package org.wso2.carbon.is.migration.service.v550.migrator;

import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.io.Charsets;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.CryptoException;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.core.migrate.MigrationClientException;
import org.wso2.carbon.identity.oauth.tokenprocessor.HashingPersistenceProcessor;
import org.wso2.carbon.identity.oauth2.IdentityOAuth2Exception;
import org.wso2.carbon.is.migration.service.Migrator;
import org.wso2.carbon.is.migration.service.v550.bean.AuthzCodeInfo;
import org.wso2.carbon.is.migration.service.v550.bean.ClientSecretInfo;
import org.wso2.carbon.is.migration.service.v550.bean.OauthTokenInfo;
import org.wso2.carbon.is.migration.service.v550.dao.AuthzCodeDAO;
import org.wso2.carbon.is.migration.service.v550.dao.OAuthDAO;
import org.wso2.carbon.is.migration.service.v550.dao.TokenDAO;
import org.wso2.carbon.is.migration.service.v550.util.OAuth2Util;

/* loaded from: input_file:org/wso2/carbon/is/migration/service/v550/migrator/OAuthDataMigrator.class */
public class OAuthDataMigrator extends Migrator {
    private static final Log log = LogFactory.getLog(OAuthDataMigrator.class);
    boolean isTokenHashColumnsAvailable = false;
    boolean isAuthzCodeHashColumnAvailable = false;
    boolean isClientSecretHashColumnsAvailable = false;

    @Override // org.wso2.carbon.is.migration.service.Migrator
    public void migrate() throws MigrationClientException {
        try {
            addHashColumns();
            deleteClientSecretHashColumn();
            migrateOldEncryptedTokens();
            migrateAuthorizationCodes();
            migrateClientSecrets();
        } catch (SQLException e) {
            throw new MigrationClientException("Error while adding hash columns", e);
        }
    }

    public void addHashColumns() throws MigrationClientException, SQLException {
        Connection connection = getDataSource().getConnection();
        Throwable th = null;
        try {
            this.isTokenHashColumnsAvailable = TokenDAO.getInstance().isTokenHashColumnsAvailable(connection);
            this.isAuthzCodeHashColumnAvailable = AuthzCodeDAO.getInstance().isAuthzCodeHashColumnAvailable(connection);
            connection.commit();
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    connection.close();
                }
            }
            if (!this.isTokenHashColumnsAvailable) {
                Connection connection2 = getDataSource().getConnection();
                Throwable th3 = null;
                try {
                    TokenDAO.getInstance().addAccessTokenHashColumn(connection2);
                    TokenDAO.getInstance().addRefreshTokenHashColumn(connection2);
                    connection2.commit();
                    if (connection2 != null) {
                        if (0 != 0) {
                            try {
                                connection2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            connection2.close();
                        }
                    }
                } catch (Throwable th5) {
                    if (connection2 != null) {
                        if (0 != 0) {
                            try {
                                connection2.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            connection2.close();
                        }
                    }
                    throw th5;
                }
            }
            if (this.isAuthzCodeHashColumnAvailable) {
                return;
            }
            Connection connection3 = getDataSource().getConnection();
            Throwable th7 = null;
            try {
                AuthzCodeDAO.getInstance().addAuthzCodeHashColumns(connection3);
                connection3.commit();
                if (connection3 != null) {
                    if (0 == 0) {
                        connection3.close();
                        return;
                    }
                    try {
                        connection3.close();
                    } catch (Throwable th8) {
                        th7.addSuppressed(th8);
                    }
                }
            } catch (Throwable th9) {
                if (connection3 != null) {
                    if (0 != 0) {
                        try {
                            connection3.close();
                        } catch (Throwable th10) {
                            th7.addSuppressed(th10);
                        }
                    } else {
                        connection3.close();
                    }
                }
                throw th9;
            }
        } catch (Throwable th11) {
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th12) {
                        th.addSuppressed(th12);
                    }
                } else {
                    connection.close();
                }
            }
            throw th11;
        }
    }

    public void deleteClientSecretHashColumn() throws MigrationClientException, SQLException {
        Connection connection = getDataSource().getConnection();
        Throwable th = null;
        try {
            this.isClientSecretHashColumnsAvailable = OAuthDAO.getInstance().isConsumerSecretHashColumnAvailable(connection);
            connection.commit();
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    connection.close();
                }
            }
            if (this.isClientSecretHashColumnsAvailable) {
                Connection connection2 = getDataSource().getConnection();
                Throwable th3 = null;
                try {
                    OAuthDAO.getInstance().deleteConsumerSecretHashColumn(connection2);
                    connection2.commit();
                    if (connection2 != null) {
                        if (0 == 0) {
                            connection2.close();
                            return;
                        }
                        try {
                            connection2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    if (connection2 != null) {
                        if (0 != 0) {
                            try {
                                connection2.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            connection2.close();
                        }
                    }
                    throw th5;
                }
            }
        } catch (Throwable th7) {
            if (connection != null) {
                if (0 != 0) {
                    try {
                        connection.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    connection.close();
                }
            }
            throw th7;
        }
    }

    public void migrateOldEncryptedTokens() throws MigrationClientException, SQLException {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 access token table.");
        try {
            if (!this.isTokenHashColumnsAvailable && OAuth2Util.isEncryptionWithTransformationEnabled()) {
                Connection connection = getDataSource().getConnection();
                Throwable th = null;
                try {
                    try {
                        List<OauthTokenInfo> allAccessTokens = TokenDAO.getInstance().getAllAccessTokens(connection);
                        if (connection != null) {
                            if (0 != 0) {
                                try {
                                    connection.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                connection.close();
                            }
                        }
                        List<OauthTokenInfo> transformFromOldToNewEncryption = transformFromOldToNewEncryption(allAccessTokens);
                        connection = getDataSource().getConnection();
                        Throwable th3 = null;
                        try {
                            try {
                                TokenDAO.getInstance().updateNewTokens(transformFromOldToNewEncryption, connection);
                                if (connection != null) {
                                    if (0 != 0) {
                                        try {
                                            connection.close();
                                        } catch (Throwable th4) {
                                            th3.addSuppressed(th4);
                                        }
                                    } else {
                                        connection.close();
                                    }
                                }
                            } catch (Throwable th5) {
                                th3 = th5;
                                throw th5;
                            }
                        } finally {
                        }
                    } catch (Throwable th6) {
                        th = th6;
                        throw th6;
                    }
                } finally {
                }
            }
        } catch (CryptoException e) {
            e.printStackTrace();
        } catch (IdentityOAuth2Exception e2) {
            e2.printStackTrace();
        }
    }

    private List<OauthTokenInfo> transformFromOldToNewEncryption(List<OauthTokenInfo> list) throws CryptoException {
        ArrayList arrayList = new ArrayList();
        for (OauthTokenInfo oauthTokenInfo : list) {
            if (!CryptoUtil.getDefaultCryptoUtil().base64DecodeAndIsSelfContainedCipherText(oauthTokenInfo.getAccessToken())) {
                byte[] base64DecodeAndDecrypt = CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(oauthTokenInfo.getAccessToken(), "RSA");
                String encryptAndBase64Encode = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(base64DecodeAndDecrypt);
                byte[] base64DecodeAndDecrypt2 = CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(oauthTokenInfo.getRefreshToken(), "RSA");
                String encryptAndBase64Encode2 = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(base64DecodeAndDecrypt2);
                HashingPersistenceProcessor hashingPersistenceProcessor = new HashingPersistenceProcessor();
                String str = null;
                String str2 = null;
                try {
                    str = hashingPersistenceProcessor.getProcessedAccessTokenIdentifier(new String(base64DecodeAndDecrypt, Charsets.UTF_8));
                    str2 = hashingPersistenceProcessor.getProcessedRefreshToken(new String(base64DecodeAndDecrypt2, Charsets.UTF_8));
                } catch (IdentityOAuth2Exception e) {
                    e.printStackTrace();
                }
                OauthTokenInfo oauthTokenInfo2 = new OauthTokenInfo(encryptAndBase64Encode, encryptAndBase64Encode2, oauthTokenInfo.getTokenId());
                oauthTokenInfo2.setAccessTokenHash(str);
                oauthTokenInfo2.setRefreshTokenhash(str2);
                arrayList.add(oauthTokenInfo2);
            }
        }
        return arrayList;
    }

    public void migrateAuthorizationCodes() throws MigrationClientException {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 authorization code table.");
        try {
            if (!this.isAuthzCodeHashColumnAvailable && OAuth2Util.isEncryptionWithTransformationEnabled()) {
                Connection connection = getDataSource().getConnection();
                Throwable th = null;
                try {
                    try {
                        List<AuthzCodeInfo> allAuthzCodes = AuthzCodeDAO.getInstance().getAllAuthzCodes(connection);
                        if (connection != null) {
                            if (0 != 0) {
                                try {
                                    connection.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                connection.close();
                            }
                        }
                        List<AuthzCodeInfo> transformAuthzCodeFromOldToNewEncryption = transformAuthzCodeFromOldToNewEncryption(allAuthzCodes);
                        connection = getDataSource().getConnection();
                        Throwable th3 = null;
                        try {
                            try {
                                AuthzCodeDAO.getInstance().updateNewAuthzCodes(transformAuthzCodeFromOldToNewEncryption, connection);
                                if (connection != null) {
                                    if (0 != 0) {
                                        try {
                                            connection.close();
                                        } catch (Throwable th4) {
                                            th3.addSuppressed(th4);
                                        }
                                    } else {
                                        connection.close();
                                    }
                                }
                            } finally {
                            }
                        } finally {
                        }
                    } finally {
                    }
                } finally {
                }
            }
        } catch (CryptoException e) {
            throw new MigrationClientException("Error while transforming authorization codes from old to new encryption algorithm. ", e);
        } catch (SQLException e2) {
            throw new MigrationClientException("Error while getting datasource connection. ", e2);
        } catch (IdentityOAuth2Exception e3) {
            throw new MigrationClientException("Error while checking configurations for encryption with transformation is enabled. ", e3);
        }
    }

    private List<AuthzCodeInfo> transformAuthzCodeFromOldToNewEncryption(List<AuthzCodeInfo> list) throws CryptoException, IdentityOAuth2Exception {
        ArrayList arrayList = new ArrayList();
        for (AuthzCodeInfo authzCodeInfo : list) {
            if (!CryptoUtil.getDefaultCryptoUtil().base64DecodeAndIsSelfContainedCipherText(authzCodeInfo.getAuthorizationCode())) {
                byte[] base64DecodeAndDecrypt = CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(authzCodeInfo.getAuthorizationCode(), "RSA");
                String encryptAndBase64Encode = CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(base64DecodeAndDecrypt);
                String processedAuthzCode = new HashingPersistenceProcessor().getProcessedAuthzCode(new String(base64DecodeAndDecrypt, Charsets.UTF_8));
                AuthzCodeInfo authzCodeInfo2 = new AuthzCodeInfo(encryptAndBase64Encode, authzCodeInfo.getCodeId());
                authzCodeInfo2.setAuthorizationCodeHash(processedAuthzCode);
                arrayList.add(authzCodeInfo2);
            }
        }
        return arrayList;
    }

    public void migrateClientSecrets() throws MigrationClientException {
        log.info(" WSO2 Product Migration Service Task : Migration starting on OAuth2 consumer apps table.");
        try {
            try {
                if (!this.isClientSecretHashColumnsAvailable && OAuth2Util.isEncryptionWithTransformationEnabled()) {
                    Connection connection = getDataSource().getConnection();
                    Throwable th = null;
                    try {
                        try {
                            List<ClientSecretInfo> allClientSecrets = OAuthDAO.getInstance().getAllClientSecrets(connection);
                            if (connection != null) {
                                if (0 != 0) {
                                    try {
                                        connection.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    connection.close();
                                }
                            }
                            try {
                                List<ClientSecretInfo> transformClientSecretFromOldToNewEncryption = transformClientSecretFromOldToNewEncryption(allClientSecrets);
                                connection = getDataSource().getConnection();
                                Throwable th3 = null;
                                try {
                                    try {
                                        OAuthDAO.getInstance().updateNewClientSecrets(transformClientSecretFromOldToNewEncryption, connection);
                                        if (connection != null) {
                                            if (0 != 0) {
                                                try {
                                                    connection.close();
                                                } catch (Throwable th4) {
                                                    th3.addSuppressed(th4);
                                                }
                                            } else {
                                                connection.close();
                                            }
                                        }
                                    } finally {
                                    }
                                } finally {
                                }
                            } catch (IdentityOAuth2Exception e) {
                                throw new MigrationClientException("Error while transforming client secret from old to new encryption. ", e);
                            }
                        } finally {
                        }
                    } finally {
                    }
                }
            } catch (IdentityOAuth2Exception e2) {
                throw new MigrationClientException("Error while checking encryption with transformation is enabled. ", e2);
            }
        } catch (SQLException e3) {
            throw new MigrationClientException("Error while retrieving and updating client secrets. ", e3);
        } catch (CryptoException e4) {
            throw new MigrationClientException("Error while transforming client secret from old to new encryption. ", e4);
        }
    }

    private List<ClientSecretInfo> transformClientSecretFromOldToNewEncryption(List<ClientSecretInfo> list) throws CryptoException, IdentityOAuth2Exception {
        ArrayList arrayList = new ArrayList();
        for (ClientSecretInfo clientSecretInfo : list) {
            if (!CryptoUtil.getDefaultCryptoUtil().base64DecodeAndIsSelfContainedCipherText(clientSecretInfo.getClientSecret())) {
                arrayList.add(new ClientSecretInfo(CryptoUtil.getDefaultCryptoUtil().encryptAndBase64Encode(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(clientSecretInfo.getClientSecret(), "RSA")), clientSecretInfo.getId()));
            }
        }
        return arrayList;
    }
}
