Final refactor

Signed-off-by: Aleksandar Stanchev <aleksandar.stanchev@bosch.com>

Author: alstanchev

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/ConnectivityRootActor.java

@@ -22,6 +22,8 @@
 import org.apache.pekko.cluster.sharding.ClusterSharding;
 import org.apache.pekko.cluster.sharding.ClusterShardingSettings;
 import org.apache.pekko.event.DiagnosticLoggingAdapter;
+import org.apache.pekko.cluster.singleton.ClusterSingletonProxy;
+import org.apache.pekko.cluster.singleton.ClusterSingletonProxySettings;
 import org.apache.pekko.japi.pf.DeciderBuilder;
 import org.eclipse.ditto.base.service.RootChildActorStarter;
 import org.eclipse.ditto.base.service.actors.DittoRootActor;
@@ -117,8 +119,7 @@ private ConnectivityRootActor(final ConnectivityConfig connectivityConfig,
                 ConnectionPersistenceOperationsActor.props(pubSubMediator, connectivityConfig.getMongoDbConfig(),
                         config, connectivityConfig.getPersistenceOperationsConfig()));
 
-        startChildActor(EncryptionMigrationActor.ACTOR_NAME,
-                EncryptionMigrationActor.props(connectivityConfig));
+        startEncryptionMigrationSingleton(actorSystem, connectivityConfig);
 
         RootChildActorStarter.get(actorSystem, ScopedConfig.dittoExtension(config)).execute(getContext());
 
@@ -154,6 +155,20 @@ protected PartialFunction<Throwable, SupervisorStrategy.Directive> getSupervisio
         }).build().orElse(super.getSupervisionDecider());
     }
 
+    private void startEncryptionMigrationSingleton(final ActorSystem actorSystem,
+            final ConnectivityConfig connectivityConfig) {
+
+        final String managerName = EncryptionMigrationActor.ACTOR_NAME + "Singleton";
+        final ActorRef singletonManager = startClusterSingletonActor(
+                EncryptionMigrationActor.props(connectivityConfig), managerName);
+
+        final ClusterSingletonProxySettings proxySettings =
+                ClusterSingletonProxySettings.create(actorSystem).withRole(CLUSTER_ROLE);
+        final Props proxyProps = ClusterSingletonProxy.props(
+                singletonManager.path().toStringWithoutAddress(), proxySettings);
+        getContext().actorOf(proxyProps, EncryptionMigrationActor.ACTOR_NAME);
+    }
+
     private ActorRef startClusterSingletonActor(final Props props, final String name) {
         return ClusterUtil.startSingleton(getContext(), CLUSTER_ROLE, name, props);
     }

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/config/DefaultFieldsEncryptionConfig.java

@@ -59,6 +59,15 @@ private void validateConfiguration() {
                     "Missing 'symmetrical-key'. It is mandatory when encryption is enabled for connections!");
         }
 
+        if (migrationBatchSize <= 0) {
+            throw new DittoConfigError(
+                    "'migration.batch-size' must be greater than 0, was: " + migrationBatchSize);
+        }
+        if (migrationMaxDocumentsPerMinute < 0) {
+            throw new DittoConfigError(
+                    "'migration.max-documents-per-minute' must be >= 0, was: " + migrationMaxDocumentsPerMinute);
+        }
+
         // If both keys are set, they must be different
         if (hasSymmetricalKey && hasOldKey && symmetricalKey.equals(oldSymmetricalKey)) {
             throw new DittoConfigError(

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/config/FieldsEncryptionConfig.java

@@ -128,7 +128,7 @@ enum ConfigValue implements KnownConfigValue {
          * This throttles the migration stream to avoid overwhelming the database.
          * 0 means no throttling.
          */
-        MIGRATION_MAX_DOCUMENTS_PER_MINUTE("migration.max-documents-per-minute", 100);
+        MIGRATION_MAX_DOCUMENTS_PER_MINUTE("migration.max-documents-per-minute", 200);
 
         private final String configPath;
         private final Object defaultValue;

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/persistence/EncryptionMigrationActor.java

@@ -157,7 +157,7 @@ private static JsonObject createPatch(final JsonPointer pointer, final String ol
 
     private static String decryptValue(final String value, final String symmetricKey) {
         if (value.startsWith(ENCRYPTED_PREFIX)) {
-            final String striped = value.replace(ENCRYPTED_PREFIX, "");
+            final String striped = value.substring(ENCRYPTED_PREFIX.length());
             try {
                 return EncryptorAesGcm.decryptWithPrefixIV(striped, symmetricKey);
             } catch (final Exception e) {
@@ -177,7 +177,7 @@ private static String decryptValueWithFallback(final String value, final String
             return value;
         }
 
-        final String stripped = value.replace(ENCRYPTED_PREFIX, "");
+        final String stripped = value.substring(ENCRYPTED_PREFIX.length());
 
         // Try current key first
         try {
@@ -189,6 +189,7 @@ private static String decryptValueWithFallback(final String value, final String
                 try {
                     return EncryptorAesGcm.decryptWithPrefixIV(stripped, oldSymmetricKey.get());
                 } catch (final Exception oldKeyException) {
+                    oldKeyException.addSuppressed(currentKeyException);
                     throw ConnectionConfigurationInvalidException.newBuilder(
                             "Decryption of connection field failed with both current and old keys. " +
                                     "Verify that the configured encryption keys match the keys used to encrypt the data.")

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/persistence/JsonFieldsEncryptor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2026 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/persistence/MigrateConnectionEncryption.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2026 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/persistence/MigrateConnectionEncryptionAbort.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2026 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/persistence/MigrateConnectionEncryptionAbortResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2026 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.

connectivity/service/src/main/java/org/eclipse/ditto/connectivity/service/messaging/persistence/MigrateConnectionEncryptionResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Contributors to the Eclipse Foundation
+ * Copyright (c) 2026 Contributors to the Eclipse Foundation
  *
  * See the NOTICE file(s) distributed with this work for additional
  * information regarding copyright ownership.