package com.atlassian.bamboo.upgrade.tasks.v5_15;

import com.atlassian.bamboo.credentials.Credentials;
import com.atlassian.bamboo.credentials.CredentialsDao;
import com.atlassian.bamboo.credentials.CredentialsData;
import com.atlassian.bamboo.credentials.MutableCredentialsData;
import com.atlassian.bamboo.crypto.instance.SecretEncryptionService;
import com.atlassian.bamboo.security.MigratingEncryptionService;
import com.atlassian.bamboo.upgrade.AbstractUpgradeTask;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;

/* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v5_15/UpgradeTask51506ReEncryptSharedCredentials.class */
public class UpgradeTask51506ReEncryptSharedCredentials extends AbstractUpgradeTask {
    private static final Logger log = Logger.getLogger(UpgradeTask51506ReEncryptSharedCredentials.class);
    private static final Map<String, Set<String>> FIELDS_TO_RE_ENCRYPT = ImmutableMap.of(PasswordCredentials.PLUGIN_KEY, ImmutableSet.of(PasswordCredentials.CFG_PASSWORD), SshCredentials.PLUGIN_KEY, ImmutableSet.of(SshCredentials.CFG_SSH_KEY, SshCredentials.CFG_SSH_PASSPHRASE), AwsCredentials.PLUGIN_KEY, ImmutableSet.of(AwsCredentials.CFG_SECRET_KEY));

    @Autowired
    private CredentialsDao credentialsDao;

    @Autowired
    @Lazy
    private SecretEncryptionService secretEncryptionService;
    private MigratingEncryptionService migratingEncryptionService;

    /* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v5_15/UpgradeTask51506ReEncryptSharedCredentials$AwsCredentials.class */
    interface AwsCredentials {
        public static final String PLUGIN_KEY = "com.atlassian.bamboo.plugins.atlassian-bamboo-plugin-aws-credentials:awsCredentials";
        public static final String CFG_ACCESS_KEY = "accessKey";
        public static final String CFG_SECRET_KEY = "secretKey";
    }

    /* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v5_15/UpgradeTask51506ReEncryptSharedCredentials$PasswordCredentials.class */
    interface PasswordCredentials {
        public static final String PLUGIN_KEY = "com.atlassian.bamboo.plugin.sharedCredentials:usernamePasswordCredentials";
        public static final String CFG_USERNAME = "username";
        public static final String CFG_PASSWORD = "password";
    }

    /* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v5_15/UpgradeTask51506ReEncryptSharedCredentials$SshCredentials.class */
    interface SshCredentials {
        public static final String PLUGIN_KEY = "com.atlassian.bamboo.plugin.sharedCredentials:sshCredentials";
        public static final String CFG_SSH_KEY = "sshKey";
        public static final String CFG_SSH_PASSPHRASE = "sshPassphrase";
    }

    protected UpgradeTask51506ReEncryptSharedCredentials() {
        super("Re-encrypting shared credentials using new encryption service");
    }

    public void doUpgrade() throws Exception {
        this.migratingEncryptionService = new MigratingEncryptionService(this.secretEncryptionService);
        this.credentialsDao.findAll().forEach(this::upgradeCredentials);
    }

    @VisibleForTesting
    void upgradeCredentials(@NotNull MutableCredentialsData mutableCredentialsData) {
        String pluginKey = mutableCredentialsData.getPluginKey();
        if (!FIELDS_TO_RE_ENCRYPT.keySet().contains(pluginKey)) {
            log.debug("Skipping upgrade of shared credentials - unknown plugin key " + logCredentials(mutableCredentialsData));
            return;
        }
        Map<String, String> configuration = mutableCredentialsData.getConfiguration();
        Map<String, String> upgradeConfiguration = upgradeConfiguration(pluginKey, configuration);
        if (configuration.equals(upgradeConfiguration)) {
            log.debug("Skipping upgrade of shared credentials - already upgraded " + logCredentials(mutableCredentialsData));
            return;
        }
        log.debug("Upgrading shared credentials " + logCredentials(mutableCredentialsData));
        mutableCredentialsData.setXml(Credentials.configToXml(upgradeConfiguration));
        this.credentialsDao.save(mutableCredentialsData);
    }

    private Map<String, String> upgradeConfiguration(@NotNull String str, @NotNull Map<String, String> map) {
        HashMap hashMap = new HashMap();
        Set<String> set = FIELDS_TO_RE_ENCRYPT.get(str);
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(entry.getKey(), set.contains(entry.getKey()) ? this.migratingEncryptionService.encrypt(this.migratingEncryptionService.decrypt(entry.getValue())) : entry.getValue());
        }
        return hashMap;
    }

    private String logCredentials(@NotNull CredentialsData credentialsData) {
        return String.format("(id: %d, plugin: %s)", Long.valueOf(credentialsData.getId()), credentialsData.getName());
    }
}
