package com.crypteron.cipherdb.hibernate;

import com.crypteron.ciphercore.config.CrypteronConfiguration;
import com.crypteron.ciphercore.config.MigrationPolicy;
import com.crypteron.ciphercore.crypto.EncryptorResult;
import com.crypteron.ciphercore.crypto.ObjectEncryptor;
import com.crypteron.ciphercore.errorhandling.CipherCoreException;
import com.crypteron.commons.CrypteronMessages;
import java.lang.reflect.Field;
import java.util.Collection;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicInteger;
import org.hibernate.cfg.Configuration;
import org.hibernate.engine.spi.EntityEntry;
import org.hibernate.engine.spi.SessionFactoryImplementor;
import org.hibernate.event.service.spi.EventListenerRegistry;
import org.hibernate.event.spi.AbstractEvent;
import org.hibernate.event.spi.AbstractPreDatabaseOperationEvent;
import org.hibernate.event.spi.EventType;
import org.hibernate.event.spi.PostLoadEvent;
import org.hibernate.event.spi.PostLoadEventListener;
import org.hibernate.event.spi.PreInsertEvent;
import org.hibernate.event.spi.PreInsertEventListener;
import org.hibernate.event.spi.PreUpdateEvent;
import org.hibernate.event.spi.PreUpdateEventListener;
import org.hibernate.integrator.spi.Integrator;
import org.hibernate.metamodel.source.MetadataImplementor;
import org.hibernate.persister.entity.EntityPersister;
import org.hibernate.service.spi.SessionFactoryServiceRegistry;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/crypteron/cipherdb/hibernate/CipherDbHibernate4Ext.class */
public class CipherDbHibernate4Ext implements Integrator, PostLoadEventListener, PreUpdateEventListener, PreInsertEventListener, CrypteronMessages {
    private static final long serialVersionUID = 675071188036589789L;
    private static final Logger LOG = LoggerFactory.getLogger(CipherDbHibernate4Ext.class);
    private transient Optional<ObjectEncryptor> encryptor = Optional.empty();
    private final AtomicInteger migrationCount = new AtomicInteger();
    private static final String PRODUCT_NAME = "CipherDB";

    public void integrate(Configuration configuration, SessionFactoryImplementor sessionFactoryImplementor, SessionFactoryServiceRegistry sessionFactoryServiceRegistry) {
        if (!CrypteronConfiguration.getAppSecret(configuration.getProperties()).isPresent()) {
            LOG.warn("starting insecure db session");
            return;
        }
        this.encryptor = Optional.of(new ObjectEncryptor(configuration.getProperties(), PRODUCT_NAME));
        EventListenerRegistry service = sessionFactoryServiceRegistry.getService(EventListenerRegistry.class);
        service.prependListeners(EventType.POST_LOAD, new PostLoadEventListener[]{this});
        service.prependListeners(EventType.PRE_UPDATE, new PreUpdateEventListener[]{this});
        service.prependListeners(EventType.PRE_INSERT, new PreInsertEventListener[]{this});
    }

    public void integrate(MetadataImplementor metadataImplementor, SessionFactoryImplementor sessionFactoryImplementor, SessionFactoryServiceRegistry sessionFactoryServiceRegistry) {
        throw new UnsupportedOperationException("Please report this use-case to Crypteron. Please contact support@crypteron.com");
    }

    public void disintegrate(SessionFactoryImplementor sessionFactoryImplementor, SessionFactoryServiceRegistry sessionFactoryServiceRegistry) {
        this.encryptor.ifPresent((v0) -> {
            v0.close();
        });
    }

    private void encryptEntity(Object obj) {
        this.encryptor.orElseThrow(() -> {
            return new CipherCoreException("Encryptor is missing. Please contact support@crypteron.com");
        }).encryptObject(obj);
    }

    private EncryptorResult<Object, Collection<EncryptorResult<Object, Object>>> decryptEntity(Object obj) {
        return this.encryptor.orElseThrow(() -> {
            return new CipherCoreException("Encryptor is missing. Please contact support@crypteron.com");
        }).decryptObject(obj);
    }

    private void resetDirty(Object obj, AbstractEvent abstractEvent) {
        EntityEntry entry = abstractEvent.getSession().getPersistenceContext().getEntry(obj);
        try {
            Object[] propertyValues = entry.getPersister().getPropertyValues(obj);
            Field declaredField = EntityEntry.class.getDeclaredField("loadedState");
            declaredField.setAccessible(true);
            declaredField.set(entry, propertyValues);
        } catch (IllegalAccessException | IllegalArgumentException | NoSuchFieldException | SecurityException e) {
            throw new CipherCoreException("error resetting dirty state", e);
        }
    }

    public void onPostLoad(PostLoadEvent postLoadEvent) {
        LOG.trace("onPostLoad: {}", postLoadEvent);
        if (decryptEntity(postLoadEvent.getEntity()).isReadMigrated() && CrypteronConfiguration.getMigrationPolicy() == MigrationPolicy.MigrateOnWrite && this.migrationCount.get() < CrypteronConfiguration.getMigrationLimit()) {
            this.migrationCount.incrementAndGet();
        } else {
            resetDirty(postLoadEvent.getEntity(), postLoadEvent);
        }
    }

    public boolean onPreInsert(PreInsertEvent preInsertEvent) {
        LOG.trace("onPreInsert: {}", preInsertEvent);
        return encryptOutgoingValues(preInsertEvent, preInsertEvent.getState());
    }

    public boolean onPreUpdate(PreUpdateEvent preUpdateEvent) {
        LOG.trace("onPreUpdate: {}", preUpdateEvent);
        return encryptOutgoingValues(preUpdateEvent, preUpdateEvent.getState());
    }

    private boolean encryptOutgoingValues(AbstractPreDatabaseOperationEvent abstractPreDatabaseOperationEvent, Object[] objArr) {
        Object entity = abstractPreDatabaseOperationEvent.getEntity();
        EntityPersister persister = abstractPreDatabaseOperationEvent.getPersister();
        encryptEntity(entity);
        Object[] propertyValues = persister.getPropertyValues(entity);
        System.arraycopy(propertyValues, 0, objArr, 0, propertyValues.length);
        decryptEntity(entity);
        resetDirty(entity, abstractPreDatabaseOperationEvent);
        return false;
    }
}
