package com.atlassian.bamboo.upgrade.tasks.v5_15;

import com.atlassian.bamboo.collections.message.FinalHashMap;
import com.atlassian.bamboo.crypto.instance.SecretEncryptionService;
import com.atlassian.bamboo.persistence.BambooTransactionHibernateTemplate;
import com.atlassian.bamboo.repository.RepositoryDataEntityImpl;
import com.atlassian.bamboo.repository.RepositoryDefinitionDao;
import com.atlassian.bamboo.security.EncryptionException;
import com.atlassian.bamboo.security.MigratingEncryptionService;
import com.atlassian.bamboo.upgrade.AbstractUpgradeTask;
import com.atlassian.bamboo.utils.ConfigUtils;
import com.atlassian.bamboo.vcs.configuration.PartialVcsRepositoryDataBuilder;
import com.atlassian.bamboo.vcs.configuration.PartialVcsRepositoryDataImpl;
import com.atlassian.bamboo.vcs.configuration.VcsRepositoryData;
import com.atlassian.bamboo.vcs.configuration.service.RawRepositoryConfiguration;
import com.atlassian.bamboo.vcs.configuration.service.RawRepositoryConfigurationXmlConverter;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableSortedSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.configuration.XMLConfiguration;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.hibernate.Criteria;
import org.hibernate.Session;
import org.hibernate.criterion.Order;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;

/* loaded from: input_file:com/atlassian/bamboo/upgrade/tasks/v5_15/UpgradeTask51505EncryptRepositoryDefinition.class */
public class UpgradeTask51505EncryptRepositoryDefinition extends AbstractUpgradeTask {
    private static final int PAGE_SIZE = 100;

    @Autowired
    private RepositoryDefinitionDao repositoryDefinitionDao;

    @Autowired
    private BambooTransactionHibernateTemplate bambooTransactionHibernateTemplate;

    @Autowired
    @Lazy
    private SecretEncryptionService secretEncryptionService;

    @Autowired
    private RawRepositoryConfigurationXmlConverter rawRepositoryConfigurationXmlConverter;
    private MigratingEncryptionService migratingEncryptionService;
    private static final Logger log = Logger.getLogger(UpgradeTask51505EncryptRepositoryDefinition.class);
    private static final Set<String> ENCRYPTED_KEYS = ImmutableSortedSet.of(StringUtils.lowerCase("repository.bitbucket.password", Locale.ENGLISH), StringUtils.lowerCase("repository.bitbucket.sshKey", Locale.ENGLISH), StringUtils.lowerCase("repository.bitbucket.sshPassphrase", Locale.ENGLISH), StringUtils.lowerCase("repository.git.password", Locale.ENGLISH), StringUtils.lowerCase("repository.git.ssh.key", Locale.ENGLISH), StringUtils.lowerCase("repository.git.ssh.passphrase", Locale.ENGLISH), new String[]{StringUtils.lowerCase("repository.github.password", Locale.ENGLISH), StringUtils.lowerCase("repository.svn.userPassword", Locale.ENGLISH), StringUtils.lowerCase("repository.svn.passphrase", Locale.ENGLISH), StringUtils.lowerCase("repository.svn.sslPassphrase", Locale.ENGLISH), StringUtils.lowerCase("repository.p4.password", Locale.ENGLISH), StringUtils.lowerCase("repository.stash.key.private", Locale.ENGLISH)});

    public UpgradeTask51505EncryptRepositoryDefinition() {
        super("Encrypt secure fields of repository definitions");
    }

    public void doUpgrade() throws Exception {
        long countAll = this.repositoryDefinitionDao.countAll();
        AtomicInteger atomicInteger = new AtomicInteger(0);
        for (int i = 0; i < countAll; i += PAGE_SIZE) {
            int i2 = i;
            try {
                this.bambooTransactionHibernateTemplate.execute(session -> {
                    List<RepositoryDataEntityImpl> fetchRepositories = fetchRepositories(i2, session);
                    for (RepositoryDataEntityImpl repositoryDataEntityImpl : fetchRepositories) {
                        if (processRepository(repositoryDataEntityImpl)) {
                            log.info("Reencrypted properties of '" + repositoryDataEntityImpl.getName() + "' (" + repositoryDataEntityImpl.getId() + ")");
                            atomicInteger.incrementAndGet();
                        }
                    }
                    log.info("Processed " + (i2 + fetchRepositories.size()) + " records of " + countAll);
                    return null;
                });
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                throw e;
            }
        }
        log.info("Finished reencryption of repository data, updated " + atomicInteger.get() + " records of " + countAll);
    }

    @VisibleForTesting
    boolean processRepository(RepositoryDataEntityImpl repositoryDataEntityImpl) {
        RawRepositoryConfiguration fromEntity = this.rawRepositoryConfigurationXmlConverter.fromEntity(repositoryDataEntityImpl);
        boolean updateLegacyRepository = StringUtils.isNotBlank(fromEntity.getLegacyXml()) ? updateLegacyRepository(repositoryDataEntityImpl, fromEntity) : updateRepository(repositoryDataEntityImpl, fromEntity);
        if (updateLegacyRepository) {
            this.repositoryDefinitionDao.save(repositoryDataEntityImpl);
        }
        return updateLegacyRepository;
    }

    private List fetchRepositories(int i, Session session) {
        Criteria createCriteria = session.createCriteria(RepositoryDataEntityImpl.class);
        createCriteria.setFirstResult(i);
        createCriteria.addOrder(Order.asc("id"));
        createCriteria.setMaxResults(PAGE_SIZE);
        return createCriteria.list();
    }

    private boolean updateRepository(RepositoryDataEntityImpl repositoryDataEntityImpl, RawRepositoryConfiguration rawRepositoryConfiguration) {
        boolean z = false;
        Map serverConfiguration = rawRepositoryConfiguration.getServerConfiguration();
        if (serverConfiguration != null) {
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : serverConfiguration.entrySet()) {
                if (shouldBeMasked((String) entry.getKey())) {
                    String decryptValue = decryptValue((String) entry.getValue());
                    if (StringUtils.isEmpty(decryptValue)) {
                        hashMap.put(entry.getKey(), "");
                    } else {
                        hashMap.put(entry.getKey(), getMigratingEncryptionService().encrypt(decryptValue));
                    }
                    z = true;
                } else {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
            if (z) {
                repositoryDataEntityImpl.setXmlData(this.rawRepositoryConfigurationXmlConverter.asXml(PartialVcsRepositoryDataBuilder.newBuilder().fullCopy(new PartialVcsRepositoryDataImpl(repositoryDataEntityImpl, rawRepositoryConfiguration, (VcsRepositoryData) null)).serverConfiguration(new FinalHashMap(hashMap)).build()));
            }
        }
        return z;
    }

    @NotNull
    private String decryptValue(String str) {
        try {
            return getMigratingEncryptionService().decrypt(str);
        } catch (EncryptionException e) {
            log.info("Couldn't decrypt value, it might be stored already decrypted");
            log.info(e.getMessage(), e);
            return str;
        }
    }

    private boolean updateLegacyRepository(@NotNull RepositoryDataEntityImpl repositoryDataEntityImpl, @NotNull RawRepositoryConfiguration rawRepositoryConfiguration) {
        boolean z = false;
        PartialVcsRepositoryDataBuilder fullCopy = PartialVcsRepositoryDataBuilder.newBuilder().fullCopy(new PartialVcsRepositoryDataImpl(repositoryDataEntityImpl, rawRepositoryConfiguration, (VcsRepositoryData) null));
        XMLConfiguration xmlConfigFromXmlString = ConfigUtils.getXmlConfigFromXmlString(rawRepositoryConfiguration.getLegacyXml());
        Iterator keys = xmlConfigFromXmlString.getKeys();
        while (keys.hasNext()) {
            String obj = keys.next().toString();
            if (shouldBeMasked(obj)) {
                String decryptValue = decryptValue(xmlConfigFromXmlString.getString(obj));
                if (StringUtils.isEmpty(decryptValue)) {
                    xmlConfigFromXmlString.setProperty(obj, "");
                } else {
                    xmlConfigFromXmlString.setProperty(obj, getMigratingEncryptionService().encrypt(decryptValue));
                }
                z = true;
            }
        }
        if (z) {
            fullCopy.legacyXml(ConfigUtils.asXmlString(xmlConfigFromXmlString));
            repositoryDataEntityImpl.setXmlData(this.rawRepositoryConfigurationXmlConverter.asXml(fullCopy.build()));
        }
        return z;
    }

    private MigratingEncryptionService getMigratingEncryptionService() {
        if (this.migratingEncryptionService == null) {
            this.migratingEncryptionService = new MigratingEncryptionService(this.secretEncryptionService);
        }
        return this.migratingEncryptionService;
    }

    @VisibleForTesting
    void setMigratingEncryptionService(MigratingEncryptionService migratingEncryptionService) {
        this.migratingEncryptionService = migratingEncryptionService;
    }

    private boolean shouldBeMasked(@NotNull String str) {
        return ENCRYPTED_KEYS.contains(StringUtils.lowerCase(str, Locale.ENGLISH));
    }
}
