package com.appiancorp.connectedsystems.migration.http;

import com.appiancorp.connectedsystems.ConnectedSystem;
import com.appiancorp.content.ExtendedContentService;
import com.appiancorp.core.API;
import com.appiancorp.core.data.Dictionary;
import com.appiancorp.core.expr.portable.Type;
import com.appiancorp.core.expr.portable.Value;
import com.appiancorp.integration.http.HttpParameterConstants;
import com.appiancorp.ix.data.connectedsystemix.OAuthGSAConnectedSystemHaulDelegate;
import com.appiancorp.migration.Migration;
import com.appiancorp.object.action.IxDocumentManager;
import com.appiancorp.suiteapi.common.exceptions.InvalidVersionException;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.suiteapi.content.Content;
import com.appiancorp.suiteapi.content.ContentConstants;
import com.appiancorp.suiteapi.content.ContentUploadOutputStream;
import com.appiancorp.suiteapi.content.exceptions.InvalidContentException;
import com.appiancorp.suiteapi.encryption.EncryptionService;
import com.appiancorp.suiteapi.knowledge.Document;
import com.appiancorp.suiteapi.type.TypedValue;
import com.appiancorp.type.AppianTypeLong;
import java.io.IOException;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/connectedsystems/migration/http/EncryptPrivateKeyForGsaConnectedSystem.class */
public class EncryptPrivateKeyForGsaConnectedSystem implements Migration {
    public static final String MIGRATION_NAME = "EncryptPrivateKeyForGsaConnectedSystem";
    private static final Logger LOG = Logger.getLogger(EncryptPrivateKeyForGsaConnectedSystem.class);
    private ExtendedContentService contentService;
    private EncryptionService encryptionService;

    public EncryptPrivateKeyForGsaConnectedSystem(ExtendedContentService extendedContentService, EncryptionService encryptionService) {
        this.contentService = extendedContentService;
        this.encryptionService = encryptionService;
    }

    @Override // com.appiancorp.migration.Migration
    public void migrate(Content content) {
        if (!(content instanceof ConnectedSystem)) {
            throw new IllegalArgumentException("Object must be a connected system");
        }
        ConnectedSystem connectedSystem = (ConnectedSystem) content;
        Dictionary dictionary = (Dictionary) API.typedValueToValue(connectedSystem.getSharedConfigParameters()).getValue();
        if ("Google Service Account".equals(dictionary.getValue(HttpParameterConstants.AUTH_TYPE_KEY).getValue())) {
            wipeGsaConfigFile(dictionary);
            connectedSystem.setSharedConfigParameters(toTypedValue(encryptSecretKey(dictionary)));
        }
    }

    @Override // com.appiancorp.migration.Migration
    public String getName() {
        return MIGRATION_NAME;
    }

    private void wipeGsaConfigFile(Dictionary dictionary) {
        Value value = dictionary.getValue(OAuthGSAConnectedSystemHaulDelegate.DOCUMENT_EXPORT_PROPERTY);
        if (value == null || value.isNull() || !Type.DOCUMENT.equals(value.getType())) {
            return;
        }
        try {
            Document[] download = this.contentService.download(Long.valueOf(((Integer) value.getValue()).intValue()), ContentConstants.VERSION_CURRENT, false);
            if (download.length == 0) {
                return;
            }
            Document document = download[0];
            if (document.getExtension().equalsIgnoreCase(IxDocumentManager.JSON_EXTENSION)) {
                try {
                    ContentUploadOutputStream overwriteDocument = this.contentService.overwriteDocument(document.getCurrentContentId());
                    Throwable th = null;
                    try {
                        try {
                            IOUtils.write(new byte[0], overwriteDocument);
                            if (overwriteDocument != null) {
                                if (0 != 0) {
                                    try {
                                        overwriteDocument.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    overwriteDocument.close();
                                }
                            }
                        } catch (Throwable th3) {
                            th = th3;
                            throw th3;
                        }
                    } finally {
                    }
                } catch (IOException | PrivilegeException | InvalidContentException e) {
                    LOG.error("Failed to truncate Google Service Account definition document", e);
                }
            }
        } catch (InvalidContentException | InvalidVersionException | PrivilegeException e2) {
        }
    }

    private TypedValue toTypedValue(Dictionary dictionary) {
        return new TypedValue(AppianTypeLong.DICTIONARY, API.coreToJava(AppianTypeLong.DICTIONARY, dictionary));
    }

    private Dictionary encryptSecretKey(Dictionary dictionary) {
        Dictionary dictionary2 = (Dictionary) dictionary.getAtKey(HttpParameterConstants.AUTH_DETAILS_KEY);
        if (dictionary2 == null) {
            throw new IllegalArgumentException("Google Service Account Connected System must have non-null auth details");
        }
        Value value = dictionary2.getValue("privateKey");
        if (value == null || value.isNull()) {
            return dictionary;
        }
        String str = (String) value.getValue();
        return dictionary.set(HttpParameterConstants.AUTH_DETAILS_KEY, Type.DICTIONARY.valueOf(dictionary2.set("privateKey", Type.ENCRYPTED_TEXT.valueOf(str.startsWith("-----BEGIN") ? this.encryptionService.encryptToString(str) : str))));
    }
}
