package com.atlassian.crowd.crypto;

import com.atlassian.crowd.common.properties.EncryptionProperties;
import com.google.common.collect.ImmutableSet;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermission;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/crowd/crypto/EncryptionKeyFilePermissionChanger.class */
public class EncryptionKeyFilePermissionChanger {
    private static final ImmutableSet<PosixFilePermission> POSIX_OWNER_PERMISSIONS = ImmutableSet.of(PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE, PosixFilePermission.OWNER_EXECUTE);
    private static final Logger log = LoggerFactory.getLogger(EncryptionKeyFilePermissionChanger.class);

    public void makeFileReadableOnlyByOwner(String str) {
        if (((Boolean) EncryptionProperties.SET_ENCRYPTION_KEYS_OWNERSHIP_ATTRIBUTES.getValue()).booleanValue()) {
            try {
                Path path = Paths.get(str, new String[0]);
                PosixFileAttributeView posixFileAttributeView = (PosixFileAttributeView) Files.getFileAttributeView(path, PosixFileAttributeView.class, new LinkOption[0]);
                if (posixFileAttributeView != null) {
                    removeNonOwnerPosixAttributes(posixFileAttributeView, path);
                } else {
                    log.warn("Cannot set access attributes of keyFile {}", str);
                }
            } catch (IOException e) {
                log.error("Cannot set access attributes of keyFile {}", str, e);
            }
        }
    }

    private void removeNonOwnerPosixAttributes(PosixFileAttributeView posixFileAttributeView, Path path) throws IOException {
        Set<PosixFilePermission> permissions = posixFileAttributeView.readAttributes().permissions();
        if (!permissions.contains(PosixFilePermission.OWNER_READ)) {
            log.warn("Will skip permissions update for {}, because file would be not readable by owner", path);
            return;
        }
        Stream<PosixFilePermission> stream = permissions.stream();
        ImmutableSet<PosixFilePermission> immutableSet = POSIX_OWNER_PERMISSIONS;
        immutableSet.getClass();
        posixFileAttributeView.setPermissions((Set) stream.filter((v1) -> {
            return r1.contains(v1);
        }).collect(Collectors.toSet()));
    }
}
