package io.hops.hopsworks.common.security;

import fish.payara.cluster.Clustered;
import io.hops.hopsworks.common.dao.user.UserFacade;
import io.hops.hopsworks.common.security.CertificatesMgmService;
import io.hops.hopsworks.exceptions.EncryptionMasterPasswordException;
import io.hops.hopsworks.persistence.entity.user.Users;
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.nio.charset.Charset;
import java.util.Map;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.AccessTimeout;
import javax.ejb.AsyncResult;
import javax.ejb.Asynchronous;
import javax.ejb.Lock;
import javax.ejb.LockType;
import javax.ejb.Singleton;
import javax.enterprise.inject.Instance;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.FileUtils;

@Singleton
@Clustered
/* loaded from: input_file:io/hops/hopsworks/common/security/CertificateMasterPwdMgm.class */
public class CertificateMasterPwdMgm implements Serializable {
    private static final long serialVersionUID = -2885415896363678090L;
    private static final Logger LOGGER = Logger.getLogger(CertificateMasterPwdMgm.class.getName());

    @AccessTimeout(value = 3, unit = TimeUnit.SECONDS)
    @Lock(LockType.READ)
    public String getMasterEncryptionPassword(File file) throws IOException {
        return FileUtils.readFileToString(file, Charset.defaultCharset()).trim();
    }

    @AccessTimeout(value = 3, unit = TimeUnit.SECONDS)
    @Lock(LockType.READ)
    public void checkPassword(String str, String str2, File file, UserFacade userFacade) throws IOException, EncryptionMasterPasswordException {
        if (getMasterEncryptionPassword(file).equals(DigestUtils.sha256Hex(str))) {
            return;
        }
        Users findByEmail = userFacade.findByEmail(str2);
        if (findByEmail != null) {
            LOGGER.log(Level.INFO, "*** Attempt to change master encryption password with wrong credentials by user <" + findByEmail.getUsername() + ">");
        } else {
            LOGGER.log(Level.INFO, "*** Attempt to change master encryption password with wrong credentials");
        }
        throw new EncryptionMasterPasswordException("Provided password is incorrect");
    }

    @AccessTimeout(500)
    @Lock(LockType.WRITE)
    @Asynchronous
    public Future<MasterPasswordResetResult> resetMasterEncryptionPassword(String str, File file, Instance<MasterPasswordHandler> instance, Map<Class, MasterPasswordChangeResult> map) {
        try {
            try {
                String sha256Hex = DigestUtils.sha256Hex(str);
                callUpdateHandlers(sha256Hex, file, instance, map);
                updateMasterEncryptionPassword(sha256Hex, file);
                StringBuilder gatherLogs = gatherLogs(map);
                LOGGER.log(Level.INFO, "Master encryption password changed!");
                AsyncResult asyncResult = new AsyncResult(new MasterPasswordResetResult(CertificatesMgmService.UPDATE_STATUS.OK, gatherLogs.toString(), null));
                map.clear();
                return asyncResult;
            } catch (IOException e) {
                String str2 = "*** Failed to write new encryption password to file: " + file.getAbsolutePath() + ". Rolling back...";
                LOGGER.log(Level.SEVERE, str2, (Throwable) e);
                callRollbackHandlers(instance, map);
                AsyncResult asyncResult2 = new AsyncResult(new MasterPasswordResetResult(CertificatesMgmService.UPDATE_STATUS.FAILED, null, str2 + "\n" + e.getMessage()));
                map.clear();
                return asyncResult2;
            } catch (EncryptionMasterPasswordException e2) {
                LOGGER.log(Level.SEVERE, "*** Master encryption password update failed!!! Rolling back...", e2);
                callRollbackHandlers(instance, map);
                AsyncResult asyncResult3 = new AsyncResult(new MasterPasswordResetResult(CertificatesMgmService.UPDATE_STATUS.FAILED, null, "*** Master encryption password update failed!!! Rolling back...\n" + e2.getMessage()));
                map.clear();
                return asyncResult3;
            }
        } catch (Throwable th) {
            map.clear();
            throw th;
        }
    }

    private void callUpdateHandlers(String str, File file, Instance<MasterPasswordHandler> instance, Map<Class, MasterPasswordChangeResult> map) throws EncryptionMasterPasswordException, IOException {
        for (MasterPasswordHandler masterPasswordHandler : instance) {
            MasterPasswordChangeResult perform = masterPasswordHandler.perform(getMasterEncryptionPassword(file), str);
            map.put(masterPasswordHandler.getClass(), perform);
            if (perform.getCause() != null) {
                throw perform.getCause();
            }
        }
    }

    private void callRollbackHandlers(Instance<MasterPasswordHandler> instance, Map<Class, MasterPasswordChangeResult> map) {
        for (MasterPasswordHandler masterPasswordHandler : instance) {
            MasterPasswordChangeResult masterPasswordChangeResult = map.get(masterPasswordHandler.getClass());
            if (masterPasswordChangeResult != null) {
                masterPasswordHandler.rollback(masterPasswordChangeResult);
            }
        }
    }

    private StringBuilder gatherLogs(Map<Class, MasterPasswordChangeResult> map) {
        StringBuilder sb = new StringBuilder();
        for (MasterPasswordChangeResult masterPasswordChangeResult : map.values()) {
            if (masterPasswordChangeResult.getSuccessLog() != null) {
                sb.append((CharSequence) masterPasswordChangeResult.getSuccessLog());
                sb.append("\n\n");
            }
        }
        return sb;
    }

    private void updateMasterEncryptionPassword(String str, File file) throws IOException {
        FileUtils.writeStringToFile(file, str, Charset.defaultCharset());
    }
}
