package org.alfresco.encryption;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SealedObject;
import org.alfresco.repo.batch.BatchProcessWorkProvider;
import org.alfresco.repo.batch.BatchProcessor;
import org.alfresco.repo.dictionary.DictionaryDAO;
import org.alfresco.repo.domain.node.NodeDAO;
import org.alfresco.repo.domain.node.NodePropertyEntity;
import org.alfresco.repo.domain.qname.QNameDAO;
import org.alfresco.repo.lock.JobLockService;
import org.alfresco.repo.lock.LockAcquisitionException;
import org.alfresco.repo.node.encryption.MetadataEncryptor;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.dictionary.DataTypeDefinition;
import org.alfresco.service.cmr.dictionary.PropertyDefinition;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.ApplicationEventPublisher;

/* loaded from: input_file:org/alfresco/encryption/ReEncryptor.class */
public class ReEncryptor implements ApplicationContextAware {
    private NodeDAO nodeDAO;
    private DictionaryDAO dictionaryDAO;
    private QNameDAO qnameDAO;
    private MetadataEncryptor metadataEncryptor;
    private ApplicationContext applicationContext;
    private TransactionService transactionService;
    private RetryingTransactionHelper transactionHelper;
    private int numThreads;
    private int chunkSize;
    private boolean splitTxns = true;
    private JobLockService jobLockService;
    private static Log logger = LogFactory.getLog(ReEncryptor.class);
    private static final QName LOCK = QName.createQName("http://www.alfresco.org/model/system/1.0", "OrphanReaper");

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
        this.transactionHelper = transactionService.getRetryingTransactionHelper();
    }

    public void setMetadataEncryptor(MetadataEncryptor metadataEncryptor) {
        this.metadataEncryptor = metadataEncryptor;
    }

    public MetadataEncryptor getMetadataEncryptor() {
        return this.metadataEncryptor;
    }

    public void setJobLockService(JobLockService jobLockService) {
        this.jobLockService = jobLockService;
    }

    public void setNumThreads(int i) {
        this.numThreads = i;
    }

    public void setChunkSize(int i) {
        this.chunkSize = i;
    }

    public void setSplitTxns(boolean z) {
        this.splitTxns = z;
    }

    public void setNodeDAO(NodeDAO nodeDAO) {
        this.nodeDAO = nodeDAO;
    }

    public void setDictionaryDAO(DictionaryDAO dictionaryDAO) {
        this.dictionaryDAO = dictionaryDAO;
    }

    public void setQnameDAO(QNameDAO qNameDAO) {
        this.qnameDAO = qNameDAO;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getLock(long j) {
        try {
            return this.jobLockService.getLock(LOCK, j);
        } catch (LockAcquisitionException unused) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void refreshLock(String str, long j) {
        if (str == null) {
            throw new IllegalArgumentException("Must provide existing lockToken");
        }
        this.jobLockService.refreshLock(str, LOCK, j);
    }

    protected void reEncryptProperties(final List<NodePropertyEntity> list, final String str) {
        final Iterator<NodePropertyEntity> it = list.iterator();
        new BatchProcessor("Reencryptor", this.transactionHelper, (BatchProcessWorkProvider) new BatchProcessWorkProvider<NodePropertyEntity>() { // from class: org.alfresco.encryption.ReEncryptor.2
            @Override // org.alfresco.repo.batch.BatchProcessWorkProvider
            public int getTotalEstimatedWorkSize() {
                return list.size();
            }

            @Override // org.alfresco.repo.batch.BatchProcessWorkProvider
            public long getTotalEstimatedWorkSizeLong() {
                return list.size();
            }

            /* JADX WARN: Multi-variable type inference failed */
            /* JADX WARN: Type inference failed for: r0v14 */
            /* JADX WARN: Type inference failed for: r0v3 */
            /* JADX WARN: Type inference failed for: r0v4 */
            /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable] */
            /* JADX WARN: Type inference failed for: r0v9 */
            @Override // org.alfresco.repo.batch.BatchProcessWorkProvider
            public Collection<NodePropertyEntity> getNextWork() {
                ArrayList arrayList = new ArrayList(ReEncryptor.this.chunkSize);
                Iterator it2 = it;
                synchronized (it2) {
                    ?? r0 = 0;
                    int i = 0;
                    while (it.hasNext() && i < ReEncryptor.this.chunkSize) {
                        i++;
                        r0 = arrayList.add((NodePropertyEntity) it.next());
                    }
                    r0 = it2;
                    return arrayList;
                }
            }
        }, this.numThreads, this.chunkSize, (ApplicationEventPublisher) this.applicationContext, logger, 100).process(new BatchProcessor.BatchProcessWorker<NodePropertyEntity>() { // from class: org.alfresco.encryption.ReEncryptor.1
            @Override // org.alfresco.repo.batch.BatchProcessor.BatchProcessWorker
            public String getIdentifier(NodePropertyEntity nodePropertyEntity) {
                return String.valueOf(nodePropertyEntity.getNodeId());
            }

            @Override // org.alfresco.repo.batch.BatchProcessor.BatchProcessWorker
            public void beforeProcess() throws Throwable {
                ReEncryptor.this.refreshLock(str, ReEncryptor.this.chunkSize * 100);
            }

            @Override // org.alfresco.repo.batch.BatchProcessor.BatchProcessWorker
            public void afterProcess() throws Throwable {
            }

            @Override // org.alfresco.repo.batch.BatchProcessor.BatchProcessWorker
            public void process(NodePropertyEntity nodePropertyEntity) throws Throwable {
                Serializable serializableValue = nodePropertyEntity.getValue().getSerializableValue();
                if (!(serializableValue instanceof SealedObject)) {
                    ReEncryptor.logger.warn("Encountered an encrypted property that is not a SealedObject, for node id " + nodePropertyEntity.getNodeId() + ", property " + ((QName) ReEncryptor.this.qnameDAO.getQName(nodePropertyEntity.getKey().getQnameId()).getSecond()));
                } else {
                    SealedObject sealedObject = (SealedObject) serializableValue;
                    QName qName = (QName) ReEncryptor.this.qnameDAO.getQName(nodePropertyEntity.getKey().getQnameId()).getSecond();
                    ReEncryptor.this.nodeDAO.setNodeProperties(nodePropertyEntity.getNodeId(), Collections.singletonMap(qName, ReEncryptor.this.metadataEncryptor.encrypt(qName, ReEncryptor.this.metadataEncryptor.decrypt(qName, sealedObject))));
                }
            }
        }, this.splitTxns);
    }

    public int bootstrapReEncrypt() throws MissingKeyException {
        if (this.metadataEncryptor.backupKeyAvailable("metadata")) {
            return reEncrypt();
        }
        throw new MissingKeyException("Backup key store is either not present or does not contain a metadata encryption key");
    }

    public int reEncrypt() throws MissingKeyException {
        if (!this.metadataEncryptor.keyAvailable("metadata")) {
            throw new MissingKeyException("Main key store is either not present or does not contain a metadata encryption key");
        }
        if (this.metadataEncryptor.backupKeyAvailable("metadata")) {
            return reEncryptImpl();
        }
        throw new MissingKeyException("Backup key store is either not present or does not contain a metadata encryption key");
    }

    protected int reEncryptImpl() {
        String str = (String) this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<String>() { // from class: org.alfresco.encryption.ReEncryptor.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.alfresco.repo.transaction.RetryingTransactionHelper.RetryingTransactionCallback
            public String execute() throws Exception {
                return ReEncryptor.this.getLock(20000L);
            }
        }, false, true);
        if (str == null) {
            logger.warn("Can't get lock. Assume multiple re-encryptors ...");
            return 0;
        }
        Collection propertiesOfDataType = this.dictionaryDAO.getPropertiesOfDataType(DataTypeDefinition.ENCRYPTED);
        HashSet hashSet = new HashSet();
        Iterator it = propertiesOfDataType.iterator();
        while (it.hasNext()) {
            hashSet.add(((PropertyDefinition) it.next()).getName());
        }
        List<NodePropertyEntity> selectNodePropertiesByTypes = this.nodeDAO.selectNodePropertiesByTypes(hashSet);
        if (logger.isDebugEnabled()) {
            logger.debug("Found " + selectNodePropertiesByTypes.size() + " properties to re-encrypt...");
        }
        reEncryptProperties(selectNodePropertiesByTypes, str);
        if (logger.isDebugEnabled()) {
            logger.debug("...done re-encrypting.");
        }
        return selectNodePropertiesByTypes.size();
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }
}
