package org.wso2.carbon.identity.keyrotation.service;

import java.util.ArrayList;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
import org.wso2.carbon.identity.keyrotation.config.model.KeyRotationConfig;
import org.wso2.carbon.identity.keyrotation.dao.BPSProfileDAO;
import org.wso2.carbon.identity.keyrotation.dao.DBConstants;
import org.wso2.carbon.identity.keyrotation.dao.IdentityDAO;
import org.wso2.carbon.identity.keyrotation.dao.OAuthDAO;
import org.wso2.carbon.identity.keyrotation.dao.RegistryDAO;
import org.wso2.carbon.identity.keyrotation.dao.WorkFlowDAO;
import org.wso2.carbon.identity.keyrotation.model.BPSPassword;
import org.wso2.carbon.identity.keyrotation.model.OAuthCode;
import org.wso2.carbon.identity.keyrotation.model.OAuthSecret;
import org.wso2.carbon.identity.keyrotation.model.OAuthToken;
import org.wso2.carbon.identity.keyrotation.model.RegistryProperty;
import org.wso2.carbon.identity.keyrotation.model.TOTPSecret;
import org.wso2.carbon.identity.keyrotation.util.EncryptionUtil;
import org.wso2.carbon.identity.keyrotation.util.KeyRotationConstants;
import org.wso2.carbon.identity.keyrotation.util.KeyRotationException;
import org.wso2.carbon.identity.workflow.mgt.bean.RequestParameter;
import org.wso2.carbon.identity.workflow.mgt.dto.WorkflowRequest;

/* loaded from: input_file:org/wso2/carbon/identity/keyrotation/service/DBKeyRotator.class */
public class DBKeyRotator {
    private static final Logger log = Logger.getLogger(DBKeyRotator.class);
    private static final DBKeyRotator instance = new DBKeyRotator();

    public static DBKeyRotator getInstance() {
        return instance;
    }

    public void dbReEncryptor(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.info("Started re-encrypting identity and registry DB data...");
        reEncryptIdentityTOTPData(keyRotationConfig);
        log.info("Successfully updated totp data records in IDN_IDENTITY_USER_DATA: " + IdentityDAO.updateCount);
        log.info("Failed totp data records in IDN_IDENTITY_USER_DATA: " + IdentityDAO.failedUpdateCount);
        reEncryptOauthAuthData(keyRotationConfig);
        log.info("Successfully updated OAuth2 authorization code data records in IDN_OAUTH2_AUTHORIZATION_CODE: " + OAuthDAO.updateCodeCount);
        log.info("Failed OAuth2 authorization code data records in IDN_OAUTH2_AUTHORIZATION_CODE: " + OAuthDAO.failedUpdateCodeCount);
        reEncryptOauthTokenData(keyRotationConfig);
        log.info("Successfully updated OAuth2 access and refresh tokens data records in IDN_OAUTH2_ACCESS_TOKEN: " + OAuthDAO.updateTokenCount);
        log.info("Failed OAuth2 access and refresh tokens data records in IDN_OAUTH2_ACCESS_TOKEN: " + OAuthDAO.failedUpdateTokenCount);
        reEncryptOauthConsumerData(keyRotationConfig);
        log.info("Successfully updated OAuth consumer secret data records in IDN_OAUTH_CONSUMER_APPS: " + OAuthDAO.updateSecretCount);
        log.info("Failed OAuth consumer secret data records in IDN_OAUTH_CONSUMER_APPS: " + OAuthDAO.failedUpdateSecretCount);
        reEncryptBPSData(keyRotationConfig);
        log.info("Successfully updated BPS profile data records in WF_BPS_PROFILE: " + BPSProfileDAO.updateCount);
        log.info("Failed BPS profile data records in WF_BPS_PROFILE: " + BPSProfileDAO.failedUpdateCount);
        reEncryptWFRequestData(keyRotationConfig);
        log.info("Successfully updated WF request data records in WF_REQUEST: " + WorkFlowDAO.updateCount);
        log.info("Failed WF request data records in WF_REQUEST: " + WorkFlowDAO.failedUpdateCount);
        reEncryptKeystorePasswordData(keyRotationConfig);
        log.info("Successfully updated keystore password property data records in REG_PROPERTY: " + RegistryDAO.updateCount);
        log.info("Failed keystore password property data records in REG_PROPERTY: " + RegistryDAO.failedUpdateCount);
        reEncryptKeystorePrivatekeyPassData(keyRotationConfig);
        log.info("Successfully updated keystore privatekeyPass property data records in REG_PROPERTY: " + RegistryDAO.updateCount);
        log.info("Failed keystore privatekeyPass property data records in REG_PROPERTY: " + RegistryDAO.failedUpdateCount);
        reEncryptSubscriberPasswordData(keyRotationConfig);
        log.info("Successfully updated subscriber password property data records in REG_PROPERTY: " + RegistryDAO.updateCount);
        log.info("Failed subscriber password property data records in REG_PROPERTY: " + RegistryDAO.failedUpdateCount);
        log.info("Finished re-encrypting identity and registry DB data completed...\n");
    }

    private void reEncryptIdentityTOTPData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the TOTP data...");
        int i = 0;
        List<TOTPSecret> tOTPSecretsChunks = IdentityDAO.getInstance().getTOTPSecretsChunks(0, keyRotationConfig);
        while (true) {
            List<TOTPSecret> list = tOTPSecretsChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the TOTP data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (TOTPSecret tOTPSecret : list) {
                if (!EncryptionUtil.checkPlainText(tOTPSecret.getDataValue())) {
                    log.debug("Encrypted value " + tOTPSecret.getDataValue());
                    tOTPSecret.setDataValue(EncryptionUtil.symmetricReEncryption(tOTPSecret.getDataValue(), keyRotationConfig));
                    log.debug("Re-encrypted value " + tOTPSecret.getDataValue());
                    arrayList.add(tOTPSecret);
                }
            }
            IdentityDAO.getInstance().updateTOTPSecretsChunks(arrayList, keyRotationConfig);
            i += keyRotationConfig.getChunkSize();
            tOTPSecretsChunks = IdentityDAO.getInstance().getTOTPSecretsChunks(i, keyRotationConfig);
        }
    }

    private void reEncryptOauthAuthData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the OAuth2 authorization code data...");
        int i = 0;
        List<OAuthCode> oAuthCodeChunks = OAuthDAO.getInstance().getOAuthCodeChunks(0, keyRotationConfig);
        while (true) {
            List<OAuthCode> list = oAuthCodeChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the OAuth2 authorization code data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (OAuthCode oAuthCode : list) {
                if (!EncryptionUtil.checkPlainText(oAuthCode.getAuthorizationCode())) {
                    log.debug("Encrypted value " + oAuthCode.getAuthorizationCode());
                    oAuthCode.setAuthorizationCode(EncryptionUtil.symmetricReEncryption(oAuthCode.getAuthorizationCode(), keyRotationConfig));
                    log.debug("Re-encrypted value " + oAuthCode.getAuthorizationCode());
                    arrayList.add(oAuthCode);
                }
            }
            OAuthDAO.getInstance().updateOAuthCodeChunks(arrayList, keyRotationConfig);
            i += keyRotationConfig.getChunkSize();
            oAuthCodeChunks = OAuthDAO.getInstance().getOAuthCodeChunks(i, keyRotationConfig);
        }
    }

    private void reEncryptOauthTokenData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the OAuth2 access and refresh token data...");
        int i = 0;
        List<OAuthToken> oAuthTokenChunks = OAuthDAO.getInstance().getOAuthTokenChunks(0, keyRotationConfig);
        while (true) {
            List<OAuthToken> list = oAuthTokenChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the OAuth2 access and refresh token data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (OAuthToken oAuthToken : list) {
                if (!EncryptionUtil.checkPlainText(oAuthToken.getAccessToken()) && !EncryptionUtil.checkPlainText(oAuthToken.getRefreshToken())) {
                    log.debug("Encrypted access token value " + oAuthToken.getAccessToken());
                    oAuthToken.setAccessToken(EncryptionUtil.symmetricReEncryption(oAuthToken.getAccessToken(), keyRotationConfig));
                    log.debug("Re-encrypted value " + oAuthToken.getAccessToken());
                    log.debug("Encrypted refresh token value " + oAuthToken.getRefreshToken());
                    oAuthToken.setRefreshToken(EncryptionUtil.symmetricReEncryption(oAuthToken.getRefreshToken(), keyRotationConfig));
                    log.debug("Re-encrypted value " + oAuthToken.getRefreshToken());
                    arrayList.add(oAuthToken);
                }
            }
            OAuthDAO.getInstance().updateOAuthTokenChunks(arrayList, keyRotationConfig);
            i += keyRotationConfig.getChunkSize();
            oAuthTokenChunks = OAuthDAO.getInstance().getOAuthTokenChunks(i, keyRotationConfig);
        }
    }

    private void reEncryptOauthConsumerData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the OAuth consumer secret data...");
        int i = 0;
        List<OAuthSecret> oAuthSecretChunks = OAuthDAO.getInstance().getOAuthSecretChunks(0, keyRotationConfig);
        while (true) {
            List<OAuthSecret> list = oAuthSecretChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the OAuth consumer secret data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (OAuthSecret oAuthSecret : list) {
                if (!EncryptionUtil.checkPlainText(oAuthSecret.getConsumerSecret())) {
                    log.debug("Encrypted value " + oAuthSecret.getConsumerSecret());
                    oAuthSecret.setConsumerSecret(EncryptionUtil.symmetricReEncryption(oAuthSecret.getConsumerSecret(), keyRotationConfig));
                    log.debug("Re-encrypted value " + oAuthSecret.getConsumerSecret());
                    arrayList.add(oAuthSecret);
                }
            }
            OAuthDAO.getInstance().updateOAuthSecretChunks(arrayList, keyRotationConfig);
            i += keyRotationConfig.getChunkSize();
            oAuthSecretChunks = OAuthDAO.getInstance().getOAuthSecretChunks(i, keyRotationConfig);
        }
    }

    private void reEncryptBPSData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the BPS profile data...");
        int i = 0;
        List<BPSPassword> bpsPasswordChunks = BPSProfileDAO.getInstance().getBpsPasswordChunks(0, keyRotationConfig);
        while (true) {
            List<BPSPassword> list = bpsPasswordChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the BPS profile data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (BPSPassword bPSPassword : list) {
                if (!EncryptionUtil.checkPlainText(bPSPassword.getPassword())) {
                    log.debug("Encrypted value " + bPSPassword.getPassword());
                    bPSPassword.setPassword(EncryptionUtil.symmetricReEncryption(bPSPassword.getPassword(), keyRotationConfig));
                    log.debug("Re-encrypted value " + bPSPassword.getPassword());
                    arrayList.add(bPSPassword);
                }
            }
            BPSProfileDAO.getInstance().updateBpsPasswordChunks(arrayList, keyRotationConfig);
            i += keyRotationConfig.getChunkSize();
            bpsPasswordChunks = BPSProfileDAO.getInstance().getBpsPasswordChunks(i, keyRotationConfig);
        }
    }

    private void reEncryptWFRequestData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the WF request data...");
        int i = 0;
        List<WorkflowRequest> wFRequestChunks = WorkFlowDAO.getInstance().getWFRequestChunks(0, keyRotationConfig);
        while (true) {
            List<WorkflowRequest> list = wFRequestChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the WF request data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (WorkflowRequest workflowRequest : list) {
                for (RequestParameter requestParameter : workflowRequest.getRequestParameters()) {
                    if (DBConstants.CREDENTIAL.equals(requestParameter.getName()) && !EncryptionUtil.checkPlainText(requestParameter.getValue().toString())) {
                        log.debug("Encrypted value " + requestParameter.getValue().toString());
                        requestParameter.setValue(EncryptionUtil.symmetricReEncryption(requestParameter.getValue().toString(), keyRotationConfig));
                        log.debug("Re-encrypted value " + requestParameter.getValue().toString());
                        arrayList.add(workflowRequest);
                    }
                }
            }
            WorkFlowDAO.getInstance().updateWFRequestChunks(arrayList, keyRotationConfig);
            i += keyRotationConfig.getChunkSize();
            wFRequestChunks = WorkFlowDAO.getInstance().getWFRequestChunks(i, keyRotationConfig);
        }
    }

    private void reEncryptKeystorePasswordData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the keystore password property data...");
        RegistryDAO.updateCount = 0;
        RegistryDAO.failedUpdateCount = 0;
        int i = 0;
        List<RegistryProperty> regPropertyDataChunks = RegistryDAO.getInstance().getRegPropertyDataChunks(0, keyRotationConfig, KeyRotationConstants.REGISTRY_PASSWORD);
        while (true) {
            List<RegistryProperty> list = regPropertyDataChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the keystore password property data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (RegistryProperty registryProperty : list) {
                if (!EncryptionUtil.checkPlainText(registryProperty.getRegValue())) {
                    log.debug("Encrypted value " + registryProperty.getRegValue());
                    registryProperty.setRegValue(EncryptionUtil.symmetricReEncryption(registryProperty.getRegValue(), keyRotationConfig));
                    log.debug("Re-encrypted value " + registryProperty.getRegValue());
                    arrayList.add(registryProperty);
                }
            }
            RegistryDAO.getInstance().updateRegPropertyDataChunks(arrayList, keyRotationConfig, KeyRotationConstants.REGISTRY_PASSWORD);
            i += keyRotationConfig.getChunkSize();
            regPropertyDataChunks = RegistryDAO.getInstance().getRegPropertyDataChunks(i, keyRotationConfig, KeyRotationConstants.REGISTRY_PASSWORD);
        }
    }

    private void reEncryptKeystorePrivatekeyPassData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the keystore privatekeyPass property data...");
        RegistryDAO.updateCount = 0;
        RegistryDAO.failedUpdateCount = 0;
        int i = 0;
        List<RegistryProperty> regPropertyDataChunks = RegistryDAO.getInstance().getRegPropertyDataChunks(0, keyRotationConfig, KeyRotationConstants.PRIVATE_KEY_PASS);
        while (true) {
            List<RegistryProperty> list = regPropertyDataChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the keystore privatekeyPass property data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (RegistryProperty registryProperty : list) {
                if (!EncryptionUtil.checkPlainText(registryProperty.getRegValue())) {
                    log.debug("Encrypted value " + registryProperty.getRegValue());
                    registryProperty.setRegValue(EncryptionUtil.symmetricReEncryption(registryProperty.getRegValue(), keyRotationConfig));
                    log.debug("Re-encrypted value " + registryProperty.getRegValue());
                    arrayList.add(registryProperty);
                }
            }
            RegistryDAO.getInstance().updateRegPropertyDataChunks(arrayList, keyRotationConfig, KeyRotationConstants.PRIVATE_KEY_PASS);
            i += keyRotationConfig.getChunkSize();
            regPropertyDataChunks = RegistryDAO.getInstance().getRegPropertyDataChunks(i, keyRotationConfig, KeyRotationConstants.PRIVATE_KEY_PASS);
        }
    }

    private void reEncryptSubscriberPasswordData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started re-encryption of the subscriber password property data...");
        RegistryDAO.updateCount = 0;
        RegistryDAO.failedUpdateCount = 0;
        int i = 0;
        List<RegistryProperty> regPropertyDataChunks = RegistryDAO.getInstance().getRegPropertyDataChunks(0, keyRotationConfig, KeyRotationConstants.SUBSCRIBER_PASSWORD);
        while (true) {
            List<RegistryProperty> list = regPropertyDataChunks;
            if (!CollectionUtils.isNotEmpty(list)) {
                log.debug("Finished re-encryption of the subscriber password property data...");
                return;
            }
            ArrayList arrayList = new ArrayList();
            for (RegistryProperty registryProperty : list) {
                if (!EncryptionUtil.checkPlainText(registryProperty.getRegValue())) {
                    log.debug("Encrypted value " + registryProperty.getRegValue());
                    registryProperty.setRegValue(EncryptionUtil.symmetricReEncryption(registryProperty.getRegValue(), keyRotationConfig));
                    log.debug("Re-encrypted value " + registryProperty.getRegValue());
                    arrayList.add(registryProperty);
                }
            }
            RegistryDAO.getInstance().updateRegPropertyDataChunks(arrayList, keyRotationConfig, KeyRotationConstants.SUBSCRIBER_PASSWORD);
            i += keyRotationConfig.getChunkSize();
            regPropertyDataChunks = RegistryDAO.getInstance().getRegPropertyDataChunks(i, keyRotationConfig, KeyRotationConstants.SUBSCRIBER_PASSWORD);
        }
    }
}
