretsGroupIdentifier, currentStore);
                            log.info("  Deleted Store");
                            return null;
                        } catch (DoesNotExistException e) {
                            return null;
                        }
                    });
                    newFixedThreadPool.submit(() -> {
                        try {
                            this.policyManager.detachAllPrincipals(secretsGroupIdentifier);
                            log.info("  Detached all Principals from the IAM Policies");
                            this.policyManager.deleteAdminPolicy(secretsGroupIdentifier);
                            log.info("  Deleted Admin Policy");
                            this.policyManager.deleteReadonlyPolicy(secretsGroupIdentifier);
                            log.info("  Deleted Readonly Policy");
                            return null;
                        } catch (DoesNotExistException e) {
                            return null;
                        }
                    });
                    newFixedThreadPool.submit(() -> {
                        try {
                            KMSEncryptor encryptor = getEncryptor(secretsGroupIdentifier);
                            encryptor.delete();
                            log.info(String.format("  Scheduled KMS key for deletion in %s days", Integer.valueOf(encryptor.pendingDeletionWindowInDays())));
                            return null;
                        } catch (DoesNotExistException | UnexpectedStateException e) {
                            return null;
                        }
                    });
                    newFixedThreadPool.shutdown();
                    TimeUnit timeUnit = TimeUnit.MINUTES;
                    if (!newFixedThreadPool.awaitTermination(2, timeUnit)) {
                        throw new InterruptedException(String.format("Timeout of %d %s was reached when deleting resources for the group '%s'. This might have left the system in a dirty state.", 2, timeUnit.name(), secretsGroupIdentifier.name));
                    }
                    readWriteLock.readLock().unlock();
                } catch (Throwable th) {
                    readWriteLock.readLock().unlock();
                    throw th;
                }
            } catch (InterruptedException e) {
                throw new FailedToDeleteResourceException(String.format("Deletion of group '%s' was interrupted, this might have left the resources in a dirty state.", secretsGroupIdentifier.name), e);
            }
        }
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public void attachAdmin(SecretsGroupIdentifier secretsGroupIdentifier, Principal principal) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.writeLock().lock();
        try {
            this.policyManager.attachAdmin(secretsGroupIdentifier, principal);
            readWriteLock.writeLock().unlock();
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public void detachAdmin(SecretsGroupIdentifier secretsGroupIdentifier, Principal principal) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.writeLock().lock();
        try {
            this.policyManager.detachAdmin(secretsGroupIdentifier, principal);
            readWriteLock.writeLock().unlock();
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public void detachReadOnly(SecretsGroupIdentifier secretsGroupIdentifier, Principal principal) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.writeLock().lock();
        try {
            this.policyManager.detachReadOnly(secretsGroupIdentifier, principal);
            readWriteLock.writeLock().unlock();
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }

    @Override // com.schibsted.security.strongbox.sdk.SecretsGroupManager
    public void attachReadOnly(SecretsGroupIdentifier secretsGroupIdentifier, Principal principal) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.writeLock().lock();
        try {
            this.policyManager.attachReadOnly(secretsGroupIdentifier, principal);
            readWriteLock.writeLock().unlock();
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }

    private String getAccount() {
        return this.policyManager.getAccount();
    }

    public void backup(SecretsGroupIdentifier secretsGroupIdentifier, Store store, boolean z) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.writeLock().lock();
        try {
            Store currentStore = getCurrentStore(secretsGroupIdentifier, readWriteLock);
            if (store.exists()) {
                if (z) {
                    throw new AlreadyExistsException("The store to backup to already exists");
                }
                store.delete();
            }
            store.create();
            KVStream<RawSecretEntry> stream = currentStore.stream();
            Objects.requireNonNull(store);
            stream.forEach(store::create);
            store.close();
            readWriteLock.writeLock().unlock();
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }

    public void restore(SecretsGroupIdentifier secretsGroupIdentifier, Store store, boolean z) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.writeLock().lock();
        try {
            Store currentStore = getCurrentStore(secretsGroupIdentifier, readWriteLock);
            if (currentStore.exists()) {
                if (z) {
                    throw new AlreadyExistsException("The store to restore already exists");
                }
                currentStore.delete();
            }
            currentStore.create();
            KVStream<RawSecretEntry> stream = store.stream();
            Objects.requireNonNull(currentStore);
            stream.forEach(currentStore::create);
            currentStore.close();
            readWriteLock.writeLock().unlock();
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }

    public SecretsGroupInfo migrate(SecretsGroupIdentifier secretsGroupIdentifier, StorageReference storageReference) {
        ReadWriteLock readWriteLock = getReadWriteLock(secretsGroupIdentifier);
        readWriteLock.writeLock().lock();
        try {
            if (getCurrentStorageReference(secretsGroupIdentifier).equals(storageReference)) {
                throw new IllegalStateException("You cannot migrate to the same backend!");
            }
            Store currentStore = getCurrentStore(secretsGroupIdentifier, readWriteLock);
            Store createStore = createStore(secretsGroupIdentifier, storageReference, readWriteLock);
            try {
                KVStream<RawSecretEntry> stream = currentStore.stream();
                Objects.requireNonNull(createStore);
                stream.forEach(createStore::create);
                if (createStore != null) {
                    createStore.close();
                }
                if (storageReference instanceof FileReference) {
                    setLocalState(secretsGroupIdentifier, storageReference);
                } else {
                    removeLocalState(secretsGroupIdentifier, currentStore);
                }
                currentStore.delete();
                SecretsGroupInfo info = info(secretsGroupIdentifier);
                readWriteLock.writeLock().unlock();
                return info;
            } finally {
            }
        } catch (Throwable th) {
            readWriteLock.writeLock().unlock();
            throw th;
        }
    }
}
