package org.wso2.carbon.identity.keyrotation.service;

import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
import org.wso2.carbon.identity.keyrotation.config.model.KeyRotationConfig;
import org.wso2.carbon.identity.keyrotation.dao.DBConstants;
import org.wso2.carbon.identity.keyrotation.dao.IdentityDAO;
import org.wso2.carbon.identity.keyrotation.dao.OAuthDAO;
import org.wso2.carbon.identity.keyrotation.model.TempOAuthCode;
import org.wso2.carbon.identity.keyrotation.model.TempOAuthScope;
import org.wso2.carbon.identity.keyrotation.model.TempOAuthToken;
import org.wso2.carbon.identity.keyrotation.model.TempTOTPSecret;
import org.wso2.carbon.identity.keyrotation.util.EncryptionUtil;
import org.wso2.carbon.identity.keyrotation.util.KeyRotationException;

/* loaded from: input_file:org/wso2/carbon/identity/keyrotation/service/SyncedDataKeyRotator.class */
public class SyncedDataKeyRotator {
    private static final Logger log = Logger.getLogger(SyncedDataKeyRotator.class);
    private static final SyncedDataKeyRotator instance = new SyncedDataKeyRotator();
    private static int totpIndex = 1;
    private static int codeIndex = 1;
    private static int tokenIndex = 1;
    private static int scopeIndex = 1;

    public static SyncedDataKeyRotator getInstance() {
        return instance;
    }

    public void syncedDataReEncryptor(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.info("Started re-encrypting synced data...");
        while (true) {
            try {
                transformTempIdentityTOTPData(keyRotationConfig);
                log.info("Successfully transformed totp data records in IDN_IDENTITY_USER_DATA_TEMP: " + IdentityDAO.insertCount);
                log.info("Transformation failed totp data records in IDN_IDENTITY_USER_DATA_TEMP: " + IdentityDAO.failedInsertCount);
                transformTempOauthCodeData(keyRotationConfig);
                log.info("Successfully transformed OAuth code data records in IDN_OAUTH2_AUTHORIZATION_CODE_TEMP: " + OAuthDAO.insertCodeCount);
                log.info("Transformation failed OAuth code data records in IDN_OAUTH2_AUTHORIZATION_CODE_TEMP: " + OAuthDAO.failedInsertCodeCount);
                transformTempOauthTokenData(keyRotationConfig);
                log.info("Successfully transformed OAuth token data records in IDN_OAUTH2_ACCESS_TOKEN_TEMP: " + OAuthDAO.insertTokenCount);
                log.info("Transformation failed OAuth token data records in IDN_OAUTH2_ACCESS_TOKEN_TEMP: " + OAuthDAO.failedInsertTokenCount);
                transformTempOauthScopeData(keyRotationConfig);
                log.info("Successfully transformed OAuth scope data records in IDN_OAUTH2_ACCESS_TOKEN_SCOPE_TEMP: " + OAuthDAO.insertScopeCount);
                log.info("Transformation failed OAuth scope data records in IDN_OAUTH2_ACCESS_TOKEN_SCOPE_TEMP: " + OAuthDAO.failedInsertScopeCount);
                log.debug("Sleeping...\n");
                TimeUnit.MILLISECONDS.sleep(1000L);
                log.debug("Awake...\n");
            } catch (InterruptedException e) {
                throw new KeyRotationException("Error while thread waiting, sleeping or being occupied.", e);
            }
        }
    }

    private void transformTempIdentityTOTPData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started transformation of the TOTP data...");
        List<TempTOTPSecret> tempTOTPSecrets = IdentityDAO.getInstance().getTempTOTPSecrets(totpIndex, keyRotationConfig);
        while (true) {
            List<TempTOTPSecret> list = tempTOTPSecrets;
            if (!CollectionUtils.isNotEmpty(list)) {
                return;
            }
            TempTOTPSecret tempTOTPSecret = list.get(0);
            log.debug("RECORD " + tempTOTPSecret.getSyncId());
            if (tempTOTPSecret.getSynced() == 0) {
                TempTOTPSecret tempTOTPSecret2 = IdentityDAO.getInstance().getTempTOTPLatest(tempTOTPSecret, keyRotationConfig).get(0);
                log.debug("latestRecord " + tempTOTPSecret2.getSyncId());
                List<TempTOTPSecret> tempTOTPPrevious = IdentityDAO.getInstance().getTempTOTPPrevious(tempTOTPSecret2, keyRotationConfig);
                for (TempTOTPSecret tempTOTPSecret3 : tempTOTPPrevious) {
                    tempTOTPSecret3.setSynced(1);
                    log.debug("previousSimilarRecords " + tempTOTPSecret3.getSyncId());
                }
                IdentityDAO.getInstance().updateTOTPPreviousSimilarRecords(tempTOTPPrevious, keyRotationConfig);
                if ((DBConstants.SECRET_KEY.equals(tempTOTPSecret2.getDataKey()) || DBConstants.VERIFIED_SECRET_KEY.equals(tempTOTPSecret2.getDataKey())) && tempTOTPSecret2.getAvailability() == 1 && !EncryptionUtil.checkPlainText(tempTOTPSecret2.getDataValue())) {
                    log.debug("SYNC_ID " + totpIndex + " " + tempTOTPSecret2.getSyncId());
                    log.debug("Encrypted value " + tempTOTPSecret2.getDataValue());
                    tempTOTPSecret2.setDataValue(EncryptionUtil.symmetricReEncryption(tempTOTPSecret2.getDataValue(), keyRotationConfig));
                    log.debug("Re-encrypted value " + tempTOTPSecret2.getDataValue());
                }
                if (tempTOTPSecret2.getAvailability() == 1) {
                    if (IdentityDAO.getInstance().updateTOTPSecret(tempTOTPSecret2, keyRotationConfig) == 0) {
                        IdentityDAO.getInstance().insertTOTPSecret(tempTOTPSecret2, keyRotationConfig);
                    }
                } else if (tempTOTPSecret2.getAvailability() == 0) {
                    IdentityDAO.getInstance().deleteTOTPSecret(tempTOTPSecret2, keyRotationConfig);
                }
            }
            totpIndex++;
            tempTOTPSecrets = IdentityDAO.getInstance().getTempTOTPSecrets(totpIndex, keyRotationConfig);
        }
    }

    private void transformTempOauthCodeData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started transformation of the OAuth2 authorization code data...");
        List<TempOAuthCode> tempOAuthCode = OAuthDAO.getInstance().getTempOAuthCode(codeIndex, keyRotationConfig);
        while (true) {
            List<TempOAuthCode> list = tempOAuthCode;
            if (!CollectionUtils.isNotEmpty(list)) {
                return;
            }
            TempOAuthCode tempOAuthCode2 = list.get(0);
            log.debug("RECORD " + tempOAuthCode2.getSyncId());
            if (tempOAuthCode2.getSynced() == 0) {
                TempOAuthCode tempOAuthCode3 = OAuthDAO.getInstance().getTempOAuthCodeLatest(tempOAuthCode2, keyRotationConfig).get(0);
                log.debug("latestRecord " + tempOAuthCode3.getSyncId());
                List<TempOAuthCode> tempOAuthCodePrevious = OAuthDAO.getInstance().getTempOAuthCodePrevious(tempOAuthCode3, keyRotationConfig);
                for (TempOAuthCode tempOAuthCode4 : tempOAuthCodePrevious) {
                    tempOAuthCode4.setSynced(1);
                    log.debug("previousSimilarRecords " + tempOAuthCode4.getSyncId());
                }
                OAuthDAO.getInstance().updateCodePreviousSimilarRecords(tempOAuthCodePrevious, keyRotationConfig);
                if (tempOAuthCode3.getAvailability() == 1 && !EncryptionUtil.checkPlainText(tempOAuthCode3.getAuthorizationCode())) {
                    log.debug("SYNC_ID " + codeIndex + " " + tempOAuthCode3.getSyncId());
                    log.debug("Encrypted value " + tempOAuthCode3.getAuthorizationCode());
                    tempOAuthCode3.setAuthorizationCode(EncryptionUtil.symmetricReEncryption(tempOAuthCode3.getAuthorizationCode(), keyRotationConfig));
                    log.debug("Re-encrypted value " + tempOAuthCode3.getAuthorizationCode());
                }
                if (tempOAuthCode3.getAvailability() == 1) {
                    if (OAuthDAO.getInstance().updateOAuthCode(tempOAuthCode3, keyRotationConfig) == 0) {
                        OAuthDAO.getInstance().insertOAuthCode(tempOAuthCode3, keyRotationConfig);
                    }
                } else if (tempOAuthCode3.getAvailability() == 0) {
                    OAuthDAO.getInstance().deleteOAuthCode(tempOAuthCode3, keyRotationConfig);
                }
            }
            codeIndex++;
            tempOAuthCode = OAuthDAO.getInstance().getTempOAuthCode(codeIndex, keyRotationConfig);
        }
    }

    private void transformTempOauthTokenData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started transformation of the OAuth2 access and refresh tokens data...");
        List<TempOAuthToken> tempOAuthToken = OAuthDAO.getInstance().getTempOAuthToken(tokenIndex, keyRotationConfig);
        while (true) {
            List<TempOAuthToken> list = tempOAuthToken;
            if (!CollectionUtils.isNotEmpty(list)) {
                return;
            }
            TempOAuthToken tempOAuthToken2 = list.get(0);
            log.debug("RECORD " + tempOAuthToken2.getSyncId());
            if (tempOAuthToken2.getSynced() == 0) {
                TempOAuthToken tempOAuthToken3 = OAuthDAO.getInstance().getTempOAuthTokenLatest(tempOAuthToken2, keyRotationConfig).get(0);
                log.debug("latestRecord " + tempOAuthToken3.getSyncId());
                List<TempOAuthToken> tempOAuthTokenPrevious = OAuthDAO.getInstance().getTempOAuthTokenPrevious(tempOAuthToken3, keyRotationConfig);
                for (TempOAuthToken tempOAuthToken4 : tempOAuthTokenPrevious) {
                    tempOAuthToken4.setSynced(1);
                    log.debug("previousSimilarRecords " + tempOAuthToken4.getSyncId());
                }
                OAuthDAO.getInstance().updateTokenPreviousSimilarRecords(tempOAuthTokenPrevious, keyRotationConfig);
                if (tempOAuthToken3.getAvailability() == 1 && !EncryptionUtil.checkPlainText(tempOAuthToken3.getAccessToken()) && !EncryptionUtil.checkPlainText(tempOAuthToken3.getRefreshToken())) {
                    log.debug("SYNC_ID " + tokenIndex + " " + tempOAuthToken3.getSyncId());
                    log.debug("Encrypted access token value " + tempOAuthToken3.getAccessToken());
                    tempOAuthToken3.setAccessToken(EncryptionUtil.symmetricReEncryption(tempOAuthToken3.getAccessToken(), keyRotationConfig));
                    log.debug("Re-encrypted value " + tempOAuthToken3.getAccessToken());
                    log.debug("Encrypted refresh token value " + tempOAuthToken3.getRefreshToken());
                    tempOAuthToken3.setRefreshToken(EncryptionUtil.symmetricReEncryption(tempOAuthToken3.getRefreshToken(), keyRotationConfig));
                    log.debug("Re-encrypted value " + tempOAuthToken3.getRefreshToken());
                }
                if (tempOAuthToken3.getAvailability() == 1) {
                    if (OAuthDAO.getInstance().updateOAuthToken(tempOAuthToken3, keyRotationConfig) == 0) {
                        OAuthDAO.getInstance().insertOAuthToken(tempOAuthToken3, keyRotationConfig);
                    }
                } else if (tempOAuthToken3.getAvailability() == 0) {
                    OAuthDAO.getInstance().deleteOAuthToken(tempOAuthToken3, keyRotationConfig);
                }
            }
            tokenIndex++;
            tempOAuthToken = OAuthDAO.getInstance().getTempOAuthToken(tokenIndex, keyRotationConfig);
        }
    }

    private void transformTempOauthScopeData(KeyRotationConfig keyRotationConfig) throws KeyRotationException {
        log.debug("Started transformation of the OAuth2 scope data...");
        List<TempOAuthScope> tempOAuthScope = OAuthDAO.getInstance().getTempOAuthScope(scopeIndex, keyRotationConfig);
        while (true) {
            List<TempOAuthScope> list = tempOAuthScope;
            if (!CollectionUtils.isNotEmpty(list)) {
                return;
            }
            TempOAuthScope tempOAuthScope2 = list.get(0);
            log.debug("RECORD " + tempOAuthScope2.getSyncId());
            if (tempOAuthScope2.getSynced() == 0) {
                TempOAuthScope tempOAuthScope3 = OAuthDAO.getInstance().getTempOAuthScopeLatest(tempOAuthScope2, keyRotationConfig).get(0);
                log.debug("latestRecord " + tempOAuthScope3.getSyncId());
                List<TempOAuthScope> tempOAuthScopePrevious = OAuthDAO.getInstance().getTempOAuthScopePrevious(tempOAuthScope3, keyRotationConfig);
                for (TempOAuthScope tempOAuthScope4 : tempOAuthScopePrevious) {
                    tempOAuthScope4.setSynced(1);
                    log.debug("previousSimilarRecords " + tempOAuthScope4.getSyncId());
                }
                OAuthDAO.getInstance().updateScopePreviousSimilarRecords(tempOAuthScopePrevious, keyRotationConfig);
                if (tempOAuthScope3.getAvailability() == 1) {
                    if (OAuthDAO.getInstance().updateOAuthScope(tempOAuthScope3, keyRotationConfig) == 0) {
                        OAuthDAO.getInstance().insertOAuthScope(tempOAuthScope3, keyRotationConfig);
                    }
                } else if (tempOAuthScope3.getAvailability() == 0) {
                    OAuthDAO.getInstance().deleteOAuthScope(tempOAuthScope3, keyRotationConfig);
                }
            }
            scopeIndex++;
            tempOAuthScope = OAuthDAO.getInstance().getTempOAuthScope(scopeIndex, keyRotationConfig);
        }
    }
}
