package com.atlassian.jira.crowd.embedded.encryptors;

import com.atlassian.crowd.manager.crypto.EncryptionManager;
import com.atlassian.crowd.manager.property.EncryptionSettings;
import com.atlassian.event.api.EventListener;
import com.atlassian.jira.EventComponent;
import com.atlassian.jira.bc.admin.ApplicationPropertyMetadata;
import com.atlassian.jira.crowd.embedded.JiraEncryptionSettings;
import com.atlassian.jira.event.config.ApplicationPropertyChangeEvent;
import com.atlassian.scheduler.JobRunnerResponse;
import com.atlassian.scheduler.SchedulerService;
import com.atlassian.scheduler.SchedulerServiceException;
import com.atlassian.scheduler.config.JobConfig;
import com.atlassian.scheduler.config.JobRunnerKey;
import com.atlassian.scheduler.config.RunMode;
import com.atlassian.scheduler.config.Schedule;
import java.util.Date;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@EventComponent
/* loaded from: input_file:com/atlassian/jira/crowd/embedded/encryptors/CrowdPasswordEncryptionAlgorithmChangeListener.class */
public final class CrowdPasswordEncryptionAlgorithmChangeListener {
    private static final Logger log = LoggerFactory.getLogger(CrowdPasswordEncryptionAlgorithmChangeListener.class);
    private static final JobRunnerKey JOB_RUNNER_KEY = JobRunnerKey.of(CrowdPasswordEncryptionAlgorithmChangeListener.class.getName());
    private final EncryptionManager encryptionManager;
    private final SchedulerService schedulerService;
    private final EncryptionSettings encryptionSettings;
    private final ConcreteEncryptorsFactory encryptorsFactory;

    public CrowdPasswordEncryptionAlgorithmChangeListener(EncryptionManager encryptionManager, SchedulerService schedulerService, EncryptionSettings encryptionSettings, ConcreteEncryptorsFactory concreteEncryptorsFactory) {
        this.encryptionManager = encryptionManager;
        this.schedulerService = schedulerService;
        this.encryptionSettings = encryptionSettings;
        this.encryptorsFactory = concreteEncryptorsFactory;
    }

    @EventListener
    public void onApplicationPropertyChange(ApplicationPropertyChangeEvent applicationPropertyChangeEvent) {
        try {
            Map params = applicationPropertyChangeEvent.getParams();
            if (!(params.get("metadata") instanceof ApplicationPropertyMetadata)) {
                log.error("Unable to decide whether to re-encrypt passwords because the event doesn't seem to contain the correct metadata");
                return;
            }
            if ("crowd.encryption.encryptor.default".equals(((ApplicationPropertyMetadata) params.get("metadata")).getKey())) {
                String str = (String) params.get("newValue");
                String str2 = (String) params.get("oldValue");
                if (StringUtils.compare(str, str2) == 0) {
                    log.info("Nothing really changed. Skipping re-encryption");
                } else if (JiraEncryptionSettings.CROWD_ENCRYPTION_DISABLED_KEY.equals(str) || this.encryptorsFactory.getAvailableEncryptors().contains(str)) {
                    if (JiraEncryptionSettings.CROWD_ENCRYPTION_DISABLED_KEY.equals(str)) {
                        str = null;
                    }
                    log.info("Scheduling re-encrypt");
                    schedulePasswordChange(str);
                } else {
                    log.error("Changed encryptor algorithm key to unsupported value. Rolling back change");
                    this.encryptionSettings.setDefaultEncryptor(str2);
                }
            }
        } catch (RuntimeException e) {
            log.error("Unable to re-encrypt passwords because of unexpected error", e);
        }
    }

    private void schedulePasswordChange(String str) {
        this.schedulerService.registerJobRunner(JOB_RUNNER_KEY, jobRunnerRequest -> {
            try {
                this.encryptionManager.changeEncryptor(str);
                return JobRunnerResponse.success();
            } catch (RuntimeException e) {
                return JobRunnerResponse.failed(e);
            }
        });
        try {
            this.schedulerService.scheduleJobWithGeneratedId(JobConfig.forJobRunnerKey(JOB_RUNNER_KEY).withRunMode(RunMode.RUN_ONCE_PER_CLUSTER).withSchedule(Schedule.runOnce((Date) null)));
        } catch (SchedulerServiceException e) {
            log.error("Failed to schedule re-encryption job", e);
        }
    }
}
