package org.wso2.carbon.is.migration.service.v550.migrator;

import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.apache.commons.io.Charsets;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.core.migrate.MigrationClientException;
import org.wso2.carbon.identity.oauth.tokenprocessor.HashingPersistenceProcessor;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.is.migration.service.Migrator;
import org.wso2.carbon.is.migration.service.v550.bean.AuthzCodeInfo;
import org.wso2.carbon.is.migration.service.v550.bean.ClientSecretInfo;
import org.wso2.carbon.is.migration.service.v550.bean.OauthTokenInfo;
import org.wso2.carbon.is.migration.service.v550.dao.AuthzCodeDAO;
import org.wso2.carbon.is.migration.service.v550.dao.OAuthDAO;
import org.wso2.carbon.is.migration.service.v550.dao.TokenDAO;
import org.wso2.carbon.is.migration.service.v550.util.OAuth2Util;
import org.wso2.carbon.is.migration.util.Constant;

/* loaded from: input_file:org/wso2/carbon/is/migration/service/v550/migrator/OAuthDataMigrator.class */
public class OAuthDataMigrator extends Migrator {
    private static final Logger log = LoggerFactory.getLogger(OAuthDataMigrator.class);
    boolean isTokenHashColumnsAvailable = false;
    boolean isAuthzCodeHashColumnAvailable = false;
    boolean isClientSecretHashColumnsAvailable = false;
    private static final String LIMIT = "batchSize";
    private static final int DEFAULT_CHUNK_SIZE = 10000;

    @Override // org.wso2.carbon.is.migration.service.Migrator
    public void migrate() throws MigrationClientException {
        Properties parameters = getMigratorConfig().getParameters();
        int i = DEFAULT_CHUNK_SIZE;
        if (parameters.containsKey(LIMIT)) {
            i = ((Integer) parameters.get(LIMIT)).intValue();
        }
        try {
            addHashColumns();
            deleteClientSecretHashColumn();
            migrateTokens(i);
            migrateAuthorizationCodes(i);
            migrateClientSecrets();
        } catch (SQLException e) {
            throw new MigrationClientException("Error while adding hash columns", e);
        }
    }

    @Override // org.wso2.carbon.is.migration.service.Migrator
    public void dryRun() throws MigrationClientException {
        log.info("Dry run capability not implemented in {} migrator.", getClass().getName());
    }

    public void addHashColumns() throws MigrationClientException, SQLException {
        Connection connection = getDataSource().getConnection();
        Throwable th = null;
        try {
            connection.setAutoCommit(false);
            this.isTokenHashColumnsAvailable = TokenDAO.getInstance().isTokenHashColumnsAvailable(connection);
            this.isAuthzCodeHashColumnAvailable = AuthzCodeDAO.getInstance().isAuthzCodeHashColumnAvailable(connection);
            connection.rollback();
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    connection.close();
                }
            }
            if (!this.isTokenHashColumnsAvailable) {
                Connection connection2 = getDataSource().getConnection();
                Throwable th3 = null;
                try {
                    connection2.setAutoCommit(false);
                    try {
                        TokenDAO.getInstance().addAccessTokenHashColumn(connection2);
                        TokenDAO.getInstance().addRefreshTokenHashColumn(connection2);
                        connection2.commit();
                    } catch (SQLException e) {
                        connection2.rollback();
                        throw new MigrationClientException("SQL error while adding hash columns", e);
                    }
                } finally {
                    if (connection2 != null) {
                        if (0 != 0) {
                            try {
                                connection2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            connection2.close();
                        }
                    }
                }
            }
            if (this.isAuthzCodeHashColumnAvailable) {
                return;
            }
            Connection connection3 = getDataSource().getConnection();
            Throwable th5 = null;
            try {
                connection3.setAutoCommit(false);
                try {
                    AuthzCodeDAO.getInstance().addAuthzCodeHashColumns(connection3);
                    connection3.commit();
                    if (connection3 != null) {
                        if (0 == 0) {
                            connection3.close();
                            return;
                        }
                        try {
                            connection3.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    }
                } catch (SQLException e2) {
                    connection3.rollback();
                    throw new MigrationClientException("SQL error while adding hash columns", e2);
                }
            } catch (Throwable th7) {
                if (connection3 != null) {
                    if (0 != 0) {
                        try {
                            connection3.close();
                        } catch (Throwable th8) {
                            th5.addSuppressed(th8);
                        }
                    } else {
                        connection3.close();
                    }
                }
                throw th7;
            }
        } catch (Throwable th9) {
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    connection.close();
                }
            }
            throw th9;
        }
    }

    public void deleteClientSecretHashColumn() throws MigrationClientException, SQLException {
        Connection connection = getDataSource().getConnection();
        Throwable th = null;
        try {
            connection.setAutoCommit(false);
            this.isClientSecretHashColumnsAvailable = OAuthDAO.getInstance().isConsumerSecretHashColumnAvailable(connection);
            connection.rollback();
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    connection.close();
                }
            }
            if (this.isClientSecretHashColumnsAvailable) {
                Connection connection2 = getDataSource().getConnection();
                Throwable th3 = null;
                try {
                    connection2.setAutoCommit(false);
                    try {
                        OAuthDAO.getInstance().deleteConsumerSecretHashColumn(connection2);
                        connection2.commit();
                        if (connection2 != null) {
                            if (0 == 0) {
                                connection2.close();
                                return;
                            }
                            try {
                                connection2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        }
                    } catch (SQLException e) {
                        connection2.rollback();
                        throw new MigrationClientException("SQL error while delete client secret hash columns", e);
                    }
                } catch (Throwable th5) {
                    if (connection2 != null) {
                        if (0 != 0) {
                            try {
                                connection2.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            connection2.close();
                        }
                    }
                    throw th5;
                }
            }
        } catch (Throwable th7) {
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    connection.close();
                }
            }
            throw th7;
        }
    }

    public void migrateTokens(int i) throws MigrationClientException, SQLException {
        int i2 = 0;
        log.info("{} Migration starting on OAuth2 access token table with offset {} and limit {}.", new Object[]{Constant.MIGRATION_LOG, 0, Integer.valueOf(i)});
        while (true) {
            Connection connection = getDataSource().getConnection();
            Throwable th = null;
            try {
                try {
                    connection.setAutoCommit(false);
                    List<OauthTokenInfo> allAccessTokensWithHash = TokenDAO.getInstance().getAllAccessTokensWithHash(connection, i2, i);
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connection.close();
                        }
                    }
                    if (allAccessTokensWithHash.isEmpty()) {
                        return;
                    }
                    try {
                        if (OAuth2Util.isEncryptionWithTransformationEnabled()) {
                            migrateOldEncryptedTokens(allAccessTokensWithHash);
                        }
                        if (!OAuth2Util.isTokenEncryptionEnabled()) {
                            migratePlainTextTokens(allAccessTokensWithHash);
                        }
                        i2 += allAccessTokensWithHash.size();
                        log.info("Access token migration completed for offset {} and limit {}.", Integer.valueOf(i2), Integer.valueOf(i));
                    } catch (IdentityOAuth2Exception e) {
                        throw new MigrationClientException(e.getMessage(), e);
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (connection != null) {
                    if (th != null) {
                        try {
                            connection.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        connection.close();
                    }
                }
                throw th3;
            }
        }
    }

    public void migrateOldEncryptedTokens(List<OauthTokenInfo> list) throws MigrationClientException, SQLException, IdentityOAuth2Exception {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 access token table with encrypted tokens.");
        List<OauthTokenInfo> transformFromOldToNewEncryption = transformFromOldToNewEncryption(list);
        Connection connection = getDataSource().getConnection();
        Throwable th = null;
        try {
            try {
                connection.setAutoCommit(false);
                TokenDAO.getInstance().updateNewEncryptedTokens(transformFromOldToNewEncryption, connection);
                if (connection != null) {
                    if (0 == 0) {
                        connection.close();
                        return;
                    }
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (connection != null) {
                if (th != null) {
                    try {
                        connection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    connection.close();
                }
            }
            throw th4;
        }
    }

    public void migratePlainTextTokens(List<OauthTokenInfo> list) throws IdentityOAuth2Exception, MigrationClientException, SQLException {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 access token table with plain text tokens.");
        try {
            List<OauthTokenInfo> generateTokenHashValues = generateTokenHashValues(list);
            Connection connection = getDataSource().getConnection();
            Throwable th = null;
            try {
                try {
                    connection.setAutoCommit(false);
                    TokenDAO.getInstance().updatePlainTextTokens(generateTokenHashValues, connection);
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connection.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IdentityOAuth2Exception e) {
            throw new IdentityOAuth2Exception("Error while migration plain text tokens", e);
        }
    }

    private List<OauthTokenInfo> transformFromOldToNewEncryption(List<OauthTokenInfo> list) throws MigrationClientException {
        ArrayList arrayList = new ArrayList();
        HashingPersistenceProcessor hashingPersistenceProcessor = new HashingPersistenceProcessor();
        for (OauthTokenInfo oauthTokenInfo : list) {
            String accessToken = oauthTokenInfo.getAccessToken();
            String refreshToken = oauthTokenInfo.getRefreshToken();
            OauthTokenInfo oauthTokenInfo2 = null;
            if (accessToken != null) {
                try {
                    boolean isBase64DecodeAndIsSelfContainedCipherText = isBase64DecodeAndIsSelfContainedCipherText(accessToken);
                    if (!isBase64DecodeAndIsSelfContainedCipherText) {
                        byte[] base64DecodeAndDecrypt = CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(accessToken, "RSA");
                        String encryptAndBase64Encode = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(base64DecodeAndDecrypt);
                        String processedAccessTokenIdentifier = hashingPersistenceProcessor.getProcessedAccessTokenIdentifier(new String(base64DecodeAndDecrypt, Charsets.UTF_8));
                        oauthTokenInfo2 = new OauthTokenInfo(oauthTokenInfo);
                        oauthTokenInfo2.setAccessToken(encryptAndBase64Encode);
                        oauthTokenInfo2.setAccessTokenHash(processedAccessTokenIdentifier);
                    }
                    if (isBase64DecodeAndIsSelfContainedCipherText && StringUtils.isBlank(oauthTokenInfo.getAccessTokenHash())) {
                        String processedAccessTokenIdentifier2 = hashingPersistenceProcessor.getProcessedAccessTokenIdentifier(new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(accessToken), Charsets.UTF_8));
                        oauthTokenInfo2 = new OauthTokenInfo(oauthTokenInfo);
                        oauthTokenInfo2.setAccessTokenHash(processedAccessTokenIdentifier2);
                    }
                } catch (CryptoException | IdentityOAuth2Exception e) {
                    if (!isContinueOnError()) {
                        throw new MigrationClientException("Error when migrating the access token with token id: " + oauthTokenInfo.getTokenId(), e);
                    }
                    log.error("Error when migrating the access token with token id: " + oauthTokenInfo.getTokenId(), e);
                }
            } else {
                log.debug("Access token is null for token id: " + oauthTokenInfo.getTokenId());
            }
            if (refreshToken != null) {
                try {
                    boolean isBase64DecodeAndIsSelfContainedCipherText2 = isBase64DecodeAndIsSelfContainedCipherText(refreshToken);
                    if (!isBase64DecodeAndIsSelfContainedCipherText2) {
                        byte[] base64DecodeAndDecrypt2 = CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(refreshToken, "RSA");
                        String encryptAndBase64Encode2 = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(base64DecodeAndDecrypt2);
                        String processedAccessTokenIdentifier3 = hashingPersistenceProcessor.getProcessedAccessTokenIdentifier(new String(base64DecodeAndDecrypt2, Charsets.UTF_8));
                        if (oauthTokenInfo2 == null) {
                            oauthTokenInfo2 = new OauthTokenInfo(oauthTokenInfo);
                        }
                        oauthTokenInfo2.setRefreshToken(encryptAndBase64Encode2);
                        oauthTokenInfo2.setRefreshTokenHash(processedAccessTokenIdentifier3);
                    }
                    if (isBase64DecodeAndIsSelfContainedCipherText2 && StringUtils.isBlank(oauthTokenInfo.getRefreshTokenHash())) {
                        String processedAccessTokenIdentifier4 = hashingPersistenceProcessor.getProcessedAccessTokenIdentifier(new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(refreshToken), Charsets.UTF_8));
                        if (oauthTokenInfo2 == null) {
                            oauthTokenInfo2 = new OauthTokenInfo(oauthTokenInfo);
                            oauthTokenInfo2.setRefreshTokenHash(processedAccessTokenIdentifier4);
                        }
                    }
                } catch (CryptoException | IdentityOAuth2Exception e2) {
                    if (!isContinueOnError()) {
                        throw new MigrationClientException("Error when migrating the refresh token with token id: " + oauthTokenInfo.getTokenId(), e2);
                    }
                    log.error("Error when migrating the refresh token with token id: " + oauthTokenInfo.getTokenId(), e2);
                }
            } else {
                log.debug("Refresh token is null for token id: " + oauthTokenInfo.getTokenId());
            }
            if (oauthTokenInfo2 != null) {
                arrayList.add(oauthTokenInfo2);
            }
        }
        return arrayList;
    }

    private boolean isBase64DecodeAndIsSelfContainedCipherText(String str) throws CryptoException {
        return CryptoUtil.getDefaultCryptoUtil().base64DecodeAndIsSelfContainedCipherText(str);
    }

    private List<OauthTokenInfo> generateTokenHashValues(List<OauthTokenInfo> list) throws IdentityOAuth2Exception {
        ArrayList arrayList = new ArrayList();
        for (OauthTokenInfo oauthTokenInfo : list) {
            if (StringUtils.isBlank(oauthTokenInfo.getAccessTokenHash())) {
                String accessToken = oauthTokenInfo.getAccessToken();
                String refreshToken = oauthTokenInfo.getRefreshToken();
                HashingPersistenceProcessor hashingPersistenceProcessor = new HashingPersistenceProcessor();
                String processedAccessTokenIdentifier = hashingPersistenceProcessor.getProcessedAccessTokenIdentifier(accessToken);
                String processedRefreshToken = refreshToken != null ? hashingPersistenceProcessor.getProcessedRefreshToken(refreshToken) : null;
                OauthTokenInfo oauthTokenInfo2 = new OauthTokenInfo(accessToken, refreshToken, oauthTokenInfo.getTokenId());
                oauthTokenInfo2.setAccessTokenHash(processedAccessTokenIdentifier);
                oauthTokenInfo2.setRefreshTokenHash(processedRefreshToken);
                arrayList.add(oauthTokenInfo2);
            }
        }
        return arrayList;
    }

    public void migrateAuthorizationCodes(int i) throws MigrationClientException, SQLException {
        int i2 = 0;
        log.info("{} Migration starting on OAuth2 authorization code table with offset {} and limit {}.", new Object[]{Constant.MIGRATION_LOG, 0, Integer.valueOf(i)});
        while (true) {
            Connection connection = getDataSource().getConnection();
            Throwable th = null;
            try {
                try {
                    connection.setAutoCommit(false);
                    List<AuthzCodeInfo> allAuthzCodesWithHashes = AuthzCodeDAO.getInstance().getAllAuthzCodesWithHashes(connection, i2, i);
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connection.close();
                        }
                    }
                    if (allAuthzCodesWithHashes.isEmpty()) {
                        return;
                    }
                    try {
                        if (OAuth2Util.isEncryptionWithTransformationEnabled()) {
                            migrateOldEncryptedAuthzCodes(allAuthzCodesWithHashes);
                        }
                        if (!OAuth2Util.isTokenEncryptionEnabled()) {
                            migratePlainTextAuthzCodes(allAuthzCodesWithHashes);
                        }
                        i2 += allAuthzCodesWithHashes.size();
                        log.info("Authorization code migration completed with offset {} and limit {}", Integer.valueOf(i2), Integer.valueOf(i));
                    } catch (IdentityOAuth2Exception e) {
                        throw new MigrationClientException("Error while checking configurations for encryption with transformation is enabled. ", e);
                    } catch (SQLException e2) {
                        throw new MigrationClientException("Error while getting datasource connection. ", e2);
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (connection != null) {
                    if (th != null) {
                        try {
                            connection.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        connection.close();
                    }
                }
                throw th3;
            }
        }
    }

    public void migrateOldEncryptedAuthzCodes(List<AuthzCodeInfo> list) throws MigrationClientException, SQLException {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 authorization table with encrypted authorization codes.");
        try {
            List<AuthzCodeInfo> transformAuthzCodeFromOldToNewEncryption = transformAuthzCodeFromOldToNewEncryption(list);
            Connection connection = getDataSource().getConnection();
            Throwable th = null;
            try {
                try {
                    connection.setAutoCommit(false);
                    AuthzCodeDAO.getInstance().updateNewEncryptedAuthzCodes(transformAuthzCodeFromOldToNewEncryption, connection);
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connection.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (CryptoException e) {
            throw new MigrationClientException("Error while encrypting in new encryption algorithm.", e);
        } catch (IdentityOAuth2Exception e2) {
            throw new MigrationClientException("Error while migrating old encrypted authz codes.", e2);
        }
    }

    public void migratePlainTextAuthzCodes(List<AuthzCodeInfo> list) throws MigrationClientException, SQLException {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 authorization code table with plain text codes.");
        try {
            List<AuthzCodeInfo> generateAuthzCodeHashValues = generateAuthzCodeHashValues(list);
            Connection connection = getDataSource().getConnection();
            Throwable th = null;
            try {
                try {
                    connection.setAutoCommit(false);
                    AuthzCodeDAO.getInstance().updatePlainTextAuthzCodes(generateAuthzCodeHashValues, connection);
                    if (connection != null) {
                        if (0 != 0) {
                            try {
                                connection.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connection.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IdentityOAuth2Exception e) {
            throw new MigrationClientException("Error while migration plain text authorization codes.", e);
        }
    }

    private List<AuthzCodeInfo> transformAuthzCodeFromOldToNewEncryption(List<AuthzCodeInfo> list) throws CryptoException, IdentityOAuth2Exception {
        ArrayList arrayList = new ArrayList();
        for (AuthzCodeInfo authzCodeInfo : list) {
            if (!isBase64DecodeAndIsSelfContainedCipherText(authzCodeInfo.getAuthorizationCode())) {
                byte[] base64DecodeAndDecrypt = CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(authzCodeInfo.getAuthorizationCode(), "RSA");
                String encryptAndBase64Encode = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(base64DecodeAndDecrypt);
                String processedAuthzCode = new HashingPersistenceProcessor().getProcessedAuthzCode(new String(base64DecodeAndDecrypt, Charsets.UTF_8));
                AuthzCodeInfo authzCodeInfo2 = new AuthzCodeInfo(encryptAndBase64Encode, authzCodeInfo.getCodeId());
                authzCodeInfo2.setAuthorizationCodeHash(processedAuthzCode);
                arrayList.add(authzCodeInfo2);
            } else if (isBase64DecodeAndIsSelfContainedCipherText(authzCodeInfo.getAuthorizationCode()) && StringUtils.isBlank(authzCodeInfo.getAuthorizationCodeHash())) {
                String processedAuthzCode2 = new HashingPersistenceProcessor().getProcessedAuthzCode(new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(authzCodeInfo.getAuthorizationCode()), Charsets.UTF_8));
                AuthzCodeInfo authzCodeInfo3 = new AuthzCodeInfo(authzCodeInfo.getAuthorizationCode(), authzCodeInfo.getCodeId());
                authzCodeInfo3.setAuthorizationCodeHash(processedAuthzCode2);
                arrayList.add(authzCodeInfo3);
            }
        }
        return arrayList;
    }

    private List<AuthzCodeInfo> generateAuthzCodeHashValues(List<AuthzCodeInfo> list) throws IdentityOAuth2Exception {
        ArrayList arrayList = new ArrayList();
        for (AuthzCodeInfo authzCodeInfo : list) {
            if (StringUtils.isBlank(authzCodeInfo.getAuthorizationCodeHash())) {
                String authorizationCode = authzCodeInfo.getAuthorizationCode();
                String processedAuthzCode = new HashingPersistenceProcessor().getProcessedAuthzCode(authorizationCode);
                AuthzCodeInfo authzCodeInfo2 = new AuthzCodeInfo(authorizationCode, authzCodeInfo.getCodeId());
                authzCodeInfo2.setAuthorizationCodeHash(processedAuthzCode);
                arrayList.add(authzCodeInfo2);
            }
        }
        return arrayList;
    }

    /* JADX WARN: Finally extract failed */
    public void migrateClientSecrets() throws MigrationClientException {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 consumer apps table.");
        try {
            Connection connection = getDataSource().getConnection();
            Throwable th = null;
            try {
                connection.setAutoCommit(false);
                if (OAuth2Util.isEncryptionWithTransformationEnabled()) {
                    OAuthDAO.getInstance().updateNewClientSecrets(transformClientSecretFromOldToNewEncryption(OAuthDAO.getInstance().getAllClientSecrets(connection)), connection);
                }
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        connection.close();
                    }
                }
            } catch (Throwable th3) {
                if (connection != null) {
                    if (0 != 0) {
                        try {
                            connection.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        connection.close();
                    }
                }
                throw th3;
            }
        } catch (SQLException e) {
            throw new MigrationClientException("Error while retrieving and updating client secrets. ", e);
        } catch (IdentityOAuth2Exception e2) {
            throw new MigrationClientException("Error while checking encryption with transformation is enabled. ", e2);
        }
    }

    private List<ClientSecretInfo> transformClientSecretFromOldToNewEncryption(List<ClientSecretInfo> list) throws MigrationClientException {
        ArrayList arrayList = new ArrayList();
        for (ClientSecretInfo clientSecretInfo : list) {
            try {
                if (!CryptoUtil.getDefaultCryptoUtil().base64DecodeAndIsSelfContainedCipherText(clientSecretInfo.getClientSecret())) {
                    arrayList.add(new ClientSecretInfo(CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(clientSecretInfo.getClientSecret(), "RSA")), clientSecretInfo.getId()));
                }
            } catch (CryptoException e) {
                if (!isContinueOnError()) {
                    throw new MigrationClientException("Error when migrating the secret for client with app ID: " + clientSecretInfo.getId(), e);
                }
                log.error("Error when migrating the secret for client with app ID: " + clientSecretInfo.getId(), e);
            }
        }
        return arrayList;
    }
}
