package io.hops.hopsworks.common.security.secrets;

import io.hops.hopsworks.common.dao.user.security.secrets.Secret;
import io.hops.hopsworks.common.dao.user.security.secrets.SecretId;
import io.hops.hopsworks.common.dao.user.security.secrets.SecretsFacade;
import io.hops.hopsworks.common.security.MasterPasswordChangeResult;
import io.hops.hopsworks.common.security.MasterPasswordHandler;
import io.hops.hopsworks.common.security.SymmetricEncryptionDescriptor;
import io.hops.hopsworks.common.security.SymmetricEncryptionService;
import io.hops.hopsworks.exceptions.EncryptionMasterPasswordException;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.TransactionAttributeType;

@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
@Stateless
/* loaded from: input_file:io/hops/hopsworks/common/security/secrets/SecretsPasswordHandler.class */
public class SecretsPasswordHandler implements MasterPasswordHandler {
    private final Logger LOGGER = Logger.getLogger(SecretsPasswordHandler.class.getName());

    @EJB
    private SecretsController secretsController;

    @EJB
    private SymmetricEncryptionService symmetricEncryptionService;

    @EJB
    private SecretsFacade secretsFacade;

    @Override // io.hops.hopsworks.common.security.MasterPasswordHandler
    public void pre() {
    }

    @Override // io.hops.hopsworks.common.security.MasterPasswordHandler
    public MasterPasswordChangeResult perform(String str, String str2) {
        HashMap hashMap = new HashMap();
        StringBuilder sb = new StringBuilder();
        sb.append("Performing change of master password for Secrets\n");
        try {
            this.LOGGER.log(Level.INFO, "Updating Secrets with new Hopsworks master encryption password");
            for (Secret secret : this.secretsController.getAllCiphered()) {
                SecretId id = secret.getId();
                hashMap.put(id, secret.getSecret());
                byte[][] splitPayloadFromCryptoPrimitives = this.symmetricEncryptionService.splitPayloadFromCryptoPrimitives(secret.getSecret());
                SymmetricEncryptionDescriptor build = new SymmetricEncryptionDescriptor.Builder().setPassword(str).setSalt(splitPayloadFromCryptoPrimitives[0]).setIV(splitPayloadFromCryptoPrimitives[1]).setInput(splitPayloadFromCryptoPrimitives[2]).build();
                SymmetricEncryptionDescriptor decrypt = this.symmetricEncryptionService.decrypt(build);
                build.clearPassword();
                SymmetricEncryptionDescriptor build2 = new SymmetricEncryptionDescriptor.Builder().setInput(decrypt.getOutput()).setPassword(str2).build();
                SymmetricEncryptionDescriptor encrypt = this.symmetricEncryptionService.encrypt(build2);
                build2.clearPassword();
                Secret secret2 = new Secret(id, this.symmetricEncryptionService.mergePayloadWithCryptoPrimitives(encrypt.getSalt(), encrypt.getIv(), encrypt.getOutput()), secret.getAddedOn());
                secret2.setVisibilityType(secret.getVisibilityType());
                if (secret.getProjectIdScope() != null) {
                    secret2.setProjectIdScope(secret.getProjectIdScope());
                }
                this.secretsFacade.update(secret2);
                sb.append("Updated Secret <").append(secret2.getId().getUid()).append(",").append(secret2.getId().getName()).append(">\n");
            }
            return new MasterPasswordChangeResult(sb, hashMap, null);
        } catch (Exception e) {
            this.LOGGER.log(Level.SEVERE, "Error while updating master encryption password for Secrets", (Throwable) e);
            return new MasterPasswordChangeResult(hashMap, new EncryptionMasterPasswordException("Error while updating master encryption password for Secrets", e));
        }
    }

    @Override // io.hops.hopsworks.common.security.MasterPasswordHandler
    public void rollback(MasterPasswordChangeResult masterPasswordChangeResult) {
        HashMap hashMap = (HashMap) masterPasswordChangeResult.getRollbackItems();
        this.LOGGER.log(Level.INFO, "Rolling back Secrets");
        for (Map.Entry entry : hashMap.entrySet()) {
            Secret findById = this.secretsFacade.findById((SecretId) entry.getKey());
            if (findById != null) {
                Secret secret = new Secret((SecretId) entry.getKey(), (byte[]) entry.getValue(), findById.getAddedOn());
                secret.setVisibilityType(findById.getVisibilityType());
                if (findById.getProjectIdScope() != null) {
                    secret.setProjectIdScope(findById.getProjectIdScope());
                }
                this.secretsFacade.update(secret);
            }
        }
    }

    @Override // io.hops.hopsworks.common.security.MasterPasswordHandler
    public void post() {
    }
}
