package com.dynfi.cli;

import com.dynfi.app.MongoDriverProvider;
import com.dynfi.app.configuration.Keys;
import com.dynfi.app.configuration.MainConfiguration;
import com.dynfi.storage.converters.ActualSecretCodec;
import com.dynfi.storage.converters.EncryptionSecretCodec;
import com.dynfi.storage.converters.PlainTextSecretCodec;
import com.dynfi.storage.entities.InternalConfig;
import com.dynfi.storage.entities.Secret;
import com.github.rvesse.airline.annotations.Command;
import com.github.rvesse.airline.annotations.Option;
import com.google.common.collect.ImmutableMap;
import com.googlecode.lanterna.TerminalSize;
import com.googlecode.lanterna.gui2.AsynchronousTextGUIThread;
import com.googlecode.lanterna.gui2.BasicWindow;
import com.googlecode.lanterna.gui2.Button;
import com.googlecode.lanterna.gui2.Direction;
import com.googlecode.lanterna.gui2.GridLayout;
import com.googlecode.lanterna.gui2.Label;
import com.googlecode.lanterna.gui2.LayoutData;
import com.googlecode.lanterna.gui2.LinearLayout;
import com.googlecode.lanterna.gui2.MultiWindowTextGUI;
import com.googlecode.lanterna.gui2.Panel;
import com.googlecode.lanterna.gui2.ProgressBar;
import com.googlecode.lanterna.gui2.SeparateTextGUIThread;
import com.googlecode.lanterna.gui2.Separator;
import com.googlecode.lanterna.gui2.TextBox;
import com.googlecode.lanterna.gui2.Window;
import com.googlecode.lanterna.gui2.WindowBasedTextGUI;
import com.googlecode.lanterna.gui2.dialogs.MessageDialog;
import com.googlecode.lanterna.gui2.dialogs.MessageDialogBuilder;
import com.googlecode.lanterna.gui2.dialogs.MessageDialogButton;
import com.googlecode.lanterna.gui2.dialogs.WaitingDialog;
import com.googlecode.lanterna.screen.Screen;
import com.googlecode.lanterna.screen.TerminalScreen;
import com.googlecode.lanterna.terminal.DefaultTerminalFactory;
import com.mongodb.DBCollection;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoDatabase;
import java.io.IOException;
import java.util.Collections;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.protocol.HTTP;
import org.bson.Document;
import org.bson.types.Binary;

@Command(name = "changeEncryptionPassword", description = "Changes password used for encryption of secrets in the database. Exits after change.")
/* loaded from: input_file:com/dynfi/cli/ChangeEncryptionPasswordCommand.class */
public class ChangeEncryptionPasswordCommand implements Runnable {
    private static String SEEDING_TOO_SLOW_MESSAGE = "Internal benchmark detected that encryption is going to be too slow\nfor practical usage. Please improve getting the entropy, see\nhttps://dynfi.com/documentation/storing_secrets.html for more help.\n\nAborting is recommended, but you can still continue.";
    private static String ENCRYPTION_TOO_SLOW_MESSAGE = "Internal benchmark detected that encryption is going to be too slow\nfor practical usage. Please see\nhttps://dynfi.com/documentation/storing_secrets.html for more help.\n\nAborting is recommended, but you can still continue.";

    @Option(name = {"--config", "-c"}, description = "Path to custom config file (instead of the default one).")
    private String configFilePath;
    private MultiWindowTextGUI gui;
    private BasicWindow mainWindow;

    public ChangeEncryptionPasswordCommand() {
        System.setProperty("LOG_SKIPFILE", "true");
    }

    private static void updateSecTest(MongoDatabase mongoDatabase, byte[] bArr) {
        mongoDatabase.getCollection(InternalConfig.COLLECTION_NAME).deleteOne(new Document("name", InternalConfig.SEC_TEST_NAME));
        if (ArrayUtils.isNotEmpty(bArr)) {
            mongoDatabase.getCollection(InternalConfig.COLLECTION_NAME).insertOne(new Document(ImmutableMap.of(DBCollection.ID_FIELD_NAME, (byte[]) UUID.randomUUID(), "createdAt", (byte[]) new Date(), "name", (byte[]) InternalConfig.SEC_TEST_NAME, "value", bArr)));
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        MainConfiguration readConfiguration = GeneralActions.readConfiguration(this.configFilePath, false, null);
        MongoClient mongoDriverProvider = MongoDriverProvider.getInstance(readConfiguration);
        MongoActions.handleMigrations(readConfiguration, mongoDriverProvider, null);
        MongoDatabase database = mongoDriverProvider.getDatabase(readConfiguration.getMongoDatabase());
        Document first = database.getCollection(InternalConfig.COLLECTION_NAME).find(Document.parse("{name: {$eq: 'sec_test'}}")).first();
        byte[] bArr = new byte[0];
        if (EncryptionActions.secTestPresent(first)) {
            bArr = ((Binary) first.get((Object) "value", Binary.class)).getData();
        }
        runGui(bArr, readConfiguration.getMongoClientUri(), readConfiguration.getMongoDatabase(), database);
    }

    private void runGui(byte[] bArr, String str, String str2, MongoDatabase mongoDatabase) {
        try {
            TerminalScreen terminalScreen = new TerminalScreen(new DefaultTerminalFactory().createTerminal());
            terminalScreen.startScreen();
            Panel panel = new Panel(new GridLayout(2));
            ((GridLayout) panel.getLayoutManager()).setHorizontalSpacing(3);
            LayoutData createHorizontallyFilledLayoutData = GridLayout.createHorizontallyFilledLayoutData(2);
            panel.addComponent(new Label("Connected to database:").setLayoutData(createHorizontallyFilledLayoutData));
            panel.addComponent(new Label("MongoClientURI"));
            panel.addComponent(new Label(str));
            panel.addComponent(new Label("Mongo database"));
            panel.addComponent(new Label(str2));
            Object[] objArr = new Object[1];
            objArr[0] = ArrayUtils.isNotEmpty(bArr) ? "" : " not";
            panel.addComponent(new Label(String.format("Stored secrets and passwords are%s encrypted.", objArr)).setLayoutData(createHorizontallyFilledLayoutData));
            panel.addComponent(new Separator(Direction.HORIZONTAL).setLayoutData(createHorizontallyFilledLayoutData));
            TextBox textBox = null;
            panel.addComponent(new Label("Current password"));
            TerminalSize terminalSize = new TerminalSize(30, 1);
            if (ArrayUtils.isNotEmpty(bArr)) {
                textBox = new TextBox(terminalSize);
                panel.addComponent(textBox);
                panel.addComponent(new Label("[Current password is needed to open secured vault]").setLayoutData(createHorizontallyFilledLayoutData));
            } else {
                panel.addComponent(new Label("[not set]"));
            }
            TextBox textBox2 = textBox;
            panel.addComponent(new Label("New password"));
            TextBox textBox3 = new TextBox(terminalSize);
            panel.addComponent(textBox3);
            panel.addComponent(new Label("New password repeated"));
            TextBox textBox4 = new TextBox(terminalSize);
            panel.addComponent(textBox4);
            panel.addComponent(new Label("[New password in case you would like to set it/change it]").setLayoutData(createHorizontallyFilledLayoutData));
            panel.addComponent(new Separator(Direction.HORIZONTAL).setLayoutData(createHorizontallyFilledLayoutData));
            Button button = new Button("Set new password", setNewPasswordAction(bArr, mongoDatabase, terminalScreen, textBox2, textBox3, textBox4));
            Button button2 = new Button("Remove password", removePasswordAction(bArr, mongoDatabase, terminalScreen, textBox2));
            Panel panel2 = new Panel(new LinearLayout(Direction.HORIZONTAL));
            panel2.addComponent(button);
            if (ArrayUtils.isNotEmpty(bArr)) {
                panel2.addComponent(button2);
            }
            panel2.addComponent(new Button(HTTP.CONN_CLOSE, () -> {
                closeMainWindow(terminalScreen);
            }));
            panel2.setLayoutData(GridLayout.createLayoutData(GridLayout.Alignment.CENTER, GridLayout.Alignment.CENTER, true, false, 2, 1));
            panel.addComponent(panel2);
            this.mainWindow = new BasicWindow("DynFi® Manager encryption converter");
            this.mainWindow.setHints(Collections.singletonList(Window.Hint.CENTERED));
            this.mainWindow.setComponent(panel);
            this.gui = new MultiWindowTextGUI(new SeparateTextGUIThread.Factory(), terminalScreen);
            ((AsynchronousTextGUIThread) this.gui.getGUIThread()).start();
            showWelcomeWindow(str, str2);
            this.gui.addWindowAndWait(this.mainWindow);
        } catch (IOException e) {
            tellUser("Problem detected when running converter UI " + e.getMessage());
        }
    }

    private Runnable removePasswordAction(byte[] bArr, MongoDatabase mongoDatabase, Screen screen, TextBox textBox) {
        return () -> {
            Thread thread = new Thread(() -> {
                if (currentPasswordOpensSecuredVault(bArr, textBox)) {
                    if (userConfirmed(String.format("Passwords and secrets in the DB will be no longer encrypted.%n%nAre you sure?", new Object[0]))) {
                        this.mainWindow.close();
                        this.mainWindow.waitUntilClosed();
                        long countAllSecrets = EncryptionActions.countAllSecrets(mongoDatabase);
                        AtomicLong atomicLong = new AtomicLong(0L);
                        WaitingDialog createAndStartProgressWindow = createAndStartProgressWindow(countAllSecrets, atomicLong);
                        convert(new EncryptionSecretCodec(textBox.getText().toCharArray(), false), new PlainTextSecretCodec(), mongoDatabase, null, atomicLong);
                        showFinishWindow(this.gui, String.format("All secrets are not encrypted now.%nPlease remove %s option from configuration.", Keys.ENCRYPTION_PASSWORD));
                        this.gui.removeWindow(createAndStartProgressWindow);
                    }
                    closeMainWindow(screen);
                }
            }, "converter-thread");
            thread.setDaemon(true);
            thread.start();
        };
    }

    private Runnable setNewPasswordAction(byte[] bArr, MongoDatabase mongoDatabase, Screen screen, TextBox textBox, TextBox textBox2, TextBox textBox3) {
        return () -> {
            Thread thread = new Thread(() -> {
                if (currentPasswordOpensSecuredVault(bArr, textBox) && newPasswordEnteredTwice(textBox2, textBox3) && userConfirmed(String.format("New encryption password will be used%nto protect secrets in the DB.%n%nAre you sure?", new Object[0]))) {
                    this.mainWindow.close();
                    this.mainWindow.waitUntilClosed();
                    if (!shouldAbortAfterBenchmark()) {
                        long countAllSecrets = EncryptionActions.countAllSecrets(mongoDatabase);
                        AtomicLong atomicLong = new AtomicLong(0L);
                        WaitingDialog createAndStartProgressWindow = createAndStartProgressWindow(countAllSecrets, atomicLong);
                        ActualSecretCodec plainTextSecretCodec = ArrayUtils.isEmpty(bArr) ? new PlainTextSecretCodec() : new EncryptionSecretCodec(textBox.getText().toCharArray(), false);
                        EncryptionSecretCodec encryptionSecretCodec = new EncryptionSecretCodec(textBox2.getText().toCharArray(), false);
                        convert(plainTextSecretCodec, encryptionSecretCodec, mongoDatabase, encryptionSecretCodec.encode(new Secret(textBox2.getText())), atomicLong);
                        showFinishWindow(this.gui, String.format("All secrets are encrypted now.%nPlease add %s option to configuration.", Keys.ENCRYPTION_PASSWORD));
                        this.gui.removeWindow(createAndStartProgressWindow);
                    }
                    closeMainWindow(screen);
                }
            }, "converter-thread");
            thread.setDaemon(true);
            thread.start();
        };
    }

    private WaitingDialog createAndStartProgressWindow(long j, AtomicLong atomicLong) {
        Panel panel = new Panel(new LinearLayout(Direction.VERTICAL));
        panel.addComponent(new Label("Conversion in progress. Do not interrupt."));
        ProgressBar progressBar = new ProgressBar(0, (int) j, 40);
        panel.addComponent(progressBar);
        WaitingDialog createDialog = WaitingDialog.createDialog("Conversion in progress", "Please do not interrupt");
        createDialog.setComponent(panel);
        createDialog.setHints(Collections.singletonList(Window.Hint.CENTERED));
        this.gui.addWindow(createDialog);
        Thread thread = new Thread(() -> {
            do {
                try {
                    progressBar.setValue(atomicLong.intValue());
                    Thread.sleep(250L);
                } catch (InterruptedException e) {
                    return;
                }
            } while (atomicLong.intValue() < j);
        }, "progress-updater");
        thread.setDaemon(true);
        thread.start();
        return createDialog;
    }

    private boolean shouldAbortAfterBenchmark() {
        WaitingDialog createDialog = WaitingDialog.createDialog("Please wait", "Please wait a few seconds, internal benchmark is performed...   ");
        createDialog.setHints(Collections.singletonList(Window.Hint.CENTERED));
        this.gui.addWindow(createDialog);
        boolean z = false;
        boolean performBenchmark = EncryptionActions.performBenchmark(EncryptionActions::benchmarkSeeding, "seeding-tester", 1000L);
        if (!performBenchmark) {
            z = MessageDialog.showMessageDialog(this.gui, "Performance issues detected", SEEDING_TOO_SLOW_MESSAGE, MessageDialogButton.Abort, MessageDialogButton.Continue).equals(MessageDialogButton.Abort);
        }
        if (!z) {
            boolean performBenchmark2 = EncryptionActions.performBenchmark(EncryptionActions::benchmarkSeeding, "encryption-tester", 1000L);
            if (performBenchmark && !performBenchmark2) {
                z = MessageDialog.showMessageDialog(this.gui, "Performance issues detected", ENCRYPTION_TOO_SLOW_MESSAGE, MessageDialogButton.Abort, MessageDialogButton.Continue).equals(MessageDialogButton.Abort);
            }
        }
        this.gui.removeWindow(createDialog);
        createDialog.close();
        createDialog.waitUntilClosed();
        return z;
    }

    private void showWelcomeWindow(String str, String str2) {
        new MessageDialogBuilder().setTitle("Welcome to encryption password converter").setText(String.format("This programme allows updating password used for encrypting passwords and secrets in DynFi® Manager database.%nBefore you proceed, please make sure no DynFi® Manager instance is accessing the DB.%n%nmongoDatabase=%s%nmongoClientUri=%s%n           ", str2, str)).addButton(MessageDialogButton.OK).build().showDialog((WindowBasedTextGUI) this.gui);
    }

    private void showFinishWindow(MultiWindowTextGUI multiWindowTextGUI, String str) {
        MessageDialog.showMessageDialog(multiWindowTextGUI, "Done", str, MessageDialogButton.Close);
    }

    private void closeMainWindow(Screen screen) {
        GenerateConfigCommand.closeScreenAndWindow(screen, this.mainWindow);
        ((AsynchronousTextGUIThread) this.gui.getGUIThread()).stop();
    }

    private void convert(ActualSecretCodec actualSecretCodec, ActualSecretCodec actualSecretCodec2, MongoDatabase mongoDatabase, byte[] bArr, AtomicLong atomicLong) {
        updateSecTest(mongoDatabase, bArr);
        EncryptionActions.convertAllSecrets(actualSecretCodec, actualSecretCodec2, mongoDatabase, atomicLong);
    }

    private boolean newPasswordEnteredTwice(TextBox textBox, TextBox textBox2) {
        if (!StringUtils.isBlank(textBox.getText()) && textBox.getText() != null && textBox.getText().equals(textBox2.getText())) {
            return true;
        }
        MessageDialog.showMessageDialog(this.gui, "New password is incorrect", String.format("New password has to be entered twice, exactly the same.%nPlease go back and enter the same new password twice.", new Object[0]), new MessageDialogButton[0]);
        return false;
    }

    private boolean userConfirmed(String str) {
        return MessageDialogButton.Yes == MessageDialog.showMessageDialog(this.gui, "Are you sure?", str, MessageDialogButton.Yes, MessageDialogButton.No);
    }

    private boolean currentPasswordOpensSecuredVault(byte[] bArr, TextBox textBox) {
        if (textBox == null) {
            return true;
        }
        try {
            new EncryptionSecretCodec(textBox.getText().toCharArray(), false).decode(bArr);
            return true;
        } catch (Exception e) {
            MessageDialog.showMessageDialog(this.gui, "Incorrect password!", String.format("Current password is incorrect, cannot open secured vault.%n%nPlease go back and enter correct current password.", new Object[0]), MessageDialogButton.OK);
            return false;
        }
    }

    private void tellUser(String str) {
        System.out.println(str);
    }
}
