package oracle.kv.impl.rep;

import java.util.logging.Level;
import java.util.logging.Logger;
import oracle.kv.impl.api.TopologyManager;
import oracle.kv.impl.security.ExecutionContext;
import oracle.kv.impl.security.InvalidSignatureException;
import oracle.kv.impl.security.SignatureFaultException;
import oracle.kv.impl.security.SignatureHelper;
import oracle.kv.impl.security.SystemPrivilege;
import oracle.kv.impl.topo.Topology;
import oracle.kv.impl.util.server.LoggerUtils;

/* loaded from: input_file:oracle/kv/impl/rep/TopoSignatureManager.class */
public class TopoSignatureManager implements TopologyManager.PostUpdateListener, TopologyManager.PreUpdateListener {
    private final SignatureHelper<Topology> topoSignatureHelper;
    private final Logger logger;

    public TopoSignatureManager(SignatureHelper<Topology> signatureHelper, Logger logger) {
        this.topoSignatureHelper = signatureHelper;
        this.logger = logger;
    }

    @Override // oracle.kv.impl.api.TopologyManager.PreUpdateListener
    public void preUpdate(Topology topology) throws InvalidSignatureException {
        if (!isInternalUpdater() && this.topoSignatureHelper != null && !verifyTopology(topology)) {
            throw new InvalidSignatureException("Invalid signature for topology with seq# " + topology.getSequenceNumber());
        }
    }

    @Override // oracle.kv.impl.api.TopologyManager.PostUpdateListener
    public boolean postUpdate(Topology topology) {
        if (this.topoSignatureHelper == null || topology.getSignature() != null) {
            return false;
        }
        signTopology(topology);
        return false;
    }

    private boolean isInternalUpdater() {
        if (ExecutionContext.getCurrent() == null) {
            return true;
        }
        return ExecutionContext.getCurrentPrivileges().implies(SystemPrivilege.INTLOPER);
    }

    private void signTopology(Topology topology) {
        try {
            topology.updateSignature(this.topoSignatureHelper.sign(topology));
            this.logger.log(Level.INFO, "Updated signature for topology seq# {0}", Integer.valueOf(topology.getSequenceNumber()));
        } catch (SignatureFaultException e) {
            this.logger.log(Level.WARNING, "Failed to generate signature for topology of seq# {0} for {1}", new Object[]{Integer.valueOf(topology.getSequenceNumber()), e});
        }
    }

    private boolean verifyTopology(Topology topology) {
        byte[] signature = topology.getSignature();
        if (signature == null || signature.length == 0) {
            this.logger.log(LoggerUtils.SecurityLevel.SEC_WARNING, "Empty signature. Verification failed for topology seq# {0}", Integer.valueOf(topology.getSequenceNumber()));
            return false;
        }
        try {
            boolean verify = this.topoSignatureHelper.verify(topology, signature);
            Logger logger = this.logger;
            Level level = verify ? Level.INFO : LoggerUtils.SecurityLevel.SEC_WARNING;
            Object[] objArr = new Object[2];
            objArr[0] = verify ? "passed" : "failed";
            objArr[1] = Integer.valueOf(topology.getSequenceNumber());
            logger.log(level, "Signature verification {0} for topology with seq# {1}", objArr);
            return verify;
        } catch (SignatureFaultException e) {
            this.logger.log(Level.WARNING, "Problem verifying signature for topology with seq# {0}: {1}", new Object[]{Integer.valueOf(topology.getSequenceNumber()), e});
            return false;
        }
    }
}
