package com.dynfi.cli;

import com.dynfi.app.configuration.MailServiceConfiguration;
import com.dynfi.exceptions.SecretEncryptionException;
import com.dynfi.storage.converters.ActualSecretCodec;
import com.dynfi.storage.converters.EncryptionSecretCodec;
import com.dynfi.storage.converters.PlainTextSecretCodec;
import com.dynfi.storage.entities.ConnectionAgentConfiguration;
import com.dynfi.storage.entities.Device;
import com.dynfi.storage.entities.InternalConfig;
import com.dynfi.storage.entities.ProxyCredentials;
import com.dynfi.storage.entities.Secret;
import com.dynfi.storage.entities.Settings;
import com.dynfi.storage.entities.SystemSettings;
import com.google.common.collect.ImmutableMap;
import com.mongodb.DBCollection;
import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;
import dev.morphia.mapping.Mapper;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.atomic.AtomicLong;
import java.util.stream.Collectors;
import java.util.stream.StreamSupport;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.tuple.Triple;
import org.bson.Document;
import org.bson.types.Binary;
import org.slf4j.Logger;

/* loaded from: input_file:com/dynfi/cli/EncryptionActions.class */
public interface EncryptionActions {
    public static final String SEEDING_TOO_SLOW_MESSAGE = "Internal benchmark detected that encryption is going to be too slow,\ntherefore the secrets have not been encrypted.\nPlease improve getting the entropy, for more help see:\nhttps://dynfi.com/documentation/storing_secrets.html.\nYou can also run changeEncryptionPassword command manually.\nExiting.";
    public static final String ENCRYPTION_TOO_SLOW_MESSAGE = "Internal benchmark detected that encryption is going to be too slow,\ntherefore the secrets have not been encrypted.\nPlease see https://dynfi.com/documentation/storing_secrets.html for more help.\nYou can also run changeEncryptionPassword command manually.\nExiting.";

    static void checkEncryption(MongoDatabase mongoDatabase, Character[] chArr, Logger logger) {
        char[] primitive = ArrayUtils.toPrimitive(chArr);
        MongoCollection<Document> collection = mongoDatabase.getCollection(InternalConfig.COLLECTION_NAME);
        Document first = collection.find(Document.parse("{name: {$eq: 'sec_test'}}")).first();
        if (passwordProvidedButCheckNotPresent(primitive, first)) {
            encryptSecretsInDbFirstTime(mongoDatabase, primitive, collection, logger);
            return;
        }
        if (passwordProvidedAndCheckPresent(primitive, first)) {
            ensureEncryptionPasswordMatchesDb(primitive, ((Binary) first.get((Object) "value", Binary.class)).getData(), logger);
        } else if (passwordNotProvidedButCheckPresent(primitive, first)) {
            GeneralActions.logErrorAndExit("Secrets in the DB are encrypted, yet encryptionPassword has not been provided in the configuration. Exiting.", logger);
        } else {
            logger.warn("PASSWORDS AND OTHER SECRETS ARE NOT ENCRYPTED! To enable encrypting passwords in DynFi® Manager's database please configure encryptionPassword. Visit https://dynfi.com/documentation/storing_secrets.html for more help.");
            System.err.println("PASSWORDS AND OTHER SECRETS ARE NOT ENCRYPTED! To enable encrypting passwords in DynFi® Manager's database please configure encryptionPassword. Visit https://dynfi.com/documentation/storing_secrets.html for more help.");
        }
    }

    static boolean secTestPresent(Document document) {
        return (document == null || document.get("value") == null || !ArrayUtils.isNotEmpty(((Binary) document.get("value", Binary.class)).getData())) ? false : true;
    }

    static boolean passwordNotProvidedButCheckPresent(char[] cArr, Document document) {
        return ArrayUtils.isEmpty(cArr) && secTestPresent(document);
    }

    static boolean passwordProvidedAndCheckPresent(char[] cArr, Document document) {
        return ArrayUtils.isNotEmpty(cArr) && secTestPresent(document);
    }

    static boolean passwordProvidedButCheckNotPresent(char[] cArr, Document document) {
        return ArrayUtils.isNotEmpty(cArr) && !secTestPresent(document);
    }

    static void encryptSecretsInDb(MongoDatabase mongoDatabase, char[] cArr, MongoCollection<Document> mongoCollection, EncryptionSecretCodec encryptionSecretCodec, PlainTextSecretCodec plainTextSecretCodec, AtomicLong atomicLong) {
        mongoCollection.insertOne(new Document(ImmutableMap.of(DBCollection.ID_FIELD_NAME, (byte[]) UUID.randomUUID(), "createdAt", (byte[]) new Date(), "name", (byte[]) InternalConfig.SEC_TEST_NAME, "value", encryptionSecretCodec.encode(new Secret(new String(cArr))))));
        convertAllSecrets(plainTextSecretCodec, encryptionSecretCodec, mongoDatabase, atomicLong);
    }

    static void convertAllSecrets(ActualSecretCodec actualSecretCodec, ActualSecretCodec actualSecretCodec2, MongoDatabase mongoDatabase, AtomicLong atomicLong) {
        getAllDocumentsWithSecrets(mongoDatabase).parallelStream().forEach(triple -> {
            Document document = (Document) triple.getRight();
            String[] strArr = (String[]) triple.getMiddle();
            ((MongoCollection) triple.getLeft()).findOneAndUpdate(new Document(ImmutableMap.of(DBCollection.ID_FIELD_NAME, document.get(DBCollection.ID_FIELD_NAME))), new Document(ImmutableMap.of("$set", ImmutableMap.of(String.format("%s", createPath(strArr)), new Binary(actualSecretCodec2.encode(actualSecretCodec.decode(getSecret(document, strArr))))))));
            atomicLong.incrementAndGet();
        });
    }

    static ArrayList<Triple<MongoCollection<Document>, String[], Document>> getAllDocumentsWithSecrets(MongoDatabase mongoDatabase) {
        ArrayList<Triple<MongoCollection<Document>, String[], Document>> arrayList = new ArrayList<>();
        arrayList.addAll(getDocumentsWithSecrets(mongoDatabase.getCollection(Device.COLLECTION_NAME), "sshConfig", "secret"));
        arrayList.addAll(getDocumentsWithSecrets(mongoDatabase.getCollection(Settings.SETTINGS_COLLECTION), "sshConfig", "secret"));
        arrayList.addAll(getDocumentsWithSecrets(mongoDatabase.getCollection(SystemSettings.COLLECTION_NAME), MailServiceConfiguration.NAMED_KEY, "password"));
        arrayList.addAll(getDocumentsWithSecrets(mongoDatabase.getCollection(ProxyCredentials.COLLECTION_NAME), "password"));
        arrayList.addAll(getDocumentsWithSecrets(mongoDatabase.getCollection(ConnectionAgentConfiguration.COLLECTION_NAME), "privKey"));
        return arrayList;
    }

    static long countAllSecrets(MongoDatabase mongoDatabase) {
        return countSecrets(mongoDatabase.getCollection(Device.COLLECTION_NAME), "sshConfig", "secret") + countSecrets(mongoDatabase.getCollection(Settings.SETTINGS_COLLECTION), "sshConfig", "secret") + countSecrets(mongoDatabase.getCollection(SystemSettings.COLLECTION_NAME), MailServiceConfiguration.NAMED_KEY, "password") + countSecrets(mongoDatabase.getCollection(ProxyCredentials.COLLECTION_NAME), "password") + countSecrets(mongoDatabase.getCollection(ConnectionAgentConfiguration.COLLECTION_NAME), "privKey");
    }

    static long countSecrets(MongoCollection<Document> mongoCollection, String... strArr) {
        return mongoCollection.countDocuments(Document.parse(String.format("{'%s' :{$exists: true}}", createPath(strArr))));
    }

    static String createPath(String... strArr) {
        if (ArrayUtils.isEmpty(strArr)) {
            throw new IllegalArgumentException("Field names can't be empty");
        }
        return String.join(Mapper.IGNORED_FIELDNAME, strArr);
    }

    static List<Triple<MongoCollection<Document>, String[], Document>> getDocumentsWithSecrets(MongoCollection<Document> mongoCollection, String... strArr) {
        return (List) StreamSupport.stream(mongoCollection.find(Document.parse(String.format("{'%s' :{$exists: true}}", createPath(strArr)))).spliterator(), false).map(document -> {
            return Triple.of(mongoCollection, strArr, document);
        }).collect(Collectors.toList());
    }

    static byte[] getSecret(Document document, String[] strArr) {
        for (int i = 0; i < strArr.length - 1; i++) {
            document = (Document) document.get((Object) strArr[i], Document.class);
        }
        return ((Binary) document.get((Object) strArr[strArr.length - 1], Binary.class)).getData();
    }

    /* JADX WARN: Code restructure failed: missing block: B:13:0x00ae, code lost:
    
        java.lang.Thread.sleep(1000);
        java.lang.System.out.println(java.lang.String.format("Converted %03d%% so far.", java.lang.Long.valueOf((100 * r0.get()) / r0)));
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x00dc, code lost:
    
        if (r0.isDone() == false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:8:0x00ab, code lost:
    
        if (r0 > 42) goto L16;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    static void encryptSecretsInDbFirstTime(com.mongodb.client.MongoDatabase r10, char[] r11, com.mongodb.client.MongoCollection<org.bson.Document> r12, org.slf4j.Logger r13) {
        /*
            Method dump skipped, instructions count: 256
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.dynfi.cli.EncryptionActions.encryptSecretsInDbFirstTime(com.mongodb.client.MongoDatabase, char[], com.mongodb.client.MongoCollection, org.slf4j.Logger):void");
    }

    static void ensureEncryptionPasswordMatchesDb(char[] cArr, byte[] bArr, Logger logger) {
        try {
            new EncryptionSecretCodec(cArr, false).decode(bArr);
            logger.debug("Provided encryptionPassword opened secrets' vault.");
        } catch (SecretEncryptionException e) {
            GeneralActions.logErrorAndExit("Provided encryptionPassword is not correct. Secrets in the DB have been encrypted using different one. Exiting.", logger);
        }
    }

    static boolean performBenchmark(Runnable runnable, String str, long j) {
        try {
            Thread thread = new Thread(runnable);
            thread.setName(str);
            thread.setDaemon(true);
            thread.start();
            thread.join(j);
            if (!thread.isAlive()) {
                return true;
            }
            thread.interrupt();
            return false;
        } catch (InterruptedException e) {
            return false;
        }
    }

    static void benchmarkSeeding() {
        SecureRandom secureRandom = new SecureRandom();
        for (int i = 0; i < 50 && !Thread.interrupted(); i++) {
            secureRandom.generateSeed(20);
        }
    }

    static void benchmarkEncrypting() {
        EncryptionSecretCodec encryptionSecretCodec = new EncryptionSecretCodec("password".toCharArray(), false);
        encryptionSecretCodec.encode(new Secret("password"));
        encryptionSecretCodec.encode(new Secret("password"));
    }
}
