package io.hops.hopsworks.expat.migrations.kerberos;

import com.google.common.io.Files;
import io.hops.hopsworks.common.util.HopsUtils;
import io.hops.hopsworks.expat.configuration.ConfigurationBuilder;
import io.hops.hopsworks.expat.configuration.ExpatConf;
import io.hops.hopsworks.expat.db.DbConnectionFactory;
import io.hops.hopsworks.expat.db.dao.certificates.CertificatesFacade;
import io.hops.hopsworks.expat.db.dao.certificates.ExpatCertificate;
import io.hops.hopsworks.expat.db.dao.user.ExpatUser;
import io.hops.hopsworks.expat.db.dao.user.ExpatUserFacade;
import io.hops.hopsworks.expat.db.dao.user.RemoteUser;
import io.hops.hopsworks.expat.db.dao.user.RemoteUserFacade;
import io.hops.hopsworks.expat.ldap.LDAPQuery;
import io.hops.hopsworks.expat.ldap.LdapUserNotFound;
import io.hops.hopsworks.expat.migrations.MigrateStep;
import io.hops.hopsworks.expat.migrations.MigrationException;
import io.hops.hopsworks.expat.migrations.RollbackException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.file.Paths;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.List;
import javax.naming.NamingException;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.configuration2.Configuration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/hops/hopsworks/expat/migrations/kerberos/RemoteUsers.class */
public class RemoteUsers implements MigrateStep {
    private Connection dbConnection;
    private LDAPQuery ldapQuery;
    private Configuration config;
    private ExpatUserFacade expatUserFacade;
    private RemoteUserFacade remoteUserFacade;
    private CertificatesFacade certificatesFacade;
    private String masterPassword;
    private boolean dryrun;
    private static final Logger LOGGER = LoggerFactory.getLogger(RemoteUsers.class);

    public RemoteUsers() throws SQLException, ConfigurationException, NamingException, IOException {
        this.dbConnection = null;
        this.ldapQuery = null;
        this.config = null;
        this.expatUserFacade = null;
        this.remoteUserFacade = null;
        this.certificatesFacade = null;
        this.masterPassword = null;
        this.dryrun = true;
        this.config = ConfigurationBuilder.getConfiguration();
        this.dryrun = this.config.getBoolean(ExpatConf.DRY_RUN);
        this.dbConnection = DbConnectionFactory.getConnection();
        this.ldapQuery = new LDAPQuery(this.config);
        this.expatUserFacade = new ExpatUserFacade();
        this.remoteUserFacade = new RemoteUserFacade();
        this.certificatesFacade = new CertificatesFacade();
        this.masterPassword = Files.toString(Paths.get(this.config.getString(ExpatConf.MASTER_PWD_FILE_KEY), new String[0]).toFile(), Charset.defaultCharset());
    }

    @Override // io.hops.hopsworks.expat.migrations.MigrateStep
    public void migrate() throws MigrationException {
        LOGGER.info("Starting Kerberos migration");
        try {
            if (this.dryrun) {
                this.dbConnection.setAutoCommit(false);
            }
            for (ExpatUser expatUser : this.expatUserFacade.getLocalUsers(this.dbConnection)) {
                LOGGER.info("Processing user: " + expatUser.getEmail());
                try {
                    this.dbConnection.setAutoCommit(false);
                    addRemoteUser(this.dbConnection, this.ldapQuery.getUUID(expatUser), expatUser, this.dryrun);
                    updateUserPassword(expatUser, this.dryrun);
                    if (!this.dryrun) {
                        this.dbConnection.commit();
                    }
                    LOGGER.info("Processed LDAP user for email: " + expatUser.getEmail());
                } catch (LdapUserNotFound e) {
                    LOGGER.warn("Could not find LDAP user for email: " + expatUser.getEmail());
                } catch (Exception e2) {
                    LOGGER.warn("Error processing password update for user: " + expatUser.getEmail());
                    if (!this.dryrun) {
                        this.dbConnection.rollback();
                        this.dbConnection.setAutoCommit(true);
                    }
                }
            }
        } catch (SQLException e3) {
            throw new MigrationException(e3.getMessage());
        }
    }

    @Override // io.hops.hopsworks.expat.migrations.MigrateStep
    public void rollback() throws RollbackException {
    }

    private void addRemoteUser(Connection connection, String str, ExpatUser expatUser, boolean z) throws SQLException {
        this.remoteUserFacade.insertRemoteUser(connection, new RemoteUser(2, expatUser.getPassword(), str, expatUser.getUid()), z);
    }

    private void updateUserPassword(ExpatUser expatUser, boolean z) throws Exception {
        List<ExpatCertificate> userCertificates = this.certificatesFacade.getUserCertificates(this.dbConnection, expatUser);
        String sha256Hex = DigestUtils.sha256Hex(expatUser.getPassword() + expatUser.getSalt());
        for (ExpatCertificate expatCertificate : userCertificates) {
            LOGGER.info("Updating password for certificate: " + expatCertificate.getProjectName());
            try {
                String decrypt = HopsUtils.decrypt(expatUser.getPassword(), expatCertificate.getCipherPassword(), this.masterPassword);
                LOGGER.info("Certificate PWD: " + decrypt);
                this.certificatesFacade.updateCertPassword(this.dbConnection, expatCertificate, HopsUtils.encrypt(sha256Hex, decrypt, this.masterPassword), z);
            } catch (Exception e) {
                LOGGER.info("Error Decrypting password for project certificate: " + expatCertificate.getProjectName());
            }
        }
        LOGGER.info("Updating password for user");
        this.expatUserFacade.updateUserPassword(this.dbConnection, expatUser, sha256Hex, z);
        LOGGER.info("Updating mode for user");
        this.expatUserFacade.updateMode(this.dbConnection, expatUser, 1, z);
    }
}
