package com.atlassian.crowd.manager.crypto;

import com.atlassian.beehive.ClusterLockService;
import com.atlassian.crowd.embedded.api.DataReEncryptor;
import com.atlassian.crowd.embedded.api.SwitchableEncryptor;
import com.atlassian.crowd.lock.ClusterLockWrapper;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

@Transactional
/* loaded from: input_file:com/atlassian/crowd/manager/crypto/DefaultEncryptionManager.class */
public class DefaultEncryptionManager implements EncryptionManager {
    public static final String LOCK_NAME = "CROWD_ENCRYPTION";
    private static final Logger log = LoggerFactory.getLogger(DefaultEncryptionManager.class);
    private final Collection<DataReEncryptor> dataReEncryptors;
    private final ClusterLockWrapper clusterLockWrapper;
    private final SwitchableEncryptor switchableEncryptor;

    public DefaultEncryptionManager(Collection<DataReEncryptor> collection, SwitchableEncryptor switchableEncryptor, ClusterLockService clusterLockService) {
        this.dataReEncryptors = Collections.unmodifiableList(new ArrayList(collection));
        this.switchableEncryptor = switchableEncryptor;
        this.clusterLockWrapper = new ClusterLockWrapper(() -> {
            return clusterLockService.getLockForName(LOCK_NAME);
        });
    }

    private void reEncryptAllPasswords() {
        log.info("Starting re-encryption of passwords in database");
        this.dataReEncryptors.forEach((v0) -> {
            v0.reEncrypt();
        });
        log.info("Re-encryption of passwords in database finished");
    }

    public void changeEncryptor(String str) {
        this.clusterLockWrapper.run(() -> {
            switchEncryptor(str);
        });
    }

    public void changeEncryptionKey() {
        this.clusterLockWrapper.run(() -> {
            this.switchableEncryptor.changeEncryptionKey();
            reEncryptAllPasswords();
        });
    }

    public void disableEncryption() {
        this.clusterLockWrapper.run(() -> {
            switchEncryptor(null);
        });
    }

    public Collection<String> getAvailableEncryptorNames() {
        return this.switchableEncryptor.getAvailableEncryptorKeys();
    }

    public Optional<String> getDefaultEncryptorName() {
        return this.switchableEncryptor.getCurrentEncryptorKey();
    }

    private void switchEncryptor(String str) {
        this.switchableEncryptor.switchEncryptor(str);
        reEncryptAllPasswords();
    }
}
