package org.wso2.carbon.kernel.internal.securevault;

import java.util.Dictionary;
import java.util.Optional;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.kernel.internal.DataHolder;
import org.wso2.carbon.kernel.securevault.MasterKeyReader;
import org.wso2.carbon.kernel.securevault.SecretRepository;
import org.wso2.carbon.kernel.securevault.SecureVault;
import org.wso2.carbon.kernel.securevault.config.model.SecureVaultConfiguration;
import org.wso2.carbon.kernel.securevault.exception.SecureVaultException;

@Component(name = "org.wso2.carbon.kernel.internal.securevault.SecureVaultComponent", immediate = true)
/* loaded from: input_file:org/wso2/carbon/kernel/internal/securevault/SecureVaultComponent.class */
public class SecureVaultComponent {
    private static final Logger logger = LoggerFactory.getLogger(SecureVaultComponent.class);
    private Optional<SecureVaultConfiguration> optSecureVaultConfiguration;
    private boolean initialized = false;
    private String secretRepositoryType;
    private String masterKeyReaderType;

    public SecureVaultComponent() {
        try {
            this.optSecureVaultConfiguration = Optional.of(SecureVaultConfigurationProvider.getConfiguration());
            this.optSecureVaultConfiguration.ifPresent(secureVaultConfiguration -> {
                this.secretRepositoryType = secureVaultConfiguration.getSecretRepositoryConfig().getType().orElse("");
                this.masterKeyReaderType = secureVaultConfiguration.getMasterKeyReaderConfig().getType().orElse("");
            });
        } catch (RuntimeException | SecureVaultException e) {
            this.optSecureVaultConfiguration = Optional.empty();
            logger.error("Error while acquiring secure vault configuration", e);
        }
    }

    @Activate
    public void activate() {
        logger.debug("Activating SecureVaultComponent");
    }

    @Deactivate
    public void deactivate() {
        logger.debug("Deactivating SecureVaultComponent");
    }

    @Reference(name = "secure.vault.secret.repository", service = SecretRepository.class, cardinality = ReferenceCardinality.AT_LEAST_ONE, policy = ReferencePolicy.DYNAMIC, unbind = "unRegisterSecretRepository")
    protected void registerSecretRepository(SecretRepository secretRepository) {
        if (secretRepository.getClass().getName().equals(this.secretRepositoryType)) {
            logger.debug("Registering secret repository : {}", this.secretRepositoryType);
            SecureVaultDataHolder.getInstance().setSecretRepository(secretRepository);
            initializeSecureVault();
        }
    }

    protected void unRegisterSecretRepository(SecretRepository secretRepository) {
        if (secretRepository.getClass().getName().equals(this.secretRepositoryType)) {
            logger.debug("Un-registering secret repository : {}", this.secretRepositoryType);
            SecureVaultDataHolder.getInstance().setSecretRepository(null);
        }
    }

    @Reference(name = "secure.vault.master.key.reader", service = MasterKeyReader.class, cardinality = ReferenceCardinality.AT_LEAST_ONE, policy = ReferencePolicy.DYNAMIC, unbind = "unregisterMasterKeyReader")
    protected void registerMasterKeyReader(MasterKeyReader masterKeyReader) {
        if (masterKeyReader.getClass().getName().equals(this.masterKeyReaderType)) {
            logger.debug("Registering secret repository : ", this.masterKeyReaderType);
            SecureVaultDataHolder.getInstance().setMasterKeyReader(masterKeyReader);
            initializeSecureVault();
        }
    }

    protected void unregisterMasterKeyReader(MasterKeyReader masterKeyReader) {
        if (masterKeyReader.getClass().getName().equals(this.masterKeyReaderType)) {
            logger.debug("Un-registering secret repository : ", this.masterKeyReaderType);
            SecureVaultDataHolder.getInstance().setMasterKeyReader(null);
        }
    }

    private void initializeSecureVault() {
        synchronized (this) {
            if (this.initialized) {
                logger.debug("Secure Vault Component is already initialized");
                return;
            }
            if (!SecureVaultDataHolder.getInstance().getSecretRepository().isPresent() || !SecureVaultDataHolder.getInstance().getMasterKeyReader().isPresent()) {
                logger.debug("Waiting for Secure Vault dependencies");
                return;
            }
            try {
                logger.debug("Initializing the secure vault with, SecretRepositoryType={}, MasterKeyReaderType={}", this.secretRepositoryType, this.masterKeyReaderType);
                SecureVaultConfiguration orElseThrow = this.optSecureVaultConfiguration.orElseThrow(() -> {
                    return new SecureVaultException("Cannot initialize secure vault without secure vault configurations");
                });
                MasterKeyReader orElseThrow2 = SecureVaultDataHolder.getInstance().getMasterKeyReader().orElseThrow(() -> {
                    return new SecureVaultException("Cannot initialise secure vault without master key reader");
                });
                SecretRepository orElseThrow3 = SecureVaultDataHolder.getInstance().getSecretRepository().orElseThrow(() -> {
                    return new SecureVaultException("Cannot initialise secure vault without secret repository");
                });
                orElseThrow2.init(orElseThrow.getMasterKeyReaderConfig());
                orElseThrow3.init(orElseThrow.getSecretRepositoryConfig(), orElseThrow2);
                orElseThrow3.loadSecrets(orElseThrow.getSecretRepositoryConfig());
                Optional.ofNullable(DataHolder.getInstance().getBundleContext()).ifPresent(bundleContext -> {
                    bundleContext.registerService(SecureVault.class, new SecureVaultImpl(), (Dictionary) null);
                });
                this.initialized = true;
            } catch (SecureVaultException e) {
                logger.error("Failed to initialize Secure Vault.", (Throwable) e);
            }
            logger.debug("Secure Vault initialized successfully");
        }
    }
}
