package org.openmetadata.service.secrets;

import java.io.IOException;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.openmetadata.schema.ServiceConnectionEntityInterface;
import org.openmetadata.schema.ServiceEntityInterface;
import org.openmetadata.schema.entity.services.ingestionPipelines.IngestionPipeline;
import org.openmetadata.schema.entity.services.ingestionPipelines.PipelineType;
import org.openmetadata.schema.entity.teams.User;
import org.openmetadata.service.Entity;
import org.openmetadata.service.exception.SecretsManagerMigrationException;
import org.openmetadata.service.jdbi3.ChangeEventRepository;
import org.openmetadata.service.jdbi3.IngestionPipelineRepository;
import org.openmetadata.service.jdbi3.ListFilter;
import org.openmetadata.service.jdbi3.ServiceEntityRepository;
import org.openmetadata.service.jdbi3.UserRepository;
import org.openmetadata.service.resources.CollectionRegistry;
import org.openmetadata.service.resources.events.EventResource;
import org.openmetadata.service.resources.services.ServiceEntityResource;
import org.openmetadata.service.resources.services.ingestionpipelines.IngestionPipelineResource;
import org.openmetadata.service.resources.teams.UserResource;
import org.openmetadata.service.util.EntityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/openmetadata/service/secrets/SecretsManagerMigrationService.class */
public class SecretsManagerMigrationService {
    private static final Logger LOG = LoggerFactory.getLogger(SecretsManagerMigrationService.class);
    private final SecretsManager newSecretManager;
    private final SecretsManager oldSecretManager;
    private final Map<Class<? extends ServiceConnectionEntityInterface>, ServiceEntityRepository<?, ?>> connectionTypeRepositoriesMap = retrieveConnectionTypeRepositoriesMap();
    private final ChangeEventRepository changeEventRepository = retrieveChangeEventRepository();
    private final IngestionPipelineRepository ingestionPipelineRepository = retrieveIngestionPipelineRepository();
    private final UserRepository userRepository = retrieveUserRepository();

    public SecretsManagerMigrationService(SecretsManager secretsManager, String str) {
        this.newSecretManager = secretsManager;
        this.oldSecretManager = SecretsManagerFactory.createSecretsManager(null, str);
    }

    public void migrateServicesToSecretManagerIfNeeded() {
        if (this.newSecretManager.isLocal()) {
            LOG.info("Local secrets manager does not need to check if migration is needed.");
            return;
        }
        migrateServices();
        migrateIngestionPipelines();
        migrateBotUsersCredentials();
    }

    private void migrateBotUsersCredentials() {
        LOG.info(String.format("Checking if bot users credentials migration is needed for secrets manager: [%s]", this.newSecretManager.getSecretsManagerProvider().value()));
        List<User> retrieveNotStoredUsers = retrieveNotStoredUsers();
        if (retrieveNotStoredUsers.isEmpty()) {
            LOG.info(String.format("All bot users credentials are already safely stored in [%s] secrets manager", this.newSecretManager.getSecretsManagerProvider().value()));
        } else {
            retrieveNotStoredUsers.forEach(this::migrateBotUser);
            deleteChangeEventsFor(Entity.USER);
        }
    }

    private void migrateServices() {
        LOG.info(String.format("Checking if services migration is needed for secrets manager: [%s]", this.newSecretManager.getSecretsManagerProvider().value()));
        List<ServiceEntityInterface> retrieveNotStoredServices = retrieveNotStoredServices();
        if (retrieveNotStoredServices.isEmpty()) {
            LOG.info(String.format("All services are already safely stored in [%s] secrets manager", this.newSecretManager.getSecretsManagerProvider().value()));
        } else {
            retrieveNotStoredServices.forEach(this::migrateService);
            deleteChangeEventsForServices();
        }
    }

    private void migrateIngestionPipelines() {
        LOG.info(String.format("Checking if ingestion pipelines migration is needed for secrets manager: [%s]", this.newSecretManager.getSecretsManagerProvider().value()));
        List<IngestionPipeline> retrieveNotStoredIngestionPipelines = retrieveNotStoredIngestionPipelines();
        if (retrieveNotStoredIngestionPipelines.isEmpty()) {
            LOG.info(String.format("All ingestion pipelines are already safely stored in [%s] secrets manager", this.newSecretManager.getSecretsManagerProvider().value()));
        } else {
            retrieveNotStoredIngestionPipelines.forEach(this::migrateIngestionPipelines);
            deleteChangeEventsFor(Entity.INGESTION_PIPELINE);
        }
    }

    private void migrateService(ServiceEntityInterface serviceEntityInterface) {
        ServiceEntityRepository<?, ?> serviceEntityRepository = this.connectionTypeRepositoriesMap.get(serviceEntityInterface.getConnection().getClass());
        try {
            ServiceEntityInterface findEntityById = serviceEntityRepository.dao.findEntityById(serviceEntityInterface.getId());
            findEntityById.getConnection().setConfig(this.oldSecretManager.encryptOrDecryptServiceConnectionConfig(findEntityById.getConnection().getConfig(), findEntityById.getServiceType().value(), findEntityById.getName(), serviceEntityRepository.getServiceType(), false));
            findEntityById.getConnection().setConfig(this.newSecretManager.encryptOrDecryptServiceConnectionConfig(findEntityById.getConnection().getConfig(), findEntityById.getServiceType().value(), findEntityById.getName(), serviceEntityRepository.getServiceType(), true));
            Thread.sleep(100L);
            serviceEntityRepository.dao.update(findEntityById);
        } catch (IOException | InterruptedException e) {
            throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
        }
    }

    private List<ServiceEntityInterface> retrieveNotStoredServices() {
        return (List) this.connectionTypeRepositoriesMap.values().stream().map(this::retrieveServices).flatMap((v0) -> {
            return v0.stream();
        }).collect(Collectors.toList());
    }

    private List<ServiceEntityInterface> retrieveServices(ServiceEntityRepository<?, ?> serviceEntityRepository) {
        try {
            Stream stream = serviceEntityRepository.listAfter(null, EntityUtil.Fields.EMPTY_FIELDS, new ListFilter(), serviceEntityRepository.dao.listCount(new ListFilter()), null).getData().stream();
            Class<ServiceEntityInterface> cls = ServiceEntityInterface.class;
            Objects.requireNonNull(ServiceEntityInterface.class);
            return (List) stream.map((v1) -> {
                return r1.cast(v1);
            }).filter(serviceEntityInterface -> {
                return (Objects.isNull(serviceEntityInterface.getConnection()) || Objects.isNull(serviceEntityInterface.getConnection().getConfig())) ? false : true;
            }).collect(Collectors.toList());
        } catch (IOException e) {
            throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
        }
    }

    private void migrateIngestionPipelines(IngestionPipeline ingestionPipeline) {
        try {
            IngestionPipeline findEntityById = this.ingestionPipelineRepository.dao.findEntityById(ingestionPipeline.getId());
            if (hasSecurityConfig(ingestionPipeline)) {
                findEntityById.getOpenMetadataServerConnection().setSecurityConfig((Object) null);
            }
            if (hasDbtConfig(ingestionPipeline)) {
                this.oldSecretManager.encryptOrDecryptDbtConfigSource(ingestionPipeline, false);
                this.newSecretManager.encryptOrDecryptDbtConfigSource(ingestionPipeline, true);
            }
            this.ingestionPipelineRepository.dao.update(findEntityById);
        } catch (IOException e) {
            throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
        }
    }

    private List<IngestionPipeline> retrieveNotStoredIngestionPipelines() {
        try {
            return (List) this.ingestionPipelineRepository.listAfter(null, EntityUtil.Fields.EMPTY_FIELDS, new ListFilter(), this.ingestionPipelineRepository.dao.listCount(new ListFilter()), null).getData().stream().filter(ingestionPipeline -> {
                return hasSecurityConfig(ingestionPipeline) || hasDbtConfig(ingestionPipeline);
            }).collect(Collectors.toList());
        } catch (IOException e) {
            throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
        }
    }

    private void migrateBotUser(User user) {
        try {
            User findEntityById = this.userRepository.dao.findEntityById(user.getId());
            findEntityById.getAuthenticationMechanism().setConfig(this.newSecretManager.encryptOrDecryptBotUserCredentials(user.getName(), this.oldSecretManager.encryptOrDecryptBotUserCredentials(user.getName(), findEntityById.getAuthenticationMechanism().getConfig(), false), true));
            this.userRepository.dao.update(findEntityById);
        } catch (IOException e) {
            throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
        }
    }

    private List<User> retrieveNotStoredUsers() {
        try {
            return (List) this.userRepository.listAfter(null, new EntityUtil.Fields(List.of(UserResource.USER_PROTECTED_FIELDS)), new ListFilter(), this.userRepository.dao.listCount(new ListFilter()), null).getData().stream().filter(this::isBotWithCredentials).collect(Collectors.toList());
        } catch (IOException e) {
            throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
        }
    }

    private boolean isBotWithCredentials(User user) {
        return (!Boolean.TRUE.equals(user.getIsBot()) || user.getAuthenticationMechanism() == null || user.getAuthenticationMechanism().getConfig() == null) ? false : true;
    }

    private boolean hasSecurityConfig(IngestionPipeline ingestionPipeline) {
        return (Objects.isNull(ingestionPipeline.getOpenMetadataServerConnection()) || Objects.isNull(ingestionPipeline.getOpenMetadataServerConnection().getSecurityConfig())) ? false : true;
    }

    private boolean hasDbtConfig(IngestionPipeline ingestionPipeline) {
        return ingestionPipeline.getService().getType().equals(Entity.DATABASE_SERVICE) && ingestionPipeline.getPipelineType().equals(PipelineType.METADATA);
    }

    private void deleteChangeEventsForServices() {
        this.connectionTypeRepositoriesMap.values().stream().map((v0) -> {
            return v0.getServiceType();
        }).forEach(serviceType -> {
            try {
                deleteChangeEventsFor(Entity.class.getField(serviceType.value().toUpperCase(Locale.ROOT) + "_SERVICE").get(Entity.class).toString());
            } catch (IllegalAccessException | NoSuchFieldException e) {
                throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
            }
        });
    }

    private void deleteChangeEventsFor(String str) {
        this.changeEventRepository.deleteAll(str);
    }

    private Map<Class<? extends ServiceConnectionEntityInterface>, ServiceEntityRepository<?, ?>> retrieveConnectionTypeRepositoriesMap() {
        Map<Class<? extends ServiceConnectionEntityInterface>, ServiceEntityRepository<?, ?>> map = (Map) CollectionRegistry.getInstance().getCollectionMap().values().stream().map(this::retrieveServiceRepository).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toMap((v0) -> {
            return v0.getServiceConnectionClass();
        }, Function.identity()));
        if (map.isEmpty()) {
            throw new SecretsManagerMigrationException("Unexpected error: ServiceRepository not found.");
        }
        return map;
    }

    private ChangeEventRepository retrieveChangeEventRepository() {
        return (ChangeEventRepository) CollectionRegistry.getInstance().getCollectionMap().values().stream().map(collectionDetails -> {
            return retrieveResource(collectionDetails, EventResource.class);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map(optional -> {
            return ((EventResource) optional.get()).getDao();
        }).findFirst().orElseThrow(() -> {
            return new SecretsManagerMigrationException("Unexpected error: ChangeEventRepository not found.");
        });
    }

    private UserRepository retrieveUserRepository() {
        return (UserRepository) CollectionRegistry.getInstance().getCollectionMap().values().stream().map(collectionDetails -> {
            return retrieveResource(collectionDetails, UserResource.class);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map(optional -> {
            return ((UserResource) optional.get()).getUserRepository();
        }).findFirst().orElseThrow(() -> {
            return new SecretsManagerMigrationException("Unexpected error: IngestionPipelineRepository not found.");
        });
    }

    private IngestionPipelineRepository retrieveIngestionPipelineRepository() {
        return (IngestionPipelineRepository) CollectionRegistry.getInstance().getCollectionMap().values().stream().map(collectionDetails -> {
            return retrieveResource(collectionDetails, IngestionPipelineResource.class);
        }).filter((v0) -> {
            return v0.isPresent();
        }).map(optional -> {
            return ((IngestionPipelineResource) optional.get()).getIngestionPipelineRepository();
        }).findFirst().orElseThrow(() -> {
            return new SecretsManagerMigrationException("Unexpected error: IngestionPipelineRepository not found.");
        });
    }

    private <T> Optional<T> retrieveResource(CollectionRegistry.CollectionDetails collectionDetails, Class<T> cls) {
        return cls.equals(extractCollectionDetailsClass(collectionDetails)) ? Optional.of(cls.cast(collectionDetails.getResource())) : Optional.empty();
    }

    private Optional<ServiceEntityRepository<?, ?>> retrieveServiceRepository(CollectionRegistry.CollectionDetails collectionDetails) {
        return ServiceEntityResource.class.isAssignableFrom(extractCollectionDetailsClass(collectionDetails)) ? Optional.of(((ServiceEntityResource) collectionDetails.getResource()).getServiceEntityRepository()) : Optional.empty();
    }

    private Class<?> extractCollectionDetailsClass(CollectionRegistry.CollectionDetails collectionDetails) {
        try {
            return Class.forName(collectionDetails.getResourceClass());
        } catch (ClassNotFoundException e) {
            throw new SecretsManagerMigrationException(e.getMessage(), e.getCause());
        }
    }
}
